Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/9b76e3-e4f1-41a2-9f0e-937e00d0732f/1/1lrtH8qIV5e3th4jMCPobjKiYaU.roa
File:                     1lrtH8qIV5e3th4jMCPobjKiYaU.roa (raw, json)
Hash identifier:          xgADT5hDJzpgst28AckBVIlM/BW2ECMOC24fNQS3BL0=
Subject key identifier:   D6:5A:ED:1F:CA:88:57:97:B7:B6:1E:23:30:23:E8:6E:32:A2:61:A5
Certificate issuer:       /CN=28035893a257a654f3f85495c4169ebe86de18d1
Certificate serial:       01942746485CD1075EED86EC138792C781CB
Authority key identifier: 28:03:58:93:A2:57:A6:54:F3:F8:54:95:C4:16:9E:BE:86:DE:18:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KANYk6JXplTz-FSVxBaevobeGNE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/9b76e3-e4f1-41a2-9f0e-937e00d0732f/1/1lrtH8qIV5e3th4jMCPobjKiYaU.roa
Signing time:             Thu 02 Jan 2025 13:48:25 +0000
ROA not before:           Thu 02 Jan 2025 13:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15815
IP address blocks:        217.14.96.0/20 maxlen: 22
                          2a00:7da0::/32 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/9b76e3-e4f1-41a2-9f0e-937e00d0732f/1/KANYk6JXplTz-FSVxBaevobeGNE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/9b76e3-e4f1-41a2-9f0e-937e00d0732f/1/KANYk6JXplTz-FSVxBaevobeGNE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KANYk6JXplTz-FSVxBaevobeGNE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:46:48:5c:d1:07:5e:ed:86:ec:13:87:92:c7:81:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28035893a257a654f3f85495c4169ebe86de18d1
        Validity
            Not Before: Jan  2 13:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d65aed1fca885797b7b61e233023e86e32a261a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:b1:1e:94:2d:bd:8d:e5:b4:98:6f:74:c6:43:
                    32:4f:61:5f:be:7c:7e:e0:bf:dd:e8:f1:9e:22:35:
                    32:44:53:cd:7e:be:3c:98:32:40:e8:eb:5d:77:41:
                    9a:07:fd:f2:97:f3:4b:c7:f0:01:d3:75:4e:b0:ae:
                    28:17:c3:21:bd:f5:b5:77:85:46:5c:cb:79:aa:92:
                    26:bc:76:22:44:c6:21:33:eb:e7:dd:fa:de:f9:fb:
                    dc:93:35:0b:26:b0:f6:a3:df:12:5a:7d:68:7b:86:
                    0a:e0:4f:33:d9:c8:4e:3d:26:ac:21:22:b2:d9:8d:
                    15:3c:12:72:43:af:3c:43:f0:b1:e7:18:73:45:98:
                    0c:cd:ca:3c:b2:f0:ee:95:05:13:30:49:0a:ce:e3:
                    00:99:e5:78:c8:69:83:a7:9d:e9:71:99:2c:ec:b4:
                    d0:34:ce:a5:46:17:bc:78:05:b5:e5:64:87:35:9f:
                    98:88:93:69:7f:4e:a2:f1:90:7c:24:c5:84:da:c6:
                    47:97:47:8e:db:69:35:60:b9:28:6a:fb:e5:a4:ba:
                    0c:31:1f:5e:e6:d9:bf:c2:e0:4f:22:fd:ae:5d:2d:
                    96:d7:6d:63:b6:7e:33:cc:26:ac:ac:8f:a5:a8:e5:
                    a6:38:08:d6:f0:a6:94:89:24:b2:8f:86:6a:e5:c4:
                    08:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:5A:ED:1F:CA:88:57:97:B7:B6:1E:23:30:23:E8:6E:32:A2:61:A5
            X509v3 Authority Key Identifier:
                keyid:28:03:58:93:A2:57:A6:54:F3:F8:54:95:C4:16:9E:BE:86:DE:18:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KANYk6JXplTz-FSVxBaevobeGNE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/9b76e3-e4f1-41a2-9f0e-937e00d0732f/1/1lrtH8qIV5e3th4jMCPobjKiYaU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/9b76e3-e4f1-41a2-9f0e-937e00d0732f/1/KANYk6JXplTz-FSVxBaevobeGNE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.14.96.0/20
                IPv6:
                  2a00:7da0::/32

    Signature Algorithm: sha256WithRSAEncryption
         3d:07:09:7b:c0:e7:77:f3:c5:1f:0f:86:5c:b6:39:9c:c3:cd:
         ec:06:91:15:f8:1f:90:c3:1b:74:03:fa:b3:58:2c:9e:db:e7:
         c5:ce:d0:e6:a6:ba:57:1b:3e:fe:bd:e6:a8:f7:7a:2f:52:50:
         5b:5a:96:65:3f:86:de:ec:ae:d6:ca:4e:c1:e7:cc:0c:56:02:
         f3:70:b4:8a:1b:ab:54:a8:a4:ac:f5:72:52:eb:cd:a5:60:c5:
         b2:39:63:e4:93:50:4a:b1:36:c1:cb:e2:e0:43:6e:1a:46:83:
         04:7a:74:81:f6:9c:4c:51:d9:21:47:df:47:f6:56:31:cc:1d:
         36:6c:39:e4:c7:8c:35:67:96:fc:24:7c:a8:af:89:cb:7b:ae:
         b8:3d:0b:74:1d:a4:b5:79:87:44:7d:be:7b:4d:56:46:c7:f5:
         50:3a:33:b5:d2:6b:57:99:97:d0:35:2a:5c:71:22:1b:a5:68:
         83:8d:ab:a6:1f:15:7e:08:91:f1:eb:87:58:d2:3d:4b:54:a4:
         16:ac:ec:09:79:6d:49:20:be:a4:81:6d:a5:d8:8f:f2:0e:ab:
         a4:96:5f:54:2d:50:5f:a4:b7:b6:2b:2a:6b:31:ed:7f:b3:56:
         9f:f3:0d:a7:a1:7a:c4:be:b9:f1:55:bb:f8:52:0e:fc:8f:9d:
         f2:7f:37:18
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQnRkhc0Qde7YbsE4eSx4HLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4MDM1ODkzYTI1N2E2NTRmM2Y4NTQ5NWM0MTY5ZWJlODZk
ZTE4ZDEwHhcNMjUwMTAyMTM0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjVhZWQxZmNhODg1Nzk3YjdiNjFlMjMzMDIzZTg2ZTMyYTI2MWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlrEelC29jeW0mG90xkMyT2Ffvnx+
4L/d6PGeIjUyRFPNfr48mDJA6Otdd0GaB/3yl/NLx/AB03VOsK4oF8MhvfW1d4VG
XMt5qpImvHYiRMYhM+vn3fre+fvckzULJrD2o98SWn1oe4YK4E8z2chOPSasISKy
2Y0VPBJyQ688Q/Cx5xhzRZgMzco8svDulQUTMEkKzuMAmeV4yGmDp53pcZks7LTQ
NM6lRhe8eAW15WSHNZ+YiJNpf06i8ZB8JMWE2sZHl0eO22k1YLkoavvlpLoMMR9e
5tm/wuBPIv2uXS2W121jtn4zzCasrI+lqOWmOAjW8KaUiSSyj4Zq5cQIowIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNZa7R/KiFeXt7YeIzAj6G4yomGlMB8GA1UdIwQY
MBaAFCgDWJOiV6ZU8/hUlcQWnr6G3hjRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0FOWWs2SlhwbFR6LUZTVnhCYWV2b2JlR05FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS85Yjc2ZTMtZTRmMS00MWEyLTlmMGUt
OTM3ZTAwZDA3MzJmLzEvMWxydEg4cUlWNWUzdGg0ak1DUG9iaktpWWFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS85Yjc2ZTMtZTRmMS00MWEyLTlmMGUtOTM3ZTAwZDA3MzJm
LzEvS0FOWWs2SlhwbFR6LUZTVnhCYWV2b2JlR05FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQE2Q5gMA0E
AgACMAcDBQAqAH2gMA0GCSqGSIb3DQEBCwUAA4IBAQA9Bwl7wOd388UfD4Zctjmc
w83sBpEV+B+Qwxt0A/qzWCye2+fFztDmprpXGz7+veao93ovUlBbWpZlP4be7K7W
yk7B58wMVgLzcLSKG6tUqKSs9XJS682lYMWyOWPkk1BKsTbBy+LgQ24aRoMEenSB
9pxMUdkhR99H9lYxzB02bDnkx4w1Z5b8JHyor4nLe664PQt0HaS1eYdEfb57TVZG
x/VQOjO10mtXmZfQNSpccSIbpWiDjaumHxV+CJHx64dY0j1LVKQWrOwJeW1JIL6k
gW2l2I/yDqukll9ULVBfpLe2KyprMe1/s1af8w2noXrEvrnxVbv4Ug78j53yfzcY
-----END CERTIFICATE-----