Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/1-6XsWLY5Jpu1N1_MsrLwaa6KqaQ.roa
File:                     1-6XsWLY5Jpu1N1_MsrLwaa6KqaQ.roa (raw, json)
Hash identifier:          k7zsZ+NKN64kH57lUmpUvxkms+mAxSh+h3tv1LUR1Lk=
Subject key identifier:   FB:A5:EC:58:B6:39:26:9B:B5:37:5F:CC:B2:B2:F0:69:AE:8A:A9:A4
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       01942747CD56AC8CCED6084AA08EA58FA4E9
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/1-6XsWLY5Jpu1N1_MsrLwaa6KqaQ.roa
Signing time:             Thu 02 Jan 2025 13:50:04 +0000
ROA not before:           Thu 02 Jan 2025 13:50:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197577
IP address blocks:        109.248.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 03:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:cd:56:ac:8c:ce:d6:08:4a:a0:8e:a5:8f:a4:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  2 13:50:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fba5ec58b639269bb5375fccb2b2f069ae8aa9a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:52:b4:78:b6:79:4b:cc:7a:ef:a0:91:df:c8:
                    0f:e3:7b:3b:85:0d:04:8b:58:93:7a:81:95:30:97:
                    13:29:bd:04:1e:1d:12:5a:53:96:f3:e0:8a:31:9a:
                    60:68:71:fa:00:1b:b3:4f:3c:21:9a:cc:ff:b5:0b:
                    35:d3:88:b6:42:ae:23:ea:7f:7e:3d:1f:7a:3f:46:
                    bc:69:50:46:be:ea:b8:b6:d6:f1:70:de:d1:22:e1:
                    11:ab:c5:2c:19:ff:02:56:f9:e1:dd:e2:7d:c6:f8:
                    ae:86:84:74:5f:a5:24:6f:1f:46:f4:03:f1:84:e0:
                    c6:c7:1c:01:ae:3e:27:f5:60:6d:28:23:8c:e3:55:
                    a5:f9:b1:25:c4:c2:cf:16:88:ef:15:c4:3f:bf:bf:
                    6f:24:4b:b3:42:1f:9a:e0:92:f1:d9:96:16:f5:1e:
                    fd:59:19:89:a1:e0:10:7f:17:54:9f:66:bd:de:46:
                    68:1b:27:40:af:75:ed:dc:91:d3:67:d6:cd:e2:40:
                    56:49:63:9e:b3:a9:be:f1:03:be:36:fe:38:39:c1:
                    5a:1f:02:c5:33:71:43:44:9d:c5:47:1f:80:65:a7:
                    2f:5f:f8:3b:4d:45:4d:b2:60:c1:e6:53:3a:30:a1:
                    6c:e3:ca:dc:ca:01:2a:cd:72:77:0c:46:56:93:f6:
                    a2:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:A5:EC:58:B6:39:26:9B:B5:37:5F:CC:B2:B2:F0:69:AE:8A:A9:A4
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/1-6XsWLY5Jpu1N1_MsrLwaa6KqaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.248.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:00:31:2e:ce:1e:b5:36:3d:72:1c:e2:b9:97:32:d4:ed:4d:
         23:d1:88:b1:c7:e6:0b:04:27:c8:28:23:92:05:d5:71:bf:46:
         af:bd:6f:12:3a:5c:56:3c:50:94:55:d6:9e:e4:27:ea:43:19:
         a3:c3:ef:33:56:08:35:1e:8b:1a:73:2c:cc:f8:2f:d8:5b:c3:
         f9:bb:a7:48:fc:c7:cd:45:6a:3b:98:e0:31:21:0c:36:1e:f0:
         4f:da:83:2f:79:e4:84:a6:e0:ce:37:a6:06:21:82:8d:ef:09:
         86:46:da:07:51:ef:ec:a2:12:71:28:b5:7e:2d:26:fa:24:15:
         e0:ec:41:30:9f:05:42:af:63:45:b6:18:22:bc:a4:80:97:6c:
         4f:0a:7a:7b:59:10:dd:5b:90:a5:87:9c:b0:93:04:e2:bc:4c:
         7b:90:58:bc:a5:e9:1b:6f:50:36:1f:b4:a8:b7:f4:72:7b:1c:
         df:61:65:52:b7:0e:00:f9:15:70:0a:35:58:fe:2c:f9:96:06:
         27:6b:97:e9:01:b0:84:87:f5:d9:f9:95:db:e2:0c:cc:d7:aa:
         a1:fa:35:a5:e0:dd:39:37:4b:8b:e6:04:9f:3a:34:d6:52:0a:
         5b:5c:e7:4f:2f:71:40:aa:34:63:0e:83:dd:e7:a5:2d:ae:d1:
         43:d8:db:bf
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQnR81WrIzO1ghKoI6lj6TpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjUwMTAyMTM1MDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmE1ZWM1OGI2MzkyNjliYjUzNzVmY2NiMmIyZjA2OWFlOGFhOWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqlK0eLZ5S8x676CR38gP43s7hQ0E
i1iTeoGVMJcTKb0EHh0SWlOW8+CKMZpgaHH6ABuzTzwhmsz/tQs104i2Qq4j6n9+
PR96P0a8aVBGvuq4ttbxcN7RIuERq8UsGf8CVvnh3eJ9xviuhoR0X6Ukbx9G9APx
hODGxxwBrj4n9WBtKCOM41Wl+bElxMLPFojvFcQ/v79vJEuzQh+a4JLx2ZYW9R79
WRmJoeAQfxdUn2a93kZoGydAr3Xt3JHTZ9bN4kBWSWOes6m+8QO+Nv44OcFaHwLF
M3FDRJ3FRx+AZacvX/g7TUVNsmDB5lM6MKFs48rcygEqzXJ3DEZWk/aiXwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPul7Fi2OSabtTdfzLKy8GmuiqmkMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvMS02WHNXTFk1SnB1MU4xX01zckx3YWE2S3FhUS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjUvMzIxY2RjLTIxNDMtNGI1Yy05NzMzLTE2Njk5Yzk2ZGQ1
ZS8xL2lGdUZkd2JheFU0Z3lnMFJ2V1FXeTJOQ0E3US5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAG34KTAN
BgkqhkiG9w0BAQsFAAOCAQEAlQAxLs4etTY9chziuZcy1O1NI9GIscfmCwQnyCgj
kgXVcb9Gr71vEjpcVjxQlFXWnuQn6kMZo8PvM1YINR6LGnMszPgv2FvD+bunSPzH
zUVqO5jgMSEMNh7wT9qDL3nkhKbgzjemBiGCje8JhkbaB1Hv7KIScSi1fi0m+iQV
4OxBMJ8FQq9jRbYYIrykgJdsTwp6e1kQ3VuQpYecsJME4rxMe5BYvKXpG29QNh+0
qLf0cnsc32FlUrcOAPkVcAo1WP4s+ZYGJ2uX6QGwhIf12fmV2+IMzNeqofo1peDd
OTdLi+YEnzo01lIKW1znTy9xQKo0Yw6D3eelLa7RQ9jbvw==
-----END CERTIFICATE-----