Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/hhDruU2BGyL72LcDTa30VVmeyeI.roa
File:                     hhDruU2BGyL72LcDTa30VVmeyeI.roa (raw, json)
Hash identifier:          QkshKq6erv7Xez3qseCJmTlwPfpvRSNnvi/jlZLUf8M=
Subject key identifier:   86:10:EB:B9:4D:81:1B:22:FB:D8:B7:03:4D:AD:F4:55:59:9E:C9:E2
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       0194266BC3A56BAD289B337DC190EE7687A3
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/hhDruU2BGyL72LcDTa30VVmeyeI.roa
Signing time:             Thu 02 Jan 2025 09:49:43 +0000
ROA not before:           Thu 02 Jan 2025 09:49:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202704
IP address blocks:        109.122.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:c3:a5:6b:ad:28:9b:33:7d:c1:90:ee:76:87:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Jan  2 09:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8610ebb94d811b22fbd8b7034dadf455599ec9e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:9e:83:33:3d:b6:fc:02:5d:af:68:6b:dc:95:
                    0c:1c:e6:f6:fe:1b:a8:26:f9:47:b6:3e:b9:03:ea:
                    62:a1:9d:f7:0c:9b:fa:b2:f4:d3:bd:f4:9f:ee:2e:
                    37:04:6a:ca:94:82:16:e6:f7:46:85:dc:7c:18:70:
                    18:3e:03:ba:0e:cd:a4:ce:0e:6e:bc:39:77:25:92:
                    bb:67:06:d6:d5:20:0a:1d:3c:96:20:25:38:27:87:
                    73:60:4a:49:81:fc:9d:8c:1e:ff:b2:64:26:16:bd:
                    f2:c8:b9:82:bd:80:1b:d1:a5:c7:1d:cb:11:61:68:
                    bb:88:c3:2d:44:c8:59:04:c7:4f:69:da:63:e1:57:
                    b2:6f:90:a2:36:c4:ef:f6:9a:05:d8:7d:69:36:df:
                    24:14:92:21:b7:7b:ca:eb:f4:1f:7b:47:73:07:c7:
                    b0:66:45:f3:bb:ab:16:93:35:4b:ff:64:b3:05:ee:
                    7d:73:b7:32:c6:23:69:d3:76:5e:9b:d9:14:8c:65:
                    df:06:c2:a6:92:1a:ea:c5:3c:c4:60:bd:56:b7:38:
                    99:49:7b:1d:bc:52:46:8d:6a:c9:28:5a:8f:ac:12:
                    a2:0a:80:d2:d5:4e:47:3c:5b:07:c2:4e:c8:f3:c5:
                    78:77:ec:98:9e:c0:ef:8d:35:a8:7e:77:20:bf:4a:
                    5c:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:10:EB:B9:4D:81:1B:22:FB:D8:B7:03:4D:AD:F4:55:59:9E:C9:E2
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/hhDruU2BGyL72LcDTa30VVmeyeI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:e2:99:0b:c2:45:08:83:60:42:ae:72:1b:21:69:8d:dc:3a:
         f5:7e:32:6b:2e:8f:07:36:d0:2d:81:da:c4:45:1f:f6:a3:dd:
         84:ac:08:86:f9:83:c1:44:58:29:8b:0d:1e:b8:ec:91:27:8f:
         88:97:82:de:0c:8d:6b:99:a4:62:13:05:08:77:20:fd:2e:be:
         3c:51:98:9f:4e:1d:15:c3:ce:19:df:23:99:74:e4:bd:d9:40:
         d5:53:87:13:23:e9:3b:8a:29:5f:56:5f:ff:03:48:a2:fc:f4:
         09:ae:ef:b2:1d:31:95:dc:b8:ad:e5:ba:b5:b6:00:ce:bb:cb:
         e0:25:a5:df:41:97:35:24:5b:2b:e8:41:14:7a:74:4e:f0:8c:
         ad:16:b5:34:58:9b:10:f4:d9:56:58:19:8b:9e:ae:6c:55:cf:
         69:09:9c:61:bb:76:d7:da:e2:a9:df:6e:5e:8e:2a:cf:69:3f:
         ac:68:9f:b3:21:14:4b:3a:0d:68:97:c7:ff:a2:32:b2:3b:e3:
         a2:f9:0d:02:7d:bc:29:7d:c7:52:38:cd:2b:4d:86:e3:cc:a6:
         31:4c:db:21:c1:3a:75:95:45:97:10:7c:69:b3:6f:f5:1f:dd:
         c3:b5:74:66:dc:0b:f3:f0:d7:50:8f:01:fa:1e:ed:57:eb:94:
         5e:ae:74:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma8Ola60omzN9wZDudoejMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjUwMTAyMDk0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjEwZWJiOTRkODExYjIyZmJkOGI3MDM0ZGFkZjQ1NTU5OWVjOWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr56DMz22/AJdr2hr3JUMHOb2/huo
JvlHtj65A+pioZ33DJv6svTTvfSf7i43BGrKlIIW5vdGhdx8GHAYPgO6Ds2kzg5u
vDl3JZK7ZwbW1SAKHTyWICU4J4dzYEpJgfydjB7/smQmFr3yyLmCvYAb0aXHHcsR
YWi7iMMtRMhZBMdPadpj4Veyb5CiNsTv9poF2H1pNt8kFJIht3vK6/Qfe0dzB8ew
ZkXzu6sWkzVL/2SzBe59c7cyxiNp03Zem9kUjGXfBsKmkhrqxTzEYL1WtziZSXsd
vFJGjWrJKFqPrBKiCoDS1U5HPFsHwk7I88V4d+yYnsDvjTWofncgv0pczQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIYQ67lNgRsi+9i3A02t9FVZnsniMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvaGhEcnVVMkJHeUw3MkxjRFRhMzBWVm1leWVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXooMA0G
CSqGSIb3DQEBCwUAA4IBAQA94pkLwkUIg2BCrnIbIWmN3Dr1fjJrLo8HNtAtgdrE
RR/2o92ErAiG+YPBRFgpiw0euOyRJ4+Il4LeDI1rmaRiEwUIdyD9Lr48UZifTh0V
w84Z3yOZdOS92UDVU4cTI+k7iilfVl//A0ii/PQJru+yHTGV3Lit5bq1tgDOu8vg
JaXfQZc1JFsr6EEUenRO8IytFrU0WJsQ9NlWWBmLnq5sVc9pCZxhu3bX2uKp325e
jirPaT+saJ+zIRRLOg1ol8f/ojKyO+Oi+Q0CfbwpfcdSOM0rTYbjzKYxTNshwTp1
lUWXEHxps2/1H93DtXRm3Avz8NdQjwH6Hu1X65RernSq
-----END CERTIFICATE-----