Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/wT_wbXD63kRspn66-sCHN9HX56k.roa
File:                     wT_wbXD63kRspn66-sCHN9HX56k.roa (raw, json)
Hash identifier:          giCV77XuxHEuebQnQQQbW4oA8w7bEamDw12AkczJQ2A=
Subject key identifier:   C1:3F:F0:6D:70:FA:DE:44:6C:A6:7E:BA:FA:C0:87:37:D1:D7:E7:A9
Certificate issuer:       /CN=172537601a31697404922d957e74450f5a9cbe73
Certificate serial:       019422FC36BAC551236172DE6B24D47209ED
Authority key identifier: 17:25:37:60:1A:31:69:74:04:92:2D:95:7E:74:45:0F:5A:9C:BE:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FyU3YBoxaXQEki2VfnRFD1qcvnM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/wT_wbXD63kRspn66-sCHN9HX56k.roa
Signing time:             Wed 01 Jan 2025 17:49:01 +0000
ROA not before:           Wed 01 Jan 2025 17:49:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     26548
IP address blocks:        109.238.168.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/FyU3YBoxaXQEki2VfnRFD1qcvnM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/FyU3YBoxaXQEki2VfnRFD1qcvnM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FyU3YBoxaXQEki2VfnRFD1qcvnM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 02:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:36:ba:c5:51:23:61:72:de:6b:24:d4:72:09:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=172537601a31697404922d957e74450f5a9cbe73
        Validity
            Not Before: Jan  1 17:49:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c13ff06d70fade446ca67ebafac08737d1d7e7a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:85:fc:98:e3:c2:11:6d:65:1b:0d:b1:cb:68:
                    bc:a1:1a:0f:c2:93:b9:a5:85:7a:e4:90:46:3f:3b:
                    b4:1e:2a:26:40:b7:93:3b:fa:a3:41:e4:6d:73:7b:
                    aa:64:dc:3f:a3:0d:36:e4:61:31:7f:90:47:2c:83:
                    2d:4e:60:6f:4a:9e:fc:ab:f5:35:d9:e8:07:df:82:
                    cb:ea:92:00:e2:ab:61:5f:05:f3:ab:82:17:2a:d8:
                    ee:9e:68:7b:c9:8d:ac:58:d0:d4:0c:7d:29:6e:5d:
                    0d:91:41:7e:9a:d9:0a:c8:2d:c5:c7:f7:5d:f6:d6:
                    65:f7:fa:7a:d6:ed:0e:fb:6c:35:97:4e:14:db:65:
                    30:77:2f:92:be:59:78:f8:f5:a1:b9:8d:e6:ce:95:
                    aa:1f:65:4a:41:a8:3d:f3:ba:d0:c9:ad:aa:5c:f3:
                    ec:2e:90:da:6a:9b:3e:8d:c1:be:6e:09:25:8d:f0:
                    8c:70:13:64:b8:37:86:ae:c0:3e:c5:16:a0:61:47:
                    73:e6:83:66:81:9a:64:c7:d0:30:07:57:c5:04:91:
                    43:2c:4a:b8:54:94:7c:69:d8:9b:49:4f:10:fd:d9:
                    22:d6:41:32:57:da:93:15:af:bb:cd:1a:e3:22:f9:
                    87:5d:3e:a7:8f:23:14:02:1c:2c:91:c0:cf:05:2a:
                    a9:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:3F:F0:6D:70:FA:DE:44:6C:A6:7E:BA:FA:C0:87:37:D1:D7:E7:A9
            X509v3 Authority Key Identifier:
                keyid:17:25:37:60:1A:31:69:74:04:92:2D:95:7E:74:45:0F:5A:9C:BE:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FyU3YBoxaXQEki2VfnRFD1qcvnM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/wT_wbXD63kRspn66-sCHN9HX56k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/FyU3YBoxaXQEki2VfnRFD1qcvnM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.238.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         9a:42:09:e7:9b:b9:64:7c:5c:75:c9:e4:3e:df:43:ed:90:f5:
         85:95:1e:ba:cf:19:c3:7b:71:24:8a:8e:66:df:97:6e:f6:1d:
         ab:3f:90:c5:92:75:24:61:0d:02:d5:2a:7a:f6:ed:dc:f8:c1:
         45:19:8a:0d:c1:8d:57:64:e4:73:4e:d5:91:e7:b6:3d:50:8e:
         57:d0:c4:da:7f:f1:39:3f:f1:ca:d6:39:bc:da:d8:8a:57:46:
         aa:b7:c6:a1:58:cc:e6:32:0a:b7:f6:d9:4d:b8:2e:6a:c0:2f:
         a1:14:98:f9:cd:c0:93:57:1d:fb:4f:71:db:a4:07:e3:2d:04:
         36:05:01:eb:fa:a9:a3:c5:d1:4f:d6:1f:43:5f:d9:cb:34:e3:
         da:6f:d4:3b:87:a7:78:85:77:0c:7e:c8:86:21:8a:4a:3b:62:
         ca:74:99:21:37:25:37:0d:a1:72:03:43:c2:3e:39:33:5e:f5:
         9d:e8:39:a6:40:d3:d9:40:cb:7c:0b:90:fa:1a:ca:0d:dc:9b:
         93:43:a1:a7:44:6e:ac:87:03:0b:4d:f7:fb:e0:1c:4f:9b:62:
         93:98:03:c4:e3:35:24:c6:2c:bf:d9:e5:66:7a:64:af:d9:5e:
         b5:2b:2f:5e:9a:66:86:c9:08:58:4b:06:4b:d6:b3:22:59:ba:
         d1:4c:0b:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/Da6xVEjYXLeayTUcgntMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MjUzNzYwMWEzMTY5NzQwNDkyMmQ5NTdlNzQ0NTBmNWE5
Y2JlNzMwHhcNMjUwMTAxMTc0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTNmZjA2ZDcwZmFkZTQ0NmNhNjdlYmFmYWMwODczN2QxZDdlN2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYX8mOPCEW1lGw2xy2i8oRoPwpO5
pYV65JBGPzu0HiomQLeTO/qjQeRtc3uqZNw/ow025GExf5BHLIMtTmBvSp78q/U1
2egH34LL6pIA4qthXwXzq4IXKtjunmh7yY2sWNDUDH0pbl0NkUF+mtkKyC3Fx/dd
9tZl9/p61u0O+2w1l04U22Uwdy+Svll4+PWhuY3mzpWqH2VKQag987rQya2qXPPs
LpDaaps+jcG+bgkljfCMcBNkuDeGrsA+xRagYUdz5oNmgZpkx9AwB1fFBJFDLEq4
VJR8adibSU8Q/dki1kEyV9qTFa+7zRrjIvmHXT6njyMUAhwskcDPBSqp5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFME/8G1w+t5EbKZ+uvrAhzfR1+epMB8GA1UdIwQY
MBaAFBclN2AaMWl0BJItlX50RQ9anL5zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnlVM1lCb3hhWFFFa2kyVmZuUkZEMXFjdm5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny8yMTljYWUtMjY0ZC00NmE3LTllNjQt
ZTYwNGI2MWJlMGVhLzEvd1Rfd2JYRDYza1JzcG42Ni1zQ0hOOUhYNTZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny8yMTljYWUtMjY0ZC00NmE3LTllNjQtZTYwNGI2MWJlMGVh
LzEvRnlVM1lCb3hhWFFFa2kyVmZuUkZEMXFjdm5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDbe6oMA0G
CSqGSIb3DQEBCwUAA4IBAQCaQgnnm7lkfFx1yeQ+30PtkPWFlR66zxnDe3Ekio5m
35du9h2rP5DFknUkYQ0C1Sp69u3c+MFFGYoNwY1XZORzTtWR57Y9UI5X0MTaf/E5
P/HK1jm82tiKV0aqt8ahWMzmMgq39tlNuC5qwC+hFJj5zcCTVx37T3HbpAfjLQQ2
BQHr+qmjxdFP1h9DX9nLNOPab9Q7h6d4hXcMfsiGIYpKO2LKdJkhNyU3DaFyA0PC
PjkzXvWd6DmmQNPZQMt8C5D6GsoN3JuTQ6GnRG6shwMLTff74BxPm2KTmAPE4zUk
xiy/2eVmemSv2V61Ky9emmaGyQhYSwZL1rMiWbrRTAs2
-----END CERTIFICATE-----