Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/ITag62An4hKxUnbwMygCLGAX1yU.roa
File:                     ITag62An4hKxUnbwMygCLGAX1yU.roa (raw, json)
Hash identifier:          u0X3K+DHFlyJ3pi83LIsEkxMP3fGLrDnNUPNHInxwUE=
Subject key identifier:   21:36:A0:EB:60:27:E2:12:B1:52:76:F0:33:28:02:2C:60:17:D7:25
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       0192AEC5469DE0F1D398DDBECC3AA9FE7137
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/ITag62An4hKxUnbwMygCLGAX1yU.roa
Signing time:             Mon 21 Oct 2024 11:10:17 +0000
ROA not before:           Mon 21 Oct 2024 11:10:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204104
IP address blocks:        109.122.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:ae:c5:46:9d:e0:f1:d3:98:dd:be:cc:3a:a9:fe:71:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Oct 21 11:10:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2136a0eb6027e212b15276f03328022c6017d725
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:54:5b:02:d7:82:28:3e:88:3b:69:03:59:0d:
                    b4:22:64:40:98:6f:49:7d:69:1c:fb:57:67:c9:00:
                    d2:6a:60:8d:75:8d:8f:55:dd:86:5c:6b:35:e9:87:
                    b0:37:86:80:d7:66:26:3a:9a:8b:5d:c6:e6:bf:92:
                    4e:de:75:a9:ed:8a:cd:2a:b9:65:7b:11:a0:cd:88:
                    2d:8e:f6:71:a0:3b:89:b4:b8:10:7f:13:44:8e:eb:
                    5e:5e:1d:69:3f:5c:c1:94:c9:51:12:e8:d3:b5:a6:
                    47:11:3d:8c:1b:52:fb:7c:01:1f:4f:c5:c6:2d:2d:
                    78:25:2d:30:b6:89:94:ca:78:2a:2e:d8:c8:c0:95:
                    10:bf:f7:88:51:42:a1:0b:1a:bf:87:9d:7a:22:53:
                    2a:96:30:48:72:43:55:8c:89:4b:39:13:22:2a:ea:
                    fa:3e:67:72:26:43:19:74:ca:17:56:06:1c:0e:78:
                    35:a2:32:55:73:43:23:3b:31:c3:7e:6f:e2:2d:89:
                    81:15:07:31:6c:74:a3:bd:72:28:1c:ba:8e:60:8e:
                    ba:08:66:7d:66:16:83:cf:a1:ea:cd:80:c5:d5:b7:
                    d0:41:b4:d1:7d:90:08:9c:f9:91:de:f3:c5:75:66:
                    71:eb:e1:a0:2d:97:7d:6d:d7:d6:37:67:c5:98:5a:
                    9e:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:36:A0:EB:60:27:E2:12:B1:52:76:F0:33:28:02:2C:60:17:D7:25
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/ITag62An4hKxUnbwMygCLGAX1yU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:5b:3c:0f:e2:0a:d4:bd:68:3f:39:10:34:40:ba:a3:6a:02:
         f6:a3:b5:81:4b:3f:ae:94:fe:07:6d:a5:0e:1b:33:bc:2e:a1:
         e1:9f:1f:be:55:ea:98:43:ea:63:66:3c:0d:b4:dc:8b:75:c6:
         f9:f4:8f:c3:02:35:2b:a8:8e:bd:fe:af:2d:3c:3e:a3:5c:62:
         a8:60:af:aa:99:ea:36:c1:d8:ec:c1:25:c0:6d:22:cd:df:e7:
         4c:0f:74:58:f1:2a:d5:68:51:0f:86:8c:6b:0c:18:08:31:2b:
         8c:f3:be:1b:81:6f:a4:22:8e:3d:55:83:a4:78:2b:3f:6f:fe:
         9a:60:fa:25:7c:a4:22:d1:0b:57:9e:ac:7e:ba:1a:bd:da:99:
         76:9a:12:74:46:29:a0:e5:cb:2e:6a:92:c2:e2:55:88:40:c8:
         52:2d:bf:f4:92:cf:bc:1b:a5:37:b8:21:82:80:72:c9:35:99:
         18:85:f3:3f:36:dd:a3:36:f7:4c:0a:08:cc:96:c9:ad:0f:65:
         6f:6d:fd:79:1a:09:6a:af:85:ee:4f:d8:c3:6c:1c:41:7a:85:
         74:0a:eb:24:ce:0d:de:09:b0:83:72:fa:03:29:ba:02:23:27:
         c9:d2:1e:38:e0:13:22:79:2a:e4:55:8d:8e:9e:f8:dc:29:23:
         1a:70:df:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKuxUad4PHTmN2+zDqp/nE3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjQxMDIxMTExMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTM2YTBlYjYwMjdlMjEyYjE1Mjc2ZjAzMzI4MDIyYzYwMTdkNzI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVRbAteCKD6IO2kDWQ20ImRAmG9J
fWkc+1dnyQDSamCNdY2PVd2GXGs16YewN4aA12YmOpqLXcbmv5JO3nWp7YrNKrll
exGgzYgtjvZxoDuJtLgQfxNEjuteXh1pP1zBlMlREujTtaZHET2MG1L7fAEfT8XG
LS14JS0wtomUyngqLtjIwJUQv/eIUUKhCxq/h516IlMqljBIckNVjIlLORMiKur6
PmdyJkMZdMoXVgYcDng1ojJVc0MjOzHDfm/iLYmBFQcxbHSjvXIoHLqOYI66CGZ9
ZhaDz6HqzYDF1bfQQbTRfZAInPmR3vPFdWZx6+GgLZd9bdfWN2fFmFqeGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCE2oOtgJ+ISsVJ28DMoAixgF9clMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvSVRhZzYyQW40aEt4VW5id015Z0NMR0FYMXlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXr6MA0G
CSqGSIb3DQEBCwUAA4IBAQCnWzwP4grUvWg/ORA0QLqjagL2o7WBSz+ulP4HbaUO
GzO8LqHhnx++VeqYQ+pjZjwNtNyLdcb59I/DAjUrqI69/q8tPD6jXGKoYK+qmeo2
wdjswSXAbSLN3+dMD3RY8SrVaFEPhoxrDBgIMSuM874bgW+kIo49VYOkeCs/b/6a
YPolfKQi0QtXnqx+uhq92pl2mhJ0Rimg5csuapLC4lWIQMhSLb/0ks+8G6U3uCGC
gHLJNZkYhfM/Nt2jNvdMCgjMlsmtD2Vvbf15Gglqr4XuT9jDbBxBeoV0Cuskzg3e
CbCDcvoDKboCIyfJ0h444BMieSrkVY2OnvjcKSMacN/j
-----END CERTIFICATE-----