Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/ZlUjZQcl9nR0SUVxsgzMhtk30HU.roa
File:                     ZlUjZQcl9nR0SUVxsgzMhtk30HU.roa (raw, json)
Hash identifier:          RueFoN4i6RiouAbfwEgZPqUPq4WVTXhPv6TjG8c7n5M=
Subject key identifier:   66:55:23:65:07:25:F6:74:74:49:45:71:B2:0C:CC:86:D9:37:D0:75
Certificate issuer:       /CN=8e626c909eb4951154bcee8221e43951b4257624
Certificate serial:       019428258B6875CB6660F46A3AAC2D01BC8C
Authority key identifier: 8E:62:6C:90:9E:B4:95:11:54:BC:EE:82:21:E4:39:51:B4:25:76:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/ZlUjZQcl9nR0SUVxsgzMhtk30HU.roa
Signing time:             Thu 02 Jan 2025 17:52:16 +0000
ROA not before:           Thu 02 Jan 2025 17:52:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56789
IP address blocks:        109.107.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:8b:68:75:cb:66:60:f4:6a:3a:ac:2d:01:bc:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e626c909eb4951154bcee8221e43951b4257624
        Validity
            Not Before: Jan  2 17:52:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=665523650725f67474494571b20ccc86d937d075
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:d7:1a:60:c3:a1:24:a9:ca:17:dc:7b:45:4c:
                    8f:d7:ff:5c:10:c1:2f:e8:07:fb:12:f1:02:ee:2c:
                    00:90:d4:79:0a:1a:0b:aa:7e:8f:2e:ed:f4:18:4b:
                    ab:2f:5e:a7:b3:5f:39:6f:7e:15:7b:c1:9a:9a:a4:
                    85:97:09:d0:36:77:2f:3e:67:5f:bc:0c:3f:37:6c:
                    c1:9b:0a:2e:9a:e2:7b:ca:56:3e:51:3a:b8:d0:9a:
                    ee:d9:bb:0b:ac:84:a1:0b:3d:b0:de:ef:3c:c2:ae:
                    2e:f0:7e:e9:f6:51:36:43:97:81:ec:e4:f5:cc:fe:
                    0d:b8:20:f6:f6:d9:f7:c5:3c:5e:20:75:66:23:7e:
                    d1:57:63:fe:37:b5:40:e9:e2:75:6a:a3:55:dc:01:
                    49:e8:57:f3:f3:5c:f7:23:c3:24:87:73:05:a4:f6:
                    0f:c4:a0:8d:37:61:a3:c2:31:58:66:6a:96:90:ec:
                    e2:51:84:f5:c3:63:ac:e1:d6:fa:eb:8d:da:8f:fd:
                    ba:00:42:c7:3b:ae:38:69:fe:90:42:e7:ea:b6:da:
                    4f:8f:d7:cd:22:e2:ea:2b:b2:f9:43:75:8e:8a:86:
                    7a:8b:b4:1e:99:63:12:4d:f3:91:22:ac:d3:18:ee:
                    f6:35:db:c0:39:ab:1d:05:04:5b:ee:f1:cf:2d:bf:
                    ca:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:55:23:65:07:25:F6:74:74:49:45:71:B2:0C:CC:86:D9:37:D0:75
            X509v3 Authority Key Identifier:
                keyid:8E:62:6C:90:9E:B4:95:11:54:BC:EE:82:21:E4:39:51:B4:25:76:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/ZlUjZQcl9nR0SUVxsgzMhtk30HU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.107.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:80:1f:9b:ec:74:41:28:0e:6d:e7:f0:3a:ed:9c:41:e8:01:
         cb:a0:bc:c4:77:32:61:ad:e5:64:37:fc:2d:f5:18:30:5a:ae:
         bd:40:05:7c:e5:ad:40:68:a8:f0:cd:4c:a0:7a:02:0f:9c:54:
         48:3f:64:3f:a9:c8:d8:1e:90:b1:30:b7:81:ac:c7:1b:0e:06:
         1b:fc:aa:d5:b5:fa:6c:17:58:41:a3:1c:2e:8e:28:46:ba:a4:
         ea:5b:03:56:8c:ed:1f:52:0b:57:24:63:21:57:e1:5f:b6:47:
         2c:a3:37:7b:28:71:b6:1b:7a:5d:83:7f:32:86:30:94:ef:72:
         8a:94:c0:2f:0e:ad:12:5c:bf:ee:cf:24:37:1a:af:ff:5f:1a:
         dd:0f:b3:5c:e3:16:78:77:3e:8c:07:29:8e:18:4d:c5:e1:2c:
         de:d9:08:39:59:e9:98:12:5b:10:32:d0:b3:0d:a2:42:40:84:
         4b:34:cb:c8:06:b3:d0:f4:5f:a1:74:11:a4:73:77:65:06:9d:
         c7:b1:2b:21:53:ca:a8:9a:0a:ad:f0:b2:a7:ee:dd:83:28:f4:
         1b:68:25:e1:17:57:0e:ce:93:ee:ab:b0:27:1d:4d:92:eb:59:
         76:c5:c0:e9:bd:1a:83:02:12:25:e2:9b:0f:fc:95:1b:4c:5b:
         29:70:52:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJYtodctmYPRqOqwtAbyMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlNjI2YzkwOWViNDk1MTE1NGJjZWU4MjIxZTQzOTUxYjQy
NTc2MjQwHhcNMjUwMTAyMTc1MjE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjU1MjM2NTA3MjVmNjc0NzQ0OTQ1NzFiMjBjY2M4NmQ5MzdkMDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3tcaYMOhJKnKF9x7RUyP1/9cEMEv
6Af7EvEC7iwAkNR5ChoLqn6PLu30GEurL16ns185b34Ve8GamqSFlwnQNncvPmdf
vAw/N2zBmwoumuJ7ylY+UTq40Jru2bsLrIShCz2w3u88wq4u8H7p9lE2Q5eB7OT1
zP4NuCD29tn3xTxeIHVmI37RV2P+N7VA6eJ1aqNV3AFJ6Ffz81z3I8Mkh3MFpPYP
xKCNN2GjwjFYZmqWkOziUYT1w2Os4db6643aj/26AELHO644af6QQufqttpPj9fN
IuLqK7L5Q3WOioZ6i7QemWMSTfORIqzTGO72NdvAOasdBQRb7vHPLb/KrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGZVI2UHJfZ0dElFcbIMzIbZN9B1MB8GA1UdIwQY
MBaAFI5ibJCetJURVLzugiHkOVG0JXYkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvam1Kc2tKNjBsUkZVdk82Q0llUTVVYlFsZGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9mZTQyNjYtN2Y1NC00ZmIzLWI4MTAt
ZTk3ZDFkMDIyMGFmLzEvWmxValpRY2w5blIwU1VWeHNnek1odGszMEhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9mZTQyNjYtN2Y1NC00ZmIzLWI4MTAtZTk3ZDFkMDIyMGFm
LzEvam1Kc2tKNjBsUkZVdk82Q0llUTVVYlFsZGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbWuZMA0G
CSqGSIb3DQEBCwUAA4IBAQCkgB+b7HRBKA5t5/A67ZxB6AHLoLzEdzJhreVkN/wt
9RgwWq69QAV85a1AaKjwzUygegIPnFRIP2Q/qcjYHpCxMLeBrMcbDgYb/KrVtfps
F1hBoxwujihGuqTqWwNWjO0fUgtXJGMhV+Fftkcsozd7KHG2G3pdg38yhjCU73KK
lMAvDq0SXL/uzyQ3Gq//XxrdD7Nc4xZ4dz6MBymOGE3F4Sze2Qg5WemYElsQMtCz
DaJCQIRLNMvIBrPQ9F+hdBGkc3dlBp3HsSshU8qomgqt8LKn7t2DKPQbaCXhF1cO
zpPuq7AnHU2S61l2xcDpvRqDAhIl4psP/JUbTFspcFJN
-----END CERTIFICATE-----