Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/e1WMx_ge3OvvuQfeVWgtsTZKIeI.roa
File:                     e1WMx_ge3OvvuQfeVWgtsTZKIeI.roa (raw, json)
Hash identifier:          AcxhV2adeY8w5h5li2Z6uouvIaFM+nk6upPlV2hgezs=
Subject key identifier:   7B:55:8C:C7:F8:1E:DC:EB:EF:B9:07:DE:55:68:2D:B1:36:4A:21:E2
Certificate issuer:       /CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Certificate serial:       019421B1CDD1047786A43CB94A66B89E0F1C
Authority key identifier: 83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/e1WMx_ge3OvvuQfeVWgtsTZKIeI.roa
Signing time:             Wed 01 Jan 2025 11:48:08 +0000
ROA not before:           Wed 01 Jan 2025 11:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     38971
IP address blocks:        109.196.132.0/24 maxlen: 24
                          178.57.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:cd:d1:04:77:86:a4:3c:b9:4a:66:b8:9e:0f:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
        Validity
            Not Before: Jan  1 11:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7b558cc7f81edcebefb907de55682db1364a21e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:29:c1:58:02:5b:d3:a5:2a:e0:9a:92:cd:72:
                    11:3b:2c:58:44:71:1a:93:e6:d4:f7:78:0c:a6:4d:
                    81:ca:34:bd:20:0e:14:c4:d3:9d:77:05:19:01:16:
                    be:2e:36:bf:68:a4:84:20:75:0e:1b:65:9f:52:05:
                    3d:44:7e:95:71:c4:e7:5c:59:9d:4e:16:54:05:0c:
                    9f:1f:38:a9:70:22:d9:9b:40:73:1f:c4:61:0b:a7:
                    0f:2b:83:29:03:15:a8:99:9b:91:28:db:cf:d3:ef:
                    35:35:62:19:6a:f5:5a:c4:22:93:fe:b0:34:a6:d4:
                    d7:8a:7f:38:f4:48:77:ff:28:bd:6a:1d:93:28:77:
                    5f:5c:55:a1:09:98:ee:ce:4b:af:36:93:2a:ef:bc:
                    87:ba:86:4c:e7:d1:35:f9:3b:57:2d:77:93:3d:5b:
                    0f:a1:7e:8f:12:c2:7a:ec:e5:e0:2a:f2:a1:de:44:
                    f9:23:b8:c6:8d:74:e7:b8:21:e6:0b:c3:25:9a:9d:
                    5b:fd:86:82:0b:0c:cf:f9:d8:ae:b4:8d:5c:be:e9:
                    21:7f:ee:7b:a5:a8:7e:a7:2d:8c:d7:3c:f4:c4:f9:
                    b4:5c:42:c1:c7:d3:74:8e:35:65:57:6f:09:19:a8:
                    b5:39:8f:5b:d9:16:ae:df:7b:e2:f0:5e:87:f2:0e:
                    c3:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:55:8C:C7:F8:1E:DC:EB:EF:B9:07:DE:55:68:2D:B1:36:4A:21:E2
            X509v3 Authority Key Identifier:
                keyid:83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/e1WMx_ge3OvvuQfeVWgtsTZKIeI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.196.132.0/24
                  178.57.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:e6:1e:6f:54:c7:03:cf:7f:c9:30:ac:5f:68:d1:b2:fb:26:
         99:e8:51:a7:8f:86:a7:ba:25:b2:1d:fe:15:da:aa:ef:19:a1:
         84:a6:f7:59:fe:09:0a:8e:e9:ea:49:e0:3d:5b:13:89:d5:61:
         73:b6:b4:5f:2e:60:3b:55:be:cf:1d:c8:67:05:27:b8:9d:e8:
         46:65:52:32:2a:fd:2c:19:ea:20:35:ec:a0:40:4c:a1:10:d0:
         57:7e:8f:ad:30:7a:d9:54:cb:99:51:c6:b7:af:b6:b0:c1:ee:
         60:0c:8b:30:86:33:ea:81:f0:c0:30:f5:88:c1:28:bb:9c:f0:
         a9:af:70:23:56:45:9b:35:d3:5e:0c:13:c4:e6:c1:0e:89:e5:
         df:ed:bd:dd:af:1c:97:f1:c3:c6:06:86:79:b5:d2:d0:01:b2:
         ea:8d:cd:7e:83:c9:40:5e:3b:81:a9:54:9e:e3:fb:bf:40:2c:
         34:7f:fa:ad:f2:ed:06:47:eb:eb:f9:f7:d9:69:c0:5e:5e:b1:
         2c:cd:07:16:19:da:67:6b:fe:0c:4a:b6:7b:32:67:28:11:09:
         c0:b2:00:02:db:03:d9:5b:11:d9:40:9c:bc:4d:aa:22:91:e7:
         c3:c2:23:d0:fc:cb:5e:fb:db:a6:ad:64:df:44:ea:d2:01:14:
         17:8e:24:a7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhsc3RBHeGpDy5Sma4ng8cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzhlZjQxYjJjMDEwNWE5MWNjYmI5Yzg5MzM3ZmFlYjEy
OWZmODQwHhcNMjUwMTAxMTE0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjU1OGNjN2Y4MWVkY2ViZWZiOTA3ZGU1NTY4MmRiMTM2NGEyMWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzinBWAJb06Uq4JqSzXIROyxYRHEa
k+bU93gMpk2ByjS9IA4UxNOddwUZARa+Lja/aKSEIHUOG2WfUgU9RH6VccTnXFmd
ThZUBQyfHzipcCLZm0BzH8RhC6cPK4MpAxWomZuRKNvP0+81NWIZavVaxCKT/rA0
ptTXin849Eh3/yi9ah2TKHdfXFWhCZjuzkuvNpMq77yHuoZM59E1+TtXLXeTPVsP
oX6PEsJ67OXgKvKh3kT5I7jGjXTnuCHmC8Mlmp1b/YaCCwzP+diutI1cvukhf+57
pah+py2M1zz0xPm0XELBx9N0jjVlV28JGai1OY9b2Rau33vi8F6H8g7DoQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHtVjMf4Htzr77kH3lVoLbE2SiHiMB8GA1UdIwQY
MBaAFIM470GywBBakcy7nIkzf66xKf+EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3Mzgt
MjhmYzc3OTY3NzYzLzEvZTFXTXhfZ2UzT3Z2dVFmZVZXZ3RzVFpLSWVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3MzgtMjhmYzc3OTY3NzYz
LzEvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbcSEAwQA
sjlHMA0GCSqGSIb3DQEBCwUAA4IBAQB/5h5vVMcDz3/JMKxfaNGy+yaZ6FGnj4an
uiWyHf4V2qrvGaGEpvdZ/gkKjunqSeA9WxOJ1WFztrRfLmA7Vb7PHchnBSe4nehG
ZVIyKv0sGeogNeygQEyhENBXfo+tMHrZVMuZUca3r7awwe5gDIswhjPqgfDAMPWI
wSi7nPCpr3AjVkWbNdNeDBPE5sEOieXf7b3drxyX8cPGBoZ5tdLQAbLqjc1+g8lA
XjuBqVSe4/u/QCw0f/qt8u0GR+vr+ffZacBeXrEszQcWGdpna/4MSrZ7MmcoEQnA
sgAC2wPZWxHZQJy8TaoikefDwiPQ/Mte+9umrWTfROrSARQXjiSn
-----END CERTIFICATE-----