Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/qY4QIUlNU14QVcLq6NtrAmLmi60.roa
File:                     qY4QIUlNU14QVcLq6NtrAmLmi60.roa (raw, json)
Hash identifier:          My+gWzpqsxZThBjOQ4ANwjrS6cXLRdDBnHpFg4zsWz4=
Subject key identifier:   A9:8E:10:21:49:4D:53:5E:10:55:C2:EA:E8:DB:6B:02:62:E6:8B:AD
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       018CC7942376ECEE5587A11305D11E0FD571
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/qY4QIUlNU14QVcLq6NtrAmLmi60.roa
Signing time:             Tue 02 Jan 2024 00:30:23 +0000
ROA not before:           Tue 02 Jan 2024 00:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207532
IP address blocks:        109.248.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:23:76:ec:ee:55:87:a1:13:05:d1:1e:0f:d5:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  2 00:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a98e1021494d535e1055c2eae8db6b0262e68bad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:b9:f7:fc:b1:2b:1c:09:ae:d9:4f:b0:1f:1e:
                    17:45:c3:8d:d4:3b:16:87:40:f4:0d:cc:3a:6c:16:
                    b6:af:e8:de:0b:af:08:91:f7:01:b7:81:a0:a0:e8:
                    a8:59:15:6f:b3:d0:77:d5:ec:6e:ca:75:f5:8c:7a:
                    69:76:b9:bd:26:53:0b:ef:06:27:36:ed:cc:fb:19:
                    a8:b3:99:4a:07:3d:32:2b:fd:63:7c:aa:a6:0d:40:
                    ab:17:a8:8f:26:5a:fc:c4:fa:e9:3f:a5:b0:c7:b2:
                    13:5c:0c:63:17:41:02:fb:b0:08:ed:e1:3c:bf:51:
                    87:a3:c2:68:c4:e8:39:56:32:f7:9c:45:d0:74:54:
                    89:34:e9:6b:ad:6d:6e:e0:8f:4d:ac:0a:4d:aa:7a:
                    b1:3b:ca:4e:0c:6a:72:01:aa:25:ca:a2:2c:ee:71:
                    5a:77:d6:72:e8:ca:ff:f8:da:fa:98:08:df:a0:c5:
                    9f:83:1a:30:41:bc:59:ca:9f:2c:2e:c4:70:37:e1:
                    72:a5:5d:e7:ce:fc:ea:de:15:f0:e6:4d:61:fc:90:
                    44:eb:05:b4:31:62:0d:08:a2:8d:e9:d1:49:05:d1:
                    cb:87:37:20:fb:a6:10:cc:a4:67:37:af:d7:14:4e:
                    4f:21:59:f2:14:13:3f:cd:ee:39:5c:3c:6c:c2:00:
                    31:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:8E:10:21:49:4D:53:5E:10:55:C2:EA:E8:DB:6B:02:62:E6:8B:AD
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/qY4QIUlNU14QVcLq6NtrAmLmi60.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.248.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:43:ac:a1:1c:12:6a:35:0b:dc:28:b1:9e:10:6d:3f:4f:df:
         35:3a:08:20:9a:a6:ef:61:a7:e4:b4:a4:f9:4e:88:a6:bf:60:
         ef:00:41:87:4b:5f:5d:cc:a3:a4:03:c1:ca:c9:75:c7:59:cc:
         f1:5c:58:b6:24:e6:42:d9:9d:8f:fc:77:9f:c1:8e:55:27:98:
         c2:fe:f3:98:df:b1:94:e2:f0:d9:eb:ff:04:2a:19:a0:ce:0b:
         17:c9:30:91:e2:3d:5f:da:6d:c1:da:99:99:db:53:a5:4c:21:
         bc:69:d9:57:e0:b3:86:df:af:76:cf:ef:89:02:ca:56:1b:5d:
         96:f9:53:91:16:e8:3b:ae:08:d6:ca:35:d1:2e:aa:12:9c:15:
         56:b6:31:47:ee:e4:a0:d3:d5:7e:fb:c2:f3:41:30:0d:b5:8e:
         02:9c:09:94:a4:a4:b1:1c:a5:54:39:73:38:84:07:79:5e:b4:
         ea:6d:ef:3b:25:15:22:46:6c:8a:f9:ee:1e:3b:0b:8d:73:6a:
         d4:29:40:5b:fd:79:1b:6b:05:50:de:e8:95:4f:5e:86:84:67:
         2a:02:3b:e5:13:e1:87:b7:93:83:f2:4f:d9:36:36:c6:64:80:
         6e:51:e7:d7:e5:77:f6:db:20:e0:27:c8:d3:ff:2b:ce:97:d8:
         1a:ad:51:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlCN27O5Vh6ETBdEeD9VxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjQwMTAyMDAzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOThlMTAyMTQ5NGQ1MzVlMTA1NWMyZWFlOGRiNmIwMjYyZTY4YmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLn3/LErHAmu2U+wHx4XRcON1DsW
h0D0Dcw6bBa2r+jeC68IkfcBt4GgoOioWRVvs9B31exuynX1jHppdrm9JlML7wYn
Nu3M+xmos5lKBz0yK/1jfKqmDUCrF6iPJlr8xPrpP6Wwx7ITXAxjF0EC+7AI7eE8
v1GHo8JoxOg5VjL3nEXQdFSJNOlrrW1u4I9NrApNqnqxO8pODGpyAaolyqIs7nFa
d9Zy6Mr/+Nr6mAjfoMWfgxowQbxZyp8sLsRwN+FypV3nzvzq3hXw5k1h/JBE6wW0
MWINCKKN6dFJBdHLhzcg+6YQzKRnN6/XFE5PIVnyFBM/ze45XDxswgAxwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKmOECFJTVNeEFXC6ujbawJi5outMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvcVk0UUlVbE5VMTRRVmNMcTZOdHJBbUxtaTYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbfgFMA0G
CSqGSIb3DQEBCwUAA4IBAQAoQ6yhHBJqNQvcKLGeEG0/T981OgggmqbvYafktKT5
Toimv2DvAEGHS19dzKOkA8HKyXXHWczxXFi2JOZC2Z2P/HefwY5VJ5jC/vOY37GU
4vDZ6/8EKhmgzgsXyTCR4j1f2m3B2pmZ21OlTCG8adlX4LOG3692z++JAspWG12W
+VORFug7rgjWyjXRLqoSnBVWtjFH7uSg09V++8LzQTANtY4CnAmUpKSxHKVUOXM4
hAd5XrTqbe87JRUiRmyK+e4eOwuNc2rUKUBb/XkbawVQ3uiVT16GhGcqAjvlE+GH
t5OD8k/ZNjbGZIBuUefX5Xf22yDgJ8jT/yvOl9garVFm
-----END CERTIFICATE-----