Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/AZxWT4-tmLJTtGQvVwQVgtdUzCo.roa
File:                     AZxWT4-tmLJTtGQvVwQVgtdUzCo.roa (raw, json)
Hash identifier:          UBpFSy81xPwwRx3Cyih1rEES0kR0DtaUFZH7cMQzsLs=
Subject key identifier:   01:9C:56:4F:8F:AD:98:B2:53:B4:64:2F:57:04:15:82:D7:54:CC:2A
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       018CC86FB0DF727D6ACEDE1BF534B85687AC
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/AZxWT4-tmLJTtGQvVwQVgtdUzCo.roa
Signing time:             Tue 02 Jan 2024 04:30:12 +0000
ROA not before:           Tue 02 Jan 2024 04:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196943
IP address blocks:        109.205.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:b0:df:72:7d:6a:ce:de:1b:f5:34:b8:56:87:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: Jan  2 04:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=019c564f8fad98b253b4642f57041582d754cc2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:c9:29:fc:33:95:75:dc:e7:84:f0:4f:87:2f:
                    31:f2:22:4b:8e:c9:70:bb:46:59:e3:b0:4c:58:10:
                    af:5a:05:57:ee:c7:ee:ba:ce:74:04:f7:56:6b:13:
                    15:4b:d6:05:06:03:5b:9f:bb:77:8f:89:25:0b:31:
                    9e:ab:88:f9:8a:44:8b:ad:19:09:7a:d7:61:30:e4:
                    03:28:61:3f:3e:b6:ea:6d:29:95:5a:fa:e7:bc:e3:
                    e4:0d:b4:ff:a9:ab:5a:e0:c6:e7:05:81:41:b8:e6:
                    60:de:ca:46:47:f8:6b:99:20:a0:f8:c1:74:a8:a6:
                    2b:f7:4a:c7:32:95:10:e4:09:0c:45:84:2b:3d:74:
                    a5:6d:f0:43:5b:9b:21:cd:31:2d:84:2e:a7:f7:1b:
                    ef:10:de:f1:b6:b3:f8:a5:0f:6a:5c:76:f1:d8:54:
                    82:ad:78:d9:c7:2a:0f:71:18:ba:08:20:75:9f:b1:
                    05:00:9c:a4:fa:94:0f:6c:03:83:f3:7c:0c:bb:e0:
                    76:32:8b:e3:ad:d3:1a:9e:92:29:23:8f:e9:73:55:
                    10:bc:cb:fd:4f:58:10:a5:da:e8:89:6b:ec:66:5f:
                    0d:5f:31:e6:a7:98:5a:9c:04:4b:b4:50:e2:7e:25:
                    42:e8:19:2c:5c:59:fe:3a:f4:f2:08:6c:f2:f3:e2:
                    56:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:9C:56:4F:8F:AD:98:B2:53:B4:64:2F:57:04:15:82:D7:54:CC:2A
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/AZxWT4-tmLJTtGQvVwQVgtdUzCo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.205.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:ef:11:02:87:fd:df:f8:25:9d:65:59:dd:b6:fb:2c:f6:1a:
         90:c4:8c:4e:7f:1b:c1:8b:81:ac:1a:56:e3:b4:8d:78:dd:49:
         cb:cf:f4:fe:6d:78:b1:92:73:22:99:0f:1e:55:74:50:41:f9:
         ba:37:cd:3c:3b:81:46:0e:8f:da:75:93:6e:94:d3:d8:c9:f5:
         ea:37:5e:2d:10:fe:77:9f:49:6e:c0:fe:63:93:30:d5:bf:09:
         df:20:43:89:17:7e:9c:fc:67:97:db:35:b7:18:09:e4:e6:54:
         b0:e5:4c:d4:06:c1:77:56:e7:6e:ed:b3:f7:d7:97:8b:50:e6:
         4a:81:9e:c7:a4:8a:d0:c7:34:50:48:ee:b5:aa:c3:3e:a1:74:
         6c:df:10:de:2e:d7:f7:1c:b5:f2:ca:4e:8e:f6:f8:bd:42:29:
         3c:85:20:92:41:f8:86:66:e1:c0:0c:31:e2:f3:2c:50:81:f6:
         7c:86:55:ce:b6:97:74:15:07:e1:97:4c:0e:06:44:48:d5:5f:
         de:02:72:2c:b0:af:59:29:c7:f6:eb:0e:a8:48:26:12:7a:a5:
         f2:35:37:2d:2c:64:32:3a:31:d2:e4:05:15:7c:cc:33:c6:83:
         92:0a:34:d9:90:fc:ea:07:51:18:94:15:e2:df:75:df:ea:d8:
         8a:ac:6b:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb7Dfcn1qzt4b9TS4VoesMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTNkM2JhMTk3ZjVjZTMwOThiZmE3NzAwYjQzODU0ZWFh
ODBlOWUwHhcNMjQwMTAyMDQzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTljNTY0ZjhmYWQ5OGIyNTNiNDY0MmY1NzA0MTU4MmQ3NTRjYzJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoMkp/DOVddznhPBPhy8x8iJLjslw
u0ZZ47BMWBCvWgVX7sfuus50BPdWaxMVS9YFBgNbn7t3j4klCzGeq4j5ikSLrRkJ
etdhMOQDKGE/PrbqbSmVWvrnvOPkDbT/qata4MbnBYFBuOZg3spGR/hrmSCg+MF0
qKYr90rHMpUQ5AkMRYQrPXSlbfBDW5shzTEthC6n9xvvEN7xtrP4pQ9qXHbx2FSC
rXjZxyoPcRi6CCB1n7EFAJyk+pQPbAOD83wMu+B2MovjrdManpIpI4/pc1UQvMv9
T1gQpdroiWvsZl8NXzHmp5hanARLtFDifiVC6BksXFn+OvTyCGzy8+JW4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAGcVk+PrZiyU7RkL1cEFYLXVMwqMB8GA1UdIwQY
MBaAFC+T07oZf1zjCYv6dwC0OFTqqA6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUt
OWU3MWRjMjRhNjgzLzEvQVp4V1Q0LXRtTEpUdEdRdlZ3UVZndGRVekNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUtOWU3MWRjMjRhNjgz
LzEvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbc31MA0G
CSqGSIb3DQEBCwUAA4IBAQBf7xECh/3f+CWdZVndtvss9hqQxIxOfxvBi4GsGlbj
tI143UnLz/T+bXixknMimQ8eVXRQQfm6N808O4FGDo/adZNulNPYyfXqN14tEP53
n0luwP5jkzDVvwnfIEOJF36c/GeX2zW3GAnk5lSw5UzUBsF3Vudu7bP315eLUOZK
gZ7HpIrQxzRQSO61qsM+oXRs3xDeLtf3HLXyyk6O9vi9Qik8hSCSQfiGZuHADDHi
8yxQgfZ8hlXOtpd0FQfhl0wOBkRI1V/eAnIssK9ZKcf26w6oSCYSeqXyNTctLGQy
OjHS5AUVfMwzxoOSCjTZkPzqB1EYlBXi33Xf6tiKrGu7
-----END CERTIFICATE-----