Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/WeEl0o2gVUhOZEVxJQLfIqK3lTM.roa
File:                     WeEl0o2gVUhOZEVxJQLfIqK3lTM.roa (raw, json)
Hash identifier:          +ZbHzatkpesJfc4zJ4Ri+dRKSGBLTMRdFLEno4GSoQQ=
Subject key identifier:   59:E1:25:D2:8D:A0:55:48:4E:64:45:71:25:02:DF:22:A2:B7:95:33
Certificate issuer:       /CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
Certificate serial:       018FF194BCE5157052A9D177594F1B50A137
Authority key identifier: 1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/WeEl0o2gVUhOZEVxJQLfIqK3lTM.roa
Signing time:             Fri 07 Jun 2024 07:23:27 +0000
ROA not before:           Fri 07 Jun 2024 07:23:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216139
IP address blocks:        109.120.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:f1:94:bc:e5:15:70:52:a9:d1:77:59:4f:1b:50:a1:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
        Validity
            Not Before: Jun  7 07:23:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59e125d28da055484e6445712502df22a2b79533
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:d6:b8:bc:88:dc:58:d8:f0:89:a9:ad:31:af:
                    20:78:f9:17:be:09:57:d4:cd:6a:9a:5f:a8:b0:1e:
                    92:d5:44:d0:be:9e:77:2b:92:e8:91:ac:b9:9e:c1:
                    81:71:ab:6a:44:fe:b6:5b:40:25:1f:df:56:5c:7d:
                    df:89:10:04:69:c1:12:8c:f1:02:dd:80:07:cb:1e:
                    65:78:c9:b9:67:ca:dc:07:3a:0b:bb:48:e6:13:48:
                    fa:72:19:f5:66:74:b1:76:90:88:2a:7a:20:b9:14:
                    14:6e:19:ac:6f:de:f1:6d:a5:c6:a0:17:98:1a:c2:
                    7d:6a:ff:65:ca:81:79:8c:f5:e1:86:bc:cf:2b:cb:
                    94:a6:e7:73:26:81:b4:48:8b:6a:78:f8:87:f9:4a:
                    27:68:6b:fe:32:0c:bb:40:a0:5d:69:ea:41:7d:c4:
                    90:d7:f6:81:25:de:98:3a:62:72:70:11:92:b4:71:
                    5d:10:fa:a7:47:2b:93:26:ff:d4:12:58:7d:68:8e:
                    0d:e5:95:12:55:e4:29:de:bd:db:2a:0e:1b:e4:6f:
                    be:0f:fb:2f:b2:02:4f:8b:50:a9:6a:7b:cb:72:3a:
                    69:1b:dd:e1:4b:32:02:51:70:81:25:47:33:96:78:
                    13:5a:df:b0:9e:da:e2:cb:10:83:c1:a9:24:95:3a:
                    73:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:E1:25:D2:8D:A0:55:48:4E:64:45:71:25:02:DF:22:A2:B7:95:33
            X509v3 Authority Key Identifier:
                keyid:1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/WeEl0o2gVUhOZEVxJQLfIqK3lTM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.120.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:23:5f:a5:2c:45:33:ff:11:9c:5c:ad:26:87:6e:87:12:b7:
         9e:cc:c4:20:c6:2b:27:9c:41:74:ac:1f:c7:5a:56:27:2d:c5:
         f3:c8:24:77:56:8f:a5:7f:78:d7:12:86:04:f0:68:43:13:83:
         84:ec:84:ec:6f:80:ca:2b:4e:92:0a:a4:3a:76:5a:a9:84:83:
         b2:c6:e0:6f:a2:ca:3e:53:99:34:31:d7:7c:c3:1c:13:d4:fc:
         2f:c2:0e:b8:93:c7:4c:e1:a1:5d:aa:3e:17:90:ed:5e:b7:42:
         36:a9:8e:31:75:28:e5:30:7a:b7:eb:f9:76:96:d4:e8:68:cf:
         f8:cb:06:a2:6d:b7:dd:d1:de:a1:91:f6:02:c6:ec:31:be:42:
         a8:ab:d1:5d:e4:18:0b:64:2e:47:9d:82:c1:f0:ec:69:2e:9c:
         4b:5d:bc:a5:86:64:fb:43:11:7f:91:47:ea:68:8e:9e:fb:c3:
         be:13:91:0c:ca:85:a3:c1:62:0d:16:0e:09:09:46:2f:da:97:
         6b:85:3e:5d:49:26:b8:25:fd:40:42:fe:12:1b:40:82:91:90:
         df:cc:99:ae:6a:e3:63:fe:11:ce:62:ff:c4:fa:94:c8:fa:8a:
         30:35:f2:87:1b:77:f6:ff:4c:6a:9d:3e:37:85:b5:d4:a3:8e:
         82:83:c1:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/xlLzlFXBSqdF3WU8bUKE3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMmMyMTlmM2MyOTdiNzc1ODgwYzNiNjUxYTIwMDNmOWJl
NmRlNWUwHhcNMjQwNjA3MDcyMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWUxMjVkMjhkYTA1NTQ4NGU2NDQ1NzEyNTAyZGYyMmEyYjc5NTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ta4vIjcWNjwiamtMa8gePkXvglX
1M1qml+osB6S1UTQvp53K5Lokay5nsGBcatqRP62W0AlH99WXH3fiRAEacESjPEC
3YAHyx5leMm5Z8rcBzoLu0jmE0j6chn1ZnSxdpCIKnoguRQUbhmsb97xbaXGoBeY
GsJ9av9lyoF5jPXhhrzPK8uUpudzJoG0SItqePiH+UonaGv+Mgy7QKBdaepBfcSQ
1/aBJd6YOmJycBGStHFdEPqnRyuTJv/UElh9aI4N5ZUSVeQp3r3bKg4b5G++D/sv
sgJPi1CpanvLcjppG93hSzICUXCBJUczlngTWt+wntriyxCDwakklTpz/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFnhJdKNoFVITmRFcSUC3yKit5UzMB8GA1UdIwQY
MBaAFBssIZ88KXt3WIDDtlGiAD+b5t5eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEt
OTJjODFmMjJlNzEyLzEvV2VFbDBvMmdWVWhPWkVWeEpRTGZJcUszbFRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEtOTJjODFmMjJlNzEy
LzEvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXiaMA0G
CSqGSIb3DQEBCwUAA4IBAQB/I1+lLEUz/xGcXK0mh26HEreezMQgxisnnEF0rB/H
WlYnLcXzyCR3Vo+lf3jXEoYE8GhDE4OE7ITsb4DKK06SCqQ6dlqphIOyxuBvoso+
U5k0Mdd8wxwT1Pwvwg64k8dM4aFdqj4XkO1et0I2qY4xdSjlMHq36/l2ltToaM/4
ywaibbfd0d6hkfYCxuwxvkKoq9Fd5BgLZC5HnYLB8OxpLpxLXbylhmT7QxF/kUfq
aI6e+8O+E5EMyoWjwWINFg4JCUYv2pdrhT5dSSa4Jf1AQv4SG0CCkZDfzJmuauNj
/hHOYv/E+pTI+oowNfKHG3f2/0xqnT43hbXUo46Cg8HP
-----END CERTIFICATE-----