Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/f79cbc-848d-4f3e-8dc1-d51141ccdc06/1/5v0hUEBxgEJ_Wz85dg0QD5wiMr4.roa
File:                     5v0hUEBxgEJ_Wz85dg0QD5wiMr4.roa (raw, json)
Hash identifier:          AOgJD9izw5WZn+hE7i6Z6aoy52p5jFj9e/Qz0bGyFWk=
Subject key identifier:   E6:FD:21:50:40:71:80:42:7F:5B:3F:39:76:0D:10:0F:9C:22:32:BE
Certificate issuer:       /CN=80f23f429504203c189737a2074e53f2efc64fc7
Certificate serial:       01970CEBE2643ECD28E34DDD7556373BF100
Authority key identifier: 80:F2:3F:42:95:04:20:3C:18:97:37:A2:07:4E:53:F2:EF:C6:4F:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gPI_QpUEIDwYlzeiB05T8u_GT8c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/f79cbc-848d-4f3e-8dc1-d51141ccdc06/1/5v0hUEBxgEJ_Wz85dg0QD5wiMr4.roa
Signing time:             Mon 26 May 2025 14:07:54 +0000
ROA not before:           Mon 26 May 2025 14:07:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211143
IP address blocks:        109.104.102.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/f79cbc-848d-4f3e-8dc1-d51141ccdc06/1/gPI_QpUEIDwYlzeiB05T8u_GT8c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/f79cbc-848d-4f3e-8dc1-d51141ccdc06/1/gPI_QpUEIDwYlzeiB05T8u_GT8c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gPI_QpUEIDwYlzeiB05T8u_GT8c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 17:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:0c:eb:e2:64:3e:cd:28:e3:4d:dd:75:56:37:3b:f1:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=80f23f429504203c189737a2074e53f2efc64fc7
        Validity
            Not Before: May 26 14:07:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e6fd2150407180427f5b3f39760d100f9c2232be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:33:28:95:3b:8c:38:e9:4f:37:45:6d:64:11:
                    56:43:73:46:a9:c9:1d:58:b5:9d:ad:d8:30:62:0b:
                    3d:64:1d:a3:12:92:c5:53:27:10:11:d8:53:e6:28:
                    c7:32:42:13:71:63:47:80:cd:03:70:f0:21:a9:52:
                    e8:eb:4b:e0:98:fd:57:e1:1b:cd:73:a1:7a:ad:db:
                    cb:50:06:39:40:70:64:bc:dd:1f:5b:1f:ff:17:8d:
                    7b:2d:25:e2:7d:df:3b:80:72:de:ef:56:a3:de:7f:
                    48:46:fd:65:47:b9:86:74:ed:6f:e3:c3:31:fd:88:
                    7b:ca:91:b8:84:85:e6:d3:37:3d:79:47:b3:96:1f:
                    81:cf:84:2b:c9:80:d2:e5:ff:f7:d1:d4:f5:59:ba:
                    42:fe:38:88:d4:8c:11:b9:d2:29:eb:bc:9d:44:fe:
                    33:7a:62:fd:10:67:64:e5:31:09:47:e6:fd:38:ed:
                    70:ed:e1:c4:87:ef:0b:4a:43:8c:b3:30:87:d7:90:
                    d7:0c:bb:3e:62:17:f9:cb:f8:b7:81:96:5f:b0:7e:
                    0d:90:a3:ad:11:36:23:01:32:30:3e:8b:37:b8:aa:
                    a9:0a:c5:94:c8:96:76:9a:bf:78:f0:e6:64:06:df:
                    02:13:cd:7b:ed:83:51:d4:34:81:c3:25:69:79:c1:
                    2f:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:FD:21:50:40:71:80:42:7F:5B:3F:39:76:0D:10:0F:9C:22:32:BE
            X509v3 Authority Key Identifier:
                keyid:80:F2:3F:42:95:04:20:3C:18:97:37:A2:07:4E:53:F2:EF:C6:4F:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gPI_QpUEIDwYlzeiB05T8u_GT8c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/f79cbc-848d-4f3e-8dc1-d51141ccdc06/1/5v0hUEBxgEJ_Wz85dg0QD5wiMr4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/f79cbc-848d-4f3e-8dc1-d51141ccdc06/1/gPI_QpUEIDwYlzeiB05T8u_GT8c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.104.102.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6b:35:d5:d0:74:7a:d5:8e:57:80:43:e5:e7:0b:c4:fc:57:47:
         a0:1f:8b:e0:18:73:75:6d:bb:5b:17:e9:e7:7f:ee:d7:5d:f8:
         38:71:68:8d:48:5c:7e:69:8b:1a:8f:16:09:bb:a0:f0:70:a1:
         ec:ba:65:5e:af:14:59:bc:5d:60:2e:1f:fc:9c:2f:a7:55:5f:
         e0:8d:81:cd:0a:59:64:5e:55:95:31:5b:8a:fe:ed:68:14:bb:
         05:d8:6a:ae:de:54:9a:d9:a3:3a:b7:a0:a3:4e:26:87:11:bd:
         19:be:13:fd:49:b6:66:fc:b2:47:ea:59:be:75:0d:ce:73:f6:
         b3:7b:d7:78:f6:e7:1c:60:e5:b8:81:49:8b:c2:c6:01:d0:4f:
         cc:cf:b9:80:c6:d6:63:9e:9f:43:c9:1e:5a:20:14:89:bb:7a:
         42:ea:4e:fe:0f:ec:cc:ea:90:c6:d2:7b:37:11:2d:1e:6d:ce:
         ce:f5:f8:07:6c:97:b8:9f:39:8c:f5:e9:44:d1:61:de:89:f4:
         b8:ae:de:5b:78:79:2f:c1:81:94:ef:80:45:71:84:85:c3:ee:
         70:77:6f:c7:21:8f:3f:18:92:f8:57:91:b3:83:bb:ee:45:1c:
         34:9e:c3:35:f5:96:64:4b:57:c4:bf:88:2f:e8:2f:e1:ba:5e:
         81:a1:fc:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcM6+JkPs0o403ddVY3O/EAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwZjIzZjQyOTUwNDIwM2MxODk3MzdhMjA3NGU1M2YyZWZj
NjRmYzcwHhcNMjUwNTI2MTQwNzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmZkMjE1MDQwNzE4MDQyN2Y1YjNmMzk3NjBkMTAwZjljMjIzMmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5jMolTuMOOlPN0VtZBFWQ3NGqckd
WLWdrdgwYgs9ZB2jEpLFUycQEdhT5ijHMkITcWNHgM0DcPAhqVLo60vgmP1X4RvN
c6F6rdvLUAY5QHBkvN0fWx//F417LSXifd87gHLe71aj3n9IRv1lR7mGdO1v48Mx
/Yh7ypG4hIXm0zc9eUezlh+Bz4QryYDS5f/30dT1WbpC/jiI1IwRudIp67ydRP4z
emL9EGdk5TEJR+b9OO1w7eHEh+8LSkOMszCH15DXDLs+Yhf5y/i3gZZfsH4NkKOt
ETYjATIwPos3uKqpCsWUyJZ2mr948OZkBt8CE8177YNR1DSBwyVpecEvCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOb9IVBAcYBCf1s/OXYNEA+cIjK+MB8GA1UdIwQY
MBaAFIDyP0KVBCA8GJc3ogdOU/Lvxk/HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1BJX1FwVUVJRHdZbHplaUIwNVQ4dV9HVDhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS9mNzljYmMtODQ4ZC00ZjNlLThkYzEt
ZDUxMTQxY2NkYzA2LzEvNXYwaFVFQnhnRUpfV3o4NWRnMFFENXdpTXI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS9mNzljYmMtODQ4ZC00ZjNlLThkYzEtZDUxMTQxY2NkYzA2
LzEvZ1BJX1FwVUVJRHdZbHplaUIwNVQ4dV9HVDhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBbWhmMA0G
CSqGSIb3DQEBCwUAA4IBAQBrNdXQdHrVjleAQ+XnC8T8V0egH4vgGHN1bbtbF+nn
f+7XXfg4cWiNSFx+aYsajxYJu6DwcKHsumVerxRZvF1gLh/8nC+nVV/gjYHNCllk
XlWVMVuK/u1oFLsF2Gqu3lSa2aM6t6CjTiaHEb0ZvhP9SbZm/LJH6lm+dQ3Oc/az
e9d49uccYOW4gUmLwsYB0E/Mz7mAxtZjnp9DyR5aIBSJu3pC6k7+D+zM6pDG0ns3
ES0ebc7O9fgHbJe4nzmM9elE0WHeifS4rt5beHkvwYGU74BFcYSFw+5wd2/HIY8/
GJL4V5Gzg7vuRRw0nsM19ZZkS1fEv4gv6C/hul6Bofw5
-----END CERTIFICATE-----