Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/PFn-sywxKaqL-MQoHYaDo3Ylvxg.roa
File:                     PFn-sywxKaqL-MQoHYaDo3Ylvxg.roa (raw, json)
Hash identifier:          7M/nt+kbs5nOYGFBdJB98Fe7ciYZvkhYXohc8zrAuko=
Subject key identifier:   3C:59:FE:B3:2C:31:29:AA:8B:F8:C4:28:1D:86:83:A3:76:25:BF:18
Certificate issuer:       /CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
Certificate serial:       01941F8C7223939B32CAC40EEDF963D81638
Authority key identifier: 08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/PFn-sywxKaqL-MQoHYaDo3Ylvxg.roa
Signing time:             Wed 01 Jan 2025 01:48:05 +0000
ROA not before:           Wed 01 Jan 2025 01:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199658
IP address blocks:        109.167.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:72:23:93:9b:32:ca:c4:0e:ed:f9:63:d8:16:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
        Validity
            Not Before: Jan  1 01:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3c59feb32c3129aa8bf8c4281d8683a37625bf18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:a7:df:b0:cf:14:3d:c7:f2:56:65:e8:40:0e:
                    96:25:ea:49:8e:47:56:f4:c8:cc:46:de:38:ce:3b:
                    21:7b:26:4c:81:22:91:ce:73:a8:c4:39:3d:5f:d2:
                    b7:71:d8:76:f1:7d:06:9b:5d:24:c1:f3:a9:18:1e:
                    d8:e9:b8:4c:3c:82:1b:7d:12:ea:27:01:e9:dc:10:
                    7a:b0:15:44:40:4a:8a:34:fe:1a:39:f3:46:7b:28:
                    c7:8f:79:79:27:b6:0b:bc:d1:65:e5:05:13:d2:34:
                    e3:b7:50:55:31:23:4c:9c:7e:44:f5:17:a1:61:ad:
                    5a:25:3f:ad:a0:4b:d7:79:11:a0:ca:5e:4b:38:26:
                    79:67:b4:d6:79:ec:bd:3c:98:15:9b:5e:85:91:58:
                    85:a9:6b:41:93:a1:3e:38:82:1f:e5:6e:ed:1f:fa:
                    94:44:dd:ee:d6:fd:9a:fe:bd:e9:d0:6f:91:50:1f:
                    f4:17:b1:85:c3:34:8b:2d:ae:40:f3:f6:71:46:d9:
                    5a:aa:3b:42:cf:90:95:e2:19:bc:d7:53:c7:65:ff:
                    bf:16:40:89:9a:6b:c1:6c:8a:40:0f:65:8a:6e:d8:
                    7c:9e:99:5d:2e:7a:8a:a7:c4:b5:63:35:aa:f0:bf:
                    ff:4a:62:b2:77:47:c5:23:b6:99:43:a2:9d:61:dd:
                    59:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:59:FE:B3:2C:31:29:AA:8B:F8:C4:28:1D:86:83:A3:76:25:BF:18
            X509v3 Authority Key Identifier:
                keyid:08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/PFn-sywxKaqL-MQoHYaDo3Ylvxg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.167.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:b4:47:11:c9:27:37:7d:2d:f4:ce:40:00:0d:f7:c0:6e:a5:
         54:a4:65:b0:1f:36:5b:2b:1f:02:e6:0c:f3:bf:3b:7a:1a:5c:
         f4:a7:da:b1:a2:f5:e4:9e:91:fa:01:40:48:d4:fb:10:97:65:
         1d:80:5c:da:0b:95:7d:33:a5:cb:de:a1:fa:1f:54:6b:c1:4c:
         3c:9d:2f:48:ed:89:25:27:a8:08:5c:ba:ec:d1:de:52:48:fd:
         10:08:b7:a5:e4:83:5a:04:c1:02:4a:f3:87:cb:04:47:36:e0:
         ab:37:3f:ce:f3:f3:1e:16:e6:c7:60:e1:d2:b2:58:c3:41:22:
         86:65:7d:0c:ed:22:32:9c:89:db:8b:f4:ea:d0:00:33:e1:5d:
         89:4e:cb:7e:81:3c:0a:a4:08:24:ac:72:a8:78:55:9e:28:20:
         bb:20:f2:44:c2:c7:af:14:ba:12:7d:1e:64:ad:88:3f:ef:96:
         8d:48:1d:9f:1a:3a:81:40:d0:db:6e:fd:7d:1f:57:f8:24:c6:
         eb:df:b6:0a:47:91:4b:da:df:54:5f:b7:69:b1:c1:c4:47:9b:
         84:51:01:37:54:4e:82:c9:5f:49:36:a5:e7:02:50:1a:2d:a0:
         b5:7c:6e:38:cb:ad:aa:fc:95:b8:a9:f4:44:8d:81:a2:04:80:
         9b:ca:a7:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjHIjk5syysQO7flj2BY4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MDJiOTVjZTYyMzlkNTI2YzM1YWU3YThlMmNlYjQ4YWVi
ODJiNWYwHhcNMjUwMTAxMDE0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzU5ZmViMzJjMzEyOWFhOGJmOGM0MjgxZDg2ODNhMzc2MjViZjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj6ffsM8UPcfyVmXoQA6WJepJjkdW
9MjMRt44zjsheyZMgSKRznOoxDk9X9K3cdh28X0Gm10kwfOpGB7Y6bhMPIIbfRLq
JwHp3BB6sBVEQEqKNP4aOfNGeyjHj3l5J7YLvNFl5QUT0jTjt1BVMSNMnH5E9Reh
Ya1aJT+toEvXeRGgyl5LOCZ5Z7TWeey9PJgVm16FkViFqWtBk6E+OIIf5W7tH/qU
RN3u1v2a/r3p0G+RUB/0F7GFwzSLLa5A8/ZxRtlaqjtCz5CV4hm811PHZf+/FkCJ
mmvBbIpAD2WKbth8npldLnqKp8S1YzWq8L//SmKyd0fFI7aZQ6KdYd1ZoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDxZ/rMsMSmqi/jEKB2Gg6N2Jb8YMB8GA1UdIwQY
MBaAFAgCuVzmI51SbDWueo4s60iuuCtfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDIt
Y2YwYWEzZWNhZDI4LzEvUEZuLXN5d3hLYXFMLU1Rb0hZYURvM1lsdnhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDItY2YwYWEzZWNhZDI4
LzEvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbaf+MA0G
CSqGSIb3DQEBCwUAA4IBAQAxtEcRySc3fS30zkAADffAbqVUpGWwHzZbKx8C5gzz
vzt6Glz0p9qxovXknpH6AUBI1PsQl2UdgFzaC5V9M6XL3qH6H1RrwUw8nS9I7Ykl
J6gIXLrs0d5SSP0QCLel5INaBMECSvOHywRHNuCrNz/O8/MeFubHYOHSsljDQSKG
ZX0M7SIynInbi/Tq0AAz4V2JTst+gTwKpAgkrHKoeFWeKCC7IPJEwsevFLoSfR5k
rYg/75aNSB2fGjqBQNDbbv19H1f4JMbr37YKR5FL2t9UX7dpscHER5uEUQE3VE6C
yV9JNqXnAlAaLaC1fG44y62q/JW4qfREjYGiBICbyqeu
-----END CERTIFICATE-----