Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/1686c3-da70-4b54-ab2b-3be995d2bbda/1/_fP9Z6Qv2kJn-Wq44o76SeffPHk.roa
File:                     _fP9Z6Qv2kJn-Wq44o76SeffPHk.roa (raw, json)
Hash identifier:          4imK77f8nPoaw3AiGFAa7c39oqo+0JEgUABlegcK0lE=
Subject key identifier:   FD:F3:FD:67:A4:2F:DA:42:67:F9:6A:B8:E2:8E:FA:49:E7:DF:3C:79
Certificate issuer:       /CN=76ef0a0ee8fa154d7ada438af1212269ce0acc41
Certificate serial:       019421B1F994FAFBEA8ED4D32E79BEA902DE
Authority key identifier: 76:EF:0A:0E:E8:FA:15:4D:7A:DA:43:8A:F1:21:22:69:CE:0A:CC:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/du8KDuj6FU162kOK8SEiac4KzEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/1686c3-da70-4b54-ab2b-3be995d2bbda/1/_fP9Z6Qv2kJn-Wq44o76SeffPHk.roa
Signing time:             Wed 01 Jan 2025 11:48:19 +0000
ROA not before:           Wed 01 Jan 2025 11:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57494
IP address blocks:        109.71.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/1686c3-da70-4b54-ab2b-3be995d2bbda/1/du8KDuj6FU162kOK8SEiac4KzEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/1686c3-da70-4b54-ab2b-3be995d2bbda/1/du8KDuj6FU162kOK8SEiac4KzEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/du8KDuj6FU162kOK8SEiac4KzEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 11:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:f9:94:fa:fb:ea:8e:d4:d3:2e:79:be:a9:02:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76ef0a0ee8fa154d7ada438af1212269ce0acc41
        Validity
            Not Before: Jan  1 11:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fdf3fd67a42fda4267f96ab8e28efa49e7df3c79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:94:33:a0:b2:fe:70:6b:3d:7c:57:ec:4e:bb:
                    32:f9:96:ad:91:c5:7e:f0:22:3e:ad:a2:54:c9:d8:
                    99:5d:86:bf:6b:a4:bd:c8:8c:f2:b0:6d:7e:42:6d:
                    f7:0a:a0:e0:3e:20:26:19:86:18:f8:f9:3f:52:77:
                    a6:d0:0d:7f:7d:93:d9:76:17:a9:43:4a:ef:d5:0f:
                    ce:ab:82:f0:c9:01:3d:e0:42:39:de:a2:b8:62:85:
                    87:59:bd:6a:66:de:93:ec:d3:08:0b:f6:aa:90:28:
                    62:1f:b8:59:ba:f8:08:ac:ed:e1:63:b9:cc:49:24:
                    61:b6:08:cb:86:81:00:fb:8f:b0:b3:e8:de:35:e6:
                    74:52:6f:d8:de:df:1b:83:82:bc:25:7b:02:bc:01:
                    d6:b2:47:e4:05:b9:27:63:55:1e:8d:e6:3f:23:d4:
                    29:38:c6:0f:7e:fe:15:e7:31:92:56:ad:b4:ec:02:
                    16:53:cf:fa:3e:cc:a6:bd:09:16:62:07:c4:0c:ef:
                    f0:92:07:0b:23:e1:0a:06:12:d7:b3:98:21:b6:e9:
                    f7:28:3a:9f:9f:19:27:35:08:37:59:48:d4:b3:88:
                    18:8b:ac:01:2a:c4:c4:1e:60:e0:be:61:79:ad:fe:
                    29:d3:55:9e:8f:f7:19:74:05:57:b4:73:46:9b:bb:
                    d7:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:F3:FD:67:A4:2F:DA:42:67:F9:6A:B8:E2:8E:FA:49:E7:DF:3C:79
            X509v3 Authority Key Identifier:
                keyid:76:EF:0A:0E:E8:FA:15:4D:7A:DA:43:8A:F1:21:22:69:CE:0A:CC:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/du8KDuj6FU162kOK8SEiac4KzEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/1686c3-da70-4b54-ab2b-3be995d2bbda/1/_fP9Z6Qv2kJn-Wq44o76SeffPHk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/1686c3-da70-4b54-ab2b-3be995d2bbda/1/du8KDuj6FU162kOK8SEiac4KzEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.71.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:5a:5a:6d:e1:94:2e:17:00:11:ac:8b:bc:7b:1b:c7:51:05:
         db:8c:98:cd:4f:f2:18:98:12:4d:f8:6a:a9:78:16:06:61:d8:
         b7:f3:0f:fe:bd:df:95:9e:b8:d8:a8:0b:eb:fe:ef:3a:d3:40:
         86:44:6e:74:92:8e:ab:11:c6:f8:bd:09:7f:23:5c:09:22:72:
         c6:d2:08:79:5e:a9:9c:1d:f8:cc:0c:78:1c:b5:63:2b:f2:b4:
         6a:2c:58:cf:7e:81:1b:8f:db:6d:26:24:98:dc:79:3e:d2:5a:
         38:63:01:04:67:55:c5:14:63:b9:4d:0b:b9:3c:30:fc:6e:7d:
         a2:11:4c:48:91:a0:2e:4d:85:91:01:ee:d3:85:79:d3:e6:b3:
         d6:79:5b:b4:20:9b:8b:db:f9:ba:4c:08:71:f8:73:99:3a:4a:
         38:93:aa:20:b3:43:24:f5:3f:8e:3c:0a:89:8a:80:f3:43:79:
         0a:49:30:ae:9a:a8:b2:cf:ca:5f:aa:fe:52:41:62:73:83:2a:
         73:2e:c3:fd:47:d5:30:3c:1d:9d:a5:12:b8:9e:8b:4a:b1:c0:
         a0:25:17:52:9c:a9:c9:84:b6:e3:7a:7f:02:83:c7:26:c7:2c:
         38:fc:be:8d:37:60:04:2e:c7:af:46:8b:b3:1f:f7:c7:bd:b9:
         b1:1a:6d:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsfmU+vvqjtTTLnm+qQLeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2ZWYwYTBlZThmYTE1NGQ3YWRhNDM4YWYxMjEyMjY5Y2Uw
YWNjNDEwHhcNMjUwMTAxMTE0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGYzZmQ2N2E0MmZkYTQyNjdmOTZhYjhlMjhlZmE0OWU3ZGYzYzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopQzoLL+cGs9fFfsTrsy+ZatkcV+
8CI+raJUydiZXYa/a6S9yIzysG1+Qm33CqDgPiAmGYYY+Pk/Unem0A1/fZPZdhep
Q0rv1Q/Oq4LwyQE94EI53qK4YoWHWb1qZt6T7NMIC/aqkChiH7hZuvgIrO3hY7nM
SSRhtgjLhoEA+4+ws+jeNeZ0Um/Y3t8bg4K8JXsCvAHWskfkBbknY1UejeY/I9Qp
OMYPfv4V5zGSVq207AIWU8/6PsymvQkWYgfEDO/wkgcLI+EKBhLXs5ghtun3KDqf
nxknNQg3WUjUs4gYi6wBKsTEHmDgvmF5rf4p01Wej/cZdAVXtHNGm7vXJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP3z/WekL9pCZ/lquOKO+knn3zx5MB8GA1UdIwQY
MBaAFHbvCg7o+hVNetpDivEhImnOCsxBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHU4S0R1ajZGVTE2MmtPSzhTRWlhYzRLekVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS8xNjg2YzMtZGE3MC00YjU0LWFiMmIt
M2JlOTk1ZDJiYmRhLzEvX2ZQOVo2UXYya0puLVdxNDRvNzZTZWZmUEhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS8xNjg2YzMtZGE3MC00YjU0LWFiMmItM2JlOTk1ZDJiYmRh
LzEvZHU4S0R1ajZGVTE2MmtPSzhTRWlhYzRLekVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbUfyMA0G
CSqGSIb3DQEBCwUAA4IBAQCIWlpt4ZQuFwARrIu8exvHUQXbjJjNT/IYmBJN+Gqp
eBYGYdi38w/+vd+VnrjYqAvr/u8600CGRG50ko6rEcb4vQl/I1wJInLG0gh5Xqmc
HfjMDHgctWMr8rRqLFjPfoEbj9ttJiSY3Hk+0lo4YwEEZ1XFFGO5TQu5PDD8bn2i
EUxIkaAuTYWRAe7ThXnT5rPWeVu0IJuL2/m6TAhx+HOZOko4k6ogs0Mk9T+OPAqJ
ioDzQ3kKSTCumqiyz8pfqv5SQWJzgypzLsP9R9UwPB2dpRK4notKscCgJRdSnKnJ
hLbjen8Cg8cmxyw4/L6NN2AELsevRouzH/fHvbmxGm22
-----END CERTIFICATE-----