Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/edFtX7hSS2bORCT2pxwDXn_nNGY.roa
File:                     edFtX7hSS2bORCT2pxwDXn_nNGY.roa (raw, json)
Hash identifier:          V2zemCSlLMhLeXP3poi1BJARqBVyr+5YSm7xcfWFp94=
Subject key identifier:   79:D1:6D:5F:B8:52:4B:66:CE:44:24:F6:A7:1C:03:5E:7F:E7:34:66
Certificate issuer:       /CN=ed6da9e41686d21c12799c8e84b274aa8241508c
Certificate serial:       018CC6B7818081390E28D0860C7151C251E4
Authority key identifier: ED:6D:A9:E4:16:86:D2:1C:12:79:9C:8E:84:B2:74:AA:82:41:50:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/edFtX7hSS2bORCT2pxwDXn_nNGY.roa
Signing time:             Mon 01 Jan 2024 20:29:24 +0000
ROA not before:           Mon 01 Jan 2024 20:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43395
IP address blocks:        109.122.240.0/23 maxlen: 23
                          109.122.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:81:80:81:39:0e:28:d0:86:0c:71:51:c2:51:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed6da9e41686d21c12799c8e84b274aa8241508c
        Validity
            Not Before: Jan  1 20:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=79d16d5fb8524b66ce4424f6a71c035e7fe73466
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:00:3c:3e:79:68:cf:7a:f9:7e:71:48:8e:5f:
                    0f:b7:82:fd:b6:ae:10:c0:25:95:30:00:50:72:bb:
                    ec:3b:93:54:a0:0b:c9:68:8c:96:75:b6:3b:32:58:
                    30:3c:d9:85:06:e1:63:94:05:1b:ef:f7:fa:86:65:
                    1b:54:9f:d9:d5:2d:26:19:a2:26:43:75:84:c4:a0:
                    0d:18:cf:ba:f3:8e:c8:40:dc:06:22:90:88:00:86:
                    3d:4b:1f:16:68:f4:bb:0c:cc:5b:b9:6c:fe:85:02:
                    34:ff:de:85:c9:8f:16:34:e2:5d:1e:3e:f0:c9:b8:
                    f9:11:07:d7:dc:d7:ad:60:ee:45:44:81:99:3c:f3:
                    cb:70:49:dc:cf:49:5b:86:4f:21:1a:60:df:04:c9:
                    1b:af:04:46:c2:db:77:78:35:69:21:48:6c:c7:25:
                    17:12:b4:95:58:e3:8e:b6:fa:07:46:20:52:f5:c5:
                    19:7d:21:d7:ef:e0:50:af:af:73:e9:72:96:40:c9:
                    22:73:c7:ba:52:9e:55:08:49:5a:44:5e:c2:c7:bb:
                    9e:60:ad:ec:50:d3:3d:82:73:9a:98:51:d6:f2:5c:
                    1f:3d:4b:da:e9:51:74:3d:35:f1:55:69:2b:0e:f8:
                    24:1f:a2:51:7a:3c:bf:ab:d4:d5:d8:4e:2b:02:1b:
                    6c:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:D1:6D:5F:B8:52:4B:66:CE:44:24:F6:A7:1C:03:5E:7F:E7:34:66
            X509v3 Authority Key Identifier:
                keyid:ED:6D:A9:E4:16:86:D2:1C:12:79:9C:8E:84:B2:74:AA:82:41:50:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/edFtX7hSS2bORCT2pxwDXn_nNGY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.240.0-109.122.242.255

    Signature Algorithm: sha256WithRSAEncryption
         4d:7d:cf:6a:06:14:83:37:de:75:7f:e8:ea:5c:e4:c4:34:85:
         bf:3f:cb:28:6a:93:5d:1d:9e:87:1f:6f:6a:8e:c6:ab:a1:81:
         4f:05:cd:71:1e:5c:2d:76:f1:81:d4:9d:67:f0:40:3b:9f:ed:
         d8:49:43:38:5d:35:4f:c3:55:18:78:12:cc:27:1a:ac:ca:9b:
         7a:42:3d:99:5c:9b:39:b7:db:2e:d9:7d:ad:fb:e9:5d:da:cd:
         a1:79:d0:22:38:17:c4:c7:e8:b0:83:68:20:14:d2:0e:e5:ee:
         0b:07:b9:d1:e0:a7:69:fb:0e:1e:54:4c:91:74:86:66:dc:bc:
         b7:5e:09:cf:ba:af:21:2c:00:8c:ff:06:39:a1:a0:30:15:cb:
         3e:3f:43:a0:23:1b:ed:35:ee:93:77:f9:7d:62:b8:44:17:26:
         21:d8:2e:6a:55:2a:0f:c3:52:7d:ea:b9:f1:0f:57:d1:03:5e:
         20:35:dc:22:18:7b:94:eb:42:ab:37:a4:e8:d0:51:33:c8:52:
         2b:f6:b3:e2:9c:c9:00:08:36:18:2a:13:cd:d8:68:9e:99:81:
         81:06:c3:67:e1:76:52:f5:ce:8e:61:a0:69:1e:d7:49:83:83:
         b9:85:cb:c2:e6:85:34:c8:c8:a0:5a:c7:50:1a:89:74:7c:3b:
         41:89:14:6c
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzGt4GAgTkOKNCGDHFRwlHkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNmRhOWU0MTY4NmQyMWMxMjc5OWM4ZTg0YjI3NGFhODI0
MTUwOGMwHhcNMjQwMTAxMjAyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWQxNmQ1ZmI4NTI0YjY2Y2U0NDI0ZjZhNzFjMDM1ZTdmZTczNDY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgQA8Pnloz3r5fnFIjl8Pt4L9tq4Q
wCWVMABQcrvsO5NUoAvJaIyWdbY7MlgwPNmFBuFjlAUb7/f6hmUbVJ/Z1S0mGaIm
Q3WExKANGM+6847IQNwGIpCIAIY9Sx8WaPS7DMxbuWz+hQI0/96FyY8WNOJdHj7w
ybj5EQfX3NetYO5FRIGZPPPLcEncz0lbhk8hGmDfBMkbrwRGwtt3eDVpIUhsxyUX
ErSVWOOOtvoHRiBS9cUZfSHX7+BQr69z6XKWQMkic8e6Up5VCElaRF7Cx7ueYK3s
UNM9gnOamFHW8lwfPUva6VF0PTXxVWkrDvgkH6JRejy/q9TV2E4rAhtsqwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHnRbV+4UktmzkQk9qccA15/5zRmMB8GA1UdIwQY
MBaAFO1tqeQWhtIcEnmcjoSydKqCQVCMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1cycDVCYUcwaHdTZVp5T2hMSjBxb0pCVUl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9hYzAxN2MtZmYyOS00M2NmLWEzZDYt
MjlmMWJlYjJmMjgyLzEvZWRGdFg3aFNTMmJPUkNUMnB4d0RYbl9uTkdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9hYzAxN2MtZmYyOS00M2NmLWEzZDYtMjlmMWJlYjJmMjgy
LzEvN1cycDVCYUcwaHdTZVp5T2hMSjBxb0pCVUl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBARtevAD
BABtevIwDQYJKoZIhvcNAQELBQADggEBAE19z2oGFIM33nV/6Opc5MQ0hb8/yyhq
k10dnocfb2qOxquhgU8FzXEeXC128YHUnWfwQDuf7dhJQzhdNU/DVRh4EswnGqzK
m3pCPZlcmzm32y7Zfa376V3azaF50CI4F8TH6LCDaCAU0g7l7gsHudHgp2n7Dh5U
TJF0hmbcvLdeCc+6ryEsAIz/BjmhoDAVyz4/Q6AjG+017pN3+X1iuEQXJiHYLmpV
Kg/DUn3qufEPV9EDXiA13CIYe5TrQqs3pOjQUTPIUiv2s+KcyQAINhgqE83YaJ6Z
gYEGw2fhdlL1zo5hoGke10mDg7mFy8LmhTTIyKBax1AaiXR8O0GJFGw=
-----END CERTIFICATE-----