Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/fb1a6d-4138-4c4f-aed9-4544c6109729/1/mxB7fPbPYlglxu9Hqzdn1wHxfjg.roa
File:                     mxB7fPbPYlglxu9Hqzdn1wHxfjg.roa (raw, json)
Hash identifier:          bntfFA4MKp2qirSlJ6+S7r3t8xM2lzrUDvsVAjXIFbI=
Subject key identifier:   9B:10:7B:7C:F6:CF:62:58:25:C6:EF:47:AB:37:67:D7:01:F1:7E:38
Certificate issuer:       /CN=9241ad0e7fc22bfbab567be89f63d9805e5eb9aa
Certificate serial:       018CC3488CB93E0F1A821D763A42BD2F53DD
Authority key identifier: 92:41:AD:0E:7F:C2:2B:FB:AB:56:7B:E8:9F:63:D9:80:5E:5E:B9:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kkGtDn_CK_urVnvon2PZgF5euao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/fb1a6d-4138-4c4f-aed9-4544c6109729/1/mxB7fPbPYlglxu9Hqzdn1wHxfjg.roa
Signing time:             Mon 01 Jan 2024 04:29:20 +0000
ROA not before:           Mon 01 Jan 2024 04:29:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202477
IP address blocks:        109.205.199.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/fb1a6d-4138-4c4f-aed9-4544c6109729/1/kkGtDn_CK_urVnvon2PZgF5euao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/fb1a6d-4138-4c4f-aed9-4544c6109729/1/kkGtDn_CK_urVnvon2PZgF5euao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kkGtDn_CK_urVnvon2PZgF5euao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:8c:b9:3e:0f:1a:82:1d:76:3a:42:bd:2f:53:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9241ad0e7fc22bfbab567be89f63d9805e5eb9aa
        Validity
            Not Before: Jan  1 04:29:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9b107b7cf6cf625825c6ef47ab3767d701f17e38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:e1:e0:84:9f:cd:da:36:b9:91:5f:2c:41:9c:
                    da:46:c7:a1:91:13:29:06:28:d5:76:b2:3d:f6:2e:
                    92:c1:72:8b:c9:aa:3c:f7:5c:44:ee:de:87:57:1f:
                    c1:93:96:6d:8e:cf:2f:df:58:c9:6e:35:8e:b7:3a:
                    87:74:96:74:5d:d6:dc:cb:e7:6f:c7:36:59:2d:0f:
                    5b:87:12:bb:37:d1:35:ff:db:2b:45:a3:7b:9b:5a:
                    66:8f:e0:ee:17:c3:cc:2f:65:8e:33:57:62:65:9c:
                    02:42:08:ad:e6:16:a6:45:79:0f:57:67:34:51:64:
                    cb:bc:05:78:15:f8:16:cb:92:53:61:44:8a:26:8f:
                    34:19:91:c8:11:26:03:0b:72:98:89:2c:b4:ab:24:
                    5e:7a:68:71:55:95:3f:83:6f:3d:0d:b0:82:e1:fb:
                    f6:0c:14:2c:a7:2a:a3:6e:b2:bd:72:e9:a5:a1:a0:
                    77:ae:65:26:42:49:b8:00:a2:ad:12:68:65:c5:3f:
                    19:94:56:68:d2:6c:fc:35:50:88:10:24:e4:d0:f3:
                    e3:d7:fb:fb:5b:7e:f9:b1:a9:f8:75:b8:52:87:2f:
                    97:71:85:19:37:19:8a:d8:62:55:0d:ec:8c:dd:5b:
                    58:4e:30:c8:cb:8a:70:8b:85:6c:ae:77:4b:d1:06:
                    30:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:10:7B:7C:F6:CF:62:58:25:C6:EF:47:AB:37:67:D7:01:F1:7E:38
            X509v3 Authority Key Identifier:
                keyid:92:41:AD:0E:7F:C2:2B:FB:AB:56:7B:E8:9F:63:D9:80:5E:5E:B9:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kkGtDn_CK_urVnvon2PZgF5euao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/fb1a6d-4138-4c4f-aed9-4544c6109729/1/mxB7fPbPYlglxu9Hqzdn1wHxfjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/fb1a6d-4138-4c4f-aed9-4544c6109729/1/kkGtDn_CK_urVnvon2PZgF5euao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.205.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:9b:bc:84:d3:7c:ca:2f:2f:33:c7:ff:7d:52:02:a4:81:96:
         21:ab:bf:12:5c:89:ae:fb:db:02:78:bb:7d:f0:67:bc:1f:dc:
         ee:c7:9e:7c:6f:0e:42:ae:cc:f2:46:f9:d9:1a:3a:3e:20:22:
         65:8d:17:31:3e:20:a1:f9:9c:cc:08:b9:b7:20:d9:48:e3:43:
         4f:3d:dc:15:98:dd:e4:02:48:2f:3d:b9:b4:8b:2f:b5:2d:bf:
         f8:cc:52:de:65:94:ed:51:09:ae:97:e3:62:a8:1f:ba:be:56:
         f5:ce:8b:36:60:4d:50:fb:6b:a5:c4:bb:a7:b5:f2:1c:c2:e5:
         5a:b7:45:a0:be:69:b9:84:3c:73:9f:74:12:30:ff:06:04:32:
         93:ef:be:81:05:41:c2:43:73:70:b9:ee:0e:ce:fc:cc:ad:8a:
         c6:6f:e6:18:54:54:0f:d4:11:04:c3:70:47:f9:b4:43:e0:18:
         8a:d0:62:05:fd:42:db:e3:0a:ae:40:d6:3f:00:91:35:4f:0c:
         86:a9:65:29:4c:f8:f1:9e:02:8f:10:e5:05:86:37:d1:04:62:
         fb:89:93:08:b0:75:0b:e1:5b:ce:46:83:19:39:4b:95:da:e9:
         87:85:65:30:a8:af:0d:a7:de:d8:d8:37:e9:fd:91:3f:f1:93:
         ed:a9:be:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSIy5Pg8agh12OkK9L1PdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyNDFhZDBlN2ZjMjJiZmJhYjU2N2JlODlmNjNkOTgwNWU1
ZWI5YWEwHhcNMjQwMTAxMDQyOTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjEwN2I3Y2Y2Y2Y2MjU4MjVjNmVmNDdhYjM3NjdkNzAxZjE3ZTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoeHghJ/N2ja5kV8sQZzaRsehkRMp
BijVdrI99i6SwXKLyao891xE7t6HVx/Bk5Ztjs8v31jJbjWOtzqHdJZ0Xdbcy+dv
xzZZLQ9bhxK7N9E1/9srRaN7m1pmj+DuF8PML2WOM1diZZwCQgit5hamRXkPV2c0
UWTLvAV4FfgWy5JTYUSKJo80GZHIESYDC3KYiSy0qyReemhxVZU/g289DbCC4fv2
DBQspyqjbrK9cumloaB3rmUmQkm4AKKtEmhlxT8ZlFZo0mz8NVCIECTk0PPj1/v7
W375san4dbhShy+XcYUZNxmK2GJVDeyM3VtYTjDIy4pwi4VsrndL0QYw+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJsQe3z2z2JYJcbvR6s3Z9cB8X44MB8GA1UdIwQY
MBaAFJJBrQ5/wiv7q1Z76J9j2YBeXrmqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2tHdERuX0NLX3VyVm52b24yUFpnRjVldWFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9mYjFhNmQtNDEzOC00YzRmLWFlZDkt
NDU0NGM2MTA5NzI5LzEvbXhCN2ZQYlBZbGdseHU5SHF6ZG4xd0h4ZmpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9mYjFhNmQtNDEzOC00YzRmLWFlZDktNDU0NGM2MTA5NzI5
LzEva2tHdERuX0NLX3VyVm52b24yUFpnRjVldWFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbc3HMA0G
CSqGSIb3DQEBCwUAA4IBAQAbm7yE03zKLy8zx/99UgKkgZYhq78SXImu+9sCeLt9
8Ge8H9zux558bw5CrszyRvnZGjo+ICJljRcxPiCh+ZzMCLm3INlI40NPPdwVmN3k
AkgvPbm0iy+1Lb/4zFLeZZTtUQmul+NiqB+6vlb1zos2YE1Q+2ulxLuntfIcwuVa
t0Wgvmm5hDxzn3QSMP8GBDKT776BBUHCQ3Nwue4OzvzMrYrGb+YYVFQP1BEEw3BH
+bRD4BiK0GIF/ULb4wquQNY/AJE1TwyGqWUpTPjxngKPEOUFhjfRBGL7iZMIsHUL
4VvORoMZOUuV2umHhWUwqK8Np97Y2Dfp/ZE/8ZPtqb46
-----END CERTIFICATE-----