Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/a83886-8b4a-4b23-b4aa-90194bd68428/1/J06OgSRvPXWRTEncuFxsKEeSz8k.roa
File:                     J06OgSRvPXWRTEncuFxsKEeSz8k.roa (raw, json)
Hash identifier:          q4U3gprZEclQCDc7ah7VpmWTw4NUG0NXMbh/c06uR5g=
Subject key identifier:   27:4E:8E:81:24:6F:3D:75:91:4C:49:DC:B8:5C:6C:28:47:92:CF:C9
Certificate issuer:       /CN=7ee5c0f95ab7be8b85f711fa433665c14e6e9359
Certificate serial:       0194258F23667533AADED38C17A507C19C69
Authority key identifier: 7E:E5:C0:F9:5A:B7:BE:8B:85:F7:11:FA:43:36:65:C1:4E:6E:93:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fuXA-Vq3vouF9xH6QzZlwU5uk1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/a83886-8b4a-4b23-b4aa-90194bd68428/1/J06OgSRvPXWRTEncuFxsKEeSz8k.roa
Signing time:             Thu 02 Jan 2025 05:48:45 +0000
ROA not before:           Thu 02 Jan 2025 05:48:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47913
IP address blocks:        109.68.210.0/23 maxlen: 23
                          185.117.28.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/a83886-8b4a-4b23-b4aa-90194bd68428/1/fuXA-Vq3vouF9xH6QzZlwU5uk1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/a83886-8b4a-4b23-b4aa-90194bd68428/1/fuXA-Vq3vouF9xH6QzZlwU5uk1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fuXA-Vq3vouF9xH6QzZlwU5uk1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 07:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:23:66:75:33:aa:de:d3:8c:17:a5:07:c1:9c:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ee5c0f95ab7be8b85f711fa433665c14e6e9359
        Validity
            Not Before: Jan  2 05:48:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=274e8e81246f3d75914c49dcb85c6c284792cfc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:80:8c:05:98:3c:59:8f:e8:40:65:63:c7:cb:
                    2f:2e:16:94:44:b5:53:7c:5f:76:eb:fc:6c:c3:41:
                    d2:76:23:77:c7:f8:11:7a:3f:54:e0:c5:ce:3e:9d:
                    10:2c:e6:7f:18:ac:80:b8:1a:32:89:e0:66:ce:fb:
                    bb:40:bb:a5:83:20:9d:7e:ca:f0:d3:03:c2:ab:30:
                    a1:46:96:ed:43:40:21:5e:d9:b8:6f:57:8b:b3:04:
                    02:71:c9:f6:45:51:12:ea:54:ba:b8:30:bb:62:a8:
                    f1:a3:70:af:81:14:6b:c5:87:ae:d7:f7:f9:40:44:
                    db:f3:7c:cd:a0:7b:0f:a7:a1:e4:0a:3a:31:b2:f0:
                    76:3f:1f:af:fe:80:c1:e0:bc:33:90:51:52:bd:7f:
                    e7:36:a7:f7:c2:14:ae:19:88:62:99:bf:dc:ce:4a:
                    0f:47:46:91:da:51:0e:0b:42:64:f6:3b:41:fe:ae:
                    2f:c7:f9:b2:55:e5:42:38:d0:f5:f2:66:69:bd:44:
                    a1:57:10:ff:0c:ca:10:20:e7:27:22:a2:cc:e2:29:
                    f4:92:06:41:98:75:a5:3e:e4:b1:e6:d5:a8:cf:25:
                    83:d0:db:4a:c9:17:5a:e4:04:fd:7c:d8:a1:be:4d:
                    26:73:a2:6d:93:b0:2e:80:25:ce:0a:63:7d:b8:0f:
                    64:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:4E:8E:81:24:6F:3D:75:91:4C:49:DC:B8:5C:6C:28:47:92:CF:C9
            X509v3 Authority Key Identifier:
                keyid:7E:E5:C0:F9:5A:B7:BE:8B:85:F7:11:FA:43:36:65:C1:4E:6E:93:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fuXA-Vq3vouF9xH6QzZlwU5uk1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/a83886-8b4a-4b23-b4aa-90194bd68428/1/J06OgSRvPXWRTEncuFxsKEeSz8k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/a83886-8b4a-4b23-b4aa-90194bd68428/1/fuXA-Vq3vouF9xH6QzZlwU5uk1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.68.210.0/23
                  185.117.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8f:36:63:89:05:e6:7c:db:cd:3c:c5:d4:df:f0:7f:26:9a:b1:
         93:45:2e:03:8f:7d:83:58:f8:4c:4a:17:62:c6:80:c7:85:5d:
         ab:4e:49:a2:30:ef:be:4d:21:ca:a0:04:f7:56:b2:b8:98:db:
         5f:c0:b5:81:92:0d:12:ed:32:e6:2f:03:87:3b:b9:73:06:59:
         f0:9b:99:2f:63:00:04:7a:de:12:18:a9:fa:31:c8:e4:98:d3:
         7e:ac:e5:ac:58:9f:f4:dc:e5:e9:d8:1f:32:d7:72:5c:e6:aa:
         c6:1f:13:50:9a:64:8b:6c:2f:8a:9b:20:66:a6:bc:e6:ac:82:
         ce:ec:7a:e2:02:9b:3a:69:ab:d8:49:8c:6f:00:be:bb:a7:c5:
         ff:dd:1b:fb:7c:56:fb:64:77:bf:0b:f6:9e:fa:dd:35:cb:6e:
         76:05:ec:7a:ca:0b:26:1e:89:a1:57:13:f3:2f:ae:e4:d9:66:
         ba:a4:a2:13:6b:be:7f:b1:c7:4d:6e:38:53:d9:23:3a:0d:e0:
         00:79:f7:5c:29:c9:24:22:be:d9:a7:20:b1:c2:0f:40:71:77:
         15:a5:30:68:44:33:1c:69:d3:a0:a8:ab:c0:68:2b:d6:a9:b6:
         69:b4:b5:7d:6f:cb:ed:15:c5:55:b1:9b:99:a7:22:44:22:76:
         94:ed:67:59
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQljyNmdTOq3tOMF6UHwZxpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlZTVjMGY5NWFiN2JlOGI4NWY3MTFmYTQzMzY2NWMxNGU2
ZTkzNTkwHhcNMjUwMTAyMDU0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzRlOGU4MTI0NmYzZDc1OTE0YzQ5ZGNiODVjNmMyODQ3OTJjZmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA04CMBZg8WY/oQGVjx8svLhaURLVT
fF926/xsw0HSdiN3x/gRej9U4MXOPp0QLOZ/GKyAuBoyieBmzvu7QLulgyCdfsrw
0wPCqzChRpbtQ0AhXtm4b1eLswQCccn2RVES6lS6uDC7Yqjxo3CvgRRrxYeu1/f5
QETb83zNoHsPp6HkCjoxsvB2Px+v/oDB4LwzkFFSvX/nNqf3whSuGYhimb/czkoP
R0aR2lEOC0Jk9jtB/q4vx/myVeVCOND18mZpvUShVxD/DMoQIOcnIqLM4in0kgZB
mHWlPuSx5tWozyWD0NtKyRda5AT9fNihvk0mc6Jtk7AugCXOCmN9uA9kjwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCdOjoEkbz11kUxJ3LhcbChHks/JMB8GA1UdIwQY
MBaAFH7lwPlat76LhfcR+kM2ZcFObpNZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZnVYQS1WcTN2b3VGOXhINlF6Wmx3VTV1azFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9hODM4ODYtOGI0YS00YjIzLWI0YWEt
OTAxOTRiZDY4NDI4LzEvSjA2T2dTUnZQWFdSVEVuY3VGeHNLRWVTejhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9hODM4ODYtOGI0YS00YjIzLWI0YWEtOTAxOTRiZDY4NDI4
LzEvZnVYQS1WcTN2b3VGOXhINlF6Wmx3VTV1azFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBbUTSAwQB
uXUcMA0GCSqGSIb3DQEBCwUAA4IBAQCPNmOJBeZ82808xdTf8H8mmrGTRS4Dj32D
WPhMShdixoDHhV2rTkmiMO++TSHKoAT3VrK4mNtfwLWBkg0S7TLmLwOHO7lzBlnw
m5kvYwAEet4SGKn6McjkmNN+rOWsWJ/03OXp2B8y13Jc5qrGHxNQmmSLbC+KmyBm
przmrILO7HriAps6aavYSYxvAL67p8X/3Rv7fFb7ZHe/C/ae+t01y252Bex6ygsm
HomhVxPzL67k2Wa6pKITa75/scdNbjhT2SM6DeAAefdcKckkIr7ZpyCxwg9AcXcV
pTBoRDMcadOgqKvAaCvWqbZptLV9b8vtFcVVsZuZpyJEInaU7WdZ
-----END CERTIFICATE-----