Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/d4b542-6392-43d0-a8c2-2cadcf6658ca/1/I9UkQ41YeX1efTDwQLbD_CMYPDQ.roa
File:                     I9UkQ41YeX1efTDwQLbD_CMYPDQ.roa (raw, json)
Hash identifier:          iSNpeYLJZVe6ucEI95ka4RakvFZqRgRE032Te/mBPRQ=
Subject key identifier:   23:D5:24:43:8D:58:79:7D:5E:7D:30:F0:40:B6:C3:FC:23:18:3C:34
Certificate issuer:       /CN=324ef76eb79074e69c73302ce4c2e0af47f45307
Certificate serial:       0195CDE547D8C8248D71B8C0E99B48840C9D
Authority key identifier: 32:4E:F7:6E:B7:90:74:E6:9C:73:30:2C:E4:C2:E0:AF:47:F4:53:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mk73breQdOacczAs5MLgr0f0Uwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/d4b542-6392-43d0-a8c2-2cadcf6658ca/1/I9UkQ41YeX1efTDwQLbD_CMYPDQ.roa
Signing time:             Tue 25 Mar 2025 15:21:50 +0000
ROA not before:           Tue 25 Mar 2025 15:21:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49942
IP address blocks:        109.69.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/d4b542-6392-43d0-a8c2-2cadcf6658ca/1/Mk73breQdOacczAs5MLgr0f0Uwc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/d4b542-6392-43d0-a8c2-2cadcf6658ca/1/Mk73breQdOacczAs5MLgr0f0Uwc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mk73breQdOacczAs5MLgr0f0Uwc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 21:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:cd:e5:47:d8:c8:24:8d:71:b8:c0:e9:9b:48:84:0c:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=324ef76eb79074e69c73302ce4c2e0af47f45307
        Validity
            Not Before: Mar 25 15:21:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=23d524438d58797d5e7d30f040b6c3fc23183c34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:cc:8e:10:81:33:02:f9:45:2a:55:2f:f6:c7:
                    e4:2a:75:28:fc:42:ba:98:52:6b:44:91:67:15:8f:
                    b2:02:84:17:33:67:4c:6b:38:01:1e:f3:98:7c:c7:
                    1c:d7:00:b7:c1:96:16:11:17:dd:87:11:a3:26:b7:
                    ec:b3:c6:59:00:34:a5:31:85:e3:ed:37:7c:fb:6c:
                    23:a1:a9:72:a8:a6:ec:e8:cd:ac:c1:3c:8b:8c:01:
                    75:3e:4f:d8:37:1d:96:15:05:67:06:ca:b8:8c:76:
                    1c:e6:80:bb:ef:7c:13:05:48:33:57:21:b7:76:31:
                    37:29:cc:91:cf:e3:e0:44:ed:51:2d:e7:73:ca:67:
                    f0:28:a1:87:ad:43:f4:0d:62:47:06:87:76:6a:9e:
                    46:cb:8c:f8:e4:e6:f7:df:9d:84:2c:fc:c3:23:1a:
                    63:e7:3b:d7:ba:fe:f7:37:4f:26:7c:12:c5:52:46:
                    fc:6f:db:e1:17:4b:c6:16:db:75:b6:61:71:6e:bd:
                    a1:78:49:ef:ec:05:a7:ff:4c:7a:d9:61:18:8b:70:
                    66:39:da:24:2f:b6:47:a7:90:79:c3:40:9e:9e:7c:
                    22:b4:b2:32:02:7a:da:3c:b9:f7:0c:fa:e3:8d:db:
                    30:55:2c:64:8b:9e:06:59:54:c5:14:62:4b:cc:0f:
                    6f:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:D5:24:43:8D:58:79:7D:5E:7D:30:F0:40:B6:C3:FC:23:18:3C:34
            X509v3 Authority Key Identifier:
                keyid:32:4E:F7:6E:B7:90:74:E6:9C:73:30:2C:E4:C2:E0:AF:47:F4:53:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mk73breQdOacczAs5MLgr0f0Uwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/d4b542-6392-43d0-a8c2-2cadcf6658ca/1/I9UkQ41YeX1efTDwQLbD_CMYPDQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/d4b542-6392-43d0-a8c2-2cadcf6658ca/1/Mk73breQdOacczAs5MLgr0f0Uwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.69.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:04:48:31:b3:03:dd:5f:4f:0b:ed:24:8e:7d:4d:b1:d3:b0:
         1a:4b:f0:da:a9:18:c8:c1:90:0c:12:64:8a:cf:35:ff:6d:c7:
         28:05:4f:05:91:36:bd:23:55:9c:f7:7d:36:e4:a5:28:44:f9:
         cd:32:06:80:21:62:bd:89:46:e2:7d:a4:17:f5:de:22:4d:88:
         a0:d5:6a:b3:7f:ec:0f:77:10:d1:39:34:78:4d:59:c4:79:6b:
         c6:c3:19:69:c8:fc:eb:5b:50:63:23:57:03:29:76:56:7f:1d:
         97:ea:6c:ec:ed:99:ea:64:d2:fc:b0:ad:81:02:a8:3c:d4:f9:
         9a:b0:ee:48:8d:b2:2e:1a:dc:b8:b1:2a:4f:40:cf:93:7c:3a:
         6e:73:57:ac:5f:f7:3e:cd:21:a5:b5:17:1d:55:bd:18:41:33:
         52:d3:7f:e8:50:b8:7d:be:18:5d:68:68:8f:6c:fe:a0:3d:a0:
         c5:6d:fb:10:70:b1:0a:e6:66:97:a1:bf:74:86:8a:d6:e3:19:
         eb:35:28:ce:01:0c:64:c9:b1:8f:14:38:5f:ad:a9:12:a2:37:
         36:80:e7:91:8c:66:b9:2b:aa:df:18:f8:15:09:f9:95:38:87:
         ca:a5:ca:25:b1:e4:46:0b:d1:0e:92:59:63:0b:40:58:d6:5f:
         6f:27:ec:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXN5UfYyCSNcbjA6ZtIhAydMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNGVmNzZlYjc5MDc0ZTY5YzczMzAyY2U0YzJlMGFmNDdm
NDUzMDcwHhcNMjUwMzI1MTUyMTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2Q1MjQ0MzhkNTg3OTdkNWU3ZDMwZjA0MGI2YzNmYzIzMTgzYzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkMyOEIEzAvlFKlUv9sfkKnUo/EK6
mFJrRJFnFY+yAoQXM2dMazgBHvOYfMcc1wC3wZYWERfdhxGjJrfss8ZZADSlMYXj
7Td8+2wjoalyqKbs6M2swTyLjAF1Pk/YNx2WFQVnBsq4jHYc5oC773wTBUgzVyG3
djE3KcyRz+PgRO1RLedzymfwKKGHrUP0DWJHBod2ap5Gy4z45Ob3352ELPzDIxpj
5zvXuv73N08mfBLFUkb8b9vhF0vGFtt1tmFxbr2heEnv7AWn/0x62WEYi3BmOdok
L7ZHp5B5w0CennwitLIyAnraPLn3DPrjjdswVSxki54GWVTFFGJLzA9vMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCPVJEONWHl9Xn0w8EC2w/wjGDw0MB8GA1UdIwQY
MBaAFDJO9263kHTmnHMwLOTC4K9H9FMHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWs3M2JyZVFkT2FjY3pBczVNTGdyMGYwVXdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9kNGI1NDItNjM5Mi00M2QwLWE4YzIt
MmNhZGNmNjY1OGNhLzEvSTlVa1E0MVllWDFlZlREd1FMYkRfQ01ZUERRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9kNGI1NDItNjM5Mi00M2QwLWE4YzItMmNhZGNmNjY1OGNh
LzEvTWs3M2JyZVFkT2FjY3pBczVNTGdyMGYwVXdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbUWYMA0G
CSqGSIb3DQEBCwUAA4IBAQArBEgxswPdX08L7SSOfU2x07AaS/DaqRjIwZAMEmSK
zzX/bccoBU8FkTa9I1Wc93025KUoRPnNMgaAIWK9iUbifaQX9d4iTYig1Wqzf+wP
dxDROTR4TVnEeWvGwxlpyPzrW1BjI1cDKXZWfx2X6mzs7ZnqZNL8sK2BAqg81Pma
sO5IjbIuGty4sSpPQM+TfDpuc1esX/c+zSGltRcdVb0YQTNS03/oULh9vhhdaGiP
bP6gPaDFbfsQcLEK5maXob90horW4xnrNSjOAQxkybGPFDhfrakSojc2gOeRjGa5
K6rfGPgVCfmVOIfKpcolseRGC9EOklljC0BY1l9vJ+yc
-----END CERTIFICATE-----