Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/XvdZjHdH4roL3vKKpJshaB67mqA.roa
File:                     XvdZjHdH4roL3vKKpJshaB67mqA.roa (raw, json)
Hash identifier:          4CjYFZcTpEpMRn3L13rpzjCcJLZwqNWxhO2FrzWnsn4=
Subject key identifier:   5E:F7:59:8C:77:47:E2:BA:0B:DE:F2:8A:A4:9B:21:68:1E:BB:9A:A0
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       018E74B298B1BD749F8952436039FB25CFC9
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/XvdZjHdH4roL3vKKpJshaB67mqA.roa
Signing time:             Mon 25 Mar 2024 08:20:45 +0000
ROA not before:           Mon 25 Mar 2024 08:20:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        109.121.34.0/24 maxlen: 24
                          109.121.44.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:74:b2:98:b1:bd:74:9f:89:52:43:60:39:fb:25:cf:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Mar 25 08:20:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ef7598c7747e2ba0bdef28aa49b21681ebb9aa0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:d3:94:f9:8a:c3:b3:f2:82:c0:b5:40:4d:be:
                    96:05:5a:6c:68:4d:ec:ae:61:d3:89:6c:f9:76:1c:
                    a9:a3:ef:c3:70:d1:f9:18:5c:84:ec:55:94:d1:11:
                    5d:67:a1:90:16:a9:61:bb:d1:8e:e3:b4:0e:51:b2:
                    32:70:aa:e7:40:35:f3:dc:9f:79:53:bb:8b:31:3d:
                    74:73:0e:74:6b:a1:fb:ba:09:ad:c6:00:df:e7:ae:
                    71:1b:de:3e:14:e5:09:d0:91:98:27:99:54:bb:3d:
                    bc:bd:62:37:92:98:76:47:9c:fd:02:8c:6c:ab:1f:
                    54:10:01:25:c6:29:6c:c8:43:58:4a:1f:70:40:d8:
                    58:dc:08:f3:2f:9a:49:cb:c2:4e:d3:33:a9:a7:4c:
                    49:9b:7e:38:68:2a:7c:97:c5:86:bf:fd:62:3b:c6:
                    e3:21:d2:2e:84:85:e9:17:9f:4e:4f:c0:42:1a:f6:
                    53:19:f6:69:76:d7:d6:22:ac:0f:bb:7a:d9:24:5e:
                    30:f0:bc:4f:02:b1:fc:4e:eb:a2:9d:6c:31:1d:29:
                    3d:8f:bf:2f:f1:21:d1:a9:b3:5e:65:a6:a7:d1:69:
                    7d:22:97:ca:9a:42:49:ce:85:b4:bf:57:bd:77:d7:
                    9a:7b:cb:66:16:a9:9a:11:21:89:5e:d7:42:4d:95:
                    09:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:F7:59:8C:77:47:E2:BA:0B:DE:F2:8A:A4:9B:21:68:1E:BB:9A:A0
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/XvdZjHdH4roL3vKKpJshaB67mqA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.121.34.0/24
                  109.121.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:14:d1:4e:67:f5:a5:8b:b7:9b:7a:6d:a6:1a:a4:89:ad:73:
         5c:a4:83:b6:82:15:29:c4:e9:c9:d0:91:ec:78:77:71:90:58:
         ce:d8:1f:5e:94:a8:a4:26:6d:cc:20:ab:5f:4b:1d:fc:c2:f4:
         34:97:99:ad:61:dd:ed:98:21:3e:33:8a:f9:3f:28:32:5a:19:
         48:b8:aa:70:4c:a5:68:1b:6b:f9:35:1f:61:5d:79:f7:0e:63:
         58:ad:be:63:76:17:dd:54:c3:d1:21:11:08:1f:7f:95:6c:f5:
         fe:06:c2:b5:a1:cb:58:a3:d2:fd:98:8d:42:c6:35:64:18:7b:
         a7:92:d9:17:95:81:6e:4e:f3:03:2f:5c:46:e8:19:8d:f2:86:
         c4:bc:b5:85:cc:b1:5f:11:bb:49:ea:ba:46:75:c4:3d:83:f2:
         aa:24:a4:4c:5a:de:4c:38:88:5c:64:69:3a:0d:95:bf:df:7e:
         50:e4:49:07:48:68:57:41:28:07:2c:bd:30:b3:00:1f:70:ce:
         1e:47:ba:38:57:46:ae:d9:ea:fb:8c:b4:93:9e:67:d2:ec:4b:
         b0:fb:96:33:fa:0e:35:3d:5f:d3:93:7e:6c:fd:41:4a:b9:94:
         68:7a:2c:ac:57:59:d6:f6:f3:34:91:d0:fd:61:a4:69:57:ca:
         40:1c:c9:cd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY50spixvXSfiVJDYDn7Jc/JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjQwMzI1MDgyMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWY3NTk4Yzc3NDdlMmJhMGJkZWYyOGFhNDliMjE2ODFlYmI5YWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqNOU+YrDs/KCwLVATb6WBVpsaE3s
rmHTiWz5dhypo+/DcNH5GFyE7FWU0RFdZ6GQFqlhu9GO47QOUbIycKrnQDXz3J95
U7uLMT10cw50a6H7ugmtxgDf565xG94+FOUJ0JGYJ5lUuz28vWI3kph2R5z9Aoxs
qx9UEAElxilsyENYSh9wQNhY3AjzL5pJy8JO0zOpp0xJm344aCp8l8WGv/1iO8bj
IdIuhIXpF59OT8BCGvZTGfZpdtfWIqwPu3rZJF4w8LxPArH8TuuinWwxHSk9j78v
8SHRqbNeZaan0Wl9IpfKmkJJzoW0v1e9d9eae8tmFqmaESGJXtdCTZUJXwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF73WYx3R+K6C97yiqSbIWgeu5qgMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvWHZkWmpIZEg0cm9MM3ZLS3BKc2hhQjY3bXFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbXkiAwQA
bXksMA0GCSqGSIb3DQEBCwUAA4IBAQAnFNFOZ/Wli7ebem2mGqSJrXNcpIO2ghUp
xOnJ0JHseHdxkFjO2B9elKikJm3MIKtfSx38wvQ0l5mtYd3tmCE+M4r5PygyWhlI
uKpwTKVoG2v5NR9hXXn3DmNYrb5jdhfdVMPRIREIH3+VbPX+BsK1octYo9L9mI1C
xjVkGHunktkXlYFuTvMDL1xG6BmN8obEvLWFzLFfEbtJ6rpGdcQ9g/KqJKRMWt5M
OIhcZGk6DZW/335Q5EkHSGhXQSgHLL0wswAfcM4eR7o4V0au2er7jLSTnmfS7Euw
+5Yz+g41PV/Tk35s/UFKuZRoeiysV1nW9vM0kdD9YaRpV8pAHMnN
-----END CERTIFICATE-----