Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/mP8Qz54E01SquciLEGB10XN2R-M.roa
File:                     mP8Qz54E01SquciLEGB10XN2R-M.roa (raw, json)
Hash identifier:          TdXFl7ZveLTgT4OrOlqkJ84pFNT0T+LUDZ5933YP0mE=
Subject key identifier:   98:FF:10:CF:9E:04:D3:54:AA:B9:C8:8B:10:60:75:D1:73:76:47:E3
Certificate issuer:       /CN=d8c60a0d2d70a9337d0bda56d1ad596ac1f69cda
Certificate serial:       0194228E2996CE8BA23CA9C248F750499026
Authority key identifier: D8:C6:0A:0D:2D:70:A9:33:7D:0B:DA:56:D1:AD:59:6A:C1:F6:9C:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2MYKDS1wqTN9C9pW0a1ZasH2nNo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/mP8Qz54E01SquciLEGB10XN2R-M.roa
Signing time:             Wed 01 Jan 2025 15:48:49 +0000
ROA not before:           Wed 01 Jan 2025 15:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137409
IP address blocks:        109.105.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/2MYKDS1wqTN9C9pW0a1ZasH2nNo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/2MYKDS1wqTN9C9pW0a1ZasH2nNo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2MYKDS1wqTN9C9pW0a1ZasH2nNo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 08:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:29:96:ce:8b:a2:3c:a9:c2:48:f7:50:49:90:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8c60a0d2d70a9337d0bda56d1ad596ac1f69cda
        Validity
            Not Before: Jan  1 15:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=98ff10cf9e04d354aab9c88b106075d1737647e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:11:b0:b3:f0:79:7f:81:0e:1a:d9:8e:ac:f1:
                    fa:68:98:25:ce:f6:3f:e7:62:36:1a:ae:8a:f9:70:
                    3a:15:b9:57:62:ee:bf:3a:4a:f4:01:c1:af:70:7d:
                    50:9b:cd:a7:f7:70:92:fc:79:3a:4b:58:89:37:e4:
                    2a:cc:92:97:15:95:a9:7a:75:f1:9f:c2:dd:6c:aa:
                    bc:b2:a5:60:d4:ea:3f:7b:5c:8f:3e:33:f3:a4:08:
                    2f:5a:8d:e5:fc:9c:4c:c4:d6:73:b3:8f:a5:ca:79:
                    74:7c:9d:3d:71:2b:eb:30:82:53:d7:00:28:7f:1f:
                    50:38:52:5e:94:3d:01:fc:04:89:7b:8c:0b:e9:94:
                    7d:a8:e7:3c:d1:5b:d0:80:a8:28:a9:00:31:37:ec:
                    41:75:90:ca:f6:28:24:8d:46:d4:11:cb:f8:ef:5f:
                    4e:67:da:04:55:34:9b:62:e2:46:a2:bc:6c:7a:d4:
                    1a:1a:2c:d7:5e:96:a2:36:10:8f:61:0e:0e:bd:82:
                    60:21:4b:2d:0b:08:86:5c:55:83:5d:e0:95:c9:d4:
                    a7:bf:b8:a6:eb:a5:e5:25:af:74:f1:c1:4a:74:ee:
                    7b:af:78:2f:a6:c8:92:d7:0c:16:be:b0:ca:0e:08:
                    1f:47:d6:7e:22:f1:98:c2:5e:22:f4:03:fa:e4:96:
                    20:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:FF:10:CF:9E:04:D3:54:AA:B9:C8:8B:10:60:75:D1:73:76:47:E3
            X509v3 Authority Key Identifier:
                keyid:D8:C6:0A:0D:2D:70:A9:33:7D:0B:DA:56:D1:AD:59:6A:C1:F6:9C:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2MYKDS1wqTN9C9pW0a1ZasH2nNo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/mP8Qz54E01SquciLEGB10XN2R-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/2MYKDS1wqTN9C9pW0a1ZasH2nNo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.105.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:32:47:42:41:99:ec:55:fe:b4:e3:68:30:18:cb:c1:cb:c7:
         66:09:73:2b:37:0f:c9:75:ff:d3:7c:3d:f8:30:98:71:29:87:
         27:5c:1c:fc:86:f8:4a:de:b9:f5:a8:18:1b:24:d5:13:97:90:
         ea:67:ba:88:5e:2b:72:69:81:9c:68:2d:69:70:5b:be:91:e8:
         8f:27:4f:93:4a:4b:b1:6c:48:41:7a:f0:08:eb:97:c2:d9:87:
         d8:ec:9c:cf:39:24:b7:d7:0a:b2:17:f9:fc:99:91:a9:64:8e:
         bc:91:a3:78:d3:68:ea:98:bd:7f:1c:06:28:97:b8:50:0d:1d:
         93:0a:bd:68:04:b5:4f:b4:c6:8f:59:cc:52:11:95:35:4e:3f:
         9a:8d:de:68:78:5d:7c:2f:15:67:96:8b:8c:b4:bd:0b:ce:20:
         96:71:89:74:12:98:e5:7f:c9:cb:7e:bb:89:8b:ce:f0:66:1a:
         5b:62:8f:47:dd:99:56:b8:07:f8:3f:a8:a7:a9:c5:0a:00:ff:
         77:98:61:7a:4b:e5:c6:04:da:ec:0a:77:8e:74:70:1a:bc:cd:
         59:9f:a1:bd:59:c1:f9:a3:6e:70:4d:43:53:ef:d2:43:bc:39:
         35:09:69:73:10:0f:28:93:8d:36:cb:2f:33:eb:43:b7:da:76:
         f8:62:b4:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijimWzouiPKnCSPdQSZAmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4YzYwYTBkMmQ3MGE5MzM3ZDBiZGE1NmQxYWQ1OTZhYzFm
NjljZGEwHhcNMjUwMTAxMTU0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGZmMTBjZjllMDRkMzU0YWFiOWM4OGIxMDYwNzVkMTczNzY0N2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuhGws/B5f4EOGtmOrPH6aJglzvY/
52I2Gq6K+XA6FblXYu6/Okr0AcGvcH1Qm82n93CS/Hk6S1iJN+QqzJKXFZWpenXx
n8LdbKq8sqVg1Oo/e1yPPjPzpAgvWo3l/JxMxNZzs4+lynl0fJ09cSvrMIJT1wAo
fx9QOFJelD0B/ASJe4wL6ZR9qOc80VvQgKgoqQAxN+xBdZDK9igkjUbUEcv4719O
Z9oEVTSbYuJGorxsetQaGizXXpaiNhCPYQ4OvYJgIUstCwiGXFWDXeCVydSnv7im
66XlJa908cFKdO57r3gvpsiS1wwWvrDKDggfR9Z+IvGYwl4i9AP65JYg7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJj/EM+eBNNUqrnIixBgddFzdkfjMB8GA1UdIwQY
MBaAFNjGCg0tcKkzfQvaVtGtWWrB9pzaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk1ZS0RTMXdxVE45QzlwVzBhMVphc0gybk5vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9iNTFhODUtZjk5Zi00MjNmLTlmYWUt
ZGQyOTRjMzc4ZjZjLzEvbVA4UXo1NEUwMVNxdWNpTEVHQjEwWE4yUi1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9iNTFhODUtZjk5Zi00MjNmLTlmYWUtZGQyOTRjMzc4ZjZj
LzEvMk1ZS0RTMXdxVE45QzlwVzBhMVphc0gybk5vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbWnEMA0G
CSqGSIb3DQEBCwUAA4IBAQCfMkdCQZnsVf6042gwGMvBy8dmCXMrNw/Jdf/TfD34
MJhxKYcnXBz8hvhK3rn1qBgbJNUTl5DqZ7qIXityaYGcaC1pcFu+keiPJ0+TSkux
bEhBevAI65fC2YfY7JzPOSS31wqyF/n8mZGpZI68kaN402jqmL1/HAYol7hQDR2T
Cr1oBLVPtMaPWcxSEZU1Tj+ajd5oeF18LxVnlouMtL0LziCWcYl0Epjlf8nLfruJ
i87wZhpbYo9H3ZlWuAf4P6inqcUKAP93mGF6S+XGBNrsCneOdHAavM1Zn6G9WcH5
o25wTUNT79JDvDk1CWlzEA8ok402yy8z60O32nb4YrTu
-----END CERTIFICATE-----