Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/LorY4n0U-aZMcbhTfwzw87yq2Uc.roa
File:                     LorY4n0U-aZMcbhTfwzw87yq2Uc.roa (raw, json)
Hash identifier:          +fw8Kk7QrRma5kjO6L7XYIo8vAhLOEhcDfP55yYODiI=
Subject key identifier:   2E:8A:D8:E2:7D:14:F9:A6:4C:71:B8:53:7F:0C:F0:F3:BC:AA:D9:47
Certificate issuer:       /CN=54296d23def4c8521c647dc68acb3c123f611d89
Certificate serial:       01942444E39E84B97E70929DB0D40AF671E6
Authority key identifier: 54:29:6D:23:DE:F4:C8:52:1C:64:7D:C6:8A:CB:3C:12:3F:61:1D:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VCltI970yFIcZH3Giss8Ej9hHYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/LorY4n0U-aZMcbhTfwzw87yq2Uc.roa
Signing time:             Wed 01 Jan 2025 23:48:01 +0000
ROA not before:           Wed 01 Jan 2025 23:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201387
IP address blocks:        109.166.244.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/VCltI970yFIcZH3Giss8Ej9hHYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/VCltI970yFIcZH3Giss8Ej9hHYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VCltI970yFIcZH3Giss8Ej9hHYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 14:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:e3:9e:84:b9:7e:70:92:9d:b0:d4:0a:f6:71:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54296d23def4c8521c647dc68acb3c123f611d89
        Validity
            Not Before: Jan  1 23:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2e8ad8e27d14f9a64c71b8537f0cf0f3bcaad947
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:78:e5:f9:8f:7f:af:22:d7:e9:4f:d1:9b:65:
                    b6:c2:d1:cd:e7:b7:81:60:77:49:34:02:17:1f:11:
                    c8:16:74:08:60:a0:76:a0:d2:c4:a3:d3:3e:f3:d2:
                    0f:47:48:ad:f8:d8:78:1a:90:d9:3a:e0:b7:aa:3d:
                    b7:c6:2d:2a:5b:a1:c3:9e:a2:ff:e1:10:b5:b6:d8:
                    95:da:c3:01:ca:4c:75:d3:c4:83:46:a2:49:9d:70:
                    13:6f:f4:a5:d3:11:33:c8:12:96:6e:aa:61:94:89:
                    72:7c:9d:ce:cd:a3:4d:aa:0b:c0:4f:ed:17:d9:70:
                    c5:ce:5b:32:3d:53:1d:c6:1f:a5:94:9c:be:b6:bb:
                    23:a6:4b:bf:59:03:01:4b:63:92:55:a1:89:94:07:
                    b6:35:21:4d:bd:ec:de:2f:ca:6c:b5:3e:ab:68:a7:
                    04:f7:c7:49:76:a7:76:b6:4b:0d:47:44:2d:01:e4:
                    da:1a:b5:bc:58:cf:bc:66:9d:c8:02:64:c2:aa:bc:
                    27:3f:12:ff:c0:99:f3:07:92:fe:7d:0a:19:43:b2:
                    4f:64:e5:24:66:ef:3c:2d:de:8b:f7:42:09:57:62:
                    d0:6f:bb:a1:6e:b5:22:c0:32:ff:b0:08:b0:1f:ae:
                    c0:ba:9b:2b:4d:de:2e:d8:db:0d:ff:f2:2b:eb:9b:
                    d8:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:8A:D8:E2:7D:14:F9:A6:4C:71:B8:53:7F:0C:F0:F3:BC:AA:D9:47
            X509v3 Authority Key Identifier:
                keyid:54:29:6D:23:DE:F4:C8:52:1C:64:7D:C6:8A:CB:3C:12:3F:61:1D:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VCltI970yFIcZH3Giss8Ej9hHYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/LorY4n0U-aZMcbhTfwzw87yq2Uc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/VCltI970yFIcZH3Giss8Ej9hHYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.166.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:12:5f:94:c8:75:53:73:9e:8a:84:5d:15:30:10:f2:dd:48:
         0f:78:04:de:c6:12:95:25:41:7a:e6:8b:17:f7:62:0a:4f:dd:
         f1:da:18:2c:4e:36:62:6c:48:89:92:eb:2f:28:34:fd:58:07:
         16:44:9c:6c:75:9e:e5:ac:a2:5c:72:a1:b9:8b:01:b6:59:62:
         cc:73:fb:46:78:41:fb:69:8b:99:0e:62:8a:82:9b:bb:09:4e:
         09:f6:67:9b:82:20:38:00:d6:12:fd:06:c9:ed:f6:d7:f0:e1:
         1a:d0:00:67:22:71:dd:62:e5:1d:29:4c:35:42:2b:43:58:bc:
         45:b5:a7:9a:d7:dd:dd:fb:9a:94:d0:5c:98:60:32:4f:8e:ed:
         ef:b3:c4:52:dd:de:33:d2:ac:c3:75:86:c3:40:b5:6a:4c:57:
         3b:19:5e:fc:46:e3:33:48:fb:36:84:8b:95:7e:74:86:c6:f7:
         77:ac:7e:1f:58:39:42:cc:1d:16:ba:8b:3e:96:14:4f:d0:2e:
         29:ab:5d:90:63:ee:fa:d8:41:ef:e1:fe:1b:4e:bd:69:8f:d7:
         4d:08:6e:5b:8f:44:15:7a:40:79:48:76:0f:ab:cd:aa:ae:d7:
         98:a5:3f:d5:e6:15:00:7e:b5:75:f8:0e:9a:d9:2c:01:4b:19:
         17:04:09:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkROOehLl+cJKdsNQK9nHmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Mjk2ZDIzZGVmNGM4NTIxYzY0N2RjNjhhY2IzYzEyM2Y2
MTFkODkwHhcNMjUwMTAxMjM0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZThhZDhlMjdkMTRmOWE2NGM3MWI4NTM3ZjBjZjBmM2JjYWFkOTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiHjl+Y9/ryLX6U/Rm2W2wtHN57eB
YHdJNAIXHxHIFnQIYKB2oNLEo9M+89IPR0it+Nh4GpDZOuC3qj23xi0qW6HDnqL/
4RC1ttiV2sMBykx108SDRqJJnXATb/Sl0xEzyBKWbqphlIlyfJ3OzaNNqgvAT+0X
2XDFzlsyPVMdxh+llJy+trsjpku/WQMBS2OSVaGJlAe2NSFNvezeL8pstT6raKcE
98dJdqd2tksNR0QtAeTaGrW8WM+8Zp3IAmTCqrwnPxL/wJnzB5L+fQoZQ7JPZOUk
Zu88Ld6L90IJV2LQb7uhbrUiwDL/sAiwH67AupsrTd4u2NsN//Ir65vYoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC6K2OJ9FPmmTHG4U38M8PO8qtlHMB8GA1UdIwQY
MBaAFFQpbSPe9MhSHGR9xorLPBI/YR2JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkNsdEk5NzB5RkljWkgzR2lzczhFajloSFlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy81Y2I0NTQtN2JlZS00ZTVkLWIyOTUt
OTQyNDgyZjhkMmVhLzEvTG9yWTRuMFUtYVpNY2JoVGZ3enc4N3lxMlVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy81Y2I0NTQtN2JlZS00ZTVkLWIyOTUtOTQyNDgyZjhkMmVh
LzEvVkNsdEk5NzB5RkljWkgzR2lzczhFajloSFlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbab0MA0G
CSqGSIb3DQEBCwUAA4IBAQAYEl+UyHVTc56KhF0VMBDy3UgPeATexhKVJUF65osX
92IKT93x2hgsTjZibEiJkusvKDT9WAcWRJxsdZ7lrKJccqG5iwG2WWLMc/tGeEH7
aYuZDmKKgpu7CU4J9mebgiA4ANYS/QbJ7fbX8OEa0ABnInHdYuUdKUw1QitDWLxF
taea193d+5qU0FyYYDJPju3vs8RS3d4z0qzDdYbDQLVqTFc7GV78RuMzSPs2hIuV
fnSGxvd3rH4fWDlCzB0Wuos+lhRP0C4pq12QY+762EHv4f4bTr1pj9dNCG5bj0QV
ekB5SHYPq82qrteYpT/V5hUAfrV1+A6a2SwBSxkXBAmZ
-----END CERTIFICATE-----