Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/X1nEMCdXCL-rcV4ugvU0WY_WlPo.roa
File:                     X1nEMCdXCL-rcV4ugvU0WY_WlPo.roa (raw, json)
Hash identifier:          QW6v3tPekJCZgqK+1glL72zQoqycnbWKCzT3oTiEalw=
Subject key identifier:   5F:59:C4:30:27:57:08:BF:AB:71:5E:2E:82:F5:34:59:8F:D6:94:FA
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       01942747C782BE6EB8F1E4A7AFF35C2B167A
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/X1nEMCdXCL-rcV4ugvU0WY_WlPo.roa
Signing time:             Thu 02 Jan 2025 13:50:03 +0000
ROA not before:           Thu 02 Jan 2025 13:50:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56340
IP address blocks:        109.248.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 03:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:c7:82:be:6e:b8:f1:e4:a7:af:f3:5c:2b:16:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  2 13:50:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5f59c430275708bfab715e2e82f534598fd694fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:3d:c2:0b:a4:48:a9:ba:f8:09:e8:00:e9:8c:
                    5b:f8:69:f0:0c:b0:30:91:be:7d:70:9f:11:d0:cf:
                    b2:0d:2d:48:31:a9:0a:db:ac:b8:9c:1b:68:b9:6e:
                    d8:f0:fa:e9:fe:c8:99:6b:9e:a8:36:78:7b:9f:c3:
                    7a:24:a9:db:ea:85:d6:4a:9e:2a:10:96:38:6e:f5:
                    de:4f:76:7d:5b:76:9f:2d:53:6a:03:7a:5e:ad:5b:
                    8d:9f:e9:44:bd:ce:b0:27:9a:73:0b:a3:9c:39:42:
                    37:1e:d7:e0:de:73:e0:be:d3:ce:ed:0d:c9:b8:9a:
                    09:fe:04:58:92:78:e9:c4:61:b0:e6:f0:33:4b:9c:
                    fb:2a:6e:60:c7:21:2e:2f:97:7d:ca:84:a9:dc:47:
                    00:7e:13:b3:3b:a9:90:18:bb:eb:7e:2c:fd:4f:9d:
                    83:eb:dc:09:fb:75:5c:3e:b3:5b:b0:53:58:5f:a7:
                    fd:c3:eb:76:e4:55:01:20:06:eb:45:bd:f1:7f:6c:
                    d6:38:0d:15:e0:4e:84:6c:ff:c0:59:c1:df:87:59:
                    2b:23:bc:60:56:07:99:ee:50:98:c7:e2:84:35:c5:
                    7a:e3:f4:f6:6d:56:f9:7f:1a:35:ee:30:68:b9:02:
                    a5:07:d4:0e:43:33:4f:2a:7a:aa:5d:14:88:d5:8a:
                    ea:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:59:C4:30:27:57:08:BF:AB:71:5E:2E:82:F5:34:59:8F:D6:94:FA
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/X1nEMCdXCL-rcV4ugvU0WY_WlPo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.248.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:e0:6c:4b:74:22:3b:33:da:64:ac:a9:7b:0a:fd:ad:9f:a9:
         4a:b8:4a:43:2a:88:f2:b9:38:11:d7:95:55:24:dc:a3:8c:2f:
         6d:ce:ec:b3:49:5e:d7:66:a2:69:a6:94:9f:19:64:2e:e8:cd:
         e8:5f:4c:cd:01:89:a9:f3:f9:ff:d6:b5:5a:da:74:64:e0:4f:
         0a:22:8d:b4:6b:3c:d4:4c:bb:df:ed:46:91:ba:5b:a5:5c:3d:
         a0:6d:da:84:d0:f0:e1:eb:f5:b1:81:dd:ed:8e:ea:b4:ce:34:
         96:3b:c4:aa:0b:72:0c:56:1e:df:a2:03:ae:ef:68:6f:82:00:
         95:1a:6a:84:e6:13:4e:b6:f0:96:9d:01:a3:33:b1:9e:62:e6:
         fc:6a:c2:1d:5b:da:37:fd:ec:d8:5a:05:da:e6:8a:7e:6d:b4:
         4d:46:8d:cc:a9:64:f7:98:51:29:28:e3:01:36:bf:d5:82:a4:
         7b:fc:30:02:2b:c3:9a:07:2c:e5:d5:41:21:9a:18:cd:51:87:
         ed:1e:71:9d:a8:57:40:ee:1a:01:8d:84:7e:9a:f9:2b:be:ae:
         4f:bd:f1:07:34:94:8b:28:87:ab:b7:2f:68:f0:ff:e8:3e:80:
         98:12:bf:65:9d:be:71:4c:fd:11:ed:65:86:ec:57:06:94:22:
         de:59:eb:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR8eCvm648eSnr/NcKxZ6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjUwMTAyMTM1MDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjU5YzQzMDI3NTcwOGJmYWI3MTVlMmU4MmY1MzQ1OThmZDY5NGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6T3CC6RIqbr4CegA6Yxb+GnwDLAw
kb59cJ8R0M+yDS1IMakK26y4nBtouW7Y8Prp/siZa56oNnh7n8N6JKnb6oXWSp4q
EJY4bvXeT3Z9W3afLVNqA3perVuNn+lEvc6wJ5pzC6OcOUI3Htfg3nPgvtPO7Q3J
uJoJ/gRYknjpxGGw5vAzS5z7Km5gxyEuL5d9yoSp3EcAfhOzO6mQGLvrfiz9T52D
69wJ+3VcPrNbsFNYX6f9w+t25FUBIAbrRb3xf2zWOA0V4E6EbP/AWcHfh1krI7xg
VgeZ7lCYx+KENcV64/T2bVb5fxo17jBouQKlB9QOQzNPKnqqXRSI1YrqIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF9ZxDAnVwi/q3FeLoL1NFmP1pT6MB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvWDFuRU1DZFhDTC1yY1Y0dWd2VTBXWV9XbFBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbfirMA0G
CSqGSIb3DQEBCwUAA4IBAQCr4GxLdCI7M9pkrKl7Cv2tn6lKuEpDKojyuTgR15VV
JNyjjC9tzuyzSV7XZqJpppSfGWQu6M3oX0zNAYmp8/n/1rVa2nRk4E8KIo20azzU
TLvf7UaRululXD2gbdqE0PDh6/Wxgd3tjuq0zjSWO8SqC3IMVh7fogOu72hvggCV
GmqE5hNOtvCWnQGjM7GeYub8asIdW9o3/ezYWgXa5op+bbRNRo3MqWT3mFEpKOMB
Nr/VgqR7/DACK8OaByzl1UEhmhjNUYftHnGdqFdA7hoBjYR+mvkrvq5PvfEHNJSL
KIerty9o8P/oPoCYEr9lnb5xTP0R7WWG7FcGlCLeWesY
-----END CERTIFICATE-----