Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/ad_9lJso4x4rte1syibszjsHWVE.roa
File:                     ad_9lJso4x4rte1syibszjsHWVE.roa (raw, json)
Hash identifier:          AS6C3XvGvYNVL/eKJobrOt4BUaLSYKg9fe4TzgP3dyo=
Subject key identifier:   69:DF:FD:94:9B:28:E3:1E:2B:B5:ED:6C:CA:26:EC:CE:3B:07:59:51
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       018CC7941D12BF283852A41FCB431643F3DA
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/ad_9lJso4x4rte1syibszjsHWVE.roa
Signing time:             Tue 02 Jan 2024 00:30:21 +0000
ROA not before:           Tue 02 Jan 2024 00:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57707
IP address blocks:        109.248.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:1d:12:bf:28:38:52:a4:1f:cb:43:16:43:f3:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  2 00:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69dffd949b28e31e2bb5ed6cca26ecce3b075951
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:69:7e:fc:c1:c9:dd:93:de:53:a2:17:46:8f:
                    88:c6:b8:06:63:de:fb:01:90:c1:ab:b4:a8:c6:14:
                    5a:a8:06:ff:8e:b8:a7:95:f6:8a:4d:03:2a:61:7b:
                    cf:fc:35:c9:f2:94:7b:e4:89:c9:61:2e:59:0b:e1:
                    8b:38:e8:93:20:b4:e0:4e:42:17:c1:0c:14:97:52:
                    17:e9:91:88:99:49:4a:98:c5:2e:f7:a6:df:72:85:
                    8b:9e:21:36:23:2e:0b:db:3b:68:21:de:1e:9d:8f:
                    ae:af:5e:65:0a:05:54:3b:6f:cc:d9:46:e1:f9:ef:
                    9c:c8:39:e0:0d:a7:34:d3:5d:d7:a1:1a:31:c6:52:
                    96:9a:c4:52:ec:52:05:db:ae:97:c8:e7:e2:0c:f7:
                    41:1a:d7:46:a6:2d:72:19:f8:69:03:48:7a:57:32:
                    39:76:7e:bb:ec:73:e3:df:b1:0d:d8:f1:82:b6:2d:
                    8c:77:c9:8c:02:78:ea:34:74:a7:7c:71:f1:63:f0:
                    d9:16:44:4c:6f:43:7a:87:8f:54:4a:5c:f5:45:1d:
                    cb:5c:5b:a2:ba:7d:d0:9a:b6:97:67:ae:03:b6:9b:
                    a6:c5:3b:44:78:62:94:9d:54:98:3c:20:81:fe:ae:
                    f9:b7:af:77:3d:92:70:19:c3:9d:fe:27:d5:41:07:
                    b4:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:DF:FD:94:9B:28:E3:1E:2B:B5:ED:6C:CA:26:EC:CE:3B:07:59:51
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/ad_9lJso4x4rte1syibszjsHWVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.248.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:23:57:e8:46:10:22:ff:ae:30:d2:1f:80:d0:b7:0b:b2:c5:
         12:b7:db:c2:ab:17:cb:45:ca:f9:90:65:fc:ec:ca:cc:5b:a5:
         79:f3:eb:7a:a6:56:32:65:8d:f7:12:fd:9e:2c:cb:f4:8e:ac:
         b0:92:7a:de:39:6d:80:ce:95:d6:4e:90:47:28:5b:83:28:38:
         c9:6a:b4:74:4a:2c:77:16:11:9a:0e:f0:3b:01:60:ee:4e:ad:
         81:78:13:15:30:ee:6b:21:f7:1e:f3:35:32:75:2c:82:87:24:
         d8:c5:56:60:c0:89:0d:17:d4:50:fd:75:b7:8b:18:e2:61:1d:
         e3:23:49:22:02:ec:21:49:79:79:07:e4:be:17:17:1e:90:b0:
         b8:50:b1:66:21:a5:b8:c9:16:55:77:cd:ae:f0:3d:eb:8c:21:
         79:3d:37:36:21:aa:6f:10:71:4d:c7:64:41:5e:9c:61:a0:be:
         a8:65:9a:9c:92:81:b8:13:38:82:22:08:a7:a0:74:43:09:ca:
         c2:38:74:78:cf:d6:ce:13:54:25:70:91:d3:ce:4b:a5:b4:aa:
         43:65:06:8c:68:1a:72:d0:af:1c:f3:63:74:55:f0:ec:88:a0:
         2d:96:6b:9f:fb:90:e1:ee:93:62:a5:63:e7:82:37:67:b8:26:
         e0:23:af:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlB0Svyg4UqQfy0MWQ/PaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjQwMTAyMDAzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWRmZmQ5NDliMjhlMzFlMmJiNWVkNmNjYTI2ZWNjZTNiMDc1OTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh2l+/MHJ3ZPeU6IXRo+IxrgGY977
AZDBq7SoxhRaqAb/jrinlfaKTQMqYXvP/DXJ8pR75InJYS5ZC+GLOOiTILTgTkIX
wQwUl1IX6ZGImUlKmMUu96bfcoWLniE2Iy4L2ztoId4enY+ur15lCgVUO2/M2Ubh
+e+cyDngDac0013XoRoxxlKWmsRS7FIF266XyOfiDPdBGtdGpi1yGfhpA0h6VzI5
dn677HPj37EN2PGCti2Md8mMAnjqNHSnfHHxY/DZFkRMb0N6h49USlz1RR3LXFui
un3QmraXZ64DtpumxTtEeGKUnVSYPCCB/q75t693PZJwGcOd/ifVQQe0KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGnf/ZSbKOMeK7XtbMom7M47B1lRMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvYWRfOWxKc280eDRydGUxc3lpYnN6anNIV1ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbfj7MA0G
CSqGSIb3DQEBCwUAA4IBAQCtI1foRhAi/64w0h+A0LcLssUSt9vCqxfLRcr5kGX8
7MrMW6V58+t6plYyZY33Ev2eLMv0jqywknreOW2AzpXWTpBHKFuDKDjJarR0Six3
FhGaDvA7AWDuTq2BeBMVMO5rIfce8zUydSyChyTYxVZgwIkNF9RQ/XW3ixjiYR3j
I0kiAuwhSXl5B+S+FxcekLC4ULFmIaW4yRZVd82u8D3rjCF5PTc2IapvEHFNx2RB
XpxhoL6oZZqckoG4EziCIginoHRDCcrCOHR4z9bOE1QlcJHTzkultKpDZQaMaBpy
0K8c82N0VfDsiKAtlmuf+5Dh7pNipWPngjdnuCbgI6+1
-----END CERTIFICATE-----