Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/ms1ekaWq311G3eHPqwSiswMc-WM.roa
File:                     ms1ekaWq311G3eHPqwSiswMc-WM.roa (raw, json)
Hash identifier:          sstgo0zaP48B4EL93VWGQeEvWI0ca7JYtwRxFRs0nY8=
Subject key identifier:   9A:CD:5E:91:A5:AA:DF:5D:46:DD:E1:CF:AB:04:A2:B3:03:1C:F9:63
Certificate issuer:       /CN=d8c60a0d2d70a9337d0bda56d1ad596ac1f69cda
Certificate serial:       018CC56EDFC23484027C31A7DA37F302219B
Authority key identifier: D8:C6:0A:0D:2D:70:A9:33:7D:0B:DA:56:D1:AD:59:6A:C1:F6:9C:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2MYKDS1wqTN9C9pW0a1ZasH2nNo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/ms1ekaWq311G3eHPqwSiswMc-WM.roa
Signing time:             Mon 01 Jan 2024 14:30:26 +0000
ROA not before:           Mon 01 Jan 2024 14:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211432
IP address blocks:        109.105.192.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/2MYKDS1wqTN9C9pW0a1ZasH2nNo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/2MYKDS1wqTN9C9pW0a1ZasH2nNo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2MYKDS1wqTN9C9pW0a1ZasH2nNo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:df:c2:34:84:02:7c:31:a7:da:37:f3:02:21:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8c60a0d2d70a9337d0bda56d1ad596ac1f69cda
        Validity
            Not Before: Jan  1 14:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9acd5e91a5aadf5d46dde1cfab04a2b3031cf963
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:57:18:2c:ac:8c:5a:ff:0d:32:a0:20:3a:60:
                    0b:8b:1e:35:db:a5:2d:0a:ab:6c:dd:72:9e:b8:55:
                    6f:b6:2d:c7:1c:6a:bc:c3:86:72:06:41:fa:ea:8c:
                    47:ef:21:84:31:e0:d5:eb:ef:ff:b9:df:83:91:96:
                    85:c4:c0:ee:54:a3:8e:61:53:de:bc:16:e6:4e:8c:
                    67:53:17:76:08:29:20:2e:5e:bb:54:8c:4b:64:13:
                    b0:f7:70:26:c8:fe:ae:87:2c:3c:8a:de:f3:8c:f0:
                    e5:e5:02:e9:d9:1b:e1:91:89:69:8b:c6:19:cf:22:
                    54:65:a5:a2:ac:e1:2d:d3:6f:56:3f:0c:c4:99:6b:
                    65:e8:ae:6c:ac:75:79:f6:e5:44:3e:dd:43:52:06:
                    34:e9:21:c6:ec:e0:07:c4:9c:70:e6:08:cd:b8:9e:
                    e5:96:ee:c5:e5:5e:29:3d:25:12:1e:37:f7:7a:1c:
                    ad:a3:84:6c:ba:97:5f:b3:43:0f:a3:32:5d:ac:cb:
                    3c:86:ee:a8:69:cf:e0:d4:38:16:59:61:84:98:12:
                    9d:5e:70:99:7a:17:08:f9:68:9f:23:82:31:5b:e1:
                    b1:df:eb:f0:60:0f:8f:a5:ab:48:b8:a0:aa:11:42:
                    40:94:bf:8a:84:11:be:1b:3a:4d:fa:11:e0:af:a9:
                    12:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:CD:5E:91:A5:AA:DF:5D:46:DD:E1:CF:AB:04:A2:B3:03:1C:F9:63
            X509v3 Authority Key Identifier:
                keyid:D8:C6:0A:0D:2D:70:A9:33:7D:0B:DA:56:D1:AD:59:6A:C1:F6:9C:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2MYKDS1wqTN9C9pW0a1ZasH2nNo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/ms1ekaWq311G3eHPqwSiswMc-WM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/2MYKDS1wqTN9C9pW0a1ZasH2nNo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.105.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:75:44:14:4f:2f:b5:fe:fd:d5:c8:8d:42:6c:88:bd:85:8a:
         cf:f8:09:82:0f:7d:5e:2d:05:ec:e9:48:40:4d:68:c4:b6:69:
         f4:2a:86:23:7f:00:07:2f:f5:e5:09:7c:d8:29:3f:45:bc:4f:
         af:67:38:87:6b:27:51:28:66:c8:f8:07:29:7e:ee:06:f9:45:
         8e:be:48:76:6c:15:d8:53:91:04:89:f1:85:e9:07:bb:f9:de:
         25:7c:f8:cf:ce:37:70:ca:4b:df:25:9b:ab:e3:b3:62:b1:ce:
         9b:f2:8f:0c:59:b1:7b:3c:30:fe:7d:6e:ec:1b:78:81:db:2d:
         c8:cf:9c:b6:4b:b7:8d:38:f2:66:f4:7e:94:18:35:3a:7f:39:
         fc:20:01:1c:f8:6d:91:62:50:a3:1d:44:9c:7f:c9:22:ef:33:
         a8:f3:e3:fe:11:c6:5b:f4:ac:28:e8:61:0f:df:99:6e:41:44:
         e3:38:3c:42:52:e7:5a:f8:8d:bb:4c:54:5f:5f:2a:30:a3:e6:
         20:91:68:90:56:1a:a7:e9:f3:56:64:02:39:56:54:f5:c8:26:
         8d:f7:d3:a5:33:06:e2:66:b5:c8:32:e0:eb:03:2c:0a:b7:fd:
         7d:a8:06:98:4d:56:7e:a2:06:4a:13:d0:8c:59:38:e7:f1:05:
         dc:b7:19:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbt/CNIQCfDGn2jfzAiGbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4YzYwYTBkMmQ3MGE5MzM3ZDBiZGE1NmQxYWQ1OTZhYzFm
NjljZGEwHhcNMjQwMTAxMTQzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWNkNWU5MWE1YWFkZjVkNDZkZGUxY2ZhYjA0YTJiMzAzMWNmOTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFcYLKyMWv8NMqAgOmALix4126Ut
Cqts3XKeuFVvti3HHGq8w4ZyBkH66oxH7yGEMeDV6+//ud+DkZaFxMDuVKOOYVPe
vBbmToxnUxd2CCkgLl67VIxLZBOw93AmyP6uhyw8it7zjPDl5QLp2RvhkYlpi8YZ
zyJUZaWirOEt029WPwzEmWtl6K5srHV59uVEPt1DUgY06SHG7OAHxJxw5gjNuJ7l
lu7F5V4pPSUSHjf3ehyto4Rsupdfs0MPozJdrMs8hu6oac/g1DgWWWGEmBKdXnCZ
ehcI+WifI4IxW+Gx3+vwYA+PpatIuKCqEUJAlL+KhBG+GzpN+hHgr6kS0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJrNXpGlqt9dRt3hz6sEorMDHPljMB8GA1UdIwQY
MBaAFNjGCg0tcKkzfQvaVtGtWWrB9pzaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk1ZS0RTMXdxVE45QzlwVzBhMVphc0gybk5vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9iNTFhODUtZjk5Zi00MjNmLTlmYWUt
ZGQyOTRjMzc4ZjZjLzEvbXMxZWthV3EzMTFHM2VIUHF3U2lzd01jLVdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9iNTFhODUtZjk5Zi00MjNmLTlmYWUtZGQyOTRjMzc4ZjZj
LzEvMk1ZS0RTMXdxVE45QzlwVzBhMVphc0gybk5vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbWnAMA0G
CSqGSIb3DQEBCwUAA4IBAQCddUQUTy+1/v3VyI1CbIi9hYrP+AmCD31eLQXs6UhA
TWjEtmn0KoYjfwAHL/XlCXzYKT9FvE+vZziHaydRKGbI+Acpfu4G+UWOvkh2bBXY
U5EEifGF6Qe7+d4lfPjPzjdwykvfJZur47Nisc6b8o8MWbF7PDD+fW7sG3iB2y3I
z5y2S7eNOPJm9H6UGDU6fzn8IAEc+G2RYlCjHUScf8ki7zOo8+P+EcZb9Kwo6GEP
35luQUTjODxCUuda+I27TFRfXyowo+YgkWiQVhqn6fNWZAI5VlT1yCaN99OlMwbi
ZrXIMuDrAywKt/19qAaYTVZ+ogZKE9CMWTjn8QXctxlT
-----END CERTIFICATE-----