Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/U2PFthxJ7F2mSel2S5VEsWL5cds.roa
File:                     U2PFthxJ7F2mSel2S5VEsWL5cds.roa (raw, json)
Hash identifier:          VnmR6rK0a23jDw7iX8IiRVNjnkuvKH5yp7AMU/VwSYg=
Subject key identifier:   53:63:C5:B6:1C:49:EC:5D:A6:49:E9:76:4B:95:44:B1:62:F9:71:DB
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       01963D7CC99783975BB10CD3A8C0B2FAE52B
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/U2PFthxJ7F2mSel2S5VEsWL5cds.roa
Signing time:             Wed 16 Apr 2025 07:25:10 +0000
ROA not before:           Wed 16 Apr 2025 07:25:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        217.181.72.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 08:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:3d:7c:c9:97:83:97:5b:b1:0c:d3:a8:c0:b2:fa:e5:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: Apr 16 07:25:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5363c5b61c49ec5da649e9764b9544b162f971db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:2b:3c:58:9f:b1:ed:58:0f:f8:b0:4f:6c:0c:
                    cc:c7:07:59:1c:45:9e:7e:94:75:c1:2c:e1:b1:6e:
                    93:73:4a:de:db:2d:fc:2c:42:0d:68:e7:95:fe:cc:
                    26:ef:d4:bb:af:c9:96:8a:43:e8:7e:37:69:4b:ad:
                    12:75:06:8d:30:8c:14:ff:85:8e:1f:19:6c:e6:18:
                    be:69:db:e5:ff:2f:a9:c7:50:6d:10:3a:39:62:4e:
                    b0:c3:d0:44:50:5c:6b:72:d2:2e:e1:fa:68:1b:27:
                    04:79:65:35:d2:0e:77:8a:ad:1c:89:7a:35:19:72:
                    ea:08:8c:d9:b9:92:82:6b:65:aa:9d:26:be:9c:c8:
                    10:cd:61:5b:be:f1:ba:26:0c:7d:19:7b:f0:ab:c8:
                    fd:29:4a:ff:c1:2d:32:37:18:98:9e:c8:78:a2:a5:
                    a7:74:6b:bd:f5:ca:ba:4c:30:be:39:37:48:6d:5d:
                    5d:1f:12:f5:fb:10:6e:19:0f:ab:e1:ab:a0:66:11:
                    45:48:d0:c2:41:0c:91:00:53:68:c8:20:ff:a5:85:
                    99:3e:ac:9c:92:a0:7b:67:2b:9c:f3:83:d9:b7:9d:
                    42:30:22:e9:70:30:8b:9c:22:c1:ef:47:99:4f:44:
                    1a:74:57:62:ad:af:63:45:c9:df:16:0c:55:61:df:
                    57:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:63:C5:B6:1C:49:EC:5D:A6:49:E9:76:4B:95:44:B1:62:F9:71:DB
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/U2PFthxJ7F2mSel2S5VEsWL5cds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.181.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         06:df:75:63:5a:1b:50:17:b5:17:f3:08:da:9b:50:78:d8:81:
         d6:22:64:3e:80:d0:15:60:32:4c:55:de:4b:4a:c1:0e:47:4a:
         45:a6:09:12:93:11:bd:68:d3:38:b9:fe:5d:95:f6:d8:4a:de:
         2a:76:dc:12:06:35:17:81:bd:1d:20:99:17:cf:61:77:8f:27:
         59:11:d2:95:b1:6a:c8:d3:df:4f:3f:73:1d:d6:70:bc:b2:a6:
         4f:db:7c:f1:83:a0:12:a4:1d:ff:63:85:b5:69:4c:97:16:f8:
         2b:84:cf:b9:6f:ae:3f:d7:ff:99:f2:17:19:0a:25:6b:44:77:
         92:de:61:18:52:35:db:f1:93:36:79:2e:25:66:c7:db:bc:4e:
         e3:aa:3d:db:69:a1:f5:4e:13:b7:76:4a:36:43:e4:9c:ef:2b:
         52:86:f4:1d:ed:6f:af:ed:9d:65:f6:f4:99:23:18:81:91:69:
         c9:90:df:0f:cb:97:83:9c:c9:3c:cd:44:b3:e1:f6:4c:46:d1:
         b6:97:b5:df:6e:ec:40:3c:57:c9:04:8e:88:5b:06:68:fb:0d:
         92:2e:54:13:4d:56:29:a7:24:ed:57:c5:0d:9b:1b:a7:54:af:
         65:97:03:71:a5:ae:18:b3:a6:76:b8:a9:e4:a7:45:bd:63:5a:
         e2:49:ee:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZY9fMmXg5dbsQzTqMCy+uUrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjUwNDE2MDcyNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzYzYzViNjFjNDllYzVkYTY0OWU5NzY0Yjk1NDRiMTYyZjk3MWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxys8WJ+x7VgP+LBPbAzMxwdZHEWe
fpR1wSzhsW6Tc0re2y38LEINaOeV/swm79S7r8mWikPofjdpS60SdQaNMIwU/4WO
Hxls5hi+advl/y+px1BtEDo5Yk6ww9BEUFxrctIu4fpoGycEeWU10g53iq0ciXo1
GXLqCIzZuZKCa2WqnSa+nMgQzWFbvvG6Jgx9GXvwq8j9KUr/wS0yNxiYnsh4oqWn
dGu99cq6TDC+OTdIbV1dHxL1+xBuGQ+r4augZhFFSNDCQQyRAFNoyCD/pYWZPqyc
kqB7Zyuc84PZt51CMCLpcDCLnCLB70eZT0QadFdira9jRcnfFgxVYd9XhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFNjxbYcSexdpknpdkuVRLFi+XHbMB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvVTJQRnRoeEo3RjJtU2VsMlM1VkVzV0w1Y2RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2bVIMA0G
CSqGSIb3DQEBCwUAA4IBAQAG33VjWhtQF7UX8wjam1B42IHWImQ+gNAVYDJMVd5L
SsEOR0pFpgkSkxG9aNM4uf5dlfbYSt4qdtwSBjUXgb0dIJkXz2F3jydZEdKVsWrI
099PP3Md1nC8sqZP23zxg6ASpB3/Y4W1aUyXFvgrhM+5b64/1/+Z8hcZCiVrRHeS
3mEYUjXb8ZM2eS4lZsfbvE7jqj3baaH1ThO3dko2Q+Sc7ytShvQd7W+v7Z1l9vSZ
IxiBkWnJkN8Py5eDnMk8zUSz4fZMRtG2l7XfbuxAPFfJBI6IWwZo+w2SLlQTTVYp
pyTtV8UNmxunVK9llwNxpa4Ys6Z2uKnkp0W9Y1riSe6Z
-----END CERTIFICATE-----