Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/kNG8doC8aOlVcpdzC4H8wIke8-4.roa
File:                     kNG8doC8aOlVcpdzC4H8wIke8-4.roa (raw, json)
Hash identifier:          RhzxZTrYI5RS5OoyTDGpnX6oHuBHa87akNaFgCcYhjo=
Subject key identifier:   90:D1:BC:76:80:BC:68:E9:55:72:97:73:0B:81:FC:C0:89:1E:F3:EE
Certificate issuer:       /CN=624ad4535ac88dd534199f2a726095af71afe44e
Certificate serial:       0194221FD3E5ACD10CC4310592D5D95D2AB5
Authority key identifier: 62:4A:D4:53:5A:C8:8D:D5:34:19:9F:2A:72:60:95:AF:71:AF:E4:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/kNG8doC8aOlVcpdzC4H8wIke8-4.roa
Signing time:             Wed 01 Jan 2025 13:48:18 +0000
ROA not before:           Wed 01 Jan 2025 13:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43260
IP address blocks:        109.104.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:d3:e5:ac:d1:0c:c4:31:05:92:d5:d9:5d:2a:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=624ad4535ac88dd534199f2a726095af71afe44e
        Validity
            Not Before: Jan  1 13:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=90d1bc7680bc68e9557297730b81fcc0891ef3ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:3c:7d:59:83:e5:85:93:56:04:e0:a7:d6:4b:
                    4d:9a:16:b0:97:76:2b:5d:3e:00:8b:a2:92:97:3d:
                    51:d2:00:f0:5b:e7:89:ca:15:14:89:4e:d7:e3:a8:
                    96:d5:7c:71:47:48:a8:4e:4b:f6:bc:6a:22:03:9d:
                    46:3c:57:c6:35:28:af:cc:0c:8e:47:1a:a4:c2:70:
                    43:6d:26:59:c5:e7:7b:a2:33:bc:a4:d3:92:63:56:
                    2f:dd:b9:4b:ce:d0:01:f2:6a:dd:e3:05:cc:ac:6a:
                    a5:d4:3c:d7:58:c3:09:b4:f3:fd:37:f8:4e:9b:fc:
                    2a:6a:26:49:35:c5:bc:44:57:32:ac:3a:bf:eb:09:
                    ef:91:a4:0f:00:77:5a:a5:98:93:92:76:5f:12:66:
                    0f:f0:22:d5:0d:5b:1b:b8:16:21:4b:aa:be:5a:fc:
                    1e:a5:1d:4e:5c:76:31:1a:47:7c:12:a6:f3:93:98:
                    41:c6:2d:43:12:ca:e7:73:61:87:40:ab:63:c9:67:
                    c8:31:1a:6e:d4:45:18:01:c2:05:b4:31:68:2a:24:
                    89:06:48:09:75:7a:95:cc:da:c5:2e:23:19:6b:0a:
                    0e:2a:ff:f9:eb:fb:3d:94:e2:98:d3:58:b7:72:08:
                    00:aa:11:91:7c:9e:1b:c0:70:81:dc:cc:d5:db:a3:
                    88:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:D1:BC:76:80:BC:68:E9:55:72:97:73:0B:81:FC:C0:89:1E:F3:EE
            X509v3 Authority Key Identifier:
                keyid:62:4A:D4:53:5A:C8:8D:D5:34:19:9F:2A:72:60:95:AF:71:AF:E4:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/kNG8doC8aOlVcpdzC4H8wIke8-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.104.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:44:00:c6:61:c5:98:fa:6f:ec:e0:45:a3:c5:7e:a3:5c:2c:
         59:f8:41:3d:ef:f8:9c:3b:2a:ab:d3:a2:e5:5e:62:9d:25:79:
         1a:b1:52:9d:fe:f4:50:ad:79:3f:89:94:a6:cd:2d:a9:54:c5:
         c7:7e:4b:11:c5:31:43:26:24:cc:e6:d8:89:2e:bd:ad:63:e1:
         f3:ce:7f:3c:7a:7d:20:f8:92:71:00:e6:ad:84:30:93:23:6f:
         3c:3a:da:60:e9:63:be:be:31:ab:58:bd:6b:bd:db:64:12:c3:
         e6:4b:70:39:23:44:11:2c:c4:2f:98:f2:6e:fa:71:3f:37:6f:
         bb:8b:a0:bd:c6:eb:d5:9c:f2:04:3e:df:7d:dc:42:fe:70:1e:
         a4:50:3b:9c:1f:b4:5b:e7:b8:ea:4a:35:13:eb:4c:53:39:2e:
         18:6a:30:44:17:1a:99:85:74:78:63:54:10:f7:12:ea:09:6a:
         d4:28:60:52:c2:13:68:6f:ed:76:74:73:4d:49:17:8c:c2:a1:
         14:e2:d5:40:c6:b9:5d:01:36:45:97:d7:74:3f:e9:24:d3:aa:
         37:53:36:c4:46:0e:03:d0:fc:03:d4:49:bc:b3:85:33:a2:bf:
         0b:f1:db:0e:53:a7:a6:55:53:a6:e4:8f:be:7e:3f:90:1a:c0:
         53:bf:49:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH9PlrNEMxDEFktXZXSq1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNGFkNDUzNWFjODhkZDUzNDE5OWYyYTcyNjA5NWFmNzFh
ZmU0NGUwHhcNMjUwMTAxMTM0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGQxYmM3NjgwYmM2OGU5NTU3Mjk3NzMwYjgxZmNjMDg5MWVmM2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDx9WYPlhZNWBOCn1ktNmhawl3Yr
XT4Ai6KSlz1R0gDwW+eJyhUUiU7X46iW1XxxR0ioTkv2vGoiA51GPFfGNSivzAyO
RxqkwnBDbSZZxed7ojO8pNOSY1Yv3blLztAB8mrd4wXMrGql1DzXWMMJtPP9N/hO
m/wqaiZJNcW8RFcyrDq/6wnvkaQPAHdapZiTknZfEmYP8CLVDVsbuBYhS6q+Wvwe
pR1OXHYxGkd8Eqbzk5hBxi1DEsrnc2GHQKtjyWfIMRpu1EUYAcIFtDFoKiSJBkgJ
dXqVzNrFLiMZawoOKv/56/s9lOKY01i3cggAqhGRfJ4bwHCB3MzV26OIjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJDRvHaAvGjpVXKXcwuB/MCJHvPuMB8GA1UdIwQY
MBaAFGJK1FNayI3VNBmfKnJgla9xr+ROMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWtyVVUxcklqZFUwR1o4cWNtQ1ZyM0d2NUU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9hYTEwMTktNTY0Zi00YzQ2LWEyMTct
ZmI1OTQ5ODA4ZGRjLzEva05HOGRvQzhhT2xWY3BkekM0SDh3SWtlOC00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9hYTEwMTktNTY0Zi00YzQ2LWEyMTctZmI1OTQ5ODA4ZGRj
LzEvWWtyVVUxcklqZFUwR1o4cWNtQ1ZyM0d2NUU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbWiFMA0G
CSqGSIb3DQEBCwUAA4IBAQAbRADGYcWY+m/s4EWjxX6jXCxZ+EE97/icOyqr06Ll
XmKdJXkasVKd/vRQrXk/iZSmzS2pVMXHfksRxTFDJiTM5tiJLr2tY+Hzzn88en0g
+JJxAOathDCTI288Otpg6WO+vjGrWL1rvdtkEsPmS3A5I0QRLMQvmPJu+nE/N2+7
i6C9xuvVnPIEPt993EL+cB6kUDucH7Rb57jqSjUT60xTOS4YajBEFxqZhXR4Y1QQ
9xLqCWrUKGBSwhNob+12dHNNSReMwqEU4tVAxrldATZFl9d0P+kk06o3UzbERg4D
0PwD1Em8s4Uzor8L8dsOU6emVVOm5I++fj+QGsBTv0lx
-----END CERTIFICATE-----