Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bQZnmP95jDPJdlUrkF9kqJ4wsRs.roa
File:                     bQZnmP95jDPJdlUrkF9kqJ4wsRs.roa (raw, json)
Hash identifier:          reqSTMChnileQshD8PVVBpvfbPxu9dabXId0/gYIyR4=
Subject key identifier:   6D:06:67:98:FF:79:8C:33:C9:76:55:2B:90:5F:64:A8:9E:30:B1:1B
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       01932E68978650FB0EFF9AE16BFD4530AAF2
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bQZnmP95jDPJdlUrkF9kqJ4wsRs.roa
Signing time:             Fri 15 Nov 2024 06:00:26 +0000
ROA not before:           Fri 15 Nov 2024 06:00:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        109.122.240.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:2e:68:97:86:50:fb:0e:ff:9a:e1:6b:fd:45:30:aa:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Nov 15 06:00:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d066798ff798c33c976552b905f64a89e30b11b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:2f:dc:75:64:f7:0f:93:5b:e7:34:57:be:6a:
                    3a:a9:7f:b6:25:59:62:c3:81:0b:ad:b3:d6:76:6c:
                    66:1f:ae:e3:ef:c8:59:e9:64:c5:72:b3:20:11:56:
                    b9:72:59:37:73:8b:4a:bd:9e:27:9e:4c:8f:49:ba:
                    79:c5:5e:0b:e0:44:79:c1:70:d1:3e:9b:74:d0:1e:
                    cf:64:d2:57:2d:8f:99:9b:f7:58:58:18:e0:f1:cd:
                    c2:0b:15:1a:af:80:70:58:a3:70:b1:e9:a5:40:cd:
                    22:73:dc:f1:43:e4:cd:99:39:af:c7:90:a0:90:eb:
                    37:b0:5a:0f:f4:fe:9b:95:d4:fd:1d:f5:0e:27:42:
                    fc:87:e7:6e:53:da:30:3b:9b:e1:e6:06:7a:c3:1d:
                    58:29:12:6b:2c:d8:79:f0:04:24:fb:bc:d2:43:c3:
                    eb:94:69:a4:29:f2:fa:3a:e5:ab:48:27:1d:71:a2:
                    63:cc:7d:77:37:ae:85:42:ca:ce:a0:f6:8d:fc:13:
                    e1:2d:d0:91:3e:25:fe:b0:c0:86:1e:2c:f4:0f:a3:
                    98:ec:a9:00:46:5b:d7:54:30:b4:5c:b8:09:c7:31:
                    59:59:0c:42:35:93:ab:a5:5e:b3:55:88:4e:26:5f:
                    3d:b1:11:5b:ed:12:96:3b:50:95:ee:34:d0:6e:79:
                    ab:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:06:67:98:FF:79:8C:33:C9:76:55:2B:90:5F:64:A8:9E:30:B1:1B
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bQZnmP95jDPJdlUrkF9kqJ4wsRs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         37:80:cb:b3:0d:ef:c3:5f:4c:bf:e2:11:70:1f:4c:bb:32:3a:
         b5:73:2d:44:67:92:9c:65:80:cf:55:8b:99:7e:c1:d1:4b:03:
         74:1d:bd:08:bc:71:47:a4:bc:ea:1b:8d:c7:62:ed:86:1f:dd:
         2e:e7:37:93:a5:fc:18:9e:7a:a8:6c:80:a1:70:10:8b:52:3e:
         f8:57:a9:8e:63:99:51:3a:30:e9:44:e0:92:f0:fc:a1:e6:9e:
         de:3b:91:06:c6:d4:9e:2a:bf:10:05:27:89:19:36:fb:23:9f:
         9d:c0:2b:7b:f5:3c:c8:1c:2e:cc:85:6c:3a:17:fc:68:46:b3:
         05:32:c5:14:23:96:82:2c:87:58:99:93:ba:87:14:2c:ab:d2:
         ce:91:9e:3c:36:ee:34:83:9f:ff:61:c0:9c:17:30:2e:c2:ac:
         fd:cd:58:08:5e:a1:5d:e7:3d:72:2c:45:67:bb:09:18:1f:c6:
         10:6a:52:80:b2:0d:82:fe:f9:c3:00:00:3e:3a:7e:53:3b:5c:
         e9:65:42:4b:ca:e3:ff:0f:96:59:68:61:16:ea:fe:3f:bd:81:
         f3:8e:e9:53:f6:5f:2f:7a:de:c1:a1:ed:0b:50:bb:0a:72:03:
         b8:1d:b2:42:6c:74:c3:e5:1f:89:25:37:0c:b2:c1:0b:e8:a3:
         b0:8c:42:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMuaJeGUPsO/5rha/1FMKryMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjQxMTE1MDYwMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDA2Njc5OGZmNzk4YzMzYzk3NjU1MmI5MDVmNjRhODllMzBiMTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyC/cdWT3D5Nb5zRXvmo6qX+2JVli
w4ELrbPWdmxmH67j78hZ6WTFcrMgEVa5clk3c4tKvZ4nnkyPSbp5xV4L4ER5wXDR
Ppt00B7PZNJXLY+Zm/dYWBjg8c3CCxUar4BwWKNwsemlQM0ic9zxQ+TNmTmvx5Cg
kOs3sFoP9P6bldT9HfUOJ0L8h+duU9owO5vh5gZ6wx1YKRJrLNh58AQk+7zSQ8Pr
lGmkKfL6OuWrSCcdcaJjzH13N66FQsrOoPaN/BPhLdCRPiX+sMCGHiz0D6OY7KkA
RlvXVDC0XLgJxzFZWQxCNZOrpV6zVYhOJl89sRFb7RKWO1CV7jTQbnmrZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG0GZ5j/eYwzyXZVK5BfZKieMLEbMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvYlFabm1QOTVqRFBKZGxVcmtGOWtxSjR3c1JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEbXrwMA0G
CSqGSIb3DQEBCwUAA4IBAQA3gMuzDe/DX0y/4hFwH0y7Mjq1cy1EZ5KcZYDPVYuZ
fsHRSwN0Hb0IvHFHpLzqG43HYu2GH90u5zeTpfwYnnqobIChcBCLUj74V6mOY5lR
OjDpROCS8Pyh5p7eO5EGxtSeKr8QBSeJGTb7I5+dwCt79TzIHC7MhWw6F/xoRrMF
MsUUI5aCLIdYmZO6hxQsq9LOkZ48Nu40g5//YcCcFzAuwqz9zVgIXqFd5z1yLEVn
uwkYH8YQalKAsg2C/vnDAAA+On5TO1zpZUJLyuP/D5ZZaGEW6v4/vYHzjulT9l8v
et7Boe0LULsKcgO4HbJCbHTD5R+JJTcMssEL6KOwjEL/
-----END CERTIFICATE-----