Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/c55fdf-a68a-4aa0-b8c5-7f2333604997/1/rW3tRzfjRvW0Wx6a2_gYjIr6eG0.roa
File:                     rW3tRzfjRvW0Wx6a2_gYjIr6eG0.roa (raw, json)
Hash identifier:          sq3RUE+b5o/bjHOXJt3/yOnMlXN5bcVAcd3sdI+ExC0=
Subject key identifier:   AD:6D:ED:47:37:E3:46:F5:B4:5B:1E:9A:DB:F8:18:8C:8A:FA:78:6D
Certificate issuer:       /CN=33c342c06aacc359d39439ff58defa8ea1875748
Certificate serial:       018CC500BC8E2CA13AEDE1F77808E1E39A8B
Authority key identifier: 33:C3:42:C0:6A:AC:C3:59:D3:94:39:FF:58:DE:FA:8E:A1:87:57:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M8NCwGqsw1nTlDn_WN76jqGHV0g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/c55fdf-a68a-4aa0-b8c5-7f2333604997/1/rW3tRzfjRvW0Wx6a2_gYjIr6eG0.roa
Signing time:             Mon 01 Jan 2024 12:30:09 +0000
ROA not before:           Mon 01 Jan 2024 12:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198973
IP address blocks:        109.236.244.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/c55fdf-a68a-4aa0-b8c5-7f2333604997/1/M8NCwGqsw1nTlDn_WN76jqGHV0g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/c55fdf-a68a-4aa0-b8c5-7f2333604997/1/M8NCwGqsw1nTlDn_WN76jqGHV0g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M8NCwGqsw1nTlDn_WN76jqGHV0g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 12:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:bc:8e:2c:a1:3a:ed:e1:f7:78:08:e1:e3:9a:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33c342c06aacc359d39439ff58defa8ea1875748
        Validity
            Not Before: Jan  1 12:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad6ded4737e346f5b45b1e9adbf8188c8afa786d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:b0:58:b0:3d:bc:35:5f:f7:5b:d9:6a:89:30:
                    ba:91:bb:d6:57:56:87:8a:6a:8c:67:cd:31:b9:8d:
                    39:75:0c:ac:ae:1d:a7:a6:19:1a:dd:59:b6:4a:15:
                    07:14:7e:89:e4:7f:af:85:a6:65:fc:0a:7d:69:2f:
                    fb:33:88:2f:fe:d3:7d:46:9a:b2:94:c9:5d:5d:92:
                    e5:db:e7:17:04:52:5f:13:37:00:33:be:8e:9b:b5:
                    a2:39:e6:4c:e9:fb:34:9e:57:20:bd:f1:ab:1c:c2:
                    b5:2f:df:fb:5a:00:da:e6:05:ed:73:4a:13:7f:35:
                    a7:f7:5a:7f:30:f3:c3:ab:4b:cf:7c:9c:21:fd:ab:
                    d0:fd:c7:e1:d1:8a:28:35:ae:f5:a1:69:c9:42:8c:
                    c0:73:d4:a9:6a:72:51:89:69:6a:58:61:ae:72:87:
                    6d:3c:b9:b9:e6:eb:a7:7d:2a:38:1b:44:9f:4c:4c:
                    16:30:19:1d:f3:70:61:60:74:b7:13:4b:1a:57:43:
                    b4:b6:81:fa:1a:81:51:72:a9:92:ee:f5:b9:00:5a:
                    65:5b:be:24:2f:17:ca:19:b6:73:9a:4a:81:62:1a:
                    e1:ad:9a:21:34:38:4d:e6:2a:3c:62:37:c0:b5:86:
                    d6:c8:6f:62:bf:7f:db:8e:2c:93:1f:ef:b8:1e:9b:
                    ee:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:6D:ED:47:37:E3:46:F5:B4:5B:1E:9A:DB:F8:18:8C:8A:FA:78:6D
            X509v3 Authority Key Identifier:
                keyid:33:C3:42:C0:6A:AC:C3:59:D3:94:39:FF:58:DE:FA:8E:A1:87:57:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M8NCwGqsw1nTlDn_WN76jqGHV0g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/c55fdf-a68a-4aa0-b8c5-7f2333604997/1/rW3tRzfjRvW0Wx6a2_gYjIr6eG0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/c55fdf-a68a-4aa0-b8c5-7f2333604997/1/M8NCwGqsw1nTlDn_WN76jqGHV0g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.236.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d0:08:f4:9e:d8:ff:76:a5:20:64:83:e8:32:5a:41:d7:b4:07:
         cd:a6:ec:87:20:d0:11:79:05:8d:01:82:3f:b3:3b:71:a4:a2:
         52:a2:99:27:80:b5:50:b0:cd:bd:88:0a:2f:55:6c:82:51:64:
         c4:69:90:50:7b:27:d8:2d:ec:33:c0:46:cd:1c:2a:42:60:8a:
         1f:bf:d9:c4:ce:a3:c1:01:73:dc:af:5a:a6:ef:ec:e7:3f:79:
         4d:45:0f:83:07:e8:f2:2d:57:63:1b:4e:8d:a1:b6:c6:b6:41:
         73:76:30:3d:dd:ed:9c:69:ff:e7:aa:e1:ea:e7:9a:03:5e:f0:
         79:ac:13:88:6f:5f:69:a4:98:cc:ab:28:a3:ee:45:eb:e6:9c:
         32:5d:4c:55:2b:e1:f7:45:97:d4:6f:a0:dc:62:48:e1:24:5b:
         24:66:f4:3d:3d:b2:6d:f7:f4:1b:77:67:85:07:c9:eb:5c:28:
         50:4b:00:7b:3f:53:07:06:6e:e0:fe:6d:21:12:1b:42:e4:40:
         12:bd:50:84:e8:ce:e3:ab:3b:56:f4:ed:d5:60:ee:49:e7:f3:
         fd:fb:74:78:46:c6:bb:2a:e0:f8:11:37:e5:4a:36:70:ee:71:
         75:3a:22:2d:db:16:92:fa:fe:af:e4:21:1b:de:3b:9b:92:55:
         7a:19:bd:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFALyOLKE67eH3eAjh45qLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzYzM0MmMwNmFhY2MzNTlkMzk0MzlmZjU4ZGVmYThlYTE4
NzU3NDgwHhcNMjQwMTAxMTIzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDZkZWQ0NzM3ZTM0NmY1YjQ1YjFlOWFkYmY4MTg4YzhhZmE3ODZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbBYsD28NV/3W9lqiTC6kbvWV1aH
imqMZ80xuY05dQysrh2nphka3Vm2ShUHFH6J5H+vhaZl/Ap9aS/7M4gv/tN9Rpqy
lMldXZLl2+cXBFJfEzcAM76Om7WiOeZM6fs0nlcgvfGrHMK1L9/7WgDa5gXtc0oT
fzWn91p/MPPDq0vPfJwh/avQ/cfh0YooNa71oWnJQozAc9SpanJRiWlqWGGucodt
PLm55uunfSo4G0SfTEwWMBkd83BhYHS3E0saV0O0toH6GoFRcqmS7vW5AFplW74k
LxfKGbZzmkqBYhrhrZohNDhN5io8YjfAtYbWyG9iv3/bjiyTH++4HpvugwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK1t7Uc340b1tFsemtv4GIyK+nhtMB8GA1UdIwQY
MBaAFDPDQsBqrMNZ05Q5/1je+o6hh1dIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTThOQ3dHcXN3MW5UbERuX1dONzZqcUdIVjBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9jNTVmZGYtYTY4YS00YWEwLWI4YzUt
N2YyMzMzNjA0OTk3LzEvclczdFJ6ZmpSdlcwV3g2YTJfZ1lqSXI2ZUcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9jNTVmZGYtYTY4YS00YWEwLWI4YzUtN2YyMzMzNjA0OTk3
LzEvTThOQ3dHcXN3MW5UbERuX1dONzZqcUdIVjBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbez0MA0G
CSqGSIb3DQEBCwUAA4IBAQDQCPSe2P92pSBkg+gyWkHXtAfNpuyHINAReQWNAYI/
sztxpKJSopkngLVQsM29iAovVWyCUWTEaZBQeyfYLewzwEbNHCpCYIofv9nEzqPB
AXPcr1qm7+znP3lNRQ+DB+jyLVdjG06NobbGtkFzdjA93e2caf/nquHq55oDXvB5
rBOIb19ppJjMqyij7kXr5pwyXUxVK+H3RZfUb6DcYkjhJFskZvQ9PbJt9/Qbd2eF
B8nrXChQSwB7P1MHBm7g/m0hEhtC5EASvVCE6M7jqztW9O3VYO5J5/P9+3R4Rsa7
KuD4ETflSjZw7nF1OiIt2xaS+v6v5CEb3jubklV6Gb2B
-----END CERTIFICATE-----