Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/DWzo0J81573ZV546bU7C52izDIE.roa
File:                     DWzo0J81573ZV546bU7C52izDIE.roa (raw, json)
Hash identifier:          F1v73cvfkDG4vj21v1GTR8XKz1ivgnNwzahkICJomRE=
Subject key identifier:   0D:6C:E8:D0:9F:35:E7:BD:D9:57:9E:3A:6D:4E:C2:E7:68:B3:0C:81
Certificate issuer:       /CN=22a44566764ebb511683cb6228fa91997b559379
Certificate serial:       019148488BD2DDBA644982E0C8519014C619
Authority key identifier: 22:A4:45:66:76:4E:BB:51:16:83:CB:62:28:FA:91:99:7B:55:93:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IqRFZnZOu1EWg8tiKPqRmXtVk3k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/DWzo0J81573ZV546bU7C52izDIE.roa
Signing time:             Mon 12 Aug 2024 20:29:59 +0000
ROA not before:           Mon 12 Aug 2024 20:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199785
IP address blocks:        109.237.96.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/IqRFZnZOu1EWg8tiKPqRmXtVk3k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/IqRFZnZOu1EWg8tiKPqRmXtVk3k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IqRFZnZOu1EWg8tiKPqRmXtVk3k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:48:48:8b:d2:dd:ba:64:49:82:e0:c8:51:90:14:c6:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22a44566764ebb511683cb6228fa91997b559379
        Validity
            Not Before: Aug 12 20:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d6ce8d09f35e7bdd9579e3a6d4ec2e768b30c81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:6b:b6:11:80:5c:e6:2f:36:70:aa:92:5b:0f:
                    4b:b4:ac:6c:79:dc:d8:00:e0:e3:dc:c0:54:2d:6b:
                    87:a5:59:81:24:9e:99:a7:59:bb:23:10:ac:ee:d8:
                    82:f1:81:d3:67:8d:60:99:35:bc:60:f6:73:51:ac:
                    3d:de:7d:b8:55:64:2c:04:e5:0d:d4:19:04:68:48:
                    fd:59:71:bb:bb:83:0a:fe:ce:55:93:11:29:19:0e:
                    b4:12:1e:f7:92:a5:c8:83:26:7d:84:4c:84:7b:f8:
                    fa:a5:6e:6d:50:b0:1c:b0:1d:95:06:44:44:db:3d:
                    45:e7:e0:0d:10:a5:27:44:bf:e2:93:89:71:3f:ce:
                    fc:01:66:b9:d0:02:47:31:e8:cb:fa:b9:b4:ec:19:
                    64:60:21:3d:d9:65:46:46:19:28:a2:df:91:b9:dc:
                    d9:83:2d:68:7b:d9:7a:26:cc:ac:3b:e5:c4:8d:3b:
                    b2:30:ef:10:60:71:e3:20:50:e5:8a:3e:ff:c7:87:
                    15:eb:4e:07:13:5b:f3:4c:d6:40:65:ef:77:12:ba:
                    1a:99:c7:6a:3c:e3:4c:e0:b8:c7:02:14:83:27:9a:
                    af:7a:c3:db:e5:41:58:80:ee:94:9d:ff:d1:63:6c:
                    0c:d8:a6:12:e9:f6:7a:e8:01:69:84:19:a5:70:4a:
                    66:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:6C:E8:D0:9F:35:E7:BD:D9:57:9E:3A:6D:4E:C2:E7:68:B3:0C:81
            X509v3 Authority Key Identifier:
                keyid:22:A4:45:66:76:4E:BB:51:16:83:CB:62:28:FA:91:99:7B:55:93:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IqRFZnZOu1EWg8tiKPqRmXtVk3k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/DWzo0J81573ZV546bU7C52izDIE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/IqRFZnZOu1EWg8tiKPqRmXtVk3k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.237.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:e9:ef:e2:c7:6a:e0:78:c6:82:87:24:5b:ee:23:e0:07:f9:
         ab:16:3c:b9:0f:f1:9d:01:13:9e:1c:4c:57:de:58:d2:74:95:
         41:cf:5c:f7:98:2b:13:bc:e4:47:5a:80:aa:c3:59:a0:d2:5b:
         93:a5:ab:37:23:5b:0c:34:91:67:6f:a6:91:42:3d:4b:b6:2c:
         55:fa:ca:d9:ce:b7:39:b1:fa:0c:65:5b:8d:f8:33:d0:25:5a:
         0a:ee:9c:1c:30:25:54:27:7d:d4:31:92:41:5b:e2:e1:90:24:
         3e:4c:6b:30:4f:a3:bc:47:e6:fd:99:a4:bd:d2:a7:6e:b8:49:
         e5:ba:e8:5a:66:72:52:a9:de:e5:30:a5:75:39:b9:40:7a:e1:
         88:ad:48:1e:d0:f9:97:e9:6f:c5:01:b4:b9:09:2e:ea:71:05:
         05:1a:88:c4:13:92:35:0f:b2:a7:f3:2b:5b:ac:58:81:54:76:
         1d:f6:5f:5b:b9:4a:a3:4b:79:35:09:46:41:09:70:4d:da:ea:
         b1:f3:6a:b8:cd:a4:06:86:cd:b1:da:29:0e:6f:25:38:fe:25:
         41:6c:05:ff:ae:79:51:23:28:60:e8:ca:83:b4:a6:aa:52:fe:
         3a:b3:5d:f6:64:36:8e:e0:1b:c2:f5:0d:c3:e3:3b:74:51:a4:
         5c:cc:5e:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFISIvS3bpkSYLgyFGQFMYZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYTQ0NTY2NzY0ZWJiNTExNjgzY2I2MjI4ZmE5MTk5N2I1
NTkzNzkwHhcNMjQwODEyMjAyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDZjZThkMDlmMzVlN2JkZDk1NzllM2E2ZDRlYzJlNzY4YjMwYzgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwGu2EYBc5i82cKqSWw9LtKxsedzY
AODj3MBULWuHpVmBJJ6Zp1m7IxCs7tiC8YHTZ41gmTW8YPZzUaw93n24VWQsBOUN
1BkEaEj9WXG7u4MK/s5VkxEpGQ60Eh73kqXIgyZ9hEyEe/j6pW5tULAcsB2VBkRE
2z1F5+ANEKUnRL/ik4lxP878AWa50AJHMejL+rm07BlkYCE92WVGRhkoot+RudzZ
gy1oe9l6JsysO+XEjTuyMO8QYHHjIFDlij7/x4cV604HE1vzTNZAZe93Eroamcdq
PONM4LjHAhSDJ5qvesPb5UFYgO6Unf/RY2wM2KYS6fZ66AFphBmlcEpmFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA1s6NCfNee92VeeOm1OwudoswyBMB8GA1UdIwQY
MBaAFCKkRWZ2TrtRFoPLYij6kZl7VZN5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXFSRlpuWk91MUVXZzh0aUtQcVJtWHRWazNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS82YjNkZGEtNzM2OC00ZDE5LWI2MDMt
MTZiODBhYTI4ZGQ2LzEvRFd6bzBKODE1NzNaVjU0NmJVN0M1Mml6RElFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS82YjNkZGEtNzM2OC00ZDE5LWI2MDMtMTZiODBhYTI4ZGQ2
LzEvSXFSRlpuWk91MUVXZzh0aUtQcVJtWHRWazNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbe1gMA0G
CSqGSIb3DQEBCwUAA4IBAQAk6e/ix2rgeMaChyRb7iPgB/mrFjy5D/GdAROeHExX
3ljSdJVBz1z3mCsTvORHWoCqw1mg0luTpas3I1sMNJFnb6aRQj1LtixV+srZzrc5
sfoMZVuN+DPQJVoK7pwcMCVUJ33UMZJBW+LhkCQ+TGswT6O8R+b9maS90qduuEnl
uuhaZnJSqd7lMKV1OblAeuGIrUge0PmX6W/FAbS5CS7qcQUFGojEE5I1D7Kn8ytb
rFiBVHYd9l9buUqjS3k1CUZBCXBN2uqx82q4zaQGhs2x2ikObyU4/iVBbAX/rnlR
Iyhg6MqDtKaqUv46s132ZDaO4BvC9Q3D4zt0UaRczF6S
-----END CERTIFICATE-----