Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/37cb9c-220a-45e4-8d66-c71aa1b1d6e2/1/FzoM0J0mKX4lSeQyqBdEwuJvjzk.roa
File:                     FzoM0J0mKX4lSeQyqBdEwuJvjzk.roa (raw, json)
Hash identifier:          s0ghRHEfLx25vsFUtqM4w58d8eJy2826RQuxnkO0dNM=
Subject key identifier:   17:3A:0C:D0:9D:26:29:7E:25:49:E4:32:A8:17:44:C2:E2:6F:8F:39
Certificate issuer:       /CN=0f5026e94fe0598f7eb6f46236a6397e62f01e7c
Certificate serial:       018CC56EEBFAA7CF533AB43E9F3EC52D257E
Authority key identifier: 0F:50:26:E9:4F:E0:59:8F:7E:B6:F4:62:36:A6:39:7E:62:F0:1E:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D1Am6U_gWY9-tvRiNqY5fmLwHnw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/37cb9c-220a-45e4-8d66-c71aa1b1d6e2/1/FzoM0J0mKX4lSeQyqBdEwuJvjzk.roa
Signing time:             Mon 01 Jan 2024 14:30:30 +0000
ROA not before:           Mon 01 Jan 2024 14:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8264
IP address blocks:        212.197.0.0/17 maxlen: 17

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/37cb9c-220a-45e4-8d66-c71aa1b1d6e2/1/D1Am6U_gWY9-tvRiNqY5fmLwHnw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/37cb9c-220a-45e4-8d66-c71aa1b1d6e2/1/D1Am6U_gWY9-tvRiNqY5fmLwHnw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D1Am6U_gWY9-tvRiNqY5fmLwHnw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:eb:fa:a7:cf:53:3a:b4:3e:9f:3e:c5:2d:25:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f5026e94fe0598f7eb6f46236a6397e62f01e7c
        Validity
            Not Before: Jan  1 14:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=173a0cd09d26297e2549e432a81744c2e26f8f39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:11:d3:a4:34:6c:3c:2d:29:90:a7:1a:92:3c:
                    e6:2b:86:8b:38:d2:59:a3:24:f5:e7:41:00:dc:07:
                    46:ad:c1:20:6a:b2:44:4f:e2:35:fb:2a:81:7f:62:
                    84:ab:66:aa:7e:88:e5:d3:ff:4b:69:b5:d7:ec:70:
                    aa:2d:93:55:1f:f3:4e:8a:3f:84:a2:4c:b5:e4:4b:
                    29:31:07:1e:50:4e:61:2f:8d:8f:0b:88:76:ae:cf:
                    9a:94:c8:9c:45:ca:36:63:3f:88:44:7f:5d:13:de:
                    a9:6b:56:35:82:c3:7b:79:d1:bc:c5:b0:dd:1b:b5:
                    e6:16:b1:9e:16:47:52:45:73:80:de:dc:14:5a:cc:
                    3e:ee:e4:d5:09:df:b1:8a:90:aa:cc:92:67:b1:11:
                    17:2d:7b:46:27:ab:44:3f:d1:3d:97:bd:66:5b:8f:
                    6e:08:42:91:cf:43:ae:b4:d8:f7:da:68:86:a0:b4:
                    47:53:9f:63:83:06:96:cc:4e:f8:52:73:ee:fe:67:
                    4c:3a:d4:83:d7:a6:2f:10:e1:a3:fc:ff:12:1a:d6:
                    12:2e:e0:06:70:4a:74:ee:f9:49:32:0b:4e:0b:c6:
                    e3:89:18:c8:cf:4b:16:e6:11:64:64:62:0c:9f:e5:
                    33:14:f7:be:72:ca:37:26:24:e5:9c:91:6f:ce:d9:
                    a6:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:3A:0C:D0:9D:26:29:7E:25:49:E4:32:A8:17:44:C2:E2:6F:8F:39
            X509v3 Authority Key Identifier:
                keyid:0F:50:26:E9:4F:E0:59:8F:7E:B6:F4:62:36:A6:39:7E:62:F0:1E:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D1Am6U_gWY9-tvRiNqY5fmLwHnw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/37cb9c-220a-45e4-8d66-c71aa1b1d6e2/1/FzoM0J0mKX4lSeQyqBdEwuJvjzk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/37cb9c-220a-45e4-8d66-c71aa1b1d6e2/1/D1Am6U_gWY9-tvRiNqY5fmLwHnw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.197.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         44:8b:19:2b:de:e4:26:63:40:95:f4:c1:8d:c2:e8:f3:ab:09:
         6e:d9:59:d0:b3:be:97:93:15:7e:d7:dd:c5:ad:0b:da:b5:b5:
         64:b7:8d:d4:84:84:73:b3:95:e2:3c:ec:4d:1e:d5:8e:bf:ef:
         12:b5:06:30:af:30:62:34:05:8d:82:37:a0:8a:00:c6:b0:c5:
         f5:1b:7c:fd:c8:53:c3:a0:87:a3:ff:61:9c:8c:36:5b:7d:b0:
         72:9b:ef:58:af:43:9a:3a:16:11:f5:fe:6a:fe:89:fd:b4:5f:
         0e:8b:52:f2:26:fd:97:9b:ea:6a:d1:44:db:81:ab:59:33:97:
         e2:75:be:88:86:66:02:e3:80:7a:4c:f7:d8:b1:2d:e2:33:00:
         be:62:c2:46:53:64:ff:dc:f7:bd:27:9d:e0:00:c1:81:ac:6b:
         de:53:89:f8:a5:9b:b5:56:bb:f8:1b:b0:6c:ca:ef:fc:57:fe:
         41:4c:d0:a3:54:c8:b9:92:dc:3f:aa:20:5d:64:5a:16:f2:f9:
         45:cb:09:82:95:6e:4d:6f:a0:a1:99:81:e8:f4:b3:39:b9:05:
         14:d6:6c:a2:31:ae:0e:fa:40:89:ef:18:b3:ed:47:61:98:91:
         ca:b0:1d:77:36:81:96:e9:d7:2b:42:94:98:e7:64:a3:60:a6:
         64:90:27:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbuv6p89TOrQ+nz7FLSV+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmNTAyNmU5NGZlMDU5OGY3ZWI2ZjQ2MjM2YTYzOTdlNjJm
MDFlN2MwHhcNMjQwMTAxMTQzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzNhMGNkMDlkMjYyOTdlMjU0OWU0MzJhODE3NDRjMmUyNmY4ZjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkxHTpDRsPC0pkKcakjzmK4aLONJZ
oyT150EA3AdGrcEgarJET+I1+yqBf2KEq2aqfojl0/9LabXX7HCqLZNVH/NOij+E
oky15EspMQceUE5hL42PC4h2rs+alMicRco2Yz+IRH9dE96pa1Y1gsN7edG8xbDd
G7XmFrGeFkdSRXOA3twUWsw+7uTVCd+xipCqzJJnsREXLXtGJ6tEP9E9l71mW49u
CEKRz0OutNj32miGoLRHU59jgwaWzE74UnPu/mdMOtSD16YvEOGj/P8SGtYSLuAG
cEp07vlJMgtOC8bjiRjIz0sW5hFkZGIMn+UzFPe+cso3JiTlnJFvztmmEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBc6DNCdJil+JUnkMqgXRMLib485MB8GA1UdIwQY
MBaAFA9QJulP4FmPfrb0YjamOX5i8B58MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDFBbTZVX2dXWTktdHZSaU5xWTVmbUx3SG53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8zN2NiOWMtMjIwYS00NWU0LThkNjYt
YzcxYWExYjFkNmUyLzEvRnpvTTBKMG1LWDRsU2VReXFCZEV3dUp2anprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8zN2NiOWMtMjIwYS00NWU0LThkNjYtYzcxYWExYjFkNmUy
LzEvRDFBbTZVX2dXWTktdHZSaU5xWTVmbUx3SG53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQH1MUAMA0G
CSqGSIb3DQEBCwUAA4IBAQBEixkr3uQmY0CV9MGNwujzqwlu2VnQs76XkxV+193F
rQvatbVkt43UhIRzs5XiPOxNHtWOv+8StQYwrzBiNAWNgjegigDGsMX1G3z9yFPD
oIej/2GcjDZbfbBym+9Yr0OaOhYR9f5q/on9tF8Oi1LyJv2Xm+pq0UTbgatZM5fi
db6IhmYC44B6TPfYsS3iMwC+YsJGU2T/3Pe9J53gAMGBrGveU4n4pZu1Vrv4G7Bs
yu/8V/5BTNCjVMi5ktw/qiBdZFoW8vlFywmClW5Nb6ChmYHo9LM5uQUU1myiMa4O
+kCJ7xiz7UdhmJHKsB13NoGW6dcrQpSY52SjYKZkkCen
-----END CERTIFICATE-----