Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/a3f06e-ac6c-4b66-a96c-29b97b990555/1/_9hTLlJnLRA_A0tBJZrt39as7xg.roa
File:                     _9hTLlJnLRA_A0tBJZrt39as7xg.roa (raw, json)
Hash identifier:          wFxuZ4h9T3MV1XhuCw+0BSZnSlOb/FPW9LipazBslAU=
Subject key identifier:   FF:D8:53:2E:52:67:2D:10:3F:03:4B:41:25:9A:ED:DF:D6:AC:EF:18
Certificate issuer:       /CN=2a8d3d3bdb06f00e6bb445f4db2d97f9b7c4beba
Certificate serial:       0194228E03ADDA60C72512D938C2241D6214
Authority key identifier: 2A:8D:3D:3B:DB:06:F0:0E:6B:B4:45:F4:DB:2D:97:F9:B7:C4:BE:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ko09O9sG8A5rtEX02y2X-bfEvro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/a3f06e-ac6c-4b66-a96c-29b97b990555/1/_9hTLlJnLRA_A0tBJZrt39as7xg.roa
Signing time:             Wed 01 Jan 2025 15:48:39 +0000
ROA not before:           Wed 01 Jan 2025 15:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215248
IP address blocks:        104.167.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/a3f06e-ac6c-4b66-a96c-29b97b990555/1/Ko09O9sG8A5rtEX02y2X-bfEvro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/a3f06e-ac6c-4b66-a96c-29b97b990555/1/Ko09O9sG8A5rtEX02y2X-bfEvro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ko09O9sG8A5rtEX02y2X-bfEvro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:03:ad:da:60:c7:25:12:d9:38:c2:24:1d:62:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a8d3d3bdb06f00e6bb445f4db2d97f9b7c4beba
        Validity
            Not Before: Jan  1 15:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ffd8532e52672d103f034b41259aeddfd6acef18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:dd:80:c9:71:72:89:21:80:17:82:cd:96:ac:
                    99:2c:fa:da:2b:a8:26:32:c4:f4:cd:e6:d0:b4:0a:
                    36:4f:55:db:5a:6f:45:b4:6b:97:3c:fd:2f:20:83:
                    83:09:7a:d4:35:1b:58:05:52:15:d5:ea:6f:cc:bd:
                    f7:71:0b:5c:f6:9b:4a:97:8f:f9:04:cd:df:73:95:
                    05:ec:37:c7:8a:ca:9a:60:67:fd:63:ab:13:de:31:
                    41:15:17:61:dc:f5:c4:72:c7:c1:ba:ae:ae:92:c3:
                    bf:04:6b:08:d1:48:46:0d:bb:29:35:1d:b5:04:91:
                    d4:32:7e:50:d2:e0:f2:70:83:2c:08:ff:27:37:bb:
                    db:ea:f1:37:11:ac:ef:00:71:5d:92:3d:84:8e:a7:
                    36:ed:fe:ac:57:71:37:d7:a2:37:7f:89:c5:3d:4e:
                    04:d9:d0:0e:e9:c5:38:9a:1a:0c:46:84:16:0a:14:
                    08:99:99:86:d5:70:4f:ee:d2:83:90:de:83:a0:0b:
                    86:53:73:26:b9:73:85:da:0b:83:6a:f0:c5:88:ba:
                    93:d6:91:1e:a9:ef:1e:be:79:04:d7:c1:72:c1:e6:
                    76:ff:a5:44:a4:d8:d7:e2:7d:60:68:cd:a2:06:7c:
                    f6:a5:dc:06:ad:27:18:7c:06:75:af:38:26:89:23:
                    2f:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:D8:53:2E:52:67:2D:10:3F:03:4B:41:25:9A:ED:DF:D6:AC:EF:18
            X509v3 Authority Key Identifier:
                keyid:2A:8D:3D:3B:DB:06:F0:0E:6B:B4:45:F4:DB:2D:97:F9:B7:C4:BE:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ko09O9sG8A5rtEX02y2X-bfEvro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/a3f06e-ac6c-4b66-a96c-29b97b990555/1/_9hTLlJnLRA_A0tBJZrt39as7xg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/a3f06e-ac6c-4b66-a96c-29b97b990555/1/Ko09O9sG8A5rtEX02y2X-bfEvro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.167.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:ef:4c:81:55:11:78:70:cf:49:3b:5b:bc:cc:30:5d:a0:6d:
         73:ae:20:15:1d:a9:21:03:39:dd:16:58:b0:0a:1d:ce:28:47:
         e5:10:0e:d8:13:59:78:8d:1e:ae:31:4a:07:0d:9b:76:b1:9d:
         d9:b3:7e:a6:0c:e1:54:54:64:e9:18:ae:ef:de:27:8c:b7:ce:
         5d:71:10:cd:6c:91:3e:b3:7f:f8:43:a8:f0:c9:1b:a8:0f:6f:
         be:c4:56:c1:36:9c:ae:ca:07:51:d2:7c:90:87:69:f7:ef:0c:
         99:aa:34:25:cb:bf:30:68:16:ce:74:9d:60:38:8a:83:eb:19:
         e1:83:1e:70:5d:c0:e9:e0:f6:cd:4a:e8:95:ed:f1:86:ec:01:
         8e:a4:ee:6f:04:ca:0e:90:7d:ee:57:94:21:14:41:57:c8:23:
         c2:f6:a2:17:01:c1:45:55:6d:c2:a9:af:b0:4a:0f:52:db:c7:
         30:56:9b:e2:60:6f:83:06:85:75:5a:0a:76:23:9a:7e:82:ef:
         07:52:ea:f7:9f:5e:71:1b:55:4e:dd:70:9f:3e:07:2f:f5:c6:
         e0:6d:f9:4e:1d:12:1d:31:d3:91:25:fe:ee:d5:69:82:03:fa:
         1d:d5:61:04:8a:30:6f:36:e3:2d:6a:b2:7a:16:2b:7e:1e:66:
         47:b5:3e:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijgOt2mDHJRLZOMIkHWIUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOGQzZDNiZGIwNmYwMGU2YmI0NDVmNGRiMmQ5N2Y5Yjdj
NGJlYmEwHhcNMjUwMTAxMTU0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmQ4NTMyZTUyNjcyZDEwM2YwMzRiNDEyNTlhZWRkZmQ2YWNlZjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtN2AyXFyiSGAF4LNlqyZLPraK6gm
MsT0zebQtAo2T1XbWm9FtGuXPP0vIIODCXrUNRtYBVIV1epvzL33cQtc9ptKl4/5
BM3fc5UF7DfHisqaYGf9Y6sT3jFBFRdh3PXEcsfBuq6uksO/BGsI0UhGDbspNR21
BJHUMn5Q0uDycIMsCP8nN7vb6vE3EazvAHFdkj2Ejqc27f6sV3E316I3f4nFPU4E
2dAO6cU4mhoMRoQWChQImZmG1XBP7tKDkN6DoAuGU3MmuXOF2guDavDFiLqT1pEe
qe8evnkE18FyweZ2/6VEpNjX4n1gaM2iBnz2pdwGrScYfAZ1rzgmiSMvwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP/YUy5SZy0QPwNLQSWa7d/WrO8YMB8GA1UdIwQY
MBaAFCqNPTvbBvAOa7RF9Nstl/m3xL66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS28wOU85c0c4QTVydEVYMDJ5MlgtYmZFdnJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC9hM2YwNmUtYWM2Yy00YjY2LWE5NmMt
MjliOTdiOTkwNTU1LzEvXzloVExsSm5MUkFfQTB0QkpacnQzOWFzN3hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC9hM2YwNmUtYWM2Yy00YjY2LWE5NmMtMjliOTdiOTkwNTU1
LzEvS28wOU85c0c4QTVydEVYMDJ5MlgtYmZFdnJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAaKcTMA0G
CSqGSIb3DQEBCwUAA4IBAQCc70yBVRF4cM9JO1u8zDBdoG1zriAVHakhAzndFliw
Ch3OKEflEA7YE1l4jR6uMUoHDZt2sZ3Zs36mDOFUVGTpGK7v3ieMt85dcRDNbJE+
s3/4Q6jwyRuoD2++xFbBNpyuygdR0nyQh2n37wyZqjQly78waBbOdJ1gOIqD6xnh
gx5wXcDp4PbNSuiV7fGG7AGOpO5vBMoOkH3uV5QhFEFXyCPC9qIXAcFFVW3Cqa+w
Sg9S28cwVpviYG+DBoV1Wgp2I5p+gu8HUur3n15xG1VO3XCfPgcv9cbgbflOHRId
MdORJf7u1WmCA/od1WEEijBvNuMtarJ6Fit+HmZHtT7J
-----END CERTIFICATE-----