Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/15f690-5add-470d-a286-33bdc73ed0ea/1/unvmuKqROUfBv3e0sgdNxPiAc_g.roa
File:                     unvmuKqROUfBv3e0sgdNxPiAc_g.roa (raw, json)
Hash identifier:          rF6TRtskqMXcRCi7rD7nNhDfGn67uQw9dBuhX54qa6c=
Subject key identifier:   BA:7B:E6:B8:AA:91:39:47:C1:BF:77:B4:B2:07:4D:C4:F8:80:73:F8
Certificate issuer:       /CN=090e592a2e0d427a09aa2de1b9baf08ccd14f0a0
Certificate serial:       01941F8C8FAD09EC6A809242A59F98191F8C
Authority key identifier: 09:0E:59:2A:2E:0D:42:7A:09:AA:2D:E1:B9:BA:F0:8C:CD:14:F0:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CQ5ZKi4NQnoJqi3hubrwjM0U8KA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/15f690-5add-470d-a286-33bdc73ed0ea/1/unvmuKqROUfBv3e0sgdNxPiAc_g.roa
Signing time:             Wed 01 Jan 2025 01:48:13 +0000
ROA not before:           Wed 01 Jan 2025 01:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21949
IP address blocks:        199.244.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/15f690-5add-470d-a286-33bdc73ed0ea/1/CQ5ZKi4NQnoJqi3hubrwjM0U8KA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/15f690-5add-470d-a286-33bdc73ed0ea/1/CQ5ZKi4NQnoJqi3hubrwjM0U8KA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CQ5ZKi4NQnoJqi3hubrwjM0U8KA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:8f:ad:09:ec:6a:80:92:42:a5:9f:98:19:1f:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=090e592a2e0d427a09aa2de1b9baf08ccd14f0a0
        Validity
            Not Before: Jan  1 01:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ba7be6b8aa913947c1bf77b4b2074dc4f88073f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:1e:e2:33:0a:0f:07:e6:95:78:1e:dc:b3:ed:
                    86:43:90:8d:0a:50:67:88:c7:c1:e2:b3:56:dd:f6:
                    bb:9a:22:37:aa:cf:b4:f9:6b:cc:85:94:33:0f:2a:
                    11:39:66:67:96:81:2e:00:69:0f:c9:5d:d5:b1:48:
                    c5:f1:dc:2c:f6:bd:3c:7e:77:7d:c9:e8:b5:31:f6:
                    da:3f:3b:33:a6:36:c7:16:9c:22:d8:bd:40:18:3a:
                    55:1a:b5:cb:ba:a3:9a:73:93:2b:74:d2:8b:b6:b4:
                    ca:58:d4:75:26:67:04:11:62:15:f4:d4:b8:71:77:
                    b4:57:b9:c7:47:18:a1:cd:c3:72:b2:63:07:4d:c7:
                    26:24:47:8f:9d:bb:31:28:52:ac:81:66:82:b0:af:
                    1a:74:a0:b4:46:21:e9:bc:bf:36:1c:77:ff:52:46:
                    43:bb:38:4e:03:6f:53:8d:f2:96:78:0d:cf:d0:e8:
                    f7:16:66:83:4f:0c:45:f4:b6:14:03:92:0a:96:20:
                    8e:31:a8:ab:0b:e0:81:3a:5f:17:4c:ce:94:1e:f0:
                    3d:83:60:2a:97:2a:ed:29:08:17:0f:d9:71:35:c0:
                    7b:33:a5:bd:cf:4b:3c:d0:7e:77:85:89:31:08:f4:
                    fe:95:02:68:0b:7e:eb:6d:cd:24:e4:da:e0:b2:38:
                    4a:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:7B:E6:B8:AA:91:39:47:C1:BF:77:B4:B2:07:4D:C4:F8:80:73:F8
            X509v3 Authority Key Identifier:
                keyid:09:0E:59:2A:2E:0D:42:7A:09:AA:2D:E1:B9:BA:F0:8C:CD:14:F0:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CQ5ZKi4NQnoJqi3hubrwjM0U8KA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/15f690-5add-470d-a286-33bdc73ed0ea/1/unvmuKqROUfBv3e0sgdNxPiAc_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/15f690-5add-470d-a286-33bdc73ed0ea/1/CQ5ZKi4NQnoJqi3hubrwjM0U8KA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.244.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:c2:39:21:d0:c1:5e:79:c2:53:f9:9a:b9:2b:f2:b2:07:53:
         d9:4e:a7:82:18:2b:d3:d9:34:1c:aa:69:3b:7c:ee:e5:6e:3b:
         c0:17:c1:e6:11:ee:c8:20:14:52:d5:ed:28:21:d4:f5:40:ba:
         35:c2:da:31:1e:78:eb:05:f9:7a:3a:64:36:d1:8e:90:b2:44:
         76:16:72:d5:14:04:c9:c5:30:ad:be:3f:68:16:fa:09:41:b6:
         0e:a3:cc:be:2a:9f:c9:c0:1c:98:d1:a4:d9:41:d6:6c:81:b4:
         88:b4:89:ee:9c:51:d2:6d:69:5d:22:3e:11:65:9a:dd:02:64:
         6e:c6:cd:fa:89:a8:bf:3d:fb:b0:7b:d8:b5:46:4c:45:66:8d:
         44:24:27:ba:c5:17:4e:ae:59:bb:91:a9:74:06:b8:cb:2a:78:
         87:77:e0:d9:35:35:85:9d:9e:38:b7:55:c2:95:9f:10:90:01:
         e8:2a:91:2f:44:74:35:51:08:59:dd:33:47:eb:58:45:19:d9:
         aa:b5:c5:e0:14:52:82:d4:41:1c:39:c1:1f:23:1a:94:72:cd:
         e0:4a:aa:8d:cb:be:38:e1:29:ac:35:23:68:e4:b3:aa:67:03:
         27:76:c8:53:56:17:41:b5:b7:c7:a0:29:cf:8f:b9:6f:87:8f:
         a0:27:9d:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjI+tCexqgJJCpZ+YGR+MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MGU1OTJhMmUwZDQyN2EwOWFhMmRlMWI5YmFmMDhjY2Qx
NGYwYTAwHhcNMjUwMTAxMDE0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTdiZTZiOGFhOTEzOTQ3YzFiZjc3YjRiMjA3NGRjNGY4ODA3M2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiR7iMwoPB+aVeB7cs+2GQ5CNClBn
iMfB4rNW3fa7miI3qs+0+WvMhZQzDyoROWZnloEuAGkPyV3VsUjF8dws9r08fnd9
yei1MfbaPzszpjbHFpwi2L1AGDpVGrXLuqOac5MrdNKLtrTKWNR1JmcEEWIV9NS4
cXe0V7nHRxihzcNysmMHTccmJEePnbsxKFKsgWaCsK8adKC0RiHpvL82HHf/UkZD
uzhOA29TjfKWeA3P0Oj3FmaDTwxF9LYUA5IKliCOMairC+CBOl8XTM6UHvA9g2Aq
lyrtKQgXD9lxNcB7M6W9z0s80H53hYkxCPT+lQJoC37rbc0k5NrgsjhKbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLp75riqkTlHwb93tLIHTcT4gHP4MB8GA1UdIwQY
MBaAFAkOWSouDUJ6Caot4bm68IzNFPCgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1E1WktpNE5Rbm9KcWkzaHVicndqTTBVOEtBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS8xNWY2OTAtNWFkZC00NzBkLWEyODYt
MzNiZGM3M2VkMGVhLzEvdW52bXVLcVJPVWZCdjNlMHNnZE54UGlBY19nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS8xNWY2OTAtNWFkZC00NzBkLWEyODYtMzNiZGM3M2VkMGVh
LzEvQ1E1WktpNE5Rbm9KcWkzaHVicndqTTBVOEtBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAx/RmMA0G
CSqGSIb3DQEBCwUAA4IBAQCLwjkh0MFeecJT+Zq5K/KyB1PZTqeCGCvT2TQcqmk7
fO7lbjvAF8HmEe7IIBRS1e0oIdT1QLo1wtoxHnjrBfl6OmQ20Y6QskR2FnLVFATJ
xTCtvj9oFvoJQbYOo8y+Kp/JwByY0aTZQdZsgbSItInunFHSbWldIj4RZZrdAmRu
xs36iai/Pfuwe9i1RkxFZo1EJCe6xRdOrlm7kal0BrjLKniHd+DZNTWFnZ44t1XC
lZ8QkAHoKpEvRHQ1UQhZ3TNH61hFGdmqtcXgFFKC1EEcOcEfIxqUcs3gSqqNy744
4SmsNSNo5LOqZwMndshTVhdBtbfHoCnPj7lvh4+gJ53H
-----END CERTIFICATE-----