Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/b9zOLEVoPQr7s196Pu-Y2pScFuQ.roa
File:                     b9zOLEVoPQr7s196Pu-Y2pScFuQ.roa (raw, json)
Hash identifier:          bOOgD3fydmDSoPyk4nHPbQgJeLYyLb5H3M6dJ7HJvRc=
Subject key identifier:   6F:DC:CE:2C:45:68:3D:0A:FB:B3:5F:7A:3E:EF:98:DA:94:9C:16:E4
Certificate issuer:       /CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
Certificate serial:       018EE7852432964DD769E2510CD1F061F46D
Authority key identifier: 1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/b9zOLEVoPQr7s196Pu-Y2pScFuQ.roa
Signing time:             Tue 16 Apr 2024 15:27:26 +0000
ROA not before:           Tue 16 Apr 2024 15:27:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216024
IP address blocks:        109.120.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 07:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e7:85:24:32:96:4d:d7:69:e2:51:0c:d1:f0:61:f4:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
        Validity
            Not Before: Apr 16 15:27:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6fdcce2c45683d0afbb35f7a3eef98da949c16e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:d6:85:68:ed:f1:15:28:52:8a:0b:3f:ce:b7:
                    d1:d2:7e:e8:fa:e0:30:f1:91:36:21:31:20:71:f5:
                    61:8a:7b:15:ec:16:b0:35:71:66:c2:cf:48:8b:0a:
                    00:08:d6:7a:e0:2c:7c:96:95:e8:d4:eb:82:3c:8d:
                    d2:f6:af:ad:da:ff:c7:5a:1b:5b:cf:f6:07:fd:33:
                    16:bd:61:69:6f:ff:b6:35:1c:1f:e8:dd:52:40:6d:
                    a7:a5:28:b5:6c:ef:7a:d3:01:bf:cd:a9:11:19:47:
                    ce:f2:62:b8:3f:6f:71:fb:16:6f:40:ba:61:6a:e2:
                    10:de:25:21:29:b1:3a:44:8f:f8:1a:bf:62:9d:df:
                    0d:18:a6:13:8a:ff:c9:e3:7d:a2:45:91:73:1a:9c:
                    17:af:11:60:0b:f9:33:2d:73:6d:28:af:7b:86:41:
                    1c:66:99:1b:ae:e5:14:e2:e6:a1:73:a3:6e:f5:13:
                    b5:0e:a0:34:94:1d:76:73:43:94:ad:e3:04:80:8b:
                    49:9e:a2:77:b8:62:57:e1:6c:04:70:79:b3:7e:b4:
                    34:bd:b4:a8:ae:47:ea:ff:75:98:d6:1e:7d:86:c3:
                    f4:02:4c:7a:d3:57:f5:03:24:f3:db:b6:e0:c9:63:
                    ce:e6:f8:ad:bd:a8:4a:69:fd:eb:49:72:53:19:65:
                    84:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:DC:CE:2C:45:68:3D:0A:FB:B3:5F:7A:3E:EF:98:DA:94:9C:16:E4
            X509v3 Authority Key Identifier:
                keyid:1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/b9zOLEVoPQr7s196Pu-Y2pScFuQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.120.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:3e:07:00:73:8d:c2:85:b9:21:fd:72:e9:a5:56:f6:9a:48:
         bd:c7:17:2a:0a:2d:8a:f6:81:a7:eb:bb:13:70:8d:18:6c:33:
         a9:15:47:62:86:1a:4d:df:2d:2f:07:aa:84:0f:7b:28:4b:6a:
         8b:38:50:fb:3c:58:ad:48:da:f4:73:d5:d1:d1:8e:b7:fd:74:
         3b:1a:b0:22:f4:df:6e:fa:0e:c2:58:dc:10:e5:07:cb:50:fa:
         35:33:d0:28:25:52:7a:b7:c8:1c:0b:28:b9:a7:6b:68:f7:99:
         98:c4:1c:bc:6c:64:55:20:36:f2:48:4f:69:25:b7:96:da:98:
         06:38:f9:48:be:a8:0a:85:31:7f:63:f6:d0:82:09:ad:d3:3e:
         be:3c:bf:60:5a:98:2a:9e:aa:c5:07:79:ee:db:04:65:88:2b:
         fe:1a:ae:e8:14:c6:35:f5:e6:43:dd:4d:9f:91:24:73:dd:c1:
         82:7c:df:11:95:fd:d5:a3:8b:aa:f1:88:cc:d0:a4:be:6d:85:
         f7:ee:73:ab:18:65:75:b4:da:af:7f:6f:fe:54:14:2a:46:4a:
         51:72:21:62:7f:d2:c0:84:13:b4:f7:fd:5f:16:7b:11:ba:69:
         2c:fd:27:b0:70:b6:35:e4:f8:94:6b:ad:8d:85:ad:b7:d6:b6:
         1f:7e:0b:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7nhSQylk3XaeJRDNHwYfRtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMmMyMTlmM2MyOTdiNzc1ODgwYzNiNjUxYTIwMDNmOWJl
NmRlNWUwHhcNMjQwNDE2MTUyNzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmRjY2UyYzQ1NjgzZDBhZmJiMzVmN2EzZWVmOThkYTk0OWMxNmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAptaFaO3xFShSigs/zrfR0n7o+uAw
8ZE2ITEgcfVhinsV7BawNXFmws9IiwoACNZ64Cx8lpXo1OuCPI3S9q+t2v/HWhtb
z/YH/TMWvWFpb/+2NRwf6N1SQG2npSi1bO960wG/zakRGUfO8mK4P29x+xZvQLph
auIQ3iUhKbE6RI/4Gr9ind8NGKYTiv/J432iRZFzGpwXrxFgC/kzLXNtKK97hkEc
ZpkbruUU4uahc6Nu9RO1DqA0lB12c0OUreMEgItJnqJ3uGJX4WwEcHmzfrQ0vbSo
rkfq/3WY1h59hsP0Akx601f1AyTz27bgyWPO5vitvahKaf3rSXJTGWWEswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG/czixFaD0K+7Nfej7vmNqUnBbkMB8GA1UdIwQY
MBaAFBssIZ88KXt3WIDDtlGiAD+b5t5eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEt
OTJjODFmMjJlNzEyLzEvYjl6T0xFVm9QUXI3czE5NlB1LVkycFNjRnVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEtOTJjODFmMjJlNzEy
LzEvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXidMA0G
CSqGSIb3DQEBCwUAA4IBAQCNPgcAc43Chbkh/XLppVb2mki9xxcqCi2K9oGn67sT
cI0YbDOpFUdihhpN3y0vB6qED3soS2qLOFD7PFitSNr0c9XR0Y63/XQ7GrAi9N9u
+g7CWNwQ5QfLUPo1M9AoJVJ6t8gcCyi5p2to95mYxBy8bGRVIDbySE9pJbeW2pgG
OPlIvqgKhTF/Y/bQggmt0z6+PL9gWpgqnqrFB3nu2wRliCv+Gq7oFMY19eZD3U2f
kSRz3cGCfN8Rlf3Vo4uq8YjM0KS+bYX37nOrGGV1tNqvf2/+VBQqRkpRciFif9LA
hBO09/1fFnsRumks/SewcLY15PiUa62Nha231rYffguN
-----END CERTIFICATE-----