Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/5w6PENEMRciwpLZ00ck9zbmlgWM.roa
File:                     5w6PENEMRciwpLZ00ck9zbmlgWM.roa (raw, json)
Hash identifier:          spvc9xlc6NqbJAkfD2Uzmz4op76RA8HEFEtC1+YFuvo=
Subject key identifier:   E7:0E:8F:10:D1:0C:45:C8:B0:A4:B6:74:D1:C9:3D:CD:B9:A5:81:63
Certificate issuer:       /CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
Certificate serial:       0190DB11DBAEA9854DF204FD8B1AA376B467
Authority key identifier: 1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/5w6PENEMRciwpLZ00ck9zbmlgWM.roa
Signing time:             Mon 22 Jul 2024 15:31:38 +0000
ROA not before:           Mon 22 Jul 2024 15:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206243
IP address blocks:        109.120.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:db:11:db:ae:a9:85:4d:f2:04:fd:8b:1a:a3:76:b4:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
        Validity
            Not Before: Jul 22 15:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e70e8f10d10c45c8b0a4b674d1c93dcdb9a58163
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:67:8a:db:6d:c1:98:3e:a2:69:52:bc:1b:90:
                    00:04:0e:34:f1:ea:be:d4:4d:5f:1b:a9:3d:9e:b4:
                    d6:ab:42:a1:98:29:d0:80:38:c5:c7:b5:69:cf:fb:
                    0a:43:ac:af:f2:7f:6c:3d:1c:e6:9e:50:e4:b8:4c:
                    c1:04:0c:d6:61:13:4d:22:60:6f:bf:e9:af:c2:e4:
                    ea:4e:b3:c6:c1:00:06:dc:c3:cf:30:33:fd:82:05:
                    97:62:37:3f:bd:70:9a:5f:29:83:b1:20:dc:c3:18:
                    a4:34:a3:15:11:5a:dc:89:af:fd:69:1b:81:1a:e4:
                    13:f8:11:4a:0b:7c:b7:3e:5d:90:d0:f3:ae:8c:d5:
                    4d:2f:33:a3:84:93:37:c2:52:ac:a9:a8:38:36:5d:
                    4f:97:5b:08:18:97:fc:36:ab:2d:4f:96:13:c3:36:
                    c7:63:b0:37:54:b8:5d:9d:ed:b9:d7:6b:fb:3d:73:
                    cf:7f:48:fa:d0:bc:db:12:c8:d5:06:d6:ea:a8:61:
                    ca:dd:8a:e6:fc:7d:04:2c:06:b3:e5:ad:4a:bb:c3:
                    5b:09:3c:e9:32:9f:3b:8e:d0:e8:f5:62:bb:09:b6:
                    52:07:ae:a6:d2:49:8b:c4:f3:5d:57:55:89:ed:ae:
                    0b:bb:e5:33:82:53:1d:b4:a9:68:fe:57:bb:1b:5f:
                    a5:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:0E:8F:10:D1:0C:45:C8:B0:A4:B6:74:D1:C9:3D:CD:B9:A5:81:63
            X509v3 Authority Key Identifier:
                keyid:1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/5w6PENEMRciwpLZ00ck9zbmlgWM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.120.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:d9:be:ee:24:7b:fa:7b:7f:96:73:d4:fc:28:27:2e:08:d3:
         13:62:47:77:19:67:c6:66:fd:de:50:b2:77:d9:b4:5a:c5:bd:
         fa:f0:ff:b8:14:43:9c:2a:fc:12:eb:6c:16:9d:8b:3d:5d:6b:
         c8:d8:2a:75:01:92:4d:36:ad:69:34:cd:4f:5e:26:6b:d6:94:
         44:47:7b:c7:8e:a5:04:27:d7:9c:b1:c8:56:df:23:55:43:dc:
         39:05:93:b5:01:1a:c4:62:f2:06:18:37:03:3c:89:30:a8:a0:
         fa:85:3a:55:ae:ae:39:25:f5:d9:15:28:4c:61:5a:50:32:21:
         c4:a2:82:be:5c:e1:a4:42:fd:ad:2f:11:49:e6:1a:cf:8d:e8:
         9a:3b:07:02:ba:16:a6:be:86:71:6f:4d:06:60:16:d2:fb:c0:
         9f:68:80:7c:bd:8c:e0:b6:07:c3:be:e2:2c:90:0a:8b:62:73:
         8d:43:d5:36:23:1a:c8:e1:a4:50:32:75:1f:6f:cb:63:eb:e7:
         e4:af:d8:50:0e:54:1b:38:96:7e:ee:9c:28:de:2f:67:b1:6e:
         74:69:bd:18:48:94:d4:2f:99:aa:77:27:fe:9d:9e:1c:d6:f7:
         94:b4:f2:0f:24:9a:b2:7f:64:cc:12:96:b9:3e:aa:d2:6e:a6:
         eb:f2:4d:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDbEduuqYVN8gT9ixqjdrRnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMmMyMTlmM2MyOTdiNzc1ODgwYzNiNjUxYTIwMDNmOWJl
NmRlNWUwHhcNMjQwNzIyMTUzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzBlOGYxMGQxMGM0NWM4YjBhNGI2NzRkMWM5M2RjZGI5YTU4MTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy2eK223BmD6iaVK8G5AABA408eq+
1E1fG6k9nrTWq0KhmCnQgDjFx7Vpz/sKQ6yv8n9sPRzmnlDkuEzBBAzWYRNNImBv
v+mvwuTqTrPGwQAG3MPPMDP9ggWXYjc/vXCaXymDsSDcwxikNKMVEVrcia/9aRuB
GuQT+BFKC3y3Pl2Q0POujNVNLzOjhJM3wlKsqag4Nl1Pl1sIGJf8NqstT5YTwzbH
Y7A3VLhdne2512v7PXPPf0j60LzbEsjVBtbqqGHK3Yrm/H0ELAaz5a1Ku8NbCTzp
Mp87jtDo9WK7CbZSB66m0kmLxPNdV1WJ7a4Lu+UzglMdtKlo/le7G1+lmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOcOjxDRDEXIsKS2dNHJPc25pYFjMB8GA1UdIwQY
MBaAFBssIZ88KXt3WIDDtlGiAD+b5t5eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEt
OTJjODFmMjJlNzEyLzEvNXc2UEVORU1SY2l3cExaMDBjazl6Ym1sZ1dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEtOTJjODFmMjJlNzEy
LzEvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXiQMA0G
CSqGSIb3DQEBCwUAA4IBAQA+2b7uJHv6e3+Wc9T8KCcuCNMTYkd3GWfGZv3eULJ3
2bRaxb368P+4FEOcKvwS62wWnYs9XWvI2Cp1AZJNNq1pNM1PXiZr1pRER3vHjqUE
J9ecschW3yNVQ9w5BZO1ARrEYvIGGDcDPIkwqKD6hTpVrq45JfXZFShMYVpQMiHE
ooK+XOGkQv2tLxFJ5hrPjeiaOwcCuhamvoZxb00GYBbS+8CfaIB8vYzgtgfDvuIs
kAqLYnONQ9U2IxrI4aRQMnUfb8tj6+fkr9hQDlQbOJZ+7pwo3i9nsW50ab0YSJTU
L5mqdyf+nZ4c1veUtPIPJJqyf2TMEpa5PqrSbqbr8k2T
-----END CERTIFICATE-----