Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/d7P5Bq3TIG8eQBq_MgO4sLnqZEM.roa
File:                     d7P5Bq3TIG8eQBq_MgO4sLnqZEM.roa (raw, json)
Hash identifier:          P+Ic2NHYAHDXXqXks+xuGxIUO37RpnDAP1ww2dwsxXQ=
Subject key identifier:   77:B3:F9:06:AD:D3:20:6F:1E:40:1A:BF:32:03:B8:B0:B9:EA:64:43
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       018F6E6B4F979D7D524DAF0D6F7A3161517D
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/d7P5Bq3TIG8eQBq_MgO4sLnqZEM.roa
Signing time:             Sun 12 May 2024 20:07:57 +0000
ROA not before:           Sun 12 May 2024 20:07:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        109.111.40.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 13:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:6e:6b:4f:97:9d:7d:52:4d:af:0d:6f:7a:31:61:51:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: May 12 20:07:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=77b3f906add3206f1e401abf3203b8b0b9ea6443
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:f1:ef:f6:a6:8b:85:bd:33:05:77:42:3a:3d:
                    62:9e:fe:2f:56:91:91:1f:f7:01:67:f5:0f:2f:b7:
                    03:d5:59:96:cb:24:6f:91:19:d8:72:49:db:36:b1:
                    a6:d4:d0:3a:42:4f:05:2f:ac:86:a4:24:b6:95:59:
                    9b:80:89:d1:db:55:b1:93:74:bd:ce:88:46:1b:25:
                    03:ed:7e:46:d6:ea:ad:8c:a9:58:9c:e9:2e:55:92:
                    a0:39:6f:60:93:42:b4:23:e7:b7:75:7c:90:69:c9:
                    fa:51:ac:b5:12:92:ba:9e:06:ef:dd:3f:fd:0b:20:
                    12:76:c7:d8:71:96:eb:4a:90:53:0e:56:39:2c:d8:
                    98:4c:83:59:52:69:bb:6f:e1:0e:4d:93:38:40:ad:
                    50:c1:99:07:2b:0f:11:5e:39:84:f2:e0:02:d0:2a:
                    70:97:b3:7f:de:48:ce:f3:b2:30:80:2f:38:ca:55:
                    1d:27:c3:30:a1:7f:ba:4e:7b:bb:31:32:7d:15:72:
                    eb:20:fb:9a:6b:04:f7:b1:42:13:5f:5a:26:f4:26:
                    5b:3c:5c:0d:1f:4a:51:b5:81:30:42:80:14:8a:3e:
                    3e:e3:ad:3f:72:0c:19:e4:69:89:7c:ab:29:06:65:
                    5e:cb:e8:8c:90:1f:9b:92:b5:be:25:93:0c:15:55:
                    df:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:B3:F9:06:AD:D3:20:6F:1E:40:1A:BF:32:03:B8:B0:B9:EA:64:43
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/d7P5Bq3TIG8eQBq_MgO4sLnqZEM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.111.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         91:02:e3:43:59:bb:ab:b6:d9:82:57:dd:e1:ab:12:30:55:92:
         6a:70:8b:ec:a7:ad:76:cd:43:b7:5a:29:44:4a:d2:f7:5f:e4:
         dc:07:3b:5b:de:a8:7d:a0:91:6b:d5:30:85:ac:11:17:4a:b5:
         9c:21:63:ca:1c:d9:d5:90:5c:cc:b6:93:24:aa:ff:45:6f:f2:
         21:1f:d0:05:2c:a6:45:dc:69:da:35:74:55:42:6b:0a:74:4e:
         0c:6a:61:90:cd:52:51:3f:06:6d:7b:8c:2a:b4:40:62:0b:c9:
         9d:99:05:92:a4:98:75:ee:77:02:fb:dc:86:2e:0d:30:12:54:
         2c:6d:ce:e8:aa:cd:8d:a6:2b:26:89:c0:d5:ed:57:95:8b:8f:
         b4:66:88:b7:e9:80:8d:2e:7a:70:0f:62:6a:f0:d3:6f:f2:f4:
         a1:d6:f3:9b:39:53:f2:d3:16:52:8b:0c:bb:10:40:25:39:66:
         f9:d4:ea:c3:5f:21:d3:1a:14:c3:3b:93:fe:e4:66:81:d2:57:
         5c:85:35:44:cb:0d:f1:4b:8a:bd:28:ca:57:13:5f:c8:2b:6a:
         da:d2:c8:1d:27:55:48:01:62:66:c5:d6:40:aa:9d:c6:ca:59:
         e4:33:73:ca:f4:7b:82:12:4b:0f:82:dc:50:2d:a4:f5:21:72:
         56:7d:0b:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9ua0+XnX1STa8Nb3oxYVF9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQwNTEyMjAwNzU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2IzZjkwNmFkZDMyMDZmMWU0MDFhYmYzMjAzYjhiMGI5ZWE2NDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApvHv9qaLhb0zBXdCOj1inv4vVpGR
H/cBZ/UPL7cD1VmWyyRvkRnYcknbNrGm1NA6Qk8FL6yGpCS2lVmbgInR21Wxk3S9
zohGGyUD7X5G1uqtjKlYnOkuVZKgOW9gk0K0I+e3dXyQacn6Uay1EpK6ngbv3T/9
CyASdsfYcZbrSpBTDlY5LNiYTINZUmm7b+EOTZM4QK1QwZkHKw8RXjmE8uAC0Cpw
l7N/3kjO87IwgC84ylUdJ8MwoX+6Tnu7MTJ9FXLrIPuaawT3sUITX1om9CZbPFwN
H0pRtYEwQoAUij4+460/cgwZ5GmJfKspBmVey+iMkB+bkrW+JZMMFVXfCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHez+Qat0yBvHkAavzIDuLC56mRDMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvZDdQNUJxM1RJRzhlUUJxX01nTzRzTG5xWkVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCbW8oMA0G
CSqGSIb3DQEBCwUAA4IBAQCRAuNDWburttmCV93hqxIwVZJqcIvsp612zUO3WilE
StL3X+TcBztb3qh9oJFr1TCFrBEXSrWcIWPKHNnVkFzMtpMkqv9Fb/IhH9AFLKZF
3GnaNXRVQmsKdE4MamGQzVJRPwZte4wqtEBiC8mdmQWSpJh17ncC+9yGLg0wElQs
bc7oqs2NpismicDV7VeVi4+0Zoi36YCNLnpwD2Jq8NNv8vSh1vObOVPy0xZSiwy7
EEAlOWb51OrDXyHTGhTDO5P+5GaB0ldchTVEyw3xS4q9KMpXE1/IK2ra0sgdJ1VI
AWJmxdZAqp3GylnkM3PK9HuCEksPgtxQLaT1IXJWfQv+
-----END CERTIFICATE-----