Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/spKHQ_L1jQKzKc-FxUdBf-PhWHY.roa
File:                     spKHQ_L1jQKzKc-FxUdBf-PhWHY.roa (raw, json)
Hash identifier:          n9s9eUURv9Mvsvp2CBAAcXqomvhRjqXcuA/2ZCSLYv0=
Subject key identifier:   B2:92:87:43:F2:F5:8D:02:B3:29:CF:85:C5:47:41:7F:E3:E1:58:76
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       019343E4D47C6837AC300505694D67027ECC
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/spKHQ_L1jQKzKc-FxUdBf-PhWHY.roa
Signing time:             Tue 19 Nov 2024 10:08:10 +0000
ROA not before:           Tue 19 Nov 2024 10:08:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8881
IP address blocks:        109.72.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:43:e4:d4:7c:68:37:ac:30:05:05:69:4d:67:02:7e:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Nov 19 10:08:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b2928743f2f58d02b329cf85c547417fe3e15876
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:5b:24:b9:ee:26:0d:be:00:6f:d5:ac:24:83:
                    da:f5:a2:c2:00:3d:58:48:33:5f:fc:cb:61:c5:d7:
                    ab:38:84:ad:bb:5e:70:0f:8d:f6:83:a3:60:40:83:
                    b9:9a:1b:54:04:06:63:a0:4b:c1:16:db:e2:d6:84:
                    41:c2:91:83:43:cf:d0:6f:8c:93:9f:be:6d:11:da:
                    ad:2d:b5:f8:9b:69:4a:51:c3:ad:24:26:d9:82:01:
                    dd:1d:28:d1:55:13:6e:dd:b6:f8:91:0f:32:1a:3f:
                    ba:95:a3:2c:07:41:8c:72:47:76:d1:d5:ac:39:87:
                    52:6a:c7:35:57:e9:82:6d:7d:97:58:44:bd:3d:4a:
                    70:21:08:c5:7b:68:5a:bf:85:f8:c3:14:28:de:c5:
                    b4:e9:9b:b6:52:54:31:87:30:a2:56:91:a8:42:61:
                    a5:80:ec:09:79:d3:30:d6:58:95:8b:4e:10:f0:49:
                    8b:0c:f9:15:7c:67:ab:8d:28:7a:8e:7e:b7:cc:c5:
                    78:fd:ef:ae:6f:3a:6a:6b:77:88:e5:17:f3:4e:5f:
                    95:a3:76:d2:db:e5:74:51:e8:07:5b:26:c1:f9:03:
                    dd:8a:b5:82:c9:f1:82:d7:f8:9b:84:86:81:60:8b:
                    a4:56:5a:66:dd:52:97:00:17:e9:cf:aa:37:bc:72:
                    19:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:92:87:43:F2:F5:8D:02:B3:29:CF:85:C5:47:41:7F:E3:E1:58:76
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/spKHQ_L1jQKzKc-FxUdBf-PhWHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.72.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:7b:30:47:7d:fb:3a:74:be:98:79:70:0b:3f:4d:09:e6:9d:
         fe:cd:be:f1:19:69:f5:9e:46:b6:70:e1:56:d4:85:fd:1b:98:
         f0:ef:1e:c2:35:88:2d:38:0c:df:21:11:e6:07:17:67:87:06:
         68:2c:c4:56:13:a0:58:f3:e8:fc:59:74:40:c6:a9:cb:c4:b0:
         c9:77:b4:38:9b:2d:fc:7a:52:f4:37:6c:2a:f7:0a:28:02:85:
         df:a7:68:a6:5e:13:a1:6c:5f:fc:3c:27:b6:bf:2b:e7:09:f4:
         e9:e6:d6:d4:ba:5b:e8:0f:61:3b:90:13:29:fb:8b:d9:e3:87:
         69:d4:aa:ce:dc:ad:b7:69:6f:65:f6:ed:a1:ee:4f:48:ac:65:
         94:2b:0d:5b:83:40:51:5d:42:ab:dc:ab:c2:14:2d:8e:88:95:
         bd:5a:5f:ab:fe:f0:03:a0:f8:a5:14:a1:7d:25:d4:eb:30:7a:
         a6:32:af:6a:c6:f4:d1:98:c9:0a:0f:7a:b7:75:c8:e2:db:4c:
         0a:d1:38:4b:41:fa:2b:89:ab:9b:f1:ea:36:8d:cc:95:21:33:
         e3:21:97:4f:75:30:fe:48:dc:a0:81:82:00:9a:d6:fc:40:e7:
         22:1a:49:8d:0a:0d:20:37:43:b2:f1:47:4f:82:c4:d0:e8:ed:
         e3:65:b6:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZND5NR8aDesMAUFaU1nAn7MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjQxMTE5MTAwODEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjkyODc0M2YyZjU4ZDAyYjMyOWNmODVjNTQ3NDE3ZmUzZTE1ODc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9Vskue4mDb4Ab9WsJIPa9aLCAD1Y
SDNf/MthxderOIStu15wD432g6NgQIO5mhtUBAZjoEvBFtvi1oRBwpGDQ8/Qb4yT
n75tEdqtLbX4m2lKUcOtJCbZggHdHSjRVRNu3bb4kQ8yGj+6laMsB0GMckd20dWs
OYdSasc1V+mCbX2XWES9PUpwIQjFe2hav4X4wxQo3sW06Zu2UlQxhzCiVpGoQmGl
gOwJedMw1liVi04Q8EmLDPkVfGerjSh6jn63zMV4/e+ubzpqa3eI5RfzTl+Vo3bS
2+V0UegHWybB+QPdirWCyfGC1/ibhIaBYIukVlpm3VKXABfpz6o3vHIZcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLKSh0Py9Y0CsynPhcVHQX/j4Vh2MB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvc3BLSFFfTDFqUUt6S2MtRnhVZEJmLVBoV0hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbUhxMA0G
CSqGSIb3DQEBCwUAA4IBAQByezBHffs6dL6YeXALP00J5p3+zb7xGWn1nka2cOFW
1IX9G5jw7x7CNYgtOAzfIRHmBxdnhwZoLMRWE6BY8+j8WXRAxqnLxLDJd7Q4my38
elL0N2wq9wooAoXfp2imXhOhbF/8PCe2vyvnCfTp5tbUulvoD2E7kBMp+4vZ44dp
1KrO3K23aW9l9u2h7k9IrGWUKw1bg0BRXUKr3KvCFC2OiJW9Wl+r/vADoPilFKF9
JdTrMHqmMq9qxvTRmMkKD3q3dcji20wK0ThLQforiaub8eo2jcyVITPjIZdPdTD+
SNyggYIAmtb8QOciGkmNCg0gN0Oy8UdPgsTQ6O3jZbbv
-----END CERTIFICATE-----