Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/1LQXa4ANpgHvslxHuyyEm5vxexk.roa
File:                     1LQXa4ANpgHvslxHuyyEm5vxexk.roa (raw, json)
Hash identifier:          /ybmozrmNmuywWy78ep333r3HhF5M6Ci5OTVu5NmZgw=
Subject key identifier:   D4:B4:17:6B:80:0D:A6:01:EF:B2:5C:47:BB:2C:84:9B:9B:F1:7B:19
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       01946E45F714E3DF04259C87C6D5642D93C3
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/1LQXa4ANpgHvslxHuyyEm5vxexk.roa
Signing time:             Thu 16 Jan 2025 08:41:06 +0000
ROA not before:           Thu 16 Jan 2025 08:41:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30254
IP address blocks:        109.121.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 07:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:6e:45:f7:14:e3:df:04:25:9c:87:c6:d5:64:2d:93:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Jan 16 08:41:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d4b4176b800da601efb25c47bb2c849b9bf17b19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:45:a8:5e:14:41:0a:3f:74:90:a6:24:e7:e6:
                    07:c2:ac:8c:b2:25:3c:30:e7:9c:49:34:12:50:72:
                    95:2b:14:b1:f2:14:6b:6e:af:81:93:49:57:69:8e:
                    6e:ff:11:c6:e7:8d:cb:67:fa:ca:36:00:0b:a6:b8:
                    04:7a:d2:e2:75:08:0d:07:31:31:0e:09:2a:77:f6:
                    b2:a0:06:f3:9f:02:87:41:05:e5:52:1b:ea:a7:5f:
                    ba:c6:38:07:b9:20:5f:52:86:99:0e:53:2c:1e:1b:
                    4b:aa:7d:42:ca:0b:52:df:31:91:4a:53:69:ac:40:
                    d1:18:c4:97:e9:14:94:f9:cc:e2:18:bf:9e:a5:ef:
                    68:4f:5a:77:44:ed:cb:20:77:a7:24:ae:5a:ff:8d:
                    11:5a:b4:23:b7:be:2a:18:ee:1d:76:17:66:ae:51:
                    98:3a:84:06:c6:7b:70:90:f8:81:64:f5:35:1d:23:
                    61:01:af:25:0c:c6:93:f2:af:9f:2c:82:ba:d8:47:
                    24:82:c5:39:36:d1:fe:5e:98:bc:d3:35:fb:14:0e:
                    91:8f:5d:8b:b5:19:20:d1:0b:12:7f:9b:a4:14:e3:
                    09:1c:12:7a:18:89:ea:bf:62:fa:fb:c2:df:bf:17:
                    62:46:b0:43:83:d7:e3:51:be:f0:bf:f6:b2:2a:7f:
                    5c:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:B4:17:6B:80:0D:A6:01:EF:B2:5C:47:BB:2C:84:9B:9B:F1:7B:19
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/1LQXa4ANpgHvslxHuyyEm5vxexk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.121.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:d2:b2:18:b5:92:56:c0:aa:90:11:f4:c1:b8:15:ed:a4:1b:
         65:0c:ef:63:33:5d:77:a5:64:41:fa:79:65:68:28:d1:c1:8e:
         69:ae:2e:7b:c5:80:33:8b:d6:15:52:4a:65:ea:a6:1f:9f:54:
         a7:0c:19:ec:8d:b6:11:1b:7d:23:b5:a5:b2:41:98:ca:2d:f9:
         9e:87:04:f4:ab:7c:87:f1:c7:68:d7:0c:66:78:4b:73:f9:40:
         6e:03:db:78:93:9b:9e:93:05:78:27:8f:5c:12:ce:81:36:68:
         7d:cb:b2:02:12:32:17:83:9d:ea:03:00:a5:31:5a:08:d3:68:
         93:32:52:cb:fe:fc:5b:d5:6f:72:1e:05:9a:de:d5:79:c6:f0:
         7b:f6:b1:37:63:76:84:32:eb:a5:79:11:81:7f:07:b5:79:96:
         b2:cc:c2:7c:9c:3f:5d:c7:09:6d:7e:ec:91:08:16:8f:8c:09:
         11:38:d4:d3:e3:c6:8c:77:26:fe:8a:e3:18:52:e0:c9:62:a4:
         e4:2a:ed:ad:52:f4:a1:76:49:0e:f5:f1:92:60:ce:de:b0:0c:
         33:9d:06:27:08:7c:be:b1:a3:13:94:c7:62:6b:49:8c:0d:a7:
         5a:2d:e2:8e:54:b4:d7:fe:6f:34:58:ec:0e:33:92:fb:f4:d5:
         e2:7c:2c:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRuRfcU498EJZyHxtVkLZPDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjUwMTE2MDg0MTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGI0MTc2YjgwMGRhNjAxZWZiMjVjNDdiYjJjODQ5YjliZjE3YjE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxEWoXhRBCj90kKYk5+YHwqyMsiU8
MOecSTQSUHKVKxSx8hRrbq+Bk0lXaY5u/xHG543LZ/rKNgALprgEetLidQgNBzEx
Dgkqd/ayoAbznwKHQQXlUhvqp1+6xjgHuSBfUoaZDlMsHhtLqn1CygtS3zGRSlNp
rEDRGMSX6RSU+cziGL+epe9oT1p3RO3LIHenJK5a/40RWrQjt74qGO4ddhdmrlGY
OoQGxntwkPiBZPU1HSNhAa8lDMaT8q+fLIK62EckgsU5NtH+Xpi80zX7FA6Rj12L
tRkg0QsSf5ukFOMJHBJ6GInqv2L6+8LfvxdiRrBDg9fjUb7wv/ayKn9cMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNS0F2uADaYB77JcR7sshJub8XsZMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvMUxRWGE0QU5wZ0h2c2x4SHV5eUVtNXZ4ZXhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXkiMA0G
CSqGSIb3DQEBCwUAA4IBAQCT0rIYtZJWwKqQEfTBuBXtpBtlDO9jM113pWRB+nll
aCjRwY5pri57xYAzi9YVUkpl6qYfn1SnDBnsjbYRG30jtaWyQZjKLfmehwT0q3yH
8cdo1wxmeEtz+UBuA9t4k5uekwV4J49cEs6BNmh9y7ICEjIXg53qAwClMVoI02iT
MlLL/vxb1W9yHgWa3tV5xvB79rE3Y3aEMuuleRGBfwe1eZayzMJ8nD9dxwltfuyR
CBaPjAkRONTT48aMdyb+iuMYUuDJYqTkKu2tUvShdkkO9fGSYM7esAwznQYnCHy+
saMTlMdia0mMDadaLeKOVLTX/m80WOwOM5L79NXifCwL
-----END CERTIFICATE-----