Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/11192d-1740-4e8e-9e04-ee379518c686/1/cTN1Y09PtkgkqehmSl_CFfQ7UHQ.roa
File:                     cTN1Y09PtkgkqehmSl_CFfQ7UHQ.roa (raw, json)
Hash identifier:          ABM56JYlqXXcVK8hHnUO9LjCVD+aT/7wBVQRM8XyDFc=
Subject key identifier:   71:33:75:63:4F:4F:B6:48:24:A9:E8:66:4A:5F:C2:15:F4:3B:50:74
Certificate issuer:       /CN=2458f0a453b32ff3a21e66a31b74fe49d8e46a33
Certificate serial:       018CC86F16448D3073EA1122D3361DD9A19A
Authority key identifier: 24:58:F0:A4:53:B3:2F:F3:A2:1E:66:A3:1B:74:FE:49:D8:E4:6A:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JFjwpFOzL_OiHmajG3T-SdjkajM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/11192d-1740-4e8e-9e04-ee379518c686/1/cTN1Y09PtkgkqehmSl_CFfQ7UHQ.roa
Signing time:             Tue 02 Jan 2024 04:29:32 +0000
ROA not before:           Tue 02 Jan 2024 04:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50307
IP address blocks:        109.71.112.0/21 maxlen: 21
                          2a06:7c00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/11192d-1740-4e8e-9e04-ee379518c686/1/JFjwpFOzL_OiHmajG3T-SdjkajM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/11192d-1740-4e8e-9e04-ee379518c686/1/JFjwpFOzL_OiHmajG3T-SdjkajM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JFjwpFOzL_OiHmajG3T-SdjkajM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:16:44:8d:30:73:ea:11:22:d3:36:1d:d9:a1:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2458f0a453b32ff3a21e66a31b74fe49d8e46a33
        Validity
            Not Before: Jan  2 04:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=713375634f4fb64824a9e8664a5fc215f43b5074
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:97:7c:3d:0b:42:aa:fa:78:71:97:83:81:0e:
                    a6:11:d7:4c:2d:73:d0:83:35:eb:21:4c:99:86:07:
                    e2:5e:d0:db:ba:f7:09:a4:26:1d:6d:d5:6b:55:bf:
                    c0:00:df:bb:f4:30:cf:80:b4:72:d6:ad:59:3d:22:
                    36:1d:f4:2f:1c:a2:e7:25:3f:a8:ab:35:ff:68:7e:
                    c2:b7:fb:7a:bf:62:bd:5c:63:45:31:c2:d0:53:c4:
                    e1:d4:1c:e3:eb:90:8f:13:4a:b0:42:96:2d:58:3d:
                    98:f5:ae:05:7f:b7:f3:9c:b4:35:f2:c8:4b:4e:d9:
                    29:8f:07:86:92:1d:8c:d3:17:a5:ee:2c:f7:33:ed:
                    b0:95:49:4e:b4:66:05:2b:3a:29:e0:36:36:76:0d:
                    53:28:5b:f0:be:e6:b6:1b:80:ae:bd:45:1f:6a:9b:
                    9c:28:d8:12:cf:c2:f4:72:51:d2:4a:d8:0a:58:9c:
                    a4:bc:fb:db:76:30:39:06:7c:57:b2:65:27:43:de:
                    f6:85:5a:d3:1e:cc:cc:8b:64:2c:59:3a:90:74:7d:
                    39:03:dc:b0:7e:f9:27:b9:5c:40:0b:a1:a1:3c:39:
                    b1:e3:a7:4a:23:82:ea:56:02:52:fe:80:8e:e4:8f:
                    c2:34:29:57:5d:82:b4:cb:f9:76:f7:92:cc:7d:e3:
                    f9:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:33:75:63:4F:4F:B6:48:24:A9:E8:66:4A:5F:C2:15:F4:3B:50:74
            X509v3 Authority Key Identifier:
                keyid:24:58:F0:A4:53:B3:2F:F3:A2:1E:66:A3:1B:74:FE:49:D8:E4:6A:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JFjwpFOzL_OiHmajG3T-SdjkajM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/11192d-1740-4e8e-9e04-ee379518c686/1/cTN1Y09PtkgkqehmSl_CFfQ7UHQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/11192d-1740-4e8e-9e04-ee379518c686/1/JFjwpFOzL_OiHmajG3T-SdjkajM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.71.112.0/21
                IPv6:
                  2a06:7c00::/29

    Signature Algorithm: sha256WithRSAEncryption
         19:4d:63:a9:b2:05:25:75:92:b4:67:83:86:e8:33:0c:0b:7b:
         17:7e:8c:22:b6:63:94:a8:17:31:f1:4d:09:5e:21:57:8d:56:
         57:cf:75:f6:d8:c2:bf:f1:54:d0:a3:a3:1a:b3:62:5b:48:b9:
         f9:d0:23:a6:74:3b:c3:37:bd:35:a2:67:13:59:9a:f2:16:a7:
         69:77:6f:27:8d:cc:a5:06:d7:cf:af:9e:cc:05:8f:87:06:4d:
         11:49:2c:38:5d:bb:0b:12:9e:de:38:a8:f2:2c:55:68:11:f7:
         b7:88:4b:dd:9a:fa:db:9f:f1:85:a1:ff:5a:17:70:5f:f5:0f:
         c0:8b:86:28:15:5b:14:0b:59:a9:75:9f:e3:5a:87:26:9f:10:
         15:ee:05:ee:0e:51:64:7a:b3:9f:49:70:af:70:7a:0c:e0:a3:
         58:2f:97:cd:fc:a6:8f:9c:7f:58:0b:d0:81:ab:f3:d6:c0:20:
         66:67:33:8f:d1:24:9c:a3:29:a2:c6:42:5e:62:f1:a0:9f:29:
         85:cc:09:cf:fd:8c:1e:cc:29:62:fb:54:3d:ec:fd:26:ba:72:
         7f:79:6b:55:62:67:da:b5:ca:bd:f3:df:dc:ac:be:98:82:6d:
         3a:71:b4:62:7f:47:05:ae:32:04:51:3a:19:ac:f9:81:be:a7:
         b4:21:80:cb
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIbxZEjTBz6hEi0zYd2aGaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0NThmMGE0NTNiMzJmZjNhMjFlNjZhMzFiNzRmZTQ5ZDhl
NDZhMzMwHhcNMjQwMTAyMDQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTMzNzU2MzRmNGZiNjQ4MjRhOWU4NjY0YTVmYzIxNWY0M2I1MDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAypd8PQtCqvp4cZeDgQ6mEddMLXPQ
gzXrIUyZhgfiXtDbuvcJpCYdbdVrVb/AAN+79DDPgLRy1q1ZPSI2HfQvHKLnJT+o
qzX/aH7Ct/t6v2K9XGNFMcLQU8Th1Bzj65CPE0qwQpYtWD2Y9a4Ff7fznLQ18shL
TtkpjweGkh2M0xel7iz3M+2wlUlOtGYFKzop4DY2dg1TKFvwvua2G4CuvUUfapuc
KNgSz8L0clHSStgKWJykvPvbdjA5BnxXsmUnQ972hVrTHszMi2QsWTqQdH05A9yw
fvknuVxAC6GhPDmx46dKI4LqVgJS/oCO5I/CNClXXYK0y/l295LMfeP5wwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHEzdWNPT7ZIJKnoZkpfwhX0O1B0MB8GA1UdIwQY
MBaAFCRY8KRTsy/zoh5moxt0/knY5GozMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkZqd3BGT3pMX09pSG1hakczVC1TZGprYWpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC8xMTE5MmQtMTc0MC00ZThlLTllMDQt
ZWUzNzk1MThjNjg2LzEvY1ROMVkwOVB0a2drcWVobVNsX0NGZlE3VUhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC8xMTE5MmQtMTc0MC00ZThlLTllMDQtZWUzNzk1MThjNjg2
LzEvSkZqd3BGT3pMX09pSG1hakczVC1TZGprYWpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDbUdwMA0E
AgACMAcDBQMqBnwAMA0GCSqGSIb3DQEBCwUAA4IBAQAZTWOpsgUldZK0Z4OG6DMM
C3sXfowitmOUqBcx8U0JXiFXjVZXz3X22MK/8VTQo6Mas2JbSLn50COmdDvDN701
omcTWZryFqdpd28njcylBtfPr57MBY+HBk0RSSw4XbsLEp7eOKjyLFVoEfe3iEvd
mvrbn/GFof9aF3Bf9Q/Ai4YoFVsUC1mpdZ/jWocmnxAV7gXuDlFkerOfSXCvcHoM
4KNYL5fN/KaPnH9YC9CBq/PWwCBmZzOP0SScoymixkJeYvGgnymFzAnP/YwezCli
+1Q97P0munJ/eWtVYmfatcq989/crL6Ygm06cbRif0cFrjIEUToZrPmBvqe0IYDL
-----END CERTIFICATE-----