Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/YDppWFRivyqNoRdUVDmgXnO0ffM.roa
File:                     YDppWFRivyqNoRdUVDmgXnO0ffM.roa (raw, json)
Hash identifier:          8X0uLxPQzSgCA9Q4cmmf8f7ZI0kcdTI2Y3PYcE/wCF4=
Subject key identifier:   60:3A:69:58:54:62:BF:2A:8D:A1:17:54:54:39:A0:5E:73:B4:7D:F3
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       019031064B86F89487FD44B752905B13355C
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/YDppWFRivyqNoRdUVDmgXnO0ffM.roa
Signing time:             Wed 19 Jun 2024 15:03:34 +0000
ROA not before:           Wed 19 Jun 2024 15:03:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56631
IP address blocks:        109.248.197.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:31:06:4b:86:f8:94:87:fd:44:b7:52:90:5b:13:35:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jun 19 15:03:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=603a69585462bf2a8da117545439a05e73b47df3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:9d:af:a1:6e:7c:f0:a7:83:f6:65:d5:0f:47:
                    db:02:95:c5:07:39:3f:7e:63:36:6f:0e:d0:17:b7:
                    71:c4:c2:45:87:da:7b:de:55:79:65:93:45:f7:c0:
                    4f:49:00:00:67:96:27:de:79:70:2d:6c:9d:5e:10:
                    06:94:87:16:6d:16:ae:8c:d1:2a:f1:c8:1f:49:b2:
                    75:5c:f4:99:1e:47:e1:f7:3f:f0:72:58:e9:cd:a7:
                    f2:01:98:3a:b2:60:7b:e0:e4:a1:08:d3:ee:74:53:
                    94:e3:94:b3:7b:78:93:92:73:bc:d6:f6:11:39:8f:
                    e1:aa:be:15:7c:1f:eb:95:33:d5:f1:0c:5d:16:c3:
                    bd:72:23:0b:e1:4d:f0:8d:cf:d6:a9:00:73:13:f4:
                    7e:3a:c0:36:27:c3:83:13:e5:41:2b:0c:09:3d:b3:
                    c8:92:0e:46:f6:b6:fe:47:94:ce:d4:4d:ec:10:ab:
                    07:3e:c6:e0:3c:c2:d7:25:61:db:bf:36:f6:c1:4e:
                    88:b0:d1:b6:12:9a:f1:27:a4:41:dc:1a:10:d4:43:
                    68:32:3b:0a:5a:37:c6:68:b3:8b:ab:9c:5b:e9:f4:
                    8c:1c:3d:74:f3:52:70:b0:10:bf:f6:f4:a7:7e:ee:
                    96:58:0e:79:34:7e:10:74:5b:4a:37:3d:bf:13:5d:
                    e3:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:3A:69:58:54:62:BF:2A:8D:A1:17:54:54:39:A0:5E:73:B4:7D:F3
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/YDppWFRivyqNoRdUVDmgXnO0ffM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.248.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:ad:7b:ff:e5:6a:ac:31:e3:2a:31:88:db:44:3e:82:e6:39:
         d7:a2:9f:c9:8d:13:26:d9:9f:17:21:cd:01:90:4d:f7:f4:10:
         1f:9c:b6:b3:cf:12:04:24:21:88:4c:0f:e4:84:b8:6b:c7:33:
         ef:a0:cf:2c:c7:9a:d3:bc:65:31:86:36:56:24:06:53:40:a2:
         c6:ae:a9:40:b8:87:a4:94:23:22:82:11:2c:8c:56:a2:b2:de:
         9a:5a:01:03:3c:46:46:6d:c6:c0:1a:bf:af:9f:e2:25:5e:91:
         8a:43:46:a4:31:0c:15:ef:2b:11:b7:78:09:53:03:a1:b6:a7:
         04:6b:fd:e0:46:f9:4b:ff:f3:51:36:dd:92:bd:e3:76:62:fd:
         1a:32:42:bb:49:31:00:6e:03:92:18:5d:5e:88:93:fa:7a:4d:
         4f:ad:39:7c:d8:92:7f:e7:04:c0:e5:e9:96:66:c6:46:ed:4f:
         fb:11:53:e7:53:d9:ed:fe:d7:18:07:17:fe:e9:8f:25:10:6c:
         95:33:d9:11:05:d4:97:ad:21:cc:7a:9e:b4:02:22:bf:ee:1e:
         3b:1d:9f:94:43:db:8c:c0:ca:f0:5e:27:a3:8b:c9:29:b2:3a:
         0f:67:f5:7c:2e:d7:3c:fc:e2:0c:8a:14:2f:a9:c1:5d:c1:67:
         7f:4e:83:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAxBkuG+JSH/US3UpBbEzVcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjQwNjE5MTUwMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDNhNjk1ODU0NjJiZjJhOGRhMTE3NTQ1NDM5YTA1ZTczYjQ3ZGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZ2voW588KeD9mXVD0fbApXFBzk/
fmM2bw7QF7dxxMJFh9p73lV5ZZNF98BPSQAAZ5Yn3nlwLWydXhAGlIcWbRaujNEq
8cgfSbJ1XPSZHkfh9z/wcljpzafyAZg6smB74OShCNPudFOU45Sze3iTknO81vYR
OY/hqr4VfB/rlTPV8QxdFsO9ciML4U3wjc/WqQBzE/R+OsA2J8ODE+VBKwwJPbPI
kg5G9rb+R5TO1E3sEKsHPsbgPMLXJWHbvzb2wU6IsNG2EprxJ6RB3BoQ1ENoMjsK
WjfGaLOLq5xb6fSMHD1081JwsBC/9vSnfu6WWA55NH4QdFtKNz2/E13jPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGA6aVhUYr8qjaEXVFQ5oF5ztH3zMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvWURwcFdGUml2eXFOb1JkVVZEbWdYbk8wZmZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbfjFMA0G
CSqGSIb3DQEBCwUAA4IBAQBFrXv/5WqsMeMqMYjbRD6C5jnXop/JjRMm2Z8XIc0B
kE339BAfnLazzxIEJCGITA/khLhrxzPvoM8sx5rTvGUxhjZWJAZTQKLGrqlAuIek
lCMighEsjFaist6aWgEDPEZGbcbAGr+vn+IlXpGKQ0akMQwV7ysRt3gJUwOhtqcE
a/3gRvlL//NRNt2SveN2Yv0aMkK7STEAbgOSGF1eiJP6ek1PrTl82JJ/5wTA5emW
ZsZG7U/7EVPnU9nt/tcYBxf+6Y8lEGyVM9kRBdSXrSHMep60AiK/7h47HZ+UQ9uM
wMrwXieji8kpsjoPZ/V8Ltc8/OIMihQvqcFdwWd/ToOb
-----END CERTIFICATE-----