Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/yHDuyK71pjrgOUPZ38oxEoIPjjM.roa
File:                     yHDuyK71pjrgOUPZ38oxEoIPjjM.roa (raw, json)
Hash identifier:          /EoMzF6rgnISNnDz47DCdwwINjFT328imqO8ttSPLQU=
Subject key identifier:   C8:70:EE:C8:AE:F5:A6:3A:E0:39:43:D9:DF:CA:31:12:82:0F:8E:33
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       018CC56E106BAA6DBA09A8F013A09FD15F19
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/yHDuyK71pjrgOUPZ38oxEoIPjjM.roa
Signing time:             Mon 01 Jan 2024 14:29:33 +0000
ROA not before:           Mon 01 Jan 2024 14:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60781
IP address blocks:        109.121.44.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:10:6b:aa:6d:ba:09:a8:f0:13:a0:9f:d1:5f:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Jan  1 14:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c870eec8aef5a63ae03943d9dfca3112820f8e33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:a9:65:b6:0b:50:e8:13:ad:5d:da:e7:68:66:
                    28:07:d2:d0:75:8b:7d:2e:c4:f7:8c:3f:a4:6c:24:
                    46:eb:54:1f:84:6e:f8:55:41:4e:84:50:46:b6:64:
                    e6:d7:9f:6a:d3:d7:ba:36:7a:f7:6c:c4:14:6b:cc:
                    31:4d:85:52:78:ec:36:95:78:21:3a:26:2f:a2:d4:
                    2b:a7:2e:bd:9c:05:cf:c8:63:b7:0b:12:19:cd:1d:
                    47:bf:85:95:2a:50:1f:eb:ea:3e:46:c9:54:c5:d3:
                    20:c4:90:7b:bb:12:4a:54:c8:d0:52:5f:b9:15:ab:
                    f3:41:4c:85:ef:1c:32:2c:15:e0:9e:d4:77:85:de:
                    28:07:03:86:bf:f2:1a:44:b5:7b:dd:48:03:2e:e6:
                    73:10:d0:ff:83:63:8c:32:27:98:1f:11:54:0f:81:
                    59:2c:81:44:c9:05:ed:bc:58:22:2e:46:35:65:3e:
                    04:6d:70:d8:af:9b:27:a6:81:b5:f5:ac:99:e3:fc:
                    ac:d2:19:e9:be:ca:61:af:9e:09:7d:2e:23:67:0b:
                    23:94:fa:5a:57:fa:b3:d2:09:18:31:73:80:63:82:
                    a8:42:09:2d:aa:b3:71:7b:57:cf:bc:1c:18:89:3f:
                    10:d4:c3:79:16:3a:3b:a2:60:f7:46:56:45:8a:e5:
                    29:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:70:EE:C8:AE:F5:A6:3A:E0:39:43:D9:DF:CA:31:12:82:0F:8E:33
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/yHDuyK71pjrgOUPZ38oxEoIPjjM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.121.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:19:f1:85:bd:ee:23:59:80:3b:a7:98:3c:c6:87:4b:30:94:
         24:57:38:6f:f2:50:e8:33:d2:83:50:d6:58:65:80:9e:ce:c0:
         db:5d:ab:3f:3c:c2:19:5d:e4:02:cb:2e:61:ba:26:4a:f8:77:
         ee:9c:0b:52:3c:f4:48:57:ee:3e:d1:b2:c5:04:cb:44:8d:ea:
         3a:06:a6:85:28:47:4b:b8:5a:f5:d9:25:fc:82:46:4d:d7:80:
         41:5e:97:57:ab:29:2b:99:9b:19:36:9c:6a:35:ad:4e:9b:42:
         c5:7d:37:7d:9c:4e:50:f5:12:18:72:b1:e5:0e:a2:d2:e6:3c:
         0b:3f:58:ee:c8:ca:1e:92:13:5a:f1:83:88:a6:b5:bd:39:a5:
         61:ed:83:fd:da:3d:db:8c:df:05:fb:13:aa:c9:9a:a7:3b:03:
         64:1f:72:6a:c8:20:f6:2d:fd:83:c9:19:90:62:20:44:0e:24:
         92:5c:16:94:78:42:83:27:f4:86:25:15:c1:31:8e:79:d2:93:
         cf:ea:90:07:1f:0a:9f:ce:b1:c2:ff:05:df:6a:1a:13:a6:74:
         06:81:ab:66:1c:6f:11:4c:08:04:8a:7f:ed:02:51:77:7c:34:
         82:e3:b9:c5:e0:68:c8:82:33:d1:bd:74:b4:14:e2:b6:65:86:
         f3:fe:cf:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhBrqm26CajwE6Cf0V8ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjQwMTAxMTQyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODcwZWVjOGFlZjVhNjNhZTAzOTQzZDlkZmNhMzExMjgyMGY4ZTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj6lltgtQ6BOtXdrnaGYoB9LQdYt9
LsT3jD+kbCRG61QfhG74VUFOhFBGtmTm159q09e6Nnr3bMQUa8wxTYVSeOw2lXgh
OiYvotQrpy69nAXPyGO3CxIZzR1Hv4WVKlAf6+o+RslUxdMgxJB7uxJKVMjQUl+5
FavzQUyF7xwyLBXgntR3hd4oBwOGv/IaRLV73UgDLuZzEND/g2OMMieYHxFUD4FZ
LIFEyQXtvFgiLkY1ZT4EbXDYr5snpoG19ayZ4/ys0hnpvsphr54JfS4jZwsjlPpa
V/qz0gkYMXOAY4KoQgktqrNxe1fPvBwYiT8Q1MN5Fjo7omD3RlZFiuUpYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMhw7siu9aY64DlD2d/KMRKCD44zMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEveUhEdXlLNzFwanJnT1VQWjM4b3hFb0lQampNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXksMA0G
CSqGSIb3DQEBCwUAA4IBAQBOGfGFve4jWYA7p5g8xodLMJQkVzhv8lDoM9KDUNZY
ZYCezsDbXas/PMIZXeQCyy5huiZK+HfunAtSPPRIV+4+0bLFBMtEjeo6BqaFKEdL
uFr12SX8gkZN14BBXpdXqykrmZsZNpxqNa1Om0LFfTd9nE5Q9RIYcrHlDqLS5jwL
P1juyMoekhNa8YOIprW9OaVh7YP92j3bjN8F+xOqyZqnOwNkH3JqyCD2Lf2DyRmQ
YiBEDiSSXBaUeEKDJ/SGJRXBMY550pPP6pAHHwqfzrHC/wXfahoTpnQGgatmHG8R
TAgEin/tAlF3fDSC47nF4GjIgjPRvXS0FOK2ZYbz/s8B
-----END CERTIFICATE-----