Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/r7mPdu3mcXlmiFWy88dMv4tMIwE.roa
File:                     r7mPdu3mcXlmiFWy88dMv4tMIwE.roa (raw, json)
Hash identifier:          Tev3vha+XFV/k1WflgN7brJaSUjSziylhI0zOJ7XJU0=
Subject key identifier:   AF:B9:8F:76:ED:E6:71:79:66:88:55:B2:F3:C7:4C:BF:8B:4C:23:01
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       01962FDB8CB4A4B79F372E95845589E0B896
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/r7mPdu3mcXlmiFWy88dMv4tMIwE.roa
Signing time:             Sun 13 Apr 2025 15:53:59 +0000
ROA not before:           Sun 13 Apr 2025 15:53:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60542
IP address blocks:        193.107.217.0/24 maxlen: 24
                          202.71.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 May 2025 05:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:2f:db:8c:b4:a4:b7:9f:37:2e:95:84:55:89:e0:b8:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Apr 13 15:53:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=afb98f76ede67179668855b2f3c74cbf8b4c2301
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:8d:6e:28:d3:b4:a1:81:9f:dd:7f:70:62:54:
                    24:e7:bf:73:5a:63:fc:42:b3:15:c7:04:52:f5:c7:
                    d9:b4:97:e3:22:66:33:06:c0:9d:58:b7:b2:80:60:
                    a0:9d:fd:cd:15:b5:52:2b:a8:40:f5:fa:32:85:42:
                    80:43:dd:22:e0:f5:ff:81:f5:17:b6:41:fc:28:b7:
                    a4:7f:52:10:78:cb:9a:24:53:31:85:b4:71:8d:fe:
                    5a:58:c7:0c:28:59:fc:e7:95:44:c5:bd:8d:7d:7c:
                    ff:ed:9e:3f:12:27:0c:53:6d:19:52:70:f8:0f:38:
                    5a:4c:61:12:ca:ef:a6:08:ea:a5:f9:a9:83:1a:a0:
                    c0:7e:4e:de:66:ad:f9:29:2d:8e:11:60:79:af:01:
                    38:9b:75:73:ed:f1:40:61:3e:5e:22:65:e2:ba:24:
                    72:00:ca:6a:4f:a2:86:28:e7:bd:fa:6f:c6:52:53:
                    8a:b4:54:0e:15:ac:cf:f4:6c:b3:f2:fc:64:21:4d:
                    df:3c:9c:82:32:c6:56:c3:f6:a8:e5:95:42:1e:74:
                    b5:d8:2f:66:56:2e:08:d8:c6:cb:f5:06:8d:ed:ab:
                    df:ce:60:17:30:0f:b8:a4:7d:3a:8f:b4:6a:ec:dd:
                    86:a5:0e:45:e1:68:b7:70:76:85:ca:54:72:07:0c:
                    8b:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:B9:8F:76:ED:E6:71:79:66:88:55:B2:F3:C7:4C:BF:8B:4C:23:01
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/r7mPdu3mcXlmiFWy88dMv4tMIwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.107.217.0/24
                  202.71.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:73:bb:94:cc:91:5b:b7:b8:1f:b7:3e:9a:02:8d:0a:44:83:
         68:9e:3f:e4:3a:4f:8f:d3:ba:89:9d:f5:db:e5:4f:56:b1:05:
         56:ba:ee:c0:69:22:c7:4a:f4:82:99:cf:ed:05:21:14:f2:60:
         5c:d8:c6:d6:f6:42:aa:57:fd:9f:63:3b:60:86:3f:ac:f7:05:
         ec:af:f1:9a:bc:fc:50:36:52:2a:b9:37:5c:a9:9f:29:7d:e8:
         81:f5:71:d6:b3:61:5c:f3:a0:0c:f3:0a:f1:32:3e:1e:95:41:
         25:dd:25:13:65:da:03:1e:91:9f:cf:29:0a:fc:05:fb:09:90:
         74:d4:63:58:fd:dd:29:6e:78:cc:b9:b0:b0:36:a6:c4:6e:dc:
         d3:fd:94:85:17:c1:16:39:95:0a:f0:64:ae:a4:54:02:dc:ee:
         34:98:ad:0b:1f:92:6c:e4:07:5f:4b:98:57:55:d9:60:f2:5c:
         d8:55:2a:31:18:75:b0:87:46:a9:96:62:be:77:61:fe:73:b1:
         10:32:d2:4f:8f:ec:5a:31:03:11:12:84:df:41:f4:54:d7:4d:
         66:eb:ac:37:f1:3f:58:3e:17:db:c5:c1:c6:59:7c:1d:52:a1:
         d0:8a:7c:03:b5:6b:2d:54:03:dd:26:36:6f:1a:dd:39:f3:bd:
         25:51:f3:e0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZYv24y0pLefNy6VhFWJ4LiWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjUwNDEzMTU1MzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmI5OGY3NmVkZTY3MTc5NjY4ODU1YjJmM2M3NGNiZjhiNGMyMzAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAho1uKNO0oYGf3X9wYlQk579zWmP8
QrMVxwRS9cfZtJfjImYzBsCdWLeygGCgnf3NFbVSK6hA9foyhUKAQ90i4PX/gfUX
tkH8KLekf1IQeMuaJFMxhbRxjf5aWMcMKFn855VExb2NfXz/7Z4/EicMU20ZUnD4
DzhaTGESyu+mCOql+amDGqDAfk7eZq35KS2OEWB5rwE4m3Vz7fFAYT5eImXiuiRy
AMpqT6KGKOe9+m/GUlOKtFQOFazP9Gyz8vxkIU3fPJyCMsZWw/ao5ZVCHnS12C9m
Vi4I2MbL9QaN7avfzmAXMA+4pH06j7Rq7N2GpQ5F4Wi3cHaFylRyBwyL4QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK+5j3bt5nF5ZohVsvPHTL+LTCMBMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvcjdtUGR1M21jWGxtaUZXeTg4ZE12NHRNSXdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwWvZAwQA
ykcIMA0GCSqGSIb3DQEBCwUAA4IBAQBkc7uUzJFbt7gftz6aAo0KRINonj/kOk+P
07qJnfXb5U9WsQVWuu7AaSLHSvSCmc/tBSEU8mBc2MbW9kKqV/2fYztghj+s9wXs
r/GavPxQNlIquTdcqZ8pfeiB9XHWs2Fc86AM8wrxMj4elUEl3SUTZdoDHpGfzykK
/AX7CZB01GNY/d0pbnjMubCwNqbEbtzT/ZSFF8EWOZUK8GSupFQC3O40mK0LH5Js
5AdfS5hXVdlg8lzYVSoxGHWwh0aplmK+d2H+c7EQMtJPj+xaMQMREoTfQfRU101m
66w38T9YPhfbxcHGWXwdUqHQinwDtWstVAPdJjZvGt05870lUfPg
-----END CERTIFICATE-----