Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/T_noJbJb_oOAcV2qjm96vKUgqo4.roa
File:                     T_noJbJb_oOAcV2qjm96vKUgqo4.roa (raw, json)
Hash identifier:          iQbeAr7InUgKZiz+7EWRj3P4HJ2LO+5LfSGXfFA3MTI=
Subject key identifier:   4F:F9:E8:25:B2:5B:FE:83:80:71:5D:AA:8E:6F:7A:BC:A5:20:AA:8E
Certificate issuer:       /CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
Certificate serial:       018FB92C9675031E3C059B91E6202303D951
Authority key identifier: 1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/T_noJbJb_oOAcV2qjm96vKUgqo4.roa
Signing time:             Mon 27 May 2024 08:30:58 +0000
ROA not before:           Mon 27 May 2024 08:30:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209224
IP address blocks:        109.120.138.0/24 maxlen: 24
                          109.120.139.0/24 maxlen: 24
                          109.120.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:b9:2c:96:75:03:1e:3c:05:9b:91:e6:20:23:03:d9:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
        Validity
            Not Before: May 27 08:30:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ff9e825b25bfe8380715daa8e6f7abca520aa8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:94:a8:5a:78:82:f0:68:6a:0d:61:aa:9c:41:
                    70:03:46:ea:d8:1b:fa:88:20:ba:10:f6:c1:91:4d:
                    40:a2:04:47:b9:e9:eb:5b:80:7b:4e:e2:c0:92:8c:
                    6d:45:87:ea:62:ea:24:b5:30:2c:5f:42:a9:bd:77:
                    b4:2c:e9:88:a5:6c:95:f0:66:2c:17:34:37:50:49:
                    28:e9:d2:14:68:41:3a:5c:9b:27:3c:a2:d0:45:70:
                    ab:d3:37:9f:82:f0:4e:0c:82:35:42:50:4b:0f:77:
                    20:e0:e2:b4:1a:3c:ab:d1:c3:8d:de:89:ac:b3:1b:
                    83:b8:9d:95:f6:86:3b:2d:1f:b6:4c:5f:42:aa:f5:
                    48:09:75:56:bd:dc:cb:e4:d1:df:1d:40:d1:96:71:
                    dc:79:16:07:2f:ad:46:0a:01:46:a2:47:55:b9:8d:
                    18:5a:3e:7f:b0:0d:9a:5c:02:f8:4d:47:4b:f6:1f:
                    63:fd:f6:ec:60:e8:e0:d5:9f:53:c2:c5:a2:7b:cc:
                    59:2f:c2:5e:64:29:d3:8a:56:66:7a:34:4a:54:49:
                    f9:58:99:57:45:da:3f:79:eb:b0:16:b2:9f:e1:36:
                    d6:62:85:d4:9e:13:9b:29:84:de:ca:83:6b:d5:2e:
                    9e:7a:46:ee:a6:26:fa:26:36:55:65:6f:8e:a4:d4:
                    ec:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:F9:E8:25:B2:5B:FE:83:80:71:5D:AA:8E:6F:7A:BC:A5:20:AA:8E
            X509v3 Authority Key Identifier:
                keyid:1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/T_noJbJb_oOAcV2qjm96vKUgqo4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.120.138.0-109.120.140.255

    Signature Algorithm: sha256WithRSAEncryption
         69:8a:25:74:00:df:9a:b1:78:8b:bb:33:29:0e:01:52:81:2a:
         5f:37:d9:95:a9:97:75:89:5a:ae:44:7d:b3:8f:64:ff:07:68:
         0a:5c:2b:1d:f6:8d:b9:c2:ab:2c:ef:39:2b:ff:a0:7d:f0:32:
         51:31:4c:13:0e:a2:fb:57:df:c8:22:cf:e4:4f:f3:3f:90:8c:
         5c:03:7c:34:8b:ae:9f:ce:a2:7d:b9:49:e0:84:06:db:fb:5d:
         b2:1a:eb:72:57:bd:2c:1e:70:32:df:62:a5:52:8d:93:0d:83:
         6c:45:f3:dc:c0:be:51:d4:a9:1f:35:ee:fb:72:39:65:74:ba:
         85:dc:65:2c:6c:19:d3:90:6f:fa:5b:72:19:36:19:e5:03:68:
         89:0b:26:30:48:80:14:68:23:69:ac:ce:0c:80:9b:cb:1e:29:
         40:d9:a6:3b:e8:f1:bf:f0:57:cd:58:94:b6:63:de:bd:50:34:
         b1:26:69:87:b9:fa:44:9a:7f:38:a5:9c:db:82:70:90:38:3f:
         d7:f4:0b:8e:d3:14:50:17:88:bf:49:ba:02:cb:c8:16:8c:ec:
         39:cd:26:a8:a9:fa:0b:6e:e1:13:f6:a3:66:12:33:a4:fd:51:
         17:87:67:15:e0:45:3a:7a:b0:97:96:a0:79:00:69:06:ef:df:
         03:5c:24:6c
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY+5LJZ1Ax48BZuR5iAjA9lRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMmMyMTlmM2MyOTdiNzc1ODgwYzNiNjUxYTIwMDNmOWJl
NmRlNWUwHhcNMjQwNTI3MDgzMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmY5ZTgyNWIyNWJmZTgzODA3MTVkYWE4ZTZmN2FiY2E1MjBhYThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAupSoWniC8GhqDWGqnEFwA0bq2Bv6
iCC6EPbBkU1AogRHuenrW4B7TuLAkoxtRYfqYuoktTAsX0KpvXe0LOmIpWyV8GYs
FzQ3UEko6dIUaEE6XJsnPKLQRXCr0zefgvBODII1QlBLD3cg4OK0Gjyr0cON3oms
sxuDuJ2V9oY7LR+2TF9CqvVICXVWvdzL5NHfHUDRlnHceRYHL61GCgFGokdVuY0Y
Wj5/sA2aXAL4TUdL9h9j/fbsYOjg1Z9TwsWie8xZL8JeZCnTilZmejRKVEn5WJlX
Rdo/eeuwFrKf4TbWYoXUnhObKYTeyoNr1S6eekbupib6JjZVZW+OpNTsXwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFE/56CWyW/6DgHFdqo5verylIKqOMB8GA1UdIwQY
MBaAFBssIZ88KXt3WIDDtlGiAD+b5t5eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEt
OTJjODFmMjJlNzEyLzEvVF9ub0piSmJfb09BY1YycWptOTZ2S1VncW80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEtOTJjODFmMjJlNzEy
LzEvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAFteIoD
BABteIwwDQYJKoZIhvcNAQELBQADggEBAGmKJXQA35qxeIu7MykOAVKBKl832ZWp
l3WJWq5EfbOPZP8HaApcKx32jbnCqyzvOSv/oH3wMlExTBMOovtX38giz+RP8z+Q
jFwDfDSLrp/Oon25SeCEBtv7XbIa63JXvSwecDLfYqVSjZMNg2xF89zAvlHUqR81
7vtyOWV0uoXcZSxsGdOQb/pbchk2GeUDaIkLJjBIgBRoI2mszgyAm8seKUDZpjvo
8b/wV81YlLZj3r1QNLEmaYe5+kSafzilnNuCcJA4P9f0C47TFFAXiL9JugLLyBaM
7DnNJqip+gtu4RP2o2YSM6T9UReHZxXgRTp6sJeWoHkAaQbv3wNcJGw=
-----END CERTIFICATE-----