Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/16c890-17e7-4a51-a387-3e8df3310232/1/baeYMpQTf1prfSgvYpiSJyiA86o.roa
File:                     baeYMpQTf1prfSgvYpiSJyiA86o.roa (raw, json)
Hash identifier:          K1aC88mjEbBLbQ7U4e/CSJaIjpQ51Z65KxdLka02ark=
Subject key identifier:   6D:A7:98:32:94:13:7F:5A:6B:7D:28:2F:62:98:92:27:28:80:F3:AA
Certificate issuer:       /CN=08b3eb5fb3ba7656e11357834829eecaf441212e
Certificate serial:       019420683A93549449AE43CB7984C6F0594D
Authority key identifier: 08:B3:EB:5F:B3:BA:76:56:E1:13:57:83:48:29:EE:CA:F4:41:21:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CLPrX7O6dlbhE1eDSCnuyvRBIS4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/16c890-17e7-4a51-a387-3e8df3310232/1/baeYMpQTf1prfSgvYpiSJyiA86o.roa
Signing time:             Wed 01 Jan 2025 05:48:09 +0000
ROA not before:           Wed 01 Jan 2025 05:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200359
IP address blocks:        109.70.232.0/24 maxlen: 24
                          109.70.233.0/24 maxlen: 24
                          109.70.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/16c890-17e7-4a51-a387-3e8df3310232/1/CLPrX7O6dlbhE1eDSCnuyvRBIS4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/16c890-17e7-4a51-a387-3e8df3310232/1/CLPrX7O6dlbhE1eDSCnuyvRBIS4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CLPrX7O6dlbhE1eDSCnuyvRBIS4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:3a:93:54:94:49:ae:43:cb:79:84:c6:f0:59:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08b3eb5fb3ba7656e11357834829eecaf441212e
        Validity
            Not Before: Jan  1 05:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6da7983294137f5a6b7d282f629892272880f3aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:e1:eb:19:29:49:95:3f:9e:43:87:d6:29:7f:
                    16:86:bc:37:f7:64:1f:f3:c0:38:8e:bb:a9:00:4c:
                    e5:7d:d4:ef:af:76:1d:47:48:50:1f:ec:fe:38:ff:
                    48:b8:53:54:88:63:ab:fe:26:85:c5:97:27:94:83:
                    8f:47:49:6d:89:30:8d:18:a6:46:0b:61:08:21:04:
                    a3:24:da:86:7a:8b:1c:08:68:f0:4a:4f:69:3a:e3:
                    75:61:72:ea:8c:38:4b:57:ba:46:82:b6:0a:2f:64:
                    a8:c6:6d:a8:ee:ee:1f:56:c7:f3:fb:0e:50:27:9b:
                    c8:90:4a:ff:28:5b:6c:c9:4c:2c:6f:ff:df:4d:b3:
                    6e:77:c4:81:ee:93:95:5e:40:b6:73:db:b9:2d:e8:
                    31:da:c0:7a:3a:6b:b1:f3:a9:c1:71:de:0d:c7:3d:
                    4e:b4:e8:a2:24:72:07:5f:96:48:34:d6:e9:f9:e0:
                    c7:1e:8e:ae:45:45:2f:55:d1:ee:e8:c3:b9:99:82:
                    c7:d6:82:24:bd:bc:a5:ce:42:27:03:ff:94:55:fe:
                    34:21:42:04:6d:73:d1:ae:df:a3:e7:4f:05:f6:9c:
                    97:d1:c8:6d:ab:7a:1e:65:9f:2d:83:43:4c:15:c3:
                    9a:bb:9c:bd:72:47:16:2e:ae:e6:55:ce:93:b9:27:
                    90:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:A7:98:32:94:13:7F:5A:6B:7D:28:2F:62:98:92:27:28:80:F3:AA
            X509v3 Authority Key Identifier:
                keyid:08:B3:EB:5F:B3:BA:76:56:E1:13:57:83:48:29:EE:CA:F4:41:21:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CLPrX7O6dlbhE1eDSCnuyvRBIS4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/16c890-17e7-4a51-a387-3e8df3310232/1/baeYMpQTf1prfSgvYpiSJyiA86o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/16c890-17e7-4a51-a387-3e8df3310232/1/CLPrX7O6dlbhE1eDSCnuyvRBIS4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.70.232.0-109.70.234.255

    Signature Algorithm: sha256WithRSAEncryption
         a0:cb:2b:cf:ba:2f:72:ea:57:05:92:2b:b3:a7:75:83:df:7b:
         f7:17:d2:41:f6:40:61:ce:b5:3e:e8:cf:7b:5d:e6:3c:0c:36:
         4a:59:70:5c:6e:3b:a8:5b:fa:a0:38:88:8d:8c:29:6a:fb:da:
         df:26:62:e4:a5:eb:e8:e9:25:51:65:84:18:6f:9e:08:1b:90:
         7a:13:cb:f9:5a:59:2d:c0:96:70:6f:ed:d7:6a:db:ac:de:a2:
         cf:8f:9b:0f:e7:b3:93:69:78:b6:f2:00:f3:57:92:70:d3:7d:
         12:e9:a0:2c:be:be:3c:29:f2:d1:b1:98:45:a2:07:2b:ff:37:
         6e:3e:92:74:1d:30:e0:4e:b4:fd:ad:ae:4e:7b:a4:f5:fa:42:
         51:44:16:1f:27:ff:39:0f:1b:a9:c3:2a:c3:0a:6b:6e:90:dd:
         e2:62:a3:00:d9:7d:99:44:07:62:99:b9:4e:61:23:fa:0c:d1:
         3d:45:4b:4e:20:47:5c:a3:17:76:e6:7a:e4:4c:ea:14:55:b2:
         b1:55:96:61:9d:08:17:86:8a:b5:71:14:a1:ad:d8:b8:85:67:
         7f:b1:78:98:df:12:19:a2:9b:01:83:b7:5e:e7:4e:80:08:cc:
         c3:c3:ae:a0:dd:8e:74:60:8e:b0:bf:e9:cd:f3:1e:aa:01:9d:
         20:87:80:3d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQgaDqTVJRJrkPLeYTG8FlNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4YjNlYjVmYjNiYTc2NTZlMTEzNTc4MzQ4MjllZWNhZjQ0
MTIxMmUwHhcNMjUwMTAxMDU0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGE3OTgzMjk0MTM3ZjVhNmI3ZDI4MmY2Mjk4OTIyNzI4ODBmM2FhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAreHrGSlJlT+eQ4fWKX8Whrw392Qf
88A4jrupAEzlfdTvr3YdR0hQH+z+OP9IuFNUiGOr/iaFxZcnlIOPR0ltiTCNGKZG
C2EIIQSjJNqGeoscCGjwSk9pOuN1YXLqjDhLV7pGgrYKL2Soxm2o7u4fVsfz+w5Q
J5vIkEr/KFtsyUwsb//fTbNud8SB7pOVXkC2c9u5Legx2sB6Omux86nBcd4Nxz1O
tOiiJHIHX5ZINNbp+eDHHo6uRUUvVdHu6MO5mYLH1oIkvbylzkInA/+UVf40IUIE
bXPRrt+j508F9pyX0chtq3oeZZ8tg0NMFcOau5y9ckcWLq7mVc6TuSeQewIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFG2nmDKUE39aa30oL2KYkicogPOqMB8GA1UdIwQY
MBaAFAiz61+zunZW4RNXg0gp7sr0QSEuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0xQclg3TzZkbGJoRTFlRFNDbnV5dlJCSVM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC8xNmM4OTAtMTdlNy00YTUxLWEzODct
M2U4ZGYzMzEwMjMyLzEvYmFlWU1wUVRmMXByZlNndllwaVNKeWlBODZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC8xNmM4OTAtMTdlNy00YTUxLWEzODctM2U4ZGYzMzEwMjMy
LzEvQ0xQclg3TzZkbGJoRTFlRFNDbnV5dlJCSVM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBANtRugD
BABtRuowDQYJKoZIhvcNAQELBQADggEBAKDLK8+6L3LqVwWSK7OndYPfe/cX0kH2
QGHOtT7oz3td5jwMNkpZcFxuO6hb+qA4iI2MKWr72t8mYuSl6+jpJVFlhBhvnggb
kHoTy/laWS3AlnBv7ddq26zeos+Pmw/ns5NpeLbyAPNXknDTfRLpoCy+vjwp8tGx
mEWiByv/N24+knQdMOBOtP2trk57pPX6QlFEFh8n/zkPG6nDKsMKa26Q3eJiowDZ
fZlEB2KZuU5hI/oM0T1FS04gR1yjF3bmeuRM6hRVsrFVlmGdCBeGirVxFKGt2LiF
Z3+xeJjfEhmimwGDt17nToAIzMPDrqDdjnRgjrC/6c3zHqoBnSCHgD0=
-----END CERTIFICATE-----