Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/cEYTUY2Gv5LvKwUtgUiMbfW42x8.roa
File:                     cEYTUY2Gv5LvKwUtgUiMbfW42x8.roa (raw, json)
Hash identifier:          BOXTdJAmCdGBr2zJ/vykA1bxEvQmFyIrI1sVhgTtVSE=
Subject key identifier:   70:46:13:51:8D:86:BF:92:EF:2B:05:2D:81:48:8C:6D:F5:B8:DB:1F
Certificate issuer:       /CN=bf84113545d9000760f66062a4221933a2e959d8
Certificate serial:       019422FB5E3669989059E529CEB102CDEC51
Authority key identifier: BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/cEYTUY2Gv5LvKwUtgUiMbfW42x8.roa
Signing time:             Wed 01 Jan 2025 17:48:06 +0000
ROA not before:           Wed 01 Jan 2025 17:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        109.107.155.0/24 maxlen: 24
                          194.39.110.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:5e:36:69:98:90:59:e5:29:ce:b1:02:cd:ec:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf84113545d9000760f66062a4221933a2e959d8
        Validity
            Not Before: Jan  1 17:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=704613518d86bf92ef2b052d81488c6df5b8db1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:2c:34:31:6e:e5:f2:fe:5b:06:41:5d:a2:90:
                    d8:1a:92:6e:cb:f7:b6:ad:9e:28:53:30:86:5d:d5:
                    9e:77:60:1c:12:0a:37:bb:0a:25:7b:5b:d8:e5:9e:
                    38:73:3e:19:8b:b9:9b:59:f7:e2:a8:65:b9:3c:09:
                    82:d5:be:74:22:4e:97:dd:92:15:7d:39:fe:00:2a:
                    24:1e:3c:a1:93:ad:6a:c5:10:2b:74:0e:f7:4a:f7:
                    22:d3:9e:c1:2a:50:ab:64:65:77:76:7b:84:73:90:
                    e6:98:1c:6c:45:ca:ff:ed:b8:3e:25:59:29:65:f2:
                    de:08:ea:e2:84:76:21:7f:00:f5:56:60:bb:7d:ce:
                    81:30:f4:91:03:96:28:8d:6e:c4:4b:47:94:e5:66:
                    92:e9:de:a8:2f:7d:70:4e:b6:ff:45:1b:19:52:ab:
                    33:13:00:21:57:36:35:61:75:e8:17:54:22:1d:6c:
                    0c:b6:82:9a:ae:a5:65:56:3c:d1:b5:24:9d:86:20:
                    3c:ec:36:a8:94:a3:f6:36:99:67:06:23:9f:3e:00:
                    9c:8e:1d:91:4a:38:cc:ff:d7:33:9e:0d:72:c6:df:
                    ab:b9:63:66:e9:26:e7:92:ef:42:98:8e:72:f3:13:
                    5f:cc:80:ad:02:d5:0a:00:ad:02:82:69:67:8f:5f:
                    d4:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:46:13:51:8D:86:BF:92:EF:2B:05:2D:81:48:8C:6D:F5:B8:DB:1F
            X509v3 Authority Key Identifier:
                keyid:BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/cEYTUY2Gv5LvKwUtgUiMbfW42x8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.107.155.0/24
                  194.39.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:ce:71:eb:7d:c2:f2:d7:a5:f0:ba:55:3d:b9:b8:03:70:d7:
         cf:31:dc:ea:d4:61:23:fe:66:d2:21:6c:6b:2e:1b:37:f1:47:
         39:0e:b1:84:71:12:b7:52:eb:d2:19:9e:22:c6:33:bf:41:32:
         f7:86:e4:d5:21:9f:72:18:4b:36:c0:95:c3:19:21:6f:3b:28:
         91:6e:6b:39:26:02:ab:9a:bd:f3:f3:fb:07:94:35:a9:c9:ea:
         e1:52:12:3d:b0:d5:53:12:67:f7:64:e6:de:ad:fc:1f:a8:95:
         c3:eb:f1:00:49:85:02:28:9f:e0:00:83:71:83:5e:3e:e7:be:
         e5:67:cb:3d:45:89:7a:dd:c9:83:3d:14:bd:23:cd:eb:dd:6b:
         3f:6a:10:7e:df:7c:41:d4:c8:3b:af:41:ca:72:e1:29:c7:e7:
         c1:63:02:8e:23:6d:ad:5b:0d:ba:79:f4:90:1e:39:0e:d3:fd:
         11:f2:07:9a:df:7f:8a:52:33:16:38:48:81:3a:27:ac:26:19:
         c6:06:a4:2b:d6:36:03:be:37:af:de:d6:45:10:d0:ce:43:2f:
         96:62:06:08:04:58:c7:a5:96:b2:60:02:91:44:9e:74:35:29:
         cf:38:6a:cc:95:e2:d9:9c:9f:69:72:06:1c:23:66:e9:e6:a7:
         02:c2:0d:3c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQi+142aZiQWeUpzrECzexRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODQxMTM1NDVkOTAwMDc2MGY2NjA2MmE0MjIxOTMzYTJl
OTU5ZDgwHhcNMjUwMTAxMTc0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDQ2MTM1MThkODZiZjkyZWYyYjA1MmQ4MTQ4OGM2ZGY1YjhkYjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlCw0MW7l8v5bBkFdopDYGpJuy/e2
rZ4oUzCGXdWed2AcEgo3uwole1vY5Z44cz4Zi7mbWffiqGW5PAmC1b50Ik6X3ZIV
fTn+ACokHjyhk61qxRArdA73Svci057BKlCrZGV3dnuEc5DmmBxsRcr/7bg+JVkp
ZfLeCOrihHYhfwD1VmC7fc6BMPSRA5YojW7ES0eU5WaS6d6oL31wTrb/RRsZUqsz
EwAhVzY1YXXoF1QiHWwMtoKarqVlVjzRtSSdhiA87DaolKP2NplnBiOfPgCcjh2R
SjjM/9czng1yxt+ruWNm6Sbnku9CmI5y8xNfzICtAtUKAK0Cgmlnj1/U+wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHBGE1GNhr+S7ysFLYFIjG31uNsfMB8GA1UdIwQY
MBaAFL+EETVF2QAHYPZgYqQiGTOi6VnYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEt
NGJkNjNhZGM3MzU0LzEvY0VZVFVZMkd2NUx2S3dVdGdVaU1iZlc0Mng4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEtNGJkNjNhZGM3MzU0
LzEvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbWubAwQA
widuMA0GCSqGSIb3DQEBCwUAA4IBAQCcznHrfcLy16XwulU9ubgDcNfPMdzq1GEj
/mbSIWxrLhs38Uc5DrGEcRK3UuvSGZ4ixjO/QTL3huTVIZ9yGEs2wJXDGSFvOyiR
bms5JgKrmr3z8/sHlDWpyerhUhI9sNVTEmf3ZOberfwfqJXD6/EASYUCKJ/gAINx
g14+577lZ8s9RYl63cmDPRS9I83r3Ws/ahB+33xB1Mg7r0HKcuEpx+fBYwKOI22t
Ww26efSQHjkO0/0R8gea33+KUjMWOEiBOiesJhnGBqQr1jYDvjev3tZFENDOQy+W
YgYIBFjHpZayYAKRRJ50NSnPOGrMleLZnJ9pcgYcI2bp5qcCwg08
-----END CERTIFICATE-----