Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/nGntDaqcmONxUi1sd87UMvT9x4I.roa
File:                     nGntDaqcmONxUi1sd87UMvT9x4I.roa (raw, json)
Hash identifier:          JUPdqbOgdaD6LXB1MI+aJwuym5PZcQO3ILLdGvRsfU8=
Subject key identifier:   9C:69:ED:0D:AA:9C:98:E3:71:52:2D:6C:77:CE:D4:32:F4:FD:C7:82
Certificate issuer:       /CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
Certificate serial:       019421B25AB1BA4D3192BE4862F7689B6D9C
Authority key identifier: 63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/nGntDaqcmONxUi1sd87UMvT9x4I.roa
Signing time:             Wed 01 Jan 2025 11:48:44 +0000
ROA not before:           Wed 01 Jan 2025 11:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200017
IP address blocks:        109.107.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 23:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:5a:b1:ba:4d:31:92:be:48:62:f7:68:9b:6d:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
        Validity
            Not Before: Jan  1 11:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c69ed0daa9c98e371522d6c77ced432f4fdc782
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:a0:9e:4d:e8:2a:20:82:61:c6:41:e8:79:82:
                    11:e6:66:28:2d:57:88:a4:5c:4b:da:52:70:2c:b3:
                    92:ec:fa:42:91:9c:dd:82:84:fc:0a:f9:15:75:de:
                    43:b8:8c:be:96:a5:2c:00:45:15:97:e5:01:c9:2b:
                    cc:fd:0a:e3:70:c2:05:82:e7:4c:f0:5a:0c:b3:6d:
                    d1:9e:82:44:aa:37:77:5d:74:96:69:6a:f0:bd:3b:
                    da:18:60:c6:5a:98:ad:e9:a0:1b:a8:df:87:d3:5b:
                    d2:3d:59:fe:94:08:c4:86:0a:11:61:35:16:79:8c:
                    a6:76:3b:27:26:e0:fb:4b:ab:06:15:c7:f2:8c:29:
                    63:3e:38:a3:f7:37:aa:0c:6c:18:01:4d:15:b0:28:
                    a0:a1:6a:80:c8:25:9e:02:f0:6e:22:7f:3c:51:31:
                    b3:d1:2a:72:0c:2a:53:64:86:1c:5c:2b:ba:9b:98:
                    6f:9e:91:87:50:5a:d1:7f:50:9d:dd:95:f6:fa:e7:
                    b4:94:cf:73:da:93:8b:33:3e:04:03:3c:cd:db:0d:
                    f1:75:d4:19:71:15:10:31:8b:da:2d:28:32:b5:2b:
                    02:fe:75:29:1a:8c:02:e3:2d:da:74:f0:f0:fb:5d:
                    6e:5a:48:68:71:b5:e7:4c:28:7c:ca:a3:d3:12:8b:
                    20:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:69:ED:0D:AA:9C:98:E3:71:52:2D:6C:77:CE:D4:32:F4:FD:C7:82
            X509v3 Authority Key Identifier:
                keyid:63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/nGntDaqcmONxUi1sd87UMvT9x4I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.107.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:f5:6d:9f:4d:c8:8c:fa:d4:6f:b5:30:dd:0a:ce:34:fd:19:
         06:a4:64:05:5d:a1:45:31:bb:6a:42:bc:44:19:90:c2:3e:d9:
         33:ce:8a:d8:f9:d8:88:c3:4d:78:42:53:64:5a:67:a1:ec:57:
         82:15:d4:60:85:8a:ff:87:6d:a8:c6:f7:7d:45:25:2f:a1:3b:
         68:af:57:4a:e4:60:10:7f:de:59:b9:36:6d:e2:ee:a3:bd:4a:
         e1:7d:e8:41:ce:ed:59:72:ae:ba:05:89:c9:17:81:6b:40:04:
         ca:e2:d2:35:ca:9f:df:a1:d5:57:4b:dd:ce:b6:a3:33:ac:b0:
         0e:d3:32:5f:70:8a:0b:5a:3b:ce:3d:19:94:5e:bd:a1:b6:dc:
         dc:9d:19:43:30:a5:08:eb:35:ad:76:bd:32:57:39:f9:b3:e8:
         7e:c0:ce:69:d8:a4:1f:bf:2a:79:be:7c:8c:f7:f5:ff:27:f1:
         be:c0:92:00:36:5f:45:9e:52:6d:2b:17:75:de:51:ae:a6:d5:
         81:57:2d:0b:d9:3f:27:dd:71:73:37:6d:3a:01:d5:71:51:aa:
         95:96:6b:56:48:61:a7:89:38:0a:50:69:34:52:4a:a3:d8:f7:
         4d:64:b4:62:f2:7f:a7:f7:e6:4c:a8:fe:69:1c:47:9b:41:20:
         3a:1f:6b:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhslqxuk0xkr5IYvdom22cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNjNiYjY1ODk1ZjNhNTRhNGIzMjRhMTBjNzlhYzk4ZWZl
MmExY2EwHhcNMjUwMTAxMTE0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzY5ZWQwZGFhOWM5OGUzNzE1MjJkNmM3N2NlZDQzMmY0ZmRjNzgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0qCeTegqIIJhxkHoeYIR5mYoLVeI
pFxL2lJwLLOS7PpCkZzdgoT8CvkVdd5DuIy+lqUsAEUVl+UBySvM/QrjcMIFgudM
8FoMs23RnoJEqjd3XXSWaWrwvTvaGGDGWpit6aAbqN+H01vSPVn+lAjEhgoRYTUW
eYymdjsnJuD7S6sGFcfyjCljPjij9zeqDGwYAU0VsCigoWqAyCWeAvBuIn88UTGz
0SpyDCpTZIYcXCu6m5hvnpGHUFrRf1Cd3ZX2+ue0lM9z2pOLMz4EAzzN2w3xddQZ
cRUQMYvaLSgytSsC/nUpGowC4y3adPDw+11uWkhocbXnTCh8yqPTEosgFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJxp7Q2qnJjjcVItbHfO1DL0/ceCMB8GA1UdIwQY
MBaAFGNju2WJXzpUpLMkoQx5rJjv4qHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMt
YTZjYTQ1NGRiMmQ3LzEvbkdudERhcWNtT054VWkxc2Q4N1VNdlQ5eDRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMtYTZjYTQ1NGRiMmQ3
LzEvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbWuEMA0G
CSqGSIb3DQEBCwUAA4IBAQAp9W2fTciM+tRvtTDdCs40/RkGpGQFXaFFMbtqQrxE
GZDCPtkzzorY+diIw014QlNkWmeh7FeCFdRghYr/h22oxvd9RSUvoTtor1dK5GAQ
f95ZuTZt4u6jvUrhfehBzu1Zcq66BYnJF4FrQATK4tI1yp/fodVXS93OtqMzrLAO
0zJfcIoLWjvOPRmUXr2httzcnRlDMKUI6zWtdr0yVzn5s+h+wM5p2KQfvyp5vnyM
9/X/J/G+wJIANl9FnlJtKxd13lGuptWBVy0L2T8n3XFzN206AdVxUaqVlmtWSGGn
iTgKUGk0Ukqj2PdNZLRi8n+n9+ZMqP5pHEebQSA6H2u+
-----END CERTIFICATE-----