Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/7CPmL__8gA4lLs7QOSTCZXmCJZA.roa
File:                     7CPmL__8gA4lLs7QOSTCZXmCJZA.roa (raw, json)
Hash identifier:          GtV1L0m2RsX9Hqoq8q90eEy48paLDjo8TmbfnScifF8=
Subject key identifier:   EC:23:E6:2F:FF:FC:80:0E:25:2E:CE:D0:39:24:C2:65:79:82:25:90
Certificate issuer:       /CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
Certificate serial:       0194236A01B3B47B7C31DEB9091BA1448D71
Authority key identifier: 1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/7CPmL__8gA4lLs7QOSTCZXmCJZA.roa
Signing time:             Wed 01 Jan 2025 19:48:57 +0000
ROA not before:           Wed 01 Jan 2025 19:48:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216139
IP address blocks:        109.120.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:01:b3:b4:7b:7c:31:de:b9:09:1b:a1:44:8d:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
        Validity
            Not Before: Jan  1 19:48:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ec23e62ffffc800e252eced03924c26579822590
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:21:d7:c4:c3:f9:22:fe:1c:54:19:de:2a:80:
                    3a:e2:eb:4c:99:35:96:8a:a8:3a:09:38:79:e4:56:
                    89:33:d9:05:9c:66:13:1a:c0:57:9a:86:eb:bb:d2:
                    b1:ad:14:74:47:4a:ca:b5:51:99:a7:21:47:25:c9:
                    da:2c:ce:53:11:62:60:d3:05:df:53:ca:f3:0c:c3:
                    07:be:0c:0d:57:e2:2d:e2:53:da:d5:48:62:e7:1b:
                    43:39:48:d1:09:8d:8a:76:05:d1:d5:1c:c3:f4:c3:
                    5e:08:ef:14:d7:97:aa:6b:02:02:0a:96:3f:7d:d6:
                    d9:7f:d6:ca:61:7f:a3:e0:86:83:4d:c4:76:80:29:
                    a6:9e:b9:f9:5e:b6:22:4e:1c:8d:5f:c6:f7:1d:a8:
                    65:cf:8d:7f:f3:97:0b:03:a8:29:10:ae:78:69:bb:
                    32:64:75:49:23:1c:c3:8a:51:56:a2:6d:e6:d4:3f:
                    23:c9:db:48:35:71:fb:62:57:78:7d:e3:0d:93:e1:
                    ce:9c:48:8b:96:84:cf:ee:2d:17:03:4b:b5:51:91:
                    b9:63:38:ed:fa:30:7b:98:ca:af:f0:43:3c:a4:68:
                    a1:e2:1b:43:30:1a:31:90:a9:fa:fe:be:a8:e9:74:
                    f7:2f:86:de:21:ae:c5:d3:64:4a:06:fa:e4:d7:16:
                    ed:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:23:E6:2F:FF:FC:80:0E:25:2E:CE:D0:39:24:C2:65:79:82:25:90
            X509v3 Authority Key Identifier:
                keyid:1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/7CPmL__8gA4lLs7QOSTCZXmCJZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.120.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:f9:91:85:7d:db:54:c8:e0:71:f8:43:d8:b0:bb:e3:9c:76:
         ed:7c:e2:53:13:d5:09:80:5a:ec:68:e5:19:ee:e8:8a:25:ab:
         dd:42:ca:1c:d7:81:82:c9:ee:35:c1:17:66:b5:2c:ee:69:39:
         b6:ce:13:15:56:a6:eb:bb:fe:4c:d5:ca:23:5c:8e:46:cb:0b:
         e3:30:c0:ee:ab:a6:09:77:d0:5c:8e:40:39:88:d0:9c:27:24:
         69:eb:2d:7a:09:c3:9a:e5:5a:ea:77:cf:b1:af:c8:d7:40:53:
         c0:20:55:a1:25:af:56:56:ef:3c:fa:1a:61:0d:46:e0:0e:1a:
         7a:f0:4c:c4:7a:f8:01:fb:f0:14:ae:e4:82:18:22:9a:10:77:
         55:64:4f:ee:da:53:ba:6a:fe:34:de:75:8c:d9:fe:1c:b5:9b:
         89:06:4d:fa:15:04:1f:d5:ab:dc:47:52:28:a2:1c:bd:5a:b6:
         c5:07:22:f0:7c:92:39:e7:73:9a:f7:79:70:ed:ea:14:95:51:
         1a:52:7e:a2:32:eb:ea:0e:4e:09:f0:78:16:26:88:fb:05:7a:
         07:47:45:39:bc:13:ef:8d:45:fc:51:1f:a6:cf:e6:68:28:dc:
         e6:44:c5:10:ae:ff:98:b6:ca:50:c2:46:44:08:9a:18:bc:88:
         c5:0a:7f:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjagGztHt8Md65CRuhRI1xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMmMyMTlmM2MyOTdiNzc1ODgwYzNiNjUxYTIwMDNmOWJl
NmRlNWUwHhcNMjUwMTAxMTk0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzIzZTYyZmZmZmM4MDBlMjUyZWNlZDAzOTI0YzI2NTc5ODIyNTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkCHXxMP5Iv4cVBneKoA64utMmTWW
iqg6CTh55FaJM9kFnGYTGsBXmobru9KxrRR0R0rKtVGZpyFHJcnaLM5TEWJg0wXf
U8rzDMMHvgwNV+It4lPa1Uhi5xtDOUjRCY2KdgXR1RzD9MNeCO8U15eqawICCpY/
fdbZf9bKYX+j4IaDTcR2gCmmnrn5XrYiThyNX8b3Hahlz41/85cLA6gpEK54absy
ZHVJIxzDilFWom3m1D8jydtINXH7Yld4feMNk+HOnEiLloTP7i0XA0u1UZG5Yzjt
+jB7mMqv8EM8pGih4htDMBoxkKn6/r6o6XT3L4beIa7F02RKBvrk1xbt7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOwj5i///IAOJS7O0DkkwmV5giWQMB8GA1UdIwQY
MBaAFBssIZ88KXt3WIDDtlGiAD+b5t5eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEt
OTJjODFmMjJlNzEyLzEvN0NQbUxfXzhnQTRsTHM3UU9TVENaWG1DSlpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEtOTJjODFmMjJlNzEy
LzEvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXiaMA0G
CSqGSIb3DQEBCwUAA4IBAQB8+ZGFfdtUyOBx+EPYsLvjnHbtfOJTE9UJgFrsaOUZ
7uiKJavdQsoc14GCye41wRdmtSzuaTm2zhMVVqbru/5M1cojXI5GywvjMMDuq6YJ
d9BcjkA5iNCcJyRp6y16CcOa5Vrqd8+xr8jXQFPAIFWhJa9WVu88+hphDUbgDhp6
8EzEevgB+/AUruSCGCKaEHdVZE/u2lO6av403nWM2f4ctZuJBk36FQQf1avcR1Io
ohy9WrbFByLwfJI553Oa93lw7eoUlVEaUn6iMuvqDk4J8HgWJoj7BXoHR0U5vBPv
jUX8UR+mz+ZoKNzmRMUQrv+YtspQwkZECJoYvIjFCn+9
-----END CERTIFICATE-----