Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/yoFz9g0HyqvVvYk6wjKS2k3SDaA.roa
File:                     yoFz9g0HyqvVvYk6wjKS2k3SDaA.roa (raw, json)
Hash identifier:          RtYaR0baCg3KQgtOunuEe+2SPtBnh8hWLo1bk7o9nWg=
Subject key identifier:   CA:81:73:F6:0D:07:CA:AB:D5:BD:89:3A:C2:32:92:DA:4D:D2:0D:A0
Certificate issuer:       /CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
Certificate serial:       019156819AEB9D358C4F7F2FC6FF85F2A02F
Authority key identifier: 1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/yoFz9g0HyqvVvYk6wjKS2k3SDaA.roa
Signing time:             Thu 15 Aug 2024 14:46:59 +0000
ROA not before:           Thu 15 Aug 2024 14:46:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212165
IP address blocks:        109.120.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:56:81:9a:eb:9d:35:8c:4f:7f:2f:c6:ff:85:f2:a0:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
        Validity
            Not Before: Aug 15 14:46:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca8173f60d07caabd5bd893ac23292da4dd20da0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:1b:35:3f:3e:36:b5:93:9d:65:d2:1a:91:9d:
                    9e:68:69:5b:6b:4c:76:8d:93:80:58:c0:8a:4d:22:
                    e9:2d:9e:73:11:a2:f3:97:75:d5:48:6a:46:8d:3e:
                    f9:51:a9:d9:c6:3a:4a:a2:f0:b8:a2:7f:ad:5d:79:
                    15:81:93:b3:d8:0f:c6:ed:3f:d7:d4:f5:00:6d:97:
                    da:6b:ae:5e:a0:48:91:76:17:eb:25:ab:b4:28:cf:
                    3d:ef:0e:0a:13:88:ba:be:15:35:42:35:66:36:38:
                    1d:cd:9d:7e:f4:d8:10:4e:49:ac:e5:60:30:5c:c9:
                    8e:2d:35:bb:59:71:34:f5:69:d0:07:9c:4e:66:9d:
                    73:c3:79:e4:13:b1:2e:8c:06:fb:05:f1:ed:75:92:
                    80:4f:83:6d:94:7c:db:22:fb:29:d0:f2:d1:77:3d:
                    29:d5:87:8a:a8:ba:5e:6e:74:d5:0b:6b:19:30:83:
                    3b:b4:28:93:b2:fa:de:6d:f4:e9:6b:f2:c1:5c:e8:
                    50:20:96:fd:72:d1:10:1c:d0:8e:e7:25:75:9d:6e:
                    e1:c5:cc:4b:a6:1d:93:83:87:de:f0:d3:33:a4:69:
                    e7:4c:d4:26:1a:5a:5c:7c:ee:42:16:aa:66:2c:22:
                    13:47:24:5a:36:5c:4a:49:17:44:22:01:ca:5a:d5:
                    73:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:81:73:F6:0D:07:CA:AB:D5:BD:89:3A:C2:32:92:DA:4D:D2:0D:A0
            X509v3 Authority Key Identifier:
                keyid:1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/yoFz9g0HyqvVvYk6wjKS2k3SDaA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.120.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:f9:44:be:35:de:4a:e4:94:de:6d:bc:e4:44:e1:77:30:ee:
         0c:f4:37:9d:5e:87:23:c1:ca:99:44:8a:00:99:16:5b:35:5e:
         ea:ee:59:94:eb:42:f4:57:c8:ac:6b:e1:74:57:9f:2b:f6:96:
         6c:12:89:93:fa:5a:8a:cf:8f:88:5b:81:c7:87:19:02:fa:00:
         34:18:ec:7a:59:dd:5e:64:ae:c1:09:a8:8e:f5:3d:6e:e4:fc:
         bf:0f:f4:91:80:bb:20:a6:f3:56:77:b7:12:45:97:15:2c:a5:
         66:22:ee:f6:c7:1c:83:5f:82:96:ad:fe:65:cc:a1:12:44:55:
         c4:68:e9:f1:1e:58:93:2a:be:17:c6:48:a3:54:da:ae:e4:37:
         7b:a6:c8:6a:e8:0e:80:87:8e:5f:31:f8:cf:b6:6d:40:0a:77:
         75:c2:c9:96:84:88:33:35:f4:20:68:4e:8a:ce:3a:25:3e:a8:
         3d:f3:64:2c:49:56:af:dd:0c:6b:87:86:c9:30:21:aa:e1:c1:
         63:f6:61:4e:96:73:62:cb:33:75:bf:79:d3:66:68:6b:75:34:
         91:52:94:18:51:47:30:69:4e:60:1d:cd:51:a9:62:82:25:45:
         66:0c:26:90:05:fc:54:4b:23:ba:36:21:62:5e:97:ab:48:9b:
         1a:8b:48:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFWgZrrnTWMT38vxv+F8qAvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMmMyMTlmM2MyOTdiNzc1ODgwYzNiNjUxYTIwMDNmOWJl
NmRlNWUwHhcNMjQwODE1MTQ0NjU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTgxNzNmNjBkMDdjYWFiZDViZDg5M2FjMjMyOTJkYTRkZDIwZGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwRs1Pz42tZOdZdIakZ2eaGlba0x2
jZOAWMCKTSLpLZ5zEaLzl3XVSGpGjT75UanZxjpKovC4on+tXXkVgZOz2A/G7T/X
1PUAbZfaa65eoEiRdhfrJau0KM897w4KE4i6vhU1QjVmNjgdzZ1+9NgQTkms5WAw
XMmOLTW7WXE09WnQB5xOZp1zw3nkE7EujAb7BfHtdZKAT4NtlHzbIvsp0PLRdz0p
1YeKqLpebnTVC2sZMIM7tCiTsvrebfTpa/LBXOhQIJb9ctEQHNCO5yV1nW7hxcxL
ph2Tg4fe8NMzpGnnTNQmGlpcfO5CFqpmLCITRyRaNlxKSRdEIgHKWtVzfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMqBc/YNB8qr1b2JOsIyktpN0g2gMB8GA1UdIwQY
MBaAFBssIZ88KXt3WIDDtlGiAD+b5t5eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEt
OTJjODFmMjJlNzEyLzEveW9GejlnMEh5cXZWdllrNndqS1MyazNTRGFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEtOTJjODFmMjJlNzEy
LzEvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXifMA0G
CSqGSIb3DQEBCwUAA4IBAQAr+US+Nd5K5JTebbzkROF3MO4M9DedXocjwcqZRIoA
mRZbNV7q7lmU60L0V8isa+F0V58r9pZsEomT+lqKz4+IW4HHhxkC+gA0GOx6Wd1e
ZK7BCaiO9T1u5Py/D/SRgLsgpvNWd7cSRZcVLKVmIu72xxyDX4KWrf5lzKESRFXE
aOnxHliTKr4XxkijVNqu5Dd7pshq6A6Ah45fMfjPtm1ACnd1wsmWhIgzNfQgaE6K
zjolPqg982QsSVav3Qxrh4bJMCGq4cFj9mFOlnNiyzN1v3nTZmhrdTSRUpQYUUcw
aU5gHc1RqWKCJUVmDCaQBfxUSyO6NiFiXperSJsai0jm
-----END CERTIFICATE-----