Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/16c890-17e7-4a51-a387-3e8df3310232/1/Dx843zJfB2RQ1tXw_6blL8VsbDw.roa
File:                     Dx843zJfB2RQ1tXw_6blL8VsbDw.roa (raw, json)
Hash identifier:          Wk3Kg6R2i9DDoDfgR64ME8g+dDPZ0Euba0eJlCA1nOk=
Subject key identifier:   0F:1F:38:DF:32:5F:07:64:50:D6:D5:F0:FF:A6:E5:2F:C5:6C:6C:3C
Certificate issuer:       /CN=08b3eb5fb3ba7656e11357834829eecaf441212e
Certificate serial:       019420683A0EF9DA60AEF795B9F2EFE28F88
Authority key identifier: 08:B3:EB:5F:B3:BA:76:56:E1:13:57:83:48:29:EE:CA:F4:41:21:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CLPrX7O6dlbhE1eDSCnuyvRBIS4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/16c890-17e7-4a51-a387-3e8df3310232/1/Dx843zJfB2RQ1tXw_6blL8VsbDw.roa
Signing time:             Wed 01 Jan 2025 05:48:09 +0000
ROA not before:           Wed 01 Jan 2025 05:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43885
IP address blocks:        109.70.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/16c890-17e7-4a51-a387-3e8df3310232/1/CLPrX7O6dlbhE1eDSCnuyvRBIS4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/16c890-17e7-4a51-a387-3e8df3310232/1/CLPrX7O6dlbhE1eDSCnuyvRBIS4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CLPrX7O6dlbhE1eDSCnuyvRBIS4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:3a:0e:f9:da:60:ae:f7:95:b9:f2:ef:e2:8f:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08b3eb5fb3ba7656e11357834829eecaf441212e
        Validity
            Not Before: Jan  1 05:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f1f38df325f076450d6d5f0ffa6e52fc56c6c3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:6e:d6:5d:cd:32:dc:2a:4c:a6:73:e0:c1:c9:
                    1e:be:fa:d5:14:fa:d3:26:81:c9:96:36:ae:92:4e:
                    89:a5:72:2e:55:92:73:3b:b2:b0:21:bf:aa:48:06:
                    93:6b:17:52:ef:c7:5d:4b:4f:9b:14:0d:96:f9:e1:
                    7f:32:90:ec:e0:d7:df:95:45:a0:f9:ce:4b:62:92:
                    ae:a4:8e:2f:ef:ee:ae:9f:3d:4d:5a:13:d1:8f:7f:
                    5f:60:e4:24:70:e6:98:02:4c:da:ad:72:f0:96:88:
                    4f:3e:ee:a7:45:55:79:47:cc:48:27:b0:e4:fd:ca:
                    bf:bf:ea:96:c2:9d:6d:6f:68:ef:e2:d1:ee:b5:de:
                    5f:72:2c:f9:5f:73:f3:ef:2a:f6:bd:f9:a2:79:45:
                    d8:71:7f:55:f7:c4:98:26:a6:93:52:f0:53:05:8c:
                    63:e6:59:98:fe:ae:38:1c:77:4f:f0:e8:77:11:c1:
                    9a:53:15:4a:6f:05:20:42:9f:d4:03:4c:6e:a7:05:
                    cf:13:26:28:55:b8:28:de:95:ce:49:47:a9:b2:0d:
                    c7:62:04:86:f0:1e:96:e7:8c:7e:66:b4:18:2d:98:
                    56:84:62:9c:88:26:56:de:9a:32:b0:bf:d7:df:9c:
                    64:b2:a6:37:78:73:44:64:51:e2:34:3c:4c:80:12:
                    52:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:1F:38:DF:32:5F:07:64:50:D6:D5:F0:FF:A6:E5:2F:C5:6C:6C:3C
            X509v3 Authority Key Identifier:
                keyid:08:B3:EB:5F:B3:BA:76:56:E1:13:57:83:48:29:EE:CA:F4:41:21:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CLPrX7O6dlbhE1eDSCnuyvRBIS4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/16c890-17e7-4a51-a387-3e8df3310232/1/Dx843zJfB2RQ1tXw_6blL8VsbDw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/16c890-17e7-4a51-a387-3e8df3310232/1/CLPrX7O6dlbhE1eDSCnuyvRBIS4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.70.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:fd:cd:f9:1a:92:59:23:73:fd:62:5c:e3:e4:6c:96:94:65:
         c3:34:2b:24:76:15:82:94:eb:f8:b2:64:d4:de:e1:8b:7f:cd:
         2b:b8:c4:84:02:28:59:37:13:41:97:45:84:02:d3:82:2c:f8:
         33:62:4f:f7:20:cb:46:fb:64:03:14:4c:61:3f:c5:09:75:22:
         5c:4c:04:68:65:92:03:1a:78:21:56:98:ce:9b:81:aa:4a:ce:
         6b:d5:2d:f5:64:6c:5e:4c:02:26:c8:a5:d5:7d:13:c8:99:fc:
         a6:00:fb:7e:4c:45:18:f4:0d:60:33:51:e8:85:e1:e1:4a:6c:
         b8:19:5d:bf:4c:eb:bf:7b:cd:26:14:9a:b6:de:dc:d2:13:52:
         ab:6f:60:a0:00:22:e8:2a:4c:73:0c:bc:db:08:65:0f:a5:01:
         9e:bf:b7:6a:49:ed:bc:35:fc:ad:7d:dc:6a:5b:44:bf:79:84:
         30:f2:00:b2:05:d9:16:c1:c4:f5:78:44:ba:50:07:58:fc:1f:
         87:36:ff:a9:82:d2:43:63:b5:d0:69:5f:99:28:f9:7e:1c:1c:
         98:45:50:53:83:dd:f5:23:9b:82:86:c3:4d:8a:40:38:e2:49:
         7b:01:25:07:e8:2b:3a:c0:25:7c:ac:63:b1:14:75:a5:4c:27:
         6b:93:99:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaDoO+dpgrveVufLv4o+IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4YjNlYjVmYjNiYTc2NTZlMTEzNTc4MzQ4MjllZWNhZjQ0
MTIxMmUwHhcNMjUwMTAxMDU0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjFmMzhkZjMyNWYwNzY0NTBkNmQ1ZjBmZmE2ZTUyZmM1NmM2YzNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiG7WXc0y3CpMpnPgwckevvrVFPrT
JoHJljaukk6JpXIuVZJzO7KwIb+qSAaTaxdS78ddS0+bFA2W+eF/MpDs4NfflUWg
+c5LYpKupI4v7+6unz1NWhPRj39fYOQkcOaYAkzarXLwlohPPu6nRVV5R8xIJ7Dk
/cq/v+qWwp1tb2jv4tHutd5fciz5X3Pz7yr2vfmieUXYcX9V98SYJqaTUvBTBYxj
5lmY/q44HHdP8Oh3EcGaUxVKbwUgQp/UA0xupwXPEyYoVbgo3pXOSUepsg3HYgSG
8B6W54x+ZrQYLZhWhGKciCZW3poysL/X35xksqY3eHNEZFHiNDxMgBJSCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA8fON8yXwdkUNbV8P+m5S/FbGw8MB8GA1UdIwQY
MBaAFAiz61+zunZW4RNXg0gp7sr0QSEuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0xQclg3TzZkbGJoRTFlRFNDbnV5dlJCSVM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC8xNmM4OTAtMTdlNy00YTUxLWEzODct
M2U4ZGYzMzEwMjMyLzEvRHg4NDN6SmZCMlJRMXRYd182YmxMOFZzYkR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC8xNmM4OTAtMTdlNy00YTUxLWEzODctM2U4ZGYzMzEwMjMy
LzEvQ0xQclg3TzZkbGJoRTFlRFNDbnV5dlJCSVM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbUbrMA0G
CSqGSIb3DQEBCwUAA4IBAQAl/c35GpJZI3P9Ylzj5GyWlGXDNCskdhWClOv4smTU
3uGLf80ruMSEAihZNxNBl0WEAtOCLPgzYk/3IMtG+2QDFExhP8UJdSJcTARoZZID
GnghVpjOm4GqSs5r1S31ZGxeTAImyKXVfRPImfymAPt+TEUY9A1gM1HoheHhSmy4
GV2/TOu/e80mFJq23tzSE1Krb2CgACLoKkxzDLzbCGUPpQGev7dqSe28Nfytfdxq
W0S/eYQw8gCyBdkWwcT1eES6UAdY/B+HNv+pgtJDY7XQaV+ZKPl+HByYRVBTg931
I5uChsNNikA44kl7ASUH6Cs6wCV8rGOxFHWlTCdrk5my
-----END CERTIFICATE-----