Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/349c58-fbb0-4ddd-a080-d2c97d65efa8/1/5o7Wujr8dRj8Tg7xLsudfg7dW7M.roa
File:                     5o7Wujr8dRj8Tg7xLsudfg7dW7M.roa (raw, json)
Hash identifier:          qeh+5//aK6tfzfv8lL06hTEmh0G9vZwCC4vXm4+gjj4=
Subject key identifier:   E6:8E:D6:BA:3A:FC:75:18:FC:4E:0E:F1:2E:CB:9D:7E:0E:DD:5B:B3
Certificate issuer:       /CN=3da4c2fbdf10f8231f3df531ce5a3a2e3b23cefc
Certificate serial:       0194258ED8AD146DBA4CD8A23865E8663578
Authority key identifier: 3D:A4:C2:FB:DF:10:F8:23:1F:3D:F5:31:CE:5A:3A:2E:3B:23:CE:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PaTC-98Q-CMfPfUxzlo6Ljsjzvw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/349c58-fbb0-4ddd-a080-d2c97d65efa8/1/5o7Wujr8dRj8Tg7xLsudfg7dW7M.roa
Signing time:             Thu 02 Jan 2025 05:48:26 +0000
ROA not before:           Thu 02 Jan 2025 05:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        176.110.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/349c58-fbb0-4ddd-a080-d2c97d65efa8/1/PaTC-98Q-CMfPfUxzlo6Ljsjzvw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/349c58-fbb0-4ddd-a080-d2c97d65efa8/1/PaTC-98Q-CMfPfUxzlo6Ljsjzvw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PaTC-98Q-CMfPfUxzlo6Ljsjzvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:d8:ad:14:6d:ba:4c:d8:a2:38:65:e8:66:35:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3da4c2fbdf10f8231f3df531ce5a3a2e3b23cefc
        Validity
            Not Before: Jan  2 05:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e68ed6ba3afc7518fc4e0ef12ecb9d7e0edd5bb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:1a:0c:6f:52:30:41:38:c2:b5:dd:37:cd:20:
                    72:cf:85:7e:1a:8b:94:9e:61:1a:66:3f:11:72:cf:
                    4a:28:97:e6:08:1c:e4:36:8d:4e:28:6d:07:db:d5:
                    f4:d4:3f:d8:b5:6d:8d:22:0e:fa:e3:3d:65:71:2e:
                    5d:63:6f:74:c1:03:69:20:76:d6:60:7f:97:af:b7:
                    83:35:d3:25:c6:51:f7:72:98:08:04:84:8d:e7:7e:
                    68:f2:19:b4:7c:54:ad:61:24:45:65:18:9d:0a:80:
                    8e:c9:02:4b:12:2f:e1:0e:e1:bd:21:7d:2a:36:e0:
                    22:49:2e:e5:a7:61:12:9f:1c:c8:cd:24:66:25:de:
                    08:ef:81:34:1f:a0:bd:e6:c6:68:e0:2e:67:ce:c9:
                    b5:02:8f:fd:2b:00:18:a6:45:b7:a6:b2:4e:ed:06:
                    51:ec:e8:ce:cb:f4:a3:a5:4e:17:df:f9:4f:b6:db:
                    e1:90:1a:4e:3c:c1:85:e8:c6:a4:33:89:bd:fe:96:
                    60:90:8e:26:18:59:9a:96:e3:df:03:16:48:7b:67:
                    e0:22:c3:ff:f4:c1:7a:34:4f:d2:96:b4:8c:43:04:
                    fd:22:e0:a5:e1:8b:8a:93:11:0a:a1:e9:44:ed:ec:
                    7a:53:de:57:83:67:01:57:16:2d:a8:eb:75:66:62:
                    11:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:8E:D6:BA:3A:FC:75:18:FC:4E:0E:F1:2E:CB:9D:7E:0E:DD:5B:B3
            X509v3 Authority Key Identifier:
                keyid:3D:A4:C2:FB:DF:10:F8:23:1F:3D:F5:31:CE:5A:3A:2E:3B:23:CE:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PaTC-98Q-CMfPfUxzlo6Ljsjzvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/349c58-fbb0-4ddd-a080-d2c97d65efa8/1/5o7Wujr8dRj8Tg7xLsudfg7dW7M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/349c58-fbb0-4ddd-a080-d2c97d65efa8/1/PaTC-98Q-CMfPfUxzlo6Ljsjzvw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.110.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:b1:4d:96:69:4f:54:7f:dc:f5:25:ce:13:4c:00:7e:68:6d:
         7e:7f:a6:30:00:06:d2:c0:73:2c:52:dd:36:0c:70:73:b6:bf:
         6d:86:99:15:6c:97:2e:5b:d6:bc:00:e2:1b:46:3a:98:01:42:
         63:3d:aa:bc:9a:01:24:d4:07:48:6c:d3:9b:0b:be:a7:09:a6:
         8b:ff:2d:3a:93:ae:18:5f:67:05:c9:1c:c0:00:14:89:4b:30:
         55:c5:29:a6:4d:3f:1c:31:b8:27:f0:56:50:45:7f:10:f8:97:
         0d:3e:d4:25:34:1a:3b:19:f1:91:b9:5e:ac:32:8d:01:fe:f1:
         f7:34:16:63:2c:b0:62:11:25:8b:3e:79:e0:f0:4d:48:71:80:
         f7:bc:54:d7:6b:36:a0:2d:4e:11:d6:61:3e:6a:9e:02:8e:e8:
         b2:cd:97:3e:ac:7a:a6:d9:52:f2:e5:20:49:40:27:5d:81:45:
         ec:98:bf:b2:af:8b:8d:fe:bd:8b:df:86:fe:a5:c6:8b:c8:40:
         91:1a:48:08:7a:6d:b0:ea:f2:ae:51:0b:5e:26:25:ed:ff:cd:
         aa:15:c6:9c:36:d3:c1:2f:82:aa:ca:0d:59:db:d0:70:0a:33:
         04:f3:ef:fd:a3:de:b7:43:c4:7d:30:0a:b6:eb:78:dd:5b:7b:
         2f:de:5f:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljtitFG26TNiiOGXoZjV4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkYTRjMmZiZGYxMGY4MjMxZjNkZjUzMWNlNWEzYTJlM2Iy
M2NlZmMwHhcNMjUwMTAyMDU0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjhlZDZiYTNhZmM3NTE4ZmM0ZTBlZjEyZWNiOWQ3ZTBlZGQ1YmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtBoMb1IwQTjCtd03zSByz4V+GouU
nmEaZj8Rcs9KKJfmCBzkNo1OKG0H29X01D/YtW2NIg764z1lcS5dY290wQNpIHbW
YH+Xr7eDNdMlxlH3cpgIBISN535o8hm0fFStYSRFZRidCoCOyQJLEi/hDuG9IX0q
NuAiSS7lp2ESnxzIzSRmJd4I74E0H6C95sZo4C5nzsm1Ao/9KwAYpkW3prJO7QZR
7OjOy/SjpU4X3/lPttvhkBpOPMGF6MakM4m9/pZgkI4mGFmaluPfAxZIe2fgIsP/
9MF6NE/SlrSMQwT9IuCl4YuKkxEKoelE7ex6U95Xg2cBVxYtqOt1ZmIR2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOaO1ro6/HUY/E4O8S7LnX4O3VuzMB8GA1UdIwQY
MBaAFD2kwvvfEPgjHz31Mc5aOi47I878MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGFUQy05OFEtQ01mUGZVeHpsbzZManNqenZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS8zNDljNTgtZmJiMC00ZGRkLWEwODAt
ZDJjOTdkNjVlZmE4LzEvNW83V3VqcjhkUmo4VGc3eExzdWRmZzdkVzdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS8zNDljNTgtZmJiMC00ZGRkLWEwODAtZDJjOTdkNjVlZmE4
LzEvUGFUQy05OFEtQ01mUGZVeHpsbzZManNqenZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsG5oMA0G
CSqGSIb3DQEBCwUAA4IBAQA5sU2WaU9Uf9z1Jc4TTAB+aG1+f6YwAAbSwHMsUt02
DHBztr9thpkVbJcuW9a8AOIbRjqYAUJjPaq8mgEk1AdIbNObC76nCaaL/y06k64Y
X2cFyRzAABSJSzBVxSmmTT8cMbgn8FZQRX8Q+JcNPtQlNBo7GfGRuV6sMo0B/vH3
NBZjLLBiESWLPnng8E1IcYD3vFTXazagLU4R1mE+ap4CjuiyzZc+rHqm2VLy5SBJ
QCddgUXsmL+yr4uN/r2L34b+pcaLyECRGkgIem2w6vKuUQteJiXt/82qFcacNtPB
L4Kqyg1Z29BwCjME8+/9o963Q8R9MAq263jdW3sv3l9o
-----END CERTIFICATE-----