Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/lU9bl4hVEw5hzibuRIs13xmbj9M.roa
File:                     lU9bl4hVEw5hzibuRIs13xmbj9M.roa (raw, json)
Hash identifier:          ZUdsZ2gex8weJr9deejWFGIwiEepSjgNX4ZZr24MPDg=
Subject key identifier:   95:4F:5B:97:88:55:13:0E:61:CE:26:EE:44:8B:35:DF:19:9B:8F:D3
Certificate issuer:       /CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
Certificate serial:       01942369FDBF9DF86EC16599E4392FE090C5
Authority key identifier: 1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/lU9bl4hVEw5hzibuRIs13xmbj9M.roa
Signing time:             Wed 01 Jan 2025 19:48:56 +0000
ROA not before:           Wed 01 Jan 2025 19:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208392
IP address blocks:        109.120.145.0/24 maxlen: 24
                          109.120.146.0/24 maxlen: 24
                          176.98.179.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 09:01:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:fd:bf:9d:f8:6e:c1:65:99:e4:39:2f:e0:90:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
        Validity
            Not Before: Jan  1 19:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=954f5b978855130e61ce26ee448b35df199b8fd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:c8:fe:c8:a1:f4:d0:24:a6:96:a2:91:c2:6c:
                    8f:1e:33:a2:69:0a:ad:9e:70:a2:a2:3c:68:a0:76:
                    09:9a:8a:c3:9d:cf:30:1c:74:59:45:b5:fa:0f:e1:
                    d7:73:9e:62:bf:e1:91:c8:c8:0c:4c:98:c4:7a:6e:
                    68:a1:ad:e7:03:7e:72:1c:d6:42:b8:ec:3e:0f:5e:
                    0c:3c:4c:ec:fa:20:7d:12:76:8b:3d:99:e1:5e:77:
                    00:c8:7d:71:ab:f4:b2:b3:cf:01:9b:cf:bb:31:b7:
                    c5:32:f9:34:e2:07:a9:87:f2:47:0f:10:81:15:dd:
                    54:c8:bb:c2:ff:a6:cc:79:61:91:f6:66:de:be:53:
                    19:07:f3:28:87:d5:02:1c:51:73:8c:df:af:7d:5e:
                    5e:b9:01:a0:60:b7:00:7e:ab:4a:79:b3:3d:21:28:
                    94:a1:08:28:f6:fc:37:bf:75:9f:e6:9b:76:2f:0b:
                    6b:36:b4:86:14:1e:e3:3b:c6:dc:20:df:e2:94:59:
                    2c:fe:1a:d6:b8:5e:64:78:29:4a:4c:c9:2e:fa:24:
                    6f:24:86:0c:ab:10:64:cf:93:72:7b:a3:0f:01:a4:
                    9a:28:2a:50:1c:b7:24:23:d9:e1:77:ad:84:dd:cd:
                    72:ea:74:d3:ec:b1:aa:37:5b:0a:38:34:78:f4:03:
                    dd:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:4F:5B:97:88:55:13:0E:61:CE:26:EE:44:8B:35:DF:19:9B:8F:D3
            X509v3 Authority Key Identifier:
                keyid:1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/lU9bl4hVEw5hzibuRIs13xmbj9M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.120.145.0-109.120.146.255
                  176.98.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:bc:0d:0c:e9:7d:22:fa:a7:f5:3e:93:3e:d8:3d:49:34:a7:
         b6:6e:5a:71:82:87:29:bc:b0:47:1f:32:aa:d3:30:a3:5c:37:
         45:4d:84:e1:d2:cb:5f:45:16:f2:a5:2a:b7:54:91:df:30:f9:
         61:bf:1c:34:d2:bc:0f:c8:66:ea:83:97:33:0b:9b:35:b7:c7:
         c7:52:4b:e0:82:42:c5:c4:13:33:91:8a:c5:42:22:01:f8:61:
         61:85:cb:4a:54:b4:fb:4a:36:78:17:42:31:1c:eb:0d:5b:76:
         ce:c3:25:55:91:f6:28:e8:ea:4d:b7:5f:d6:32:f8:93:50:51:
         c1:08:01:50:27:f2:d2:68:a9:17:96:b9:3f:c5:eb:a2:a8:c0:
         0f:19:58:0d:26:52:51:da:cf:a7:22:6d:dc:af:a5:a3:84:b5:
         f7:66:e0:e7:1c:99:e8:b6:d6:99:6c:16:22:e2:1d:5d:2e:82:
         7a:6b:af:1d:71:3a:4a:19:9c:83:8b:65:20:bd:59:93:2e:ec:
         39:07:9a:29:1c:96:90:dd:97:80:4e:f9:08:ed:de:60:cb:51:
         40:d2:f8:6a:f8:c9:a5:55:01:d3:15:5e:1b:f8:16:60:2c:3d:
         b2:3f:8d:9a:a1:7b:73:13:2c:9b:53:a0:e6:96:02:17:78:29:
         14:85:4d:00
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQjaf2/nfhuwWWZ5Dkv4JDFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMmMyMTlmM2MyOTdiNzc1ODgwYzNiNjUxYTIwMDNmOWJl
NmRlNWUwHhcNMjUwMTAxMTk0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTRmNWI5Nzg4NTUxMzBlNjFjZTI2ZWU0NDhiMzVkZjE5OWI4ZmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAosj+yKH00CSmlqKRwmyPHjOiaQqt
nnCiojxooHYJmorDnc8wHHRZRbX6D+HXc55iv+GRyMgMTJjEem5ooa3nA35yHNZC
uOw+D14MPEzs+iB9EnaLPZnhXncAyH1xq/Sys88Bm8+7MbfFMvk04geph/JHDxCB
Fd1UyLvC/6bMeWGR9mbevlMZB/Moh9UCHFFzjN+vfV5euQGgYLcAfqtKebM9ISiU
oQgo9vw3v3Wf5pt2LwtrNrSGFB7jO8bcIN/ilFks/hrWuF5keClKTMku+iRvJIYM
qxBkz5Nye6MPAaSaKCpQHLckI9nhd62E3c1y6nTT7LGqN1sKODR49APdEQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFJVPW5eIVRMOYc4m7kSLNd8Zm4/TMB8GA1UdIwQY
MBaAFBssIZ88KXt3WIDDtlGiAD+b5t5eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEt
OTJjODFmMjJlNzEyLzEvbFU5Ymw0aFZFdzVoemlidVJJczEzeG1iajlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEtOTJjODFmMjJlNzEy
LzEvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBABteJED
BABteJIDBACwYrMwDQYJKoZIhvcNAQELBQADggEBAHy8DQzpfSL6p/U+kz7YPUk0
p7ZuWnGChym8sEcfMqrTMKNcN0VNhOHSy19FFvKlKrdUkd8w+WG/HDTSvA/IZuqD
lzMLmzW3x8dSS+CCQsXEEzORisVCIgH4YWGFy0pUtPtKNngXQjEc6w1bds7DJVWR
9ijo6k23X9Yy+JNQUcEIAVAn8tJoqReWuT/F66KowA8ZWA0mUlHaz6cibdyvpaOE
tfdm4Occmei21plsFiLiHV0ugnprrx1xOkoZnIOLZSC9WZMu7DkHmikclpDdl4BO
+Qjt3mDLUUDS+Gr4yaVVAdMVXhv4FmAsPbI/jZqhe3MTLJtToOaWAhd4KRSFTQA=
-----END CERTIFICATE-----