Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/2NzLzMOeFuBmYcrjiyDs5_DFYgI.roa
File:                     2NzLzMOeFuBmYcrjiyDs5_DFYgI.roa (raw, json)
Hash identifier:          UjwWdB8k577gYTCkJHn1rSTdVabHuDeCfYMOytlfWbk=
Subject key identifier:   D8:DC:CB:CC:C3:9E:16:E0:66:61:CA:E3:8B:20:EC:E7:F0:C5:62:02
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019427B555A000592BCC310ED6A4E0A8F11F
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/2NzLzMOeFuBmYcrjiyDs5_DFYgI.roa
Signing time:             Thu 02 Jan 2025 15:49:42 +0000
ROA not before:           Thu 02 Jan 2025 15:49:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60781
IP address blocks:        109.121.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:55:a0:00:59:2b:cc:31:0e:d6:a4:e0:a8:f1:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Jan  2 15:49:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d8dccbccc39e16e06661cae38b20ece7f0c56202
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:4f:16:ab:3d:c8:29:95:c8:e5:fc:b4:74:13:
                    60:93:c6:e7:18:62:2c:94:60:db:47:a4:a2:11:e8:
                    b4:8e:f6:45:3c:54:b8:c5:f1:07:87:ad:11:e0:47:
                    f6:43:6e:be:0f:e2:e9:59:0e:85:ee:74:e7:e0:67:
                    3f:d1:a5:26:b2:25:bf:9f:be:9b:52:45:3a:05:11:
                    04:ce:01:d8:4e:33:c1:02:5f:db:55:2b:e6:6c:66:
                    42:1d:ab:36:51:2f:bb:67:f8:0f:b2:d5:dd:93:62:
                    c9:93:18:cb:38:f4:82:ff:36:46:bd:d4:87:9e:78:
                    31:6f:5a:4d:55:23:22:62:14:9e:53:0b:89:15:20:
                    25:87:64:85:df:02:04:c9:c0:72:71:35:0e:bc:59:
                    48:24:79:ff:46:10:f1:4d:a3:53:08:54:43:9a:17:
                    ce:61:6a:d5:5e:8b:35:b5:74:cf:e7:16:45:18:90:
                    da:44:2e:4c:0c:da:ba:db:3d:15:d0:8e:7e:45:02:
                    64:72:93:62:7a:71:a4:c2:af:e0:e3:27:1b:c7:2d:
                    70:a4:37:09:bc:9d:b2:15:27:22:cc:88:b4:56:53:
                    58:87:46:e4:30:1a:f1:5e:9d:c4:39:d0:5a:59:af:
                    20:4d:91:c0:fe:c3:43:2d:d2:01:72:b7:f9:7e:92:
                    48:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:DC:CB:CC:C3:9E:16:E0:66:61:CA:E3:8B:20:EC:E7:F0:C5:62:02
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/2NzLzMOeFuBmYcrjiyDs5_DFYgI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.121.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:a6:91:3d:7d:f8:77:82:29:a4:94:eb:45:07:ab:d8:c4:53:
         19:7d:ad:6e:de:3b:a8:41:0c:48:85:51:d4:fa:66:95:ab:e1:
         a0:2c:f9:3c:5b:a9:69:6f:af:68:18:5f:21:32:79:1f:b7:69:
         9b:15:88:88:d7:a3:54:67:b0:33:2c:56:31:87:62:03:18:21:
         4d:8c:c5:bb:2f:49:b2:a0:51:93:bb:76:e6:98:21:ca:d1:ce:
         f6:49:3e:73:3a:b2:87:49:e7:a0:a6:c5:d6:f4:50:0b:75:9b:
         81:b4:88:1e:9e:bc:6a:a8:a7:84:bc:51:90:d0:08:be:b0:39:
         c3:53:48:19:36:02:45:a9:19:27:b2:36:9e:55:d8:c6:6f:0e:
         69:f9:f9:3c:87:ef:68:d6:cf:3e:59:c1:bb:99:0d:ca:6b:18:
         42:48:e4:3d:f1:b7:dd:59:7d:13:79:66:84:e0:58:45:62:82:
         7f:a5:c7:84:59:9e:c2:1c:30:5e:ae:b9:b6:67:99:43:42:21:
         f0:12:2b:dd:d7:e4:a8:33:6b:dc:41:56:39:e7:45:b9:24:92:
         51:22:45:54:73:f7:5e:fd:28:86:62:a0:9d:22:19:0c:71:e3:
         d1:9e:fc:bf:c8:c1:6a:92:23:6f:5b:49:dd:d5:3f:2e:d2:0e:
         4f:7c:db:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntVWgAFkrzDEO1qTgqPEfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjUwMTAyMTU0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGRjY2JjY2MzOWUxNmUwNjY2MWNhZTM4YjIwZWNlN2YwYzU2MjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyE8Wqz3IKZXI5fy0dBNgk8bnGGIs
lGDbR6SiEei0jvZFPFS4xfEHh60R4Ef2Q26+D+LpWQ6F7nTn4Gc/0aUmsiW/n76b
UkU6BREEzgHYTjPBAl/bVSvmbGZCHas2US+7Z/gPstXdk2LJkxjLOPSC/zZGvdSH
nngxb1pNVSMiYhSeUwuJFSAlh2SF3wIEycBycTUOvFlIJHn/RhDxTaNTCFRDmhfO
YWrVXos1tXTP5xZFGJDaRC5MDNq62z0V0I5+RQJkcpNienGkwq/g4ycbxy1wpDcJ
vJ2yFScizIi0VlNYh0bkMBrxXp3EOdBaWa8gTZHA/sNDLdIBcrf5fpJI1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNjcy8zDnhbgZmHK44sg7OfwxWICMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvMk56THpNT2VGdUJtWWNyaml5RHM1X0RGWWdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXksMA0G
CSqGSIb3DQEBCwUAA4IBAQBZppE9ffh3gimklOtFB6vYxFMZfa1u3juoQQxIhVHU
+maVq+GgLPk8W6lpb69oGF8hMnkft2mbFYiI16NUZ7AzLFYxh2IDGCFNjMW7L0my
oFGTu3bmmCHK0c72ST5zOrKHSeegpsXW9FALdZuBtIgenrxqqKeEvFGQ0Ai+sDnD
U0gZNgJFqRknsjaeVdjGbw5p+fk8h+9o1s8+WcG7mQ3KaxhCSOQ98bfdWX0TeWaE
4FhFYoJ/pceEWZ7CHDBerrm2Z5lDQiHwEivd1+SoM2vcQVY550W5JJJRIkVUc/de
/SiGYqCdIhkMcePRnvy/yMFqkiNvW0nd1T8u0g5PfNtb
-----END CERTIFICATE-----