Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/kaDNOpGCgCG_279I7ubzImDZqnc.roa
File:                     kaDNOpGCgCG_279I7ubzImDZqnc.roa (raw, json)
Hash identifier:          kCznIfx+3xt5UPEUhGXivWCzElDKO9DD6XY+iDKCvtY=
Subject key identifier:   91:A0:CD:3A:91:82:80:21:BF:DB:BF:48:EE:E6:F3:22:60:D9:AA:77
Certificate issuer:       /CN=bf84113545d9000760f66062a4221933a2e959d8
Certificate serial:       01924281FFF6E2C1603BDC02E8AF3E3A8337
Authority key identifier: BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/kaDNOpGCgCG_279I7ubzImDZqnc.roa
Signing time:             Mon 30 Sep 2024 10:37:48 +0000
ROA not before:           Mon 30 Sep 2024 10:37:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214774
IP address blocks:        109.107.155.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:42:81:ff:f6:e2:c1:60:3b:dc:02:e8:af:3e:3a:83:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf84113545d9000760f66062a4221933a2e959d8
        Validity
            Not Before: Sep 30 10:37:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91a0cd3a91828021bfdbbf48eee6f32260d9aa77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:b6:3f:63:b6:8b:e3:4b:8b:13:ef:43:06:f7:
                    71:51:77:14:11:a1:c1:46:6a:82:f6:48:21:37:a5:
                    3c:a2:18:c4:2a:ce:ff:9d:bd:52:6e:2f:ba:79:bb:
                    8a:94:4c:37:b0:81:10:19:7b:17:3d:ad:84:13:4f:
                    3d:71:78:6f:10:aa:ea:38:6a:9e:4f:4d:bf:94:ae:
                    dc:58:63:cb:89:f6:99:0d:b4:df:0a:0a:0b:a6:21:
                    96:f1:fe:87:26:02:45:d1:bf:53:07:f3:21:31:a9:
                    6c:1e:e3:f3:2c:40:16:89:4f:e1:8a:58:2e:5b:67:
                    3f:70:58:7d:16:81:68:fc:de:bf:f1:de:1c:b2:78:
                    65:5b:66:88:0a:d7:5e:9b:75:7f:d2:e0:1f:55:c2:
                    b6:71:5c:a9:1a:46:fb:be:f5:83:7e:75:bd:d3:b7:
                    e1:98:61:2f:16:fe:07:94:d9:f6:ff:43:9d:78:9a:
                    b7:fa:42:19:5b:26:9c:38:c9:3d:81:19:30:92:c1:
                    21:a4:13:f3:f7:17:0f:9e:74:09:13:de:4f:a4:c5:
                    8c:62:07:cc:5e:e5:e3:47:d5:b7:d0:0f:4a:4f:5a:
                    cf:f6:56:c8:fd:fb:83:5a:12:77:90:2a:d8:88:e6:
                    bc:65:c1:37:9e:b9:13:85:08:cb:07:a2:d3:ed:a7:
                    40:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:A0:CD:3A:91:82:80:21:BF:DB:BF:48:EE:E6:F3:22:60:D9:AA:77
            X509v3 Authority Key Identifier:
                keyid:BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/kaDNOpGCgCG_279I7ubzImDZqnc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.107.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ce:e6:57:8c:f0:20:bb:c3:44:c9:fe:04:10:68:76:d1:d4:c0:
         24:39:c4:2a:1a:e7:98:08:f6:c0:07:d0:1f:cb:ca:df:b0:89:
         33:67:4a:8e:b3:3e:5d:5d:c8:37:1b:95:bb:c0:e6:d9:19:2e:
         f5:18:52:fc:fa:c3:43:72:fb:6f:06:8a:39:91:29:a4:72:32:
         0e:e6:93:68:11:03:48:15:f1:8a:5d:1b:dc:02:6f:81:6f:4d:
         3b:81:a5:20:ee:28:ea:92:e0:79:6c:70:2c:51:2e:33:ab:56:
         bd:f7:c9:d5:67:9c:93:f6:99:c8:e7:34:3d:65:e0:3b:8b:0a:
         50:d9:78:8f:f4:3f:a5:51:18:00:ae:8e:33:d0:70:73:18:1c:
         82:7a:2a:74:3c:03:04:18:87:86:92:f2:95:08:98:f7:9d:0a:
         50:37:57:b9:12:39:e8:89:6f:6e:13:39:c8:fe:90:c5:e0:1c:
         d0:74:3d:23:51:25:4a:29:43:2e:c8:5c:6f:29:ac:80:a4:c0:
         74:33:b0:b8:45:8e:b2:70:36:70:51:a3:c8:6b:50:77:20:6d:
         f5:54:ba:a1:19:20:0b:fc:5b:70:0b:43:72:bf:72:cb:3d:58:
         93:e2:95:7a:99:47:7c:b2:58:54:02:0a:10:ab:63:88:84:7d:
         08:b0:a1:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJCgf/24sFgO9wC6K8+OoM3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODQxMTM1NDVkOTAwMDc2MGY2NjA2MmE0MjIxOTMzYTJl
OTU5ZDgwHhcNMjQwOTMwMTAzNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWEwY2QzYTkxODI4MDIxYmZkYmJmNDhlZWU2ZjMyMjYwZDlhYTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4rY/Y7aL40uLE+9DBvdxUXcUEaHB
RmqC9kghN6U8ohjEKs7/nb1Sbi+6ebuKlEw3sIEQGXsXPa2EE089cXhvEKrqOGqe
T02/lK7cWGPLifaZDbTfCgoLpiGW8f6HJgJF0b9TB/MhMalsHuPzLEAWiU/hilgu
W2c/cFh9FoFo/N6/8d4csnhlW2aICtdem3V/0uAfVcK2cVypGkb7vvWDfnW907fh
mGEvFv4HlNn2/0OdeJq3+kIZWyacOMk9gRkwksEhpBPz9xcPnnQJE95PpMWMYgfM
XuXjR9W30A9KT1rP9lbI/fuDWhJ3kCrYiOa8ZcE3nrkThQjLB6LT7adA6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJGgzTqRgoAhv9u/SO7m8yJg2ap3MB8GA1UdIwQY
MBaAFL+EETVF2QAHYPZgYqQiGTOi6VnYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEt
NGJkNjNhZGM3MzU0LzEva2FETk9wR0NnQ0dfMjc5STd1YnpJbURacW5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEtNGJkNjNhZGM3MzU0
LzEvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbWubMA0G
CSqGSIb3DQEBCwUAA4IBAQDO5leM8CC7w0TJ/gQQaHbR1MAkOcQqGueYCPbAB9Af
y8rfsIkzZ0qOsz5dXcg3G5W7wObZGS71GFL8+sNDcvtvBoo5kSmkcjIO5pNoEQNI
FfGKXRvcAm+Bb007gaUg7ijqkuB5bHAsUS4zq1a998nVZ5yT9pnI5zQ9ZeA7iwpQ
2XiP9D+lURgAro4z0HBzGByCeip0PAMEGIeGkvKVCJj3nQpQN1e5EjnoiW9uEznI
/pDF4BzQdD0jUSVKKUMuyFxvKayApMB0M7C4RY6ycDZwUaPIa1B3IG31VLqhGSAL
/FtwC0Nyv3LLPViT4pV6mUd8slhUAgoQq2OIhH0IsKFp
-----END CERTIFICATE-----