Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/a21bbe-ba4d-4e03-bef8-baffe3b677df/1/wjF-boaSBdJpFX21HtXG9GjSpyA.roa
File:                     wjF-boaSBdJpFX21HtXG9GjSpyA.roa (raw, json)
Hash identifier:          AbHr9ss+TI1KskPrNJWukMpmmelIuYFTcEXRCT6a0es=
Subject key identifier:   C2:31:7E:6E:86:92:05:D2:69:15:7D:B5:1E:D5:C6:F4:68:D2:A7:20
Certificate issuer:       /CN=607e13578c680ee98fdaad202370f10e3c282afc
Certificate serial:       019421B23B702203364AB714CA584C5D1705
Authority key identifier: 60:7E:13:57:8C:68:0E:E9:8F:DA:AD:20:23:70:F1:0E:3C:28:2A:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YH4TV4xoDumP2q0gI3DxDjwoKvw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/a21bbe-ba4d-4e03-bef8-baffe3b677df/1/wjF-boaSBdJpFX21HtXG9GjSpyA.roa
Signing time:             Wed 01 Jan 2025 11:48:36 +0000
ROA not before:           Wed 01 Jan 2025 11:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44066
IP address blocks:        109.232.120.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/a21bbe-ba4d-4e03-bef8-baffe3b677df/1/YH4TV4xoDumP2q0gI3DxDjwoKvw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/a21bbe-ba4d-4e03-bef8-baffe3b677df/1/YH4TV4xoDumP2q0gI3DxDjwoKvw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YH4TV4xoDumP2q0gI3DxDjwoKvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:3b:70:22:03:36:4a:b7:14:ca:58:4c:5d:17:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=607e13578c680ee98fdaad202370f10e3c282afc
        Validity
            Not Before: Jan  1 11:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c2317e6e869205d269157db51ed5c6f468d2a720
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:f2:3e:2b:98:ed:8c:3d:06:9c:17:de:3f:88:
                    0d:f7:7e:8f:0c:e0:91:fc:cd:6e:70:57:14:9c:8e:
                    58:bd:77:d4:4b:90:11:6b:5f:09:92:00:be:1e:7a:
                    d3:ce:9e:63:8f:48:35:5f:1c:eb:67:d3:c8:37:c3:
                    21:b9:a7:b0:ae:f2:4d:5f:23:61:fc:ce:ab:86:af:
                    a5:e9:5f:ca:b3:76:8b:46:10:b7:ab:f2:7e:d5:29:
                    08:3c:c6:4e:81:5d:01:bf:88:e8:d1:26:de:0d:70:
                    8a:45:3f:66:4f:ae:a6:4a:5e:25:39:e2:2d:17:54:
                    cf:89:76:e3:12:a2:ea:c9:1a:1b:7c:d6:28:04:66:
                    6a:93:af:78:b9:10:a6:5f:8f:b1:72:66:56:97:09:
                    7c:dd:29:57:34:1b:a3:ea:d4:6f:60:eb:22:c0:b0:
                    24:52:6c:37:37:a4:9e:e6:d4:4b:bb:8e:b3:45:e4:
                    72:51:82:3a:5e:2b:dd:9d:83:97:ac:d9:11:13:1b:
                    59:7e:11:7a:07:b0:bd:76:f4:2f:68:18:77:00:41:
                    0b:dc:93:64:90:14:7c:16:ca:7a:50:c4:78:43:12:
                    b2:da:2d:2f:bd:60:d6:e6:9a:46:2e:52:0a:f9:1c:
                    c5:c6:31:fd:56:b4:96:95:ad:07:a0:66:31:9e:31:
                    47:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:31:7E:6E:86:92:05:D2:69:15:7D:B5:1E:D5:C6:F4:68:D2:A7:20
            X509v3 Authority Key Identifier:
                keyid:60:7E:13:57:8C:68:0E:E9:8F:DA:AD:20:23:70:F1:0E:3C:28:2A:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YH4TV4xoDumP2q0gI3DxDjwoKvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/a21bbe-ba4d-4e03-bef8-baffe3b677df/1/wjF-boaSBdJpFX21HtXG9GjSpyA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/a21bbe-ba4d-4e03-bef8-baffe3b677df/1/YH4TV4xoDumP2q0gI3DxDjwoKvw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.232.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         28:50:25:15:af:4e:5d:84:60:92:2e:f1:c0:da:c4:5f:18:96:
         5e:3f:5c:83:33:55:7b:e8:1c:7b:a6:91:1c:5d:86:f5:61:0e:
         aa:05:ec:50:f5:a0:f9:09:45:66:99:3e:e1:ec:ee:9f:0b:bf:
         e0:e5:8a:17:31:4a:25:e7:c7:f1:40:c0:86:61:be:8c:6e:f7:
         f3:ab:8c:0e:40:e3:a1:e2:74:3c:63:10:12:90:bf:e3:0d:1c:
         ba:8a:05:dd:7f:97:fb:3d:7d:57:55:4e:ef:3a:cb:39:0a:63:
         fc:d0:32:e1:aa:f5:13:c1:99:e3:88:81:d9:fd:6c:b4:96:b8:
         06:8e:8c:f3:ed:fb:0b:1f:75:c8:c4:19:a9:dc:12:a1:20:ea:
         de:a8:01:42:28:d1:fa:39:67:a7:95:19:ac:37:4b:a7:67:c3:
         b0:c8:e8:e5:63:88:2f:56:2c:29:b0:85:3e:c3:52:93:ea:c2:
         db:7b:3a:24:99:fe:e5:fe:be:b3:79:46:7e:90:71:1f:66:78:
         8c:e9:5f:10:55:b5:6b:58:02:5c:02:59:26:61:f6:46:aa:61:
         7f:f1:70:13:95:70:33:07:2f:16:c3:0c:8b:9e:da:d9:03:d7:
         49:49:69:cf:a4:04:f3:cb:49:75:2e:ea:c3:89:34:91:d6:4e:
         fc:4d:af:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsjtwIgM2SrcUylhMXRcFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwN2UxMzU3OGM2ODBlZTk4ZmRhYWQyMDIzNzBmMTBlM2My
ODJhZmMwHhcNMjUwMTAxMTE0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjMxN2U2ZTg2OTIwNWQyNjkxNTdkYjUxZWQ1YzZmNDY4ZDJhNzIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApvI+K5jtjD0GnBfeP4gN936PDOCR
/M1ucFcUnI5YvXfUS5ARa18JkgC+HnrTzp5jj0g1XxzrZ9PIN8MhuaewrvJNXyNh
/M6rhq+l6V/Ks3aLRhC3q/J+1SkIPMZOgV0Bv4jo0SbeDXCKRT9mT66mSl4lOeIt
F1TPiXbjEqLqyRobfNYoBGZqk694uRCmX4+xcmZWlwl83SlXNBuj6tRvYOsiwLAk
Umw3N6Se5tRLu46zReRyUYI6XivdnYOXrNkRExtZfhF6B7C9dvQvaBh3AEEL3JNk
kBR8Fsp6UMR4QxKy2i0vvWDW5ppGLlIK+RzFxjH9VrSWla0HoGYxnjFHEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMIxfm6GkgXSaRV9tR7VxvRo0qcgMB8GA1UdIwQY
MBaAFGB+E1eMaA7pj9qtICNw8Q48KCr8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUg0VFY0eG9EdW1QMnEwZ0kzRHhEandvS3Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9hMjFiYmUtYmE0ZC00ZTAzLWJlZjgt
YmFmZmUzYjY3N2RmLzEvd2pGLWJvYVNCZEpwRlgyMUh0WEc5R2pTcHlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9hMjFiYmUtYmE0ZC00ZTAzLWJlZjgtYmFmZmUzYjY3N2Rm
LzEvWUg0VFY0eG9EdW1QMnEwZ0kzRHhEandvS3Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCbeh4MA0G
CSqGSIb3DQEBCwUAA4IBAQAoUCUVr05dhGCSLvHA2sRfGJZeP1yDM1V76Bx7ppEc
XYb1YQ6qBexQ9aD5CUVmmT7h7O6fC7/g5YoXMUol58fxQMCGYb6Mbvfzq4wOQOOh
4nQ8YxASkL/jDRy6igXdf5f7PX1XVU7vOss5CmP80DLhqvUTwZnjiIHZ/Wy0lrgG
jozz7fsLH3XIxBmp3BKhIOreqAFCKNH6OWenlRmsN0unZ8OwyOjlY4gvViwpsIU+
w1KT6sLbezokmf7l/r6zeUZ+kHEfZniM6V8QVbVrWAJcAlkmYfZGqmF/8XATlXAz
By8WwwyLntrZA9dJSWnPpATzy0l1LurDiTSR1k78Ta8Y
-----END CERTIFICATE-----