Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/2dufQoC5Jb0ve5IYehtGosKqu7Y.roa
File:                     2dufQoC5Jb0ve5IYehtGosKqu7Y.roa (raw, json)
Hash identifier:          fBd1JLy+BQuX/FeJIoa6E39ivAOuTftwa/xPQ5dGjI8=
Subject key identifier:   D9:DB:9F:42:80:B9:25:BD:2F:7B:92:18:7A:1B:46:A2:C2:AA:BB:B6
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       01966D64486014D6F0E2AC8ABB2E810187B4
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/2dufQoC5Jb0ve5IYehtGosKqu7Y.roa
Signing time:             Fri 25 Apr 2025 14:40:10 +0000
ROA not before:           Fri 25 Apr 2025 14:40:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213710
IP address blocks:        217.177.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:6d:64:48:60:14:d6:f0:e2:ac:8a:bb:2e:81:01:87:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: Apr 25 14:40:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d9db9f4280b925bd2f7b92187a1b46a2c2aabbb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:24:2a:0c:5f:7d:50:20:f8:e5:53:9b:7e:03:
                    74:57:b6:10:6a:f0:93:91:43:89:54:b9:c9:60:0b:
                    f3:8c:76:13:7b:3a:32:b8:f5:4a:4d:a4:50:e5:e3:
                    18:0e:40:fd:4d:fc:0e:53:ba:1e:7c:3e:f8:5c:c6:
                    14:a7:13:32:fd:de:e0:6b:e5:eb:03:41:85:1d:64:
                    c1:4b:a6:37:03:77:49:ed:e8:01:28:9a:a0:fe:f9:
                    6b:aa:d1:e2:ed:73:4f:8a:b4:4d:dd:d7:22:ca:75:
                    52:4c:29:a3:81:c3:48:e7:89:a3:28:c8:0d:67:be:
                    68:d3:de:c5:01:0a:e4:de:19:d2:ad:a5:6c:3c:49:
                    3f:1a:1a:60:56:fc:b3:f2:59:05:a7:4d:67:87:61:
                    02:89:bc:07:c9:c5:a9:9f:38:37:2c:82:83:79:fc:
                    b5:c6:4b:a7:9c:7b:e9:9b:15:67:3d:31:5d:0d:e3:
                    ff:01:e0:34:b6:c0:7d:a8:30:3a:b0:b3:21:fc:5e:
                    09:83:4a:d0:76:45:dc:65:05:fa:76:b7:83:6f:19:
                    90:13:50:fa:68:19:3e:55:46:4f:f8:ee:29:fc:c4:
                    b3:c0:b8:c2:16:93:c1:c3:62:aa:bb:68:54:43:9c:
                    e4:28:97:2f:21:2e:dd:da:43:77:c8:d0:cb:f2:90:
                    ce:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:DB:9F:42:80:B9:25:BD:2F:7B:92:18:7A:1B:46:A2:C2:AA:BB:B6
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/2dufQoC5Jb0ve5IYehtGosKqu7Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.177.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:f4:2c:dc:d7:19:32:26:7b:a3:59:6e:0f:88:dd:33:d5:1a:
         3b:08:79:a4:ad:4b:e4:50:85:3b:87:4d:02:67:b3:78:37:41:
         b4:10:cb:b1:86:ab:fe:b2:5a:84:c2:a2:d1:d6:41:88:29:ad:
         91:84:27:cb:9c:59:47:2f:52:08:98:a1:48:9f:94:5c:37:0d:
         e7:67:02:b8:be:ce:e9:c3:fd:9c:e8:fb:00:bd:be:ee:3d:2b:
         a1:ea:f2:0a:b8:e4:8a:3c:aa:e5:66:58:3a:d5:cd:db:71:82:
         f7:9e:e1:24:5e:35:01:fc:f4:fc:7d:26:aa:e6:9a:3c:62:6a:
         a9:af:1e:48:61:f2:73:24:e7:6b:e4:80:0b:96:e2:83:3c:e7:
         55:08:bd:37:6e:54:43:5f:bb:af:0e:52:03:53:29:a6:e2:c6:
         c5:86:b7:bd:ff:f6:80:a2:7e:05:1a:0c:43:64:f3:35:f0:82:
         d8:cd:a9:d4:41:15:45:68:a1:18:0c:fe:77:ec:86:ef:6e:11:
         34:37:2f:e2:62:f9:82:6f:71:56:2c:87:62:e2:b9:7a:eb:02:
         64:21:ce:49:da:0c:6b:05:c9:3b:28:17:91:ad:a4:52:b5:e2:
         8a:0f:4c:83:f4:ee:95:b2:fe:3e:ff:63:ef:25:d0:b4:c1:63:
         65:06:77:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZtZEhgFNbw4qyKuy6BAYe0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjUwNDI1MTQ0MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWRiOWY0MjgwYjkyNWJkMmY3YjkyMTg3YTFiNDZhMmMyYWFiYmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvCQqDF99UCD45VObfgN0V7YQavCT
kUOJVLnJYAvzjHYTezoyuPVKTaRQ5eMYDkD9TfwOU7oefD74XMYUpxMy/d7ga+Xr
A0GFHWTBS6Y3A3dJ7egBKJqg/vlrqtHi7XNPirRN3dciynVSTCmjgcNI54mjKMgN
Z75o097FAQrk3hnSraVsPEk/GhpgVvyz8lkFp01nh2ECibwHycWpnzg3LIKDefy1
xkunnHvpmxVnPTFdDeP/AeA0tsB9qDA6sLMh/F4Jg0rQdkXcZQX6dreDbxmQE1D6
aBk+VUZP+O4p/MSzwLjCFpPBw2Kqu2hUQ5zkKJcvIS7d2kN3yNDL8pDOyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNnbn0KAuSW9L3uSGHobRqLCqru2MB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvMmR1ZlFvQzVKYjB2ZTVJWWVodEdvc0txdTdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2bEgMA0G
CSqGSIb3DQEBCwUAA4IBAQDA9Czc1xkyJnujWW4PiN0z1Ro7CHmkrUvkUIU7h00C
Z7N4N0G0EMuxhqv+slqEwqLR1kGIKa2RhCfLnFlHL1IImKFIn5RcNw3nZwK4vs7p
w/2c6PsAvb7uPSuh6vIKuOSKPKrlZlg61c3bcYL3nuEkXjUB/PT8fSaq5po8Ymqp
rx5IYfJzJOdr5IALluKDPOdVCL03blRDX7uvDlIDUymm4sbFhre9//aAon4FGgxD
ZPM18ILYzanUQRVFaKEYDP537IbvbhE0Ny/iYvmCb3FWLIdi4rl66wJkIc5J2gxr
Bck7KBeRraRSteKKD0yD9O6Vsv4+/2PvJdC0wWNlBnf0
-----END CERTIFICATE-----