Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/G2tkwYCq1epLdMKie4LX8cE5P9o.roa
File:                     G2tkwYCq1epLdMKie4LX8cE5P9o.roa (raw, json)
Hash identifier:          Ni0rFUe2dYAkDiA5++8GEYEiYsMyJpa7zDTHqDytp8k=
Subject key identifier:   1B:6B:64:C1:80:AA:D5:EA:4B:74:C2:A2:7B:82:D7:F1:C1:39:3F:DA
Certificate issuer:       /CN=bf84113545d9000760f66062a4221933a2e959d8
Certificate serial:       019422FB67EAD6DF66A42B8F3E004CA06B34
Authority key identifier: BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/G2tkwYCq1epLdMKie4LX8cE5P9o.roa
Signing time:             Wed 01 Jan 2025 17:48:08 +0000
ROA not before:           Wed 01 Jan 2025 17:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214774
IP address blocks:        109.107.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:67:ea:d6:df:66:a4:2b:8f:3e:00:4c:a0:6b:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf84113545d9000760f66062a4221933a2e959d8
        Validity
            Not Before: Jan  1 17:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b6b64c180aad5ea4b74c2a27b82d7f1c1393fda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:a7:20:52:0d:1d:6d:29:7f:f0:06:5b:45:40:
                    f0:b9:c5:b1:fc:b4:f5:3d:6e:98:61:5d:51:79:56:
                    2d:f0:c4:d3:a9:51:fa:27:c0:41:3f:af:fc:c4:fb:
                    76:d4:de:f2:7b:ea:a0:70:83:a5:c7:0a:ab:66:8f:
                    92:26:38:8f:d2:c9:9a:33:c5:16:2d:9c:f1:8d:b7:
                    e1:e8:82:fe:c9:d7:b6:84:c8:e0:01:e4:ee:ef:5a:
                    28:9d:d6:a3:41:d3:13:53:a0:d6:bc:24:0f:4f:79:
                    ae:b7:a0:51:26:e6:16:6c:be:64:3d:d2:5d:f2:7a:
                    a6:2b:49:bb:c1:ed:a2:4e:59:99:cd:ad:39:00:c2:
                    b1:8d:91:78:96:fb:ec:73:ea:4e:23:d5:a0:b3:44:
                    5b:85:1e:d7:2f:5f:46:d7:69:36:67:39:ed:bc:a2:
                    ca:ce:7f:2e:0a:13:f4:73:e0:b4:4e:0d:51:37:af:
                    dc:7d:0e:ed:11:b2:74:c0:d5:16:5f:e5:28:94:cd:
                    50:85:b2:60:2f:d2:88:e5:80:c7:9c:10:dc:45:84:
                    fb:8b:1a:e2:1e:38:6f:ec:a3:28:44:f4:33:c3:15:
                    1e:7c:ca:40:0c:82:0d:f6:55:18:6f:1e:d7:42:df:
                    f9:a6:35:18:66:a3:4a:00:62:15:6f:08:32:31:7d:
                    c4:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:6B:64:C1:80:AA:D5:EA:4B:74:C2:A2:7B:82:D7:F1:C1:39:3F:DA
            X509v3 Authority Key Identifier:
                keyid:BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/G2tkwYCq1epLdMKie4LX8cE5P9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.107.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:e8:f8:4e:40:b9:55:04:67:83:d7:48:95:c9:74:6a:35:f9:
         f2:a1:1e:6c:fa:27:f3:03:ff:c7:a8:5d:32:39:7c:2d:82:94:
         79:c5:77:9e:33:af:a7:49:56:6d:60:71:4c:1e:6c:67:91:f8:
         c5:68:60:ff:31:85:bc:43:00:b2:d6:45:ac:ab:2f:eb:b5:f8:
         4a:14:e2:f6:b7:97:e3:a7:da:95:e2:ee:45:49:17:f4:0a:58:
         cc:11:a7:b7:ff:02:27:5e:ef:55:77:35:c6:13:b0:85:ec:ca:
         e4:62:d0:0f:47:70:05:20:b4:15:1a:d6:86:80:a2:e6:f1:3b:
         92:5f:cc:83:a2:54:7f:1a:73:c4:aa:40:42:be:e9:a4:19:ca:
         97:a1:13:d5:71:3b:04:c7:f4:7f:67:3a:40:01:7c:30:35:2b:
         67:40:99:f1:29:09:23:13:77:b6:4c:a3:5e:a8:82:29:e2:3a:
         ca:f4:24:a2:6a:bd:a9:c8:f3:68:62:0a:28:03:9c:31:4f:84:
         a1:af:67:49:a1:e9:a2:77:55:16:a5:d4:31:66:50:7c:73:c3:
         67:f0:ce:4b:e0:f6:f1:9c:e4:a6:d1:e6:75:7c:20:6d:d4:07:
         81:2f:6a:34:ee:98:df:d8:07:31:e2:c6:0c:e0:7c:eb:d1:19:
         fd:c8:07:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+2fq1t9mpCuPPgBMoGs0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODQxMTM1NDVkOTAwMDc2MGY2NjA2MmE0MjIxOTMzYTJl
OTU5ZDgwHhcNMjUwMTAxMTc0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjZiNjRjMTgwYWFkNWVhNGI3NGMyYTI3YjgyZDdmMWMxMzkzZmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqcgUg0dbSl/8AZbRUDwucWx/LT1
PW6YYV1ReVYt8MTTqVH6J8BBP6/8xPt21N7ye+qgcIOlxwqrZo+SJjiP0smaM8UW
LZzxjbfh6IL+yde2hMjgAeTu71oondajQdMTU6DWvCQPT3mut6BRJuYWbL5kPdJd
8nqmK0m7we2iTlmZza05AMKxjZF4lvvsc+pOI9Wgs0RbhR7XL19G12k2ZzntvKLK
zn8uChP0c+C0Tg1RN6/cfQ7tEbJ0wNUWX+UolM1QhbJgL9KI5YDHnBDcRYT7ixri
Hjhv7KMoRPQzwxUefMpADIIN9lUYbx7XQt/5pjUYZqNKAGIVbwgyMX3EKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBtrZMGAqtXqS3TConuC1/HBOT/aMB8GA1UdIwQY
MBaAFL+EETVF2QAHYPZgYqQiGTOi6VnYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEt
NGJkNjNhZGM3MzU0LzEvRzJ0a3dZQ3ExZXBMZE1LaWU0TFg4Y0U1UDlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEtNGJkNjNhZGM3MzU0
LzEvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbWubMA0G
CSqGSIb3DQEBCwUAA4IBAQBr6PhOQLlVBGeD10iVyXRqNfnyoR5s+ifzA//HqF0y
OXwtgpR5xXeeM6+nSVZtYHFMHmxnkfjFaGD/MYW8QwCy1kWsqy/rtfhKFOL2t5fj
p9qV4u5FSRf0CljMEae3/wInXu9VdzXGE7CF7MrkYtAPR3AFILQVGtaGgKLm8TuS
X8yDolR/GnPEqkBCvumkGcqXoRPVcTsEx/R/ZzpAAXwwNStnQJnxKQkjE3e2TKNe
qIIp4jrK9CSiar2pyPNoYgooA5wxT4Shr2dJoemid1UWpdQxZlB8c8Nn8M5L4Pbx
nOSm0eZ1fCBt1AeBL2o07pjf2Acx4sYM4Hzr0Rn9yAcP
-----END CERTIFICATE-----