Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/I05TxI4HsJlV677bOudLJn9w1XQ.roa
File:                     I05TxI4HsJlV677bOudLJn9w1XQ.roa (raw, json)
Hash identifier:          0jaxgcrFgp7uCMx5gTaf4JkVPTmfj5gqzuamh2RKJ3c=
Subject key identifier:   23:4E:53:C4:8E:07:B0:99:55:EB:BE:DB:3A:E7:4B:26:7F:70:D5:74
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       018CC794D9716EC1619AC1BE4B6F1BE2E323
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/I05TxI4HsJlV677bOudLJn9w1XQ.roa
Signing time:             Tue 02 Jan 2024 00:31:10 +0000
ROA not before:           Tue 02 Jan 2024 00:31:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210907
IP address blocks:        109.122.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:d9:71:6e:c1:61:9a:c1:be:4b:6f:1b:e2:e3:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Jan  2 00:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=234e53c48e07b09955ebbedb3ae74b267f70d574
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:2c:15:da:d7:d2:35:d8:68:36:a9:c3:17:5a:
                    91:5c:5f:7e:df:44:73:b1:03:5c:fb:4e:ea:c0:91:
                    79:3f:79:e0:41:e2:cb:15:34:4d:79:1b:7b:ab:76:
                    58:e4:50:4b:a6:79:42:42:69:70:b5:06:77:29:4a:
                    21:8b:9a:af:fd:13:df:43:c0:d0:af:51:4a:df:8e:
                    65:ad:02:8f:6a:af:9d:7d:a6:c5:10:33:bd:45:af:
                    4b:07:8f:d0:56:92:5d:86:d0:4b:da:ea:9d:d0:9f:
                    52:25:3f:cc:cf:05:37:16:42:9f:1e:08:d8:a1:9b:
                    ee:9b:d3:de:2b:0b:9d:36:bf:99:8e:ad:d8:44:26:
                    37:14:dc:8c:0c:ff:8f:a0:89:ad:4a:05:44:b1:35:
                    09:45:e5:89:48:ee:9b:24:c9:76:e8:7a:1a:e1:10:
                    55:42:37:f0:13:7b:53:cc:1b:e4:7e:09:57:b7:00:
                    99:10:06:e9:46:a0:29:c1:d2:71:41:c4:ba:27:53:
                    be:44:ad:f2:d6:b3:c4:fc:a0:a6:17:b4:1d:da:7c:
                    c0:51:39:1c:e6:ba:a4:b9:2d:68:2a:ce:de:6a:60:
                    26:71:15:72:b2:c3:70:66:52:c2:42:1b:2b:6f:10:
                    f1:32:13:d9:e2:b2:68:74:a0:15:8d:1d:da:e0:6e:
                    1f:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:4E:53:C4:8E:07:B0:99:55:EB:BE:DB:3A:E7:4B:26:7F:70:D5:74
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/I05TxI4HsJlV677bOudLJn9w1XQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:b0:c8:38:36:9c:85:92:27:cd:ab:35:1c:0e:18:29:31:18:
         ae:b9:78:cf:bd:94:7b:69:a6:fb:1e:c5:69:fb:d5:67:bd:0e:
         f1:8e:42:98:7a:3e:53:9c:58:4f:56:8c:9f:8e:bb:cd:53:55:
         4d:87:4e:f0:55:1b:19:0d:3b:7e:91:8f:55:5e:96:5a:64:01:
         1e:23:ea:2d:04:e3:5a:12:02:08:9e:a1:b9:99:22:3f:0a:6b:
         03:f0:dd:91:94:27:95:69:7c:69:47:e6:f6:da:b5:8a:23:11:
         23:20:31:09:10:88:68:de:f4:d7:6a:52:53:e6:a4:43:60:54:
         dd:6f:db:17:62:55:49:ef:c1:8d:63:ab:23:0f:a3:73:69:ec:
         e1:bb:f7:a2:51:23:1c:eb:44:20:d4:b7:f6:c8:f1:72:98:97:
         50:16:2b:e5:82:30:f3:0d:b1:94:66:66:2b:db:91:e7:1b:37:
         8a:80:b2:fa:b5:75:bd:20:4a:b9:25:05:89:00:7e:4e:60:af:
         c0:15:97:bc:53:02:3e:33:e5:a8:73:e3:11:e1:ba:71:01:a4:
         31:9b:86:5e:14:c8:ac:32:46:cb:59:c9:cd:f1:79:cf:cf:27:
         24:24:d6:ad:f7:06:f3:02:c7:13:00:89:58:bf:b6:cb:25:ce:
         1a:c5:7a:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlNlxbsFhmsG+S28b4uMjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjQwMTAyMDAzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzRlNTNjNDhlMDdiMDk5NTVlYmJlZGIzYWU3NGIyNjdmNzBkNTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAniwV2tfSNdhoNqnDF1qRXF9+30Rz
sQNc+07qwJF5P3ngQeLLFTRNeRt7q3ZY5FBLpnlCQmlwtQZ3KUohi5qv/RPfQ8DQ
r1FK345lrQKPaq+dfabFEDO9Ra9LB4/QVpJdhtBL2uqd0J9SJT/MzwU3FkKfHgjY
oZvum9PeKwudNr+Zjq3YRCY3FNyMDP+PoImtSgVEsTUJReWJSO6bJMl26Hoa4RBV
QjfwE3tTzBvkfglXtwCZEAbpRqApwdJxQcS6J1O+RK3y1rPE/KCmF7Qd2nzAUTkc
5rqkuS1oKs7eamAmcRVyssNwZlLCQhsrbxDxMhPZ4rJodKAVjR3a4G4fdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCNOU8SOB7CZVeu+2zrnSyZ/cNV0MB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvSTA1VHhJNEhzSmxWNjc3Yk91ZExKbjl3MVhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXopMA0G
CSqGSIb3DQEBCwUAA4IBAQCRsMg4NpyFkifNqzUcDhgpMRiuuXjPvZR7aab7HsVp
+9VnvQ7xjkKYej5TnFhPVoyfjrvNU1VNh07wVRsZDTt+kY9VXpZaZAEeI+otBONa
EgIInqG5mSI/CmsD8N2RlCeVaXxpR+b22rWKIxEjIDEJEIho3vTXalJT5qRDYFTd
b9sXYlVJ78GNY6sjD6Nzaezhu/eiUSMc60Qg1Lf2yPFymJdQFivlgjDzDbGUZmYr
25HnGzeKgLL6tXW9IEq5JQWJAH5OYK/AFZe8UwI+M+Woc+MR4bpxAaQxm4ZeFMis
MkbLWcnN8XnPzyckJNat9wbzAscTAIlYv7bLJc4axXrn
-----END CERTIFICATE-----