Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/f5KrzogEd-9430jgSnKQgPOkzNA.roa
File:                     f5KrzogEd-9430jgSnKQgPOkzNA.roa (raw, json)
Hash identifier:          OsmdH2dpFFoE3XQcn1ZzOpohFkTlwnqg20iBzlbBTgY=
Subject key identifier:   7F:92:AB:CE:88:04:77:EF:78:DF:48:E0:4A:72:90:80:F3:A4:CC:D0
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       019347CE6A706B221925AA6C6CE60B6D6F5A
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/f5KrzogEd-9430jgSnKQgPOkzNA.roa
Signing time:             Wed 20 Nov 2024 04:22:10 +0000
ROA not before:           Wed 20 Nov 2024 04:22:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        109.248.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:47:ce:6a:70:6b:22:19:25:aa:6c:6c:e6:0b:6d:6f:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Nov 20 04:22:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f92abce880477ef78df48e04a729080f3a4ccd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:85:dc:88:cc:4b:85:7a:03:c4:2b:f2:92:86:
                    16:54:86:60:09:8e:9b:e8:1d:88:37:3f:33:83:aa:
                    a0:69:32:92:e2:1a:d0:06:ed:32:53:02:c2:aa:72:
                    af:94:cf:66:bd:3a:97:cf:24:10:d3:a8:d5:4c:03:
                    c0:f8:2d:96:70:0d:1a:7b:bd:3e:30:5e:e2:27:40:
                    3b:45:7b:47:ab:ac:bc:bc:06:5a:bc:0f:ab:b5:b0:
                    81:59:57:6d:69:ab:93:73:54:e5:24:34:0e:a4:db:
                    40:b5:31:fb:ef:05:23:13:c7:5b:39:80:5b:86:b3:
                    50:4e:34:b2:16:3f:f5:c7:a1:23:11:12:7c:aa:9f:
                    a2:03:87:a6:7a:29:f1:d2:98:0a:0d:30:c4:18:4f:
                    65:cb:0b:7e:1b:a6:d1:1d:db:fa:13:94:cf:5f:dc:
                    a5:0b:c1:ba:9b:01:6e:30:c1:9f:d8:1d:03:da:3c:
                    f0:bd:ce:85:7c:e3:6c:95:a1:c9:74:ca:e3:00:b9:
                    fc:fb:de:7d:6e:8d:cc:41:f2:50:17:69:7b:c9:b2:
                    6f:9c:26:49:75:55:70:05:49:40:78:76:8c:e5:34:
                    3c:8c:54:d1:84:d6:43:02:e8:3e:0f:22:f0:d3:fc:
                    a6:38:47:23:85:fc:a3:e6:af:c6:73:54:6a:67:e1:
                    a2:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:92:AB:CE:88:04:77:EF:78:DF:48:E0:4A:72:90:80:F3:A4:CC:D0
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/f5KrzogEd-9430jgSnKQgPOkzNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.248.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:f8:e7:49:e6:cf:e1:3d:d1:11:87:1c:28:c6:43:3d:db:de:
         58:e7:11:27:24:c7:d7:1c:da:69:24:5e:23:4f:dc:ed:8a:72:
         db:c1:9f:24:bc:e4:a1:5e:3c:99:ae:24:f1:36:1e:a9:0a:85:
         71:de:46:fd:1d:6f:01:da:4d:56:57:1f:1c:5c:c6:38:8d:ce:
         77:4b:2a:bc:48:a4:89:92:0c:1d:4a:36:bd:7d:f9:bb:e7:f6:
         63:79:19:c5:6c:91:69:dc:59:2d:f6:4c:95:a1:fb:f8:93:f6:
         51:6a:86:5c:53:03:b5:34:26:ca:bd:b9:fd:cc:be:a2:f9:fe:
         0f:48:46:34:90:31:f0:2c:95:a5:8d:d1:87:f9:55:f2:6c:f0:
         9b:48:7e:d7:b5:19:c2:3c:b7:37:95:d0:6b:11:41:52:14:71:
         40:fb:a9:ae:96:4e:a8:5a:4a:38:96:31:4d:44:8d:86:7c:f9:
         ee:a6:15:88:92:2d:b2:10:b6:71:4f:1c:99:51:d1:54:7f:c7:
         f1:fb:b1:ed:82:34:1d:d6:0a:62:9c:0c:d7:2c:52:0b:89:22:
         c0:69:f0:0a:c7:e8:28:bc:f2:17:e6:eb:07:f4:d0:a4:5f:a9:
         eb:3b:b9:4f:90:00:85:cf:16:62:e3:17:98:3e:7c:cf:33:9e:
         4f:83:05:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNHzmpwayIZJapsbOYLbW9aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjQxMTIwMDQyMjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjkyYWJjZTg4MDQ3N2VmNzhkZjQ4ZTA0YTcyOTA4MGYzYTRjY2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv4XciMxLhXoDxCvykoYWVIZgCY6b
6B2INz8zg6qgaTKS4hrQBu0yUwLCqnKvlM9mvTqXzyQQ06jVTAPA+C2WcA0ae70+
MF7iJ0A7RXtHq6y8vAZavA+rtbCBWVdtaauTc1TlJDQOpNtAtTH77wUjE8dbOYBb
hrNQTjSyFj/1x6EjERJ8qp+iA4emeinx0pgKDTDEGE9lywt+G6bRHdv6E5TPX9yl
C8G6mwFuMMGf2B0D2jzwvc6FfONslaHJdMrjALn8+959bo3MQfJQF2l7ybJvnCZJ
dVVwBUlAeHaM5TQ8jFTRhNZDAug+DyLw0/ymOEcjhfyj5q/Gc1RqZ+GiiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH+Sq86IBHfveN9I4EpykIDzpMzQMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvZjVLcnpvZ0VkLTk0MzBqZ1NuS1FnUE9rek5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbfjjMA0G
CSqGSIb3DQEBCwUAA4IBAQCg+OdJ5s/hPdERhxwoxkM9295Y5xEnJMfXHNppJF4j
T9ztinLbwZ8kvOShXjyZriTxNh6pCoVx3kb9HW8B2k1WVx8cXMY4jc53Syq8SKSJ
kgwdSja9ffm75/ZjeRnFbJFp3Fkt9kyVofv4k/ZRaoZcUwO1NCbKvbn9zL6i+f4P
SEY0kDHwLJWljdGH+VXybPCbSH7XtRnCPLc3ldBrEUFSFHFA+6mulk6oWko4ljFN
RI2GfPnuphWIki2yELZxTxyZUdFUf8fx+7HtgjQd1gpinAzXLFILiSLAafAKx+go
vPIX5usH9NCkX6nrO7lPkACFzxZi4xeYPnzPM55PgwX9
-----END CERTIFICATE-----