Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/OdRcxP9kQBDBq_t4K6LMCbZ4LYA.roa
File:                     OdRcxP9kQBDBq_t4K6LMCbZ4LYA.roa (raw, json)
Hash identifier:          VSz03cKjLczZsD5Qc7ZNyHo2cNC5AOTGzQJ7nuICCg4=
Subject key identifier:   39:D4:5C:C4:FF:64:40:10:C1:AB:FB:78:2B:A2:CC:09:B6:78:2D:80
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       01941FFA814C1E9B84BABC033D9ED7ABE46A
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/OdRcxP9kQBDBq_t4K6LMCbZ4LYA.roa
Signing time:             Wed 01 Jan 2025 03:48:18 +0000
ROA not before:           Wed 01 Jan 2025 03:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        109.111.32.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:81:4c:1e:9b:84:ba:bc:03:3d:9e:d7:ab:e4:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Jan  1 03:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=39d45cc4ff644010c1abfb782ba2cc09b6782d80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:20:39:73:f9:be:47:42:c5:2c:e3:69:26:b2:
                    1e:b1:a0:84:49:05:9d:8e:1d:bd:47:b0:16:89:ea:
                    d3:b6:9e:49:8b:ca:43:b4:5b:41:f6:cf:8c:f0:bd:
                    55:d2:6a:92:68:51:c9:bd:9e:17:e3:c7:94:8a:2b:
                    42:b0:40:84:94:74:68:4a:26:e7:94:2c:ce:23:29:
                    a7:e7:11:63:71:0d:9a:60:b1:a1:83:e9:ee:1b:9d:
                    f4:fa:98:83:72:d5:d9:dd:13:09:1d:58:1c:c6:36:
                    48:44:d4:f8:e9:03:be:e0:7c:21:b0:50:53:7f:4c:
                    ab:67:fe:b5:25:a9:bb:8b:66:d2:1f:f3:31:28:06:
                    f0:32:cd:97:96:92:62:92:62:e1:a1:73:be:07:53:
                    c3:cc:26:fc:b2:16:3b:ff:47:e2:98:7d:c9:03:a4:
                    11:fb:6d:00:8a:c3:6c:f0:14:0f:01:ec:3e:5c:1f:
                    c5:b6:5d:79:0e:68:4a:83:c4:ed:18:3a:fc:1e:56:
                    1f:b1:3d:a3:71:1f:c5:f2:0f:eb:2c:15:1d:dd:fe:
                    f8:0d:85:84:87:97:e7:85:b7:c4:35:88:2a:e9:a6:
                    83:b6:20:f4:a9:c5:bc:d0:a7:e5:be:2f:0e:be:95:
                    ab:96:08:99:3a:ac:c3:dd:59:85:b2:6a:7e:33:31:
                    92:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:D4:5C:C4:FF:64:40:10:C1:AB:FB:78:2B:A2:CC:09:B6:78:2D:80
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/OdRcxP9kQBDBq_t4K6LMCbZ4LYA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.111.32.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a0:07:e4:31:36:31:40:db:31:f0:3d:de:c8:e4:22:9f:d8:29:
         f2:4c:53:35:51:19:de:8c:bd:1b:69:53:53:42:7b:d8:e8:eb:
         85:19:61:42:7d:34:74:ab:07:e9:8f:c8:9d:87:86:71:a9:da:
         36:1f:5b:30:a9:36:bf:00:06:87:96:97:99:e7:e9:d7:a7:13:
         ca:bc:7d:93:4c:b3:fc:78:b4:9d:b6:c0:fc:46:d8:ab:86:b1:
         eb:21:cd:b3:70:05:d2:5e:74:69:31:63:d9:8f:20:80:da:dc:
         da:ca:f4:54:c3:54:61:b2:42:f5:6c:6a:33:61:3a:9e:40:33:
         99:3d:f0:ef:71:a4:f9:c4:37:1b:3d:2d:5c:54:21:a7:fb:3b:
         01:59:f1:a5:34:6e:6e:db:85:72:0a:fe:cc:f1:2c:21:71:4b:
         da:bc:da:aa:84:09:ef:73:3e:33:6b:1a:51:8b:83:21:c3:b1:
         bb:07:87:bd:f7:f7:fa:2f:4a:db:c1:58:8b:09:cd:d9:37:ac:
         ee:4b:a9:7f:ca:9a:32:1f:f1:e5:50:3f:7b:d8:d0:9b:70:4f:
         b5:1c:ad:46:c4:7b:78:0f:41:18:c3:76:ce:0a:7f:9d:8d:f9:
         cc:8e:5c:c0:b4:6c:79:94:68:2d:19:4a:a0:5b:db:c1:e6:79:
         53:9c:a7:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+oFMHpuEurwDPZ7Xq+RqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjUwMTAxMDM0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWQ0NWNjNGZmNjQ0MDEwYzFhYmZiNzgyYmEyY2MwOWI2NzgyZDgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlSA5c/m+R0LFLONpJrIesaCESQWd
jh29R7AWierTtp5Ji8pDtFtB9s+M8L1V0mqSaFHJvZ4X48eUiitCsECElHRoSibn
lCzOIymn5xFjcQ2aYLGhg+nuG530+piDctXZ3RMJHVgcxjZIRNT46QO+4HwhsFBT
f0yrZ/61Jam7i2bSH/MxKAbwMs2XlpJikmLhoXO+B1PDzCb8shY7/0fimH3JA6QR
+20AisNs8BQPAew+XB/Ftl15DmhKg8TtGDr8HlYfsT2jcR/F8g/rLBUd3f74DYWE
h5fnhbfENYgq6aaDtiD0qcW80Kflvi8OvpWrlgiZOqzD3VmFsmp+MzGSZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDnUXMT/ZEAQwav7eCuizAm2eC2AMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvT2RSY3hQOWtRQkRCcV90NEs2TE1DYlo0TFlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBbW8gMA0G
CSqGSIb3DQEBCwUAA4IBAQCgB+QxNjFA2zHwPd7I5CKf2CnyTFM1URnejL0baVNT
QnvY6OuFGWFCfTR0qwfpj8idh4Zxqdo2H1swqTa/AAaHlpeZ5+nXpxPKvH2TTLP8
eLSdtsD8RtirhrHrIc2zcAXSXnRpMWPZjyCA2tzayvRUw1RhskL1bGozYTqeQDOZ
PfDvcaT5xDcbPS1cVCGn+zsBWfGlNG5u24VyCv7M8SwhcUvavNqqhAnvcz4zaxpR
i4Mhw7G7B4e99/f6L0rbwViLCc3ZN6zuS6l/ypoyH/HlUD972NCbcE+1HK1GxHt4
D0EYw3bOCn+djfnMjlzAtGx5lGgtGUqgW9vB5nlTnKch
-----END CERTIFICATE-----