Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/09db86-676d-4f9e-a2b4-0285c15fc51e/1/_66GUATo4F62e-zSRdrY5Scw7vI.roa
File:                     _66GUATo4F62e-zSRdrY5Scw7vI.roa (raw, json)
Hash identifier:          fGRThmRK99/VwtLpaDe06S96FPLhmaswQib9OqrGAEY=
Subject key identifier:   FF:AE:86:50:04:E8:E0:5E:B6:7B:EC:D2:45:DA:D8:E5:27:30:EE:F2
Certificate issuer:       /CN=175f6e1ebb831935c8422c972bcab2e56d1d9e36
Certificate serial:       019427B556946A88516BF2F18BF8593AA2A0
Authority key identifier: 17:5F:6E:1E:BB:83:19:35:C8:42:2C:97:2B:CA:B2:E5:6D:1D:9E:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F19uHruDGTXIQiyXK8qy5W0dnjY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/09db86-676d-4f9e-a2b4-0285c15fc51e/1/_66GUATo4F62e-zSRdrY5Scw7vI.roa
Signing time:             Thu 02 Jan 2025 15:49:43 +0000
ROA not before:           Thu 02 Jan 2025 15:49:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50031
IP address blocks:        109.69.112.0/21 maxlen: 21
                          2a01:7300::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/09db86-676d-4f9e-a2b4-0285c15fc51e/1/F19uHruDGTXIQiyXK8qy5W0dnjY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/09db86-676d-4f9e-a2b4-0285c15fc51e/1/F19uHruDGTXIQiyXK8qy5W0dnjY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F19uHruDGTXIQiyXK8qy5W0dnjY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:56:94:6a:88:51:6b:f2:f1:8b:f8:59:3a:a2:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=175f6e1ebb831935c8422c972bcab2e56d1d9e36
        Validity
            Not Before: Jan  2 15:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ffae865004e8e05eb67becd245dad8e52730eef2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:75:77:71:78:a6:10:26:35:2e:17:b8:1f:49:
                    4a:76:8c:54:76:90:e1:ae:43:1a:ce:0d:6f:9b:01:
                    c2:46:b5:e2:71:8b:4a:15:15:b9:d4:3f:30:e4:c7:
                    81:d8:1b:0e:a9:91:66:f2:e3:0e:a3:b5:3e:43:4d:
                    d8:79:20:3f:b6:8c:c6:83:05:57:12:bf:a3:45:aa:
                    b0:df:58:d9:70:0c:e7:5f:5e:53:88:ef:0e:27:d9:
                    f5:59:9f:05:54:83:b1:3e:d7:59:88:05:99:82:be:
                    ad:15:e2:43:7f:a3:f7:83:40:40:0e:80:f0:e5:d5:
                    05:e7:fe:75:04:71:ab:4a:61:17:66:84:85:c5:20:
                    8e:67:5f:1f:a4:6c:38:5a:7d:d5:02:1d:a9:4b:82:
                    55:57:26:84:96:db:ce:89:a3:a0:37:e2:5c:ec:fc:
                    f9:0a:ed:a1:47:9b:05:96:1e:33:6e:8e:57:3e:21:
                    12:25:f1:8e:72:f8:2b:85:f9:a5:c4:2b:24:85:8b:
                    99:c9:13:7d:47:d5:d3:09:78:ef:31:dd:fd:f3:4a:
                    67:78:55:09:ab:a9:6c:46:68:99:86:fe:f6:8e:c3:
                    f0:85:50:5a:78:7d:4d:52:f0:ec:1c:6c:5f:c7:b8:
                    60:fe:31:7d:62:62:ce:76:7f:94:4a:d8:61:d5:b1:
                    dd:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:AE:86:50:04:E8:E0:5E:B6:7B:EC:D2:45:DA:D8:E5:27:30:EE:F2
            X509v3 Authority Key Identifier:
                keyid:17:5F:6E:1E:BB:83:19:35:C8:42:2C:97:2B:CA:B2:E5:6D:1D:9E:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F19uHruDGTXIQiyXK8qy5W0dnjY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/09db86-676d-4f9e-a2b4-0285c15fc51e/1/_66GUATo4F62e-zSRdrY5Scw7vI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/09db86-676d-4f9e-a2b4-0285c15fc51e/1/F19uHruDGTXIQiyXK8qy5W0dnjY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.69.112.0/21
                IPv6:
                  2a01:7300::/32

    Signature Algorithm: sha256WithRSAEncryption
         32:0e:b5:ad:37:73:7f:2c:5b:98:58:67:20:26:fe:ce:ce:15:
         54:b6:fd:ca:c9:3e:5c:f8:b5:e7:a4:44:09:af:f3:3d:a0:93:
         de:4c:54:6e:13:b3:2e:cd:20:ee:47:fc:33:d1:36:0e:b3:27:
         f7:a4:66:09:2e:71:7b:50:3c:79:d2:a2:b7:8d:dc:f3:ab:0b:
         da:9e:d1:8e:e7:b4:1b:82:f6:05:2f:b1:af:59:71:be:8d:09:
         e6:42:34:ab:59:38:e2:c0:69:07:38:04:de:db:7b:1a:0b:ae:
         82:13:fe:61:24:a7:72:7d:da:ac:4a:a4:1b:a8:64:5c:91:c0:
         d6:ec:35:4a:85:74:b4:d7:b0:62:b0:d0:36:71:76:7e:64:d3:
         48:0e:4e:45:39:35:ae:57:f6:25:fb:f3:e9:78:ac:55:58:ee:
         3f:54:bf:7e:21:54:09:76:2a:f8:a8:5b:53:d6:76:8a:35:1d:
         2b:95:01:27:be:5f:10:26:e3:cf:12:a9:75:0b:fc:0d:a9:ba:
         36:64:3e:34:69:86:e9:28:5e:2c:ae:66:93:6c:c5:03:1b:e6:
         72:75:ca:6e:1c:a1:61:8b:71:93:76:70:4d:58:4d:d7:8a:23:
         4a:14:ab:6a:0c:ce:ef:cf:03:80:61:a4:7b:03:4b:06:3c:db:
         12:2a:b9:0a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQntVaUaohRa/Lxi/hZOqKgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NWY2ZTFlYmI4MzE5MzVjODQyMmM5NzJiY2FiMmU1NmQx
ZDllMzYwHhcNMjUwMTAyMTU0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmFlODY1MDA0ZThlMDVlYjY3YmVjZDI0NWRhZDhlNTI3MzBlZWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHV3cXimECY1Lhe4H0lKdoxUdpDh
rkMazg1vmwHCRrXicYtKFRW51D8w5MeB2BsOqZFm8uMOo7U+Q03YeSA/tozGgwVX
Er+jRaqw31jZcAznX15TiO8OJ9n1WZ8FVIOxPtdZiAWZgr6tFeJDf6P3g0BADoDw
5dUF5/51BHGrSmEXZoSFxSCOZ18fpGw4Wn3VAh2pS4JVVyaEltvOiaOgN+Jc7Pz5
Cu2hR5sFlh4zbo5XPiESJfGOcvgrhfmlxCskhYuZyRN9R9XTCXjvMd3980pneFUJ
q6lsRmiZhv72jsPwhVBaeH1NUvDsHGxfx7hg/jF9YmLOdn+USthh1bHdOwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFP+uhlAE6OBetnvs0kXa2OUnMO7yMB8GA1UdIwQY
MBaAFBdfbh67gxk1yEIslyvKsuVtHZ42MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjE5dUhydURHVFhJUWl5WEs4cXk1VzBkbmpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC8wOWRiODYtNjc2ZC00ZjllLWEyYjQt
MDI4NWMxNWZjNTFlLzEvXzY2R1VBVG80RjYyZS16U1Jkclk1U2N3N3ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC8wOWRiODYtNjc2ZC00ZjllLWEyYjQtMDI4NWMxNWZjNTFl
LzEvRjE5dUhydURHVFhJUWl5WEs4cXk1VzBkbmpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDbUVwMA0E
AgACMAcDBQAqAXMAMA0GCSqGSIb3DQEBCwUAA4IBAQAyDrWtN3N/LFuYWGcgJv7O
zhVUtv3KyT5c+LXnpEQJr/M9oJPeTFRuE7MuzSDuR/wz0TYOsyf3pGYJLnF7UDx5
0qK3jdzzqwvantGO57QbgvYFL7GvWXG+jQnmQjSrWTjiwGkHOATe23saC66CE/5h
JKdyfdqsSqQbqGRckcDW7DVKhXS017BisNA2cXZ+ZNNIDk5FOTWuV/Yl+/PpeKxV
WO4/VL9+IVQJdir4qFtT1naKNR0rlQEnvl8QJuPPEql1C/wNqbo2ZD40aYbpKF4s
rmaTbMUDG+ZydcpuHKFhi3GTdnBNWE3XiiNKFKtqDM7vzwOAYaR7A0sGPNsSKrkK
-----END CERTIFICATE-----