Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/1b8f2a-0abd-4ffb-82f6-ef3bbb05655e/1/75cGkrrgToCge7SV5YrDorYZZYc.roa
File:                     75cGkrrgToCge7SV5YrDorYZZYc.roa (raw, json)
Hash identifier:          U52+Lc076afThl2BeUfKhoaiZXYOX/A4VgnK2hFY7+g=
Subject key identifier:   EF:97:06:92:BA:E0:4E:80:A0:7B:B4:95:E5:8A:C3:A2:B6:19:65:87
Certificate issuer:       /CN=9b7d24416aa8a478b3ed36e2e65855d42259d9ee
Certificate serial:       018FF1A2780338738C2FC36893F8A50AF990
Authority key identifier: 9B:7D:24:41:6A:A8:A4:78:B3:ED:36:E2:E6:58:55:D4:22:59:D9:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m30kQWqopHiz7Tbi5lhV1CJZ2e4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/1b8f2a-0abd-4ffb-82f6-ef3bbb05655e/1/75cGkrrgToCge7SV5YrDorYZZYc.roa
Signing time:             Fri 07 Jun 2024 07:38:27 +0000
ROA not before:           Fri 07 Jun 2024 07:38:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44152
IP address blocks:        109.109.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/1b8f2a-0abd-4ffb-82f6-ef3bbb05655e/1/m30kQWqopHiz7Tbi5lhV1CJZ2e4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/1b8f2a-0abd-4ffb-82f6-ef3bbb05655e/1/m30kQWqopHiz7Tbi5lhV1CJZ2e4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m30kQWqopHiz7Tbi5lhV1CJZ2e4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:f1:a2:78:03:38:73:8c:2f:c3:68:93:f8:a5:0a:f9:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b7d24416aa8a478b3ed36e2e65855d42259d9ee
        Validity
            Not Before: Jun  7 07:38:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ef970692bae04e80a07bb495e58ac3a2b6196587
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:75:38:34:9f:e3:4a:c6:4f:73:9e:cb:a4:0e:
                    a1:b0:a1:15:5c:e3:b5:0c:88:6b:e2:c8:25:0e:b8:
                    f3:63:7f:f7:2e:cd:c9:0e:0e:16:5d:24:a2:f7:24:
                    6b:fd:d4:ad:4a:a0:6b:2e:36:df:39:dd:de:94:83:
                    32:1f:43:09:e7:98:c8:e9:bd:81:8c:fc:b7:f1:ec:
                    62:a1:a1:1e:b5:9f:a7:e3:1c:c3:2d:38:88:17:5b:
                    d0:e9:9f:2b:ae:e0:53:9c:fd:7b:0a:71:e3:f8:58:
                    dd:7b:af:76:7a:20:a1:84:39:90:52:31:90:7b:a5:
                    41:2f:7d:66:1a:44:82:b8:8a:06:d7:17:99:0a:07:
                    cd:86:ed:e2:fa:f2:45:5f:4f:5c:5c:c4:ec:92:92:
                    65:9d:a7:9e:bc:85:eb:5f:bf:f5:92:6b:97:27:f0:
                    8b:9c:a7:f4:35:8d:42:01:97:b1:ea:d2:e1:3d:98:
                    85:7a:7a:eb:f1:38:46:85:73:78:99:87:70:65:70:
                    69:41:b2:db:22:8c:69:d9:fc:cb:a9:e6:a0:ed:c9:
                    e3:70:2d:bb:13:fa:73:d4:9e:a3:52:75:fd:d4:ab:
                    f8:ad:ec:28:ee:f6:86:81:bf:78:34:73:94:d3:13:
                    f8:11:28:24:af:22:84:72:9e:45:cf:7e:a2:aa:e5:
                    c9:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:97:06:92:BA:E0:4E:80:A0:7B:B4:95:E5:8A:C3:A2:B6:19:65:87
            X509v3 Authority Key Identifier:
                keyid:9B:7D:24:41:6A:A8:A4:78:B3:ED:36:E2:E6:58:55:D4:22:59:D9:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m30kQWqopHiz7Tbi5lhV1CJZ2e4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/1b8f2a-0abd-4ffb-82f6-ef3bbb05655e/1/75cGkrrgToCge7SV5YrDorYZZYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/1b8f2a-0abd-4ffb-82f6-ef3bbb05655e/1/m30kQWqopHiz7Tbi5lhV1CJZ2e4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.109.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:9f:e8:bc:07:e2:63:9a:28:aa:35:62:18:4b:08:99:bb:e8:
         c6:29:0e:f8:5b:ca:b9:c8:94:da:13:12:b7:4f:dd:e1:91:c6:
         3e:2b:69:bd:97:88:2f:07:86:58:58:af:b7:0a:46:e5:53:d4:
         ee:8d:11:76:c9:4e:c3:14:57:3a:52:8f:a4:53:13:ba:fc:3c:
         ec:26:f5:85:36:21:af:cb:ce:e1:77:12:27:97:c2:57:3f:d6:
         e0:1e:16:4d:3d:ef:65:73:0a:72:57:da:32:cf:bd:19:3e:a7:
         e0:19:08:b5:6b:64:4f:5e:fd:0c:b7:23:c1:59:39:92:86:7d:
         13:98:cb:09:72:92:0b:f7:85:76:ce:39:ff:ec:09:12:c4:58:
         47:c8:2f:a7:4e:90:b1:97:66:e2:4a:85:8f:7a:02:71:ea:ff:
         4c:dc:10:f7:1e:ba:6b:2f:17:a0:43:9b:ea:ef:e7:97:fc:c1:
         a8:39:99:52:1a:34:eb:14:23:11:62:12:08:20:a7:dd:57:d7:
         ab:07:2e:7c:13:99:8f:22:a4:43:0d:18:ea:74:73:d3:9e:f3:
         73:ad:1a:69:d8:f0:85:fb:c5:75:c5:69:b2:00:e7:5f:fa:25:
         3f:a0:c7:aa:40:3a:f0:43:49:f2:fd:75:27:de:e1:5a:ba:82:
         7c:d9:7c:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/xongDOHOML8Nok/ilCvmQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliN2QyNDQxNmFhOGE0NzhiM2VkMzZlMmU2NTg1NWQ0MjI1
OWQ5ZWUwHhcNMjQwNjA3MDczODI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjk3MDY5MmJhZTA0ZTgwYTA3YmI0OTVlNThhYzNhMmI2MTk2NTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoXU4NJ/jSsZPc57LpA6hsKEVXOO1
DIhr4sglDrjzY3/3Ls3JDg4WXSSi9yRr/dStSqBrLjbfOd3elIMyH0MJ55jI6b2B
jPy38exioaEetZ+n4xzDLTiIF1vQ6Z8rruBTnP17CnHj+Fjde692eiChhDmQUjGQ
e6VBL31mGkSCuIoG1xeZCgfNhu3i+vJFX09cXMTskpJlnaeevIXrX7/1kmuXJ/CL
nKf0NY1CAZex6tLhPZiFenrr8ThGhXN4mYdwZXBpQbLbIoxp2fzLqeag7cnjcC27
E/pz1J6jUnX91Kv4rewo7vaGgb94NHOU0xP4ESgkryKEcp5Fz36iquXJTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO+XBpK64E6AoHu0leWKw6K2GWWHMB8GA1UdIwQY
MBaAFJt9JEFqqKR4s+024uZYVdQiWdnuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTMwa1FXcW9wSGl6N1RiaTVsaFYxQ0paMmU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8xYjhmMmEtMGFiZC00ZmZiLTgyZjYt
ZWYzYmJiMDU2NTVlLzEvNzVjR2tycmdUb0NnZTdTVjVZckRvcllaWlljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8xYjhmMmEtMGFiZC00ZmZiLTgyZjYtZWYzYmJiMDU2NTVl
LzEvbTMwa1FXcW9wSGl6N1RiaTVsaFYxQ0paMmU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbW3NMA0G
CSqGSIb3DQEBCwUAA4IBAQBMn+i8B+JjmiiqNWIYSwiZu+jGKQ74W8q5yJTaExK3
T93hkcY+K2m9l4gvB4ZYWK+3CkblU9TujRF2yU7DFFc6Uo+kUxO6/DzsJvWFNiGv
y87hdxInl8JXP9bgHhZNPe9lcwpyV9oyz70ZPqfgGQi1a2RPXv0MtyPBWTmShn0T
mMsJcpIL94V2zjn/7AkSxFhHyC+nTpCxl2biSoWPegJx6v9M3BD3HrprLxegQ5vq
7+eX/MGoOZlSGjTrFCMRYhIIIKfdV9erBy58E5mPIqRDDRjqdHPTnvNzrRpp2PCF
+8V1xWmyAOdf+iU/oMeqQDrwQ0ny/XUn3uFauoJ82Xy3
-----END CERTIFICATE-----