Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/bc9174-a3d1-4058-aa0a-7cfb19f6e133/1/R2hIzPH7WznpzB3A9VGA94-nqD4.roa
File:                     R2hIzPH7WznpzB3A9VGA94-nqD4.roa (raw, json)
Hash identifier:          kT7LJSBIR26R77fVHHIPqJYdfVy6esu3U3f7NvLKrOU=
Subject key identifier:   47:68:48:CC:F1:FB:5B:39:E9:CC:1D:C0:F5:51:80:F7:8F:A7:A8:3E
Certificate issuer:       /CN=67cc3a523bea224a74bc96a4af4164c24786b82e
Certificate serial:       0194258F76E17FED4E102ED721D7AF765CDC
Authority key identifier: 67:CC:3A:52:3B:EA:22:4A:74:BC:96:A4:AF:41:64:C2:47:86:B8:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z8w6UjvqIkp0vJakr0FkwkeGuC4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/bc9174-a3d1-4058-aa0a-7cfb19f6e133/1/R2hIzPH7WznpzB3A9VGA94-nqD4.roa
Signing time:             Thu 02 Jan 2025 05:49:06 +0000
ROA not before:           Thu 02 Jan 2025 05:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39305
IP address blocks:        109.206.228.0/22 maxlen: 22
                          2a0d:c440::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/bc9174-a3d1-4058-aa0a-7cfb19f6e133/1/Z8w6UjvqIkp0vJakr0FkwkeGuC4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/bc9174-a3d1-4058-aa0a-7cfb19f6e133/1/Z8w6UjvqIkp0vJakr0FkwkeGuC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z8w6UjvqIkp0vJakr0FkwkeGuC4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:76:e1:7f:ed:4e:10:2e:d7:21:d7:af:76:5c:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67cc3a523bea224a74bc96a4af4164c24786b82e
        Validity
            Not Before: Jan  2 05:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=476848ccf1fb5b39e9cc1dc0f55180f78fa7a83e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:3d:20:3e:ca:c4:40:57:25:a7:f3:5f:a8:4d:
                    0e:58:ab:dc:de:8f:39:17:cf:98:56:f0:cb:31:6f:
                    be:19:6e:92:75:73:69:6a:96:8b:ad:14:da:33:74:
                    1d:f7:e6:67:f5:a2:c8:e5:fb:f8:7d:63:2e:f7:c6:
                    52:56:0c:fe:a4:b8:f1:48:86:67:7b:41:d1:df:95:
                    a6:cb:75:eb:4e:2d:90:7b:1d:06:05:63:fd:de:87:
                    7c:73:d1:fa:1b:53:ab:e7:07:99:b1:65:76:f5:a3:
                    20:3f:e8:32:c2:4c:6c:38:06:a6:cb:f7:8a:87:1b:
                    1c:82:71:36:64:82:e4:e7:e7:3e:4e:44:ed:8e:0e:
                    0c:31:8d:d4:19:a8:22:5a:01:71:a7:16:91:1e:45:
                    8a:4d:76:1f:60:dc:66:76:f0:77:0f:c7:e9:e3:a0:
                    a5:22:b7:8d:cb:db:a4:09:b2:ce:83:34:09:63:36:
                    f3:c2:e1:1a:28:19:1f:fd:2d:ab:41:cb:53:b9:ae:
                    d0:fd:83:9a:ee:c0:a6:a6:7f:b6:35:1b:d3:2a:4e:
                    d8:ac:f9:94:b8:3a:0b:b8:0b:93:53:42:bc:45:90:
                    c4:6b:8f:26:4e:ae:8e:21:e5:c0:9c:23:95:55:9b:
                    d8:95:a1:d0:cb:bd:84:ca:f7:13:dc:e7:73:46:bd:
                    8a:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:68:48:CC:F1:FB:5B:39:E9:CC:1D:C0:F5:51:80:F7:8F:A7:A8:3E
            X509v3 Authority Key Identifier:
                keyid:67:CC:3A:52:3B:EA:22:4A:74:BC:96:A4:AF:41:64:C2:47:86:B8:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z8w6UjvqIkp0vJakr0FkwkeGuC4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/bc9174-a3d1-4058-aa0a-7cfb19f6e133/1/R2hIzPH7WznpzB3A9VGA94-nqD4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/bc9174-a3d1-4058-aa0a-7cfb19f6e133/1/Z8w6UjvqIkp0vJakr0FkwkeGuC4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.206.228.0/22
                IPv6:
                  2a0d:c440::/29

    Signature Algorithm: sha256WithRSAEncryption
         19:0e:d7:ba:47:5c:16:0e:b6:a7:1d:86:ab:8b:40:05:cb:e4:
         f9:c4:7b:52:96:9a:6d:1b:ca:84:53:55:56:6a:8e:9d:2b:93:
         f5:64:fb:da:aa:39:e7:26:b2:ac:2d:96:3c:cc:a9:98:03:51:
         da:33:36:ee:e5:8a:74:0f:83:55:31:93:ed:af:1e:f2:86:49:
         6d:c3:d1:fc:77:a1:a2:2e:e6:00:04:cb:af:c6:ce:ef:ed:91:
         3e:27:de:14:1f:86:b9:b5:db:c8:70:c2:eb:08:d9:1d:a1:df:
         4f:e2:8e:c2:4a:a7:61:c9:ac:bb:c0:e2:39:7c:dc:f7:05:32:
         52:22:61:83:08:4a:60:fa:b2:94:02:75:fe:10:e6:a9:10:c5:
         29:62:08:f3:c4:23:5c:9c:13:eb:0d:72:2c:79:64:f6:1e:48:
         9d:d9:05:d3:72:40:03:65:db:48:e2:d6:75:48:57:42:3e:63:
         64:2f:dc:86:64:42:13:6d:f8:0a:85:06:70:dd:9e:13:80:67:
         0a:b7:3d:bc:91:ae:53:df:a8:c1:df:ea:23:80:1a:8e:b1:72:
         82:a3:35:50:2a:04:d9:6e:6f:e5:92:1c:25:55:ef:d5:88:ee:
         d8:d0:8e:b9:84:38:3e:f2:22:a9:4e:66:77:26:c6:00:66:90:
         c5:34:9b:ec
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlj3bhf+1OEC7XIdevdlzcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3Y2MzYTUyM2JlYTIyNGE3NGJjOTZhNGFmNDE2NGMyNDc4
NmI4MmUwHhcNMjUwMTAyMDU0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzY4NDhjY2YxZmI1YjM5ZTljYzFkYzBmNTUxODBmNzhmYTdhODNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyD0gPsrEQFclp/NfqE0OWKvc3o85
F8+YVvDLMW++GW6SdXNpapaLrRTaM3Qd9+Zn9aLI5fv4fWMu98ZSVgz+pLjxSIZn
e0HR35Wmy3XrTi2Qex0GBWP93od8c9H6G1Or5weZsWV29aMgP+gywkxsOAamy/eK
hxscgnE2ZILk5+c+TkTtjg4MMY3UGagiWgFxpxaRHkWKTXYfYNxmdvB3D8fp46Cl
IreNy9ukCbLOgzQJYzbzwuEaKBkf/S2rQctTua7Q/YOa7sCmpn+2NRvTKk7YrPmU
uDoLuAuTU0K8RZDEa48mTq6OIeXAnCOVVZvYlaHQy72EyvcT3OdzRr2KAQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEdoSMzx+1s56cwdwPVRgPePp6g+MB8GA1UdIwQY
MBaAFGfMOlI76iJKdLyWpK9BZMJHhrguMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjh3NlVqdnFJa3Awdkpha3IwRmt3a2VHdUM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9iYzkxNzQtYTNkMS00MDU4LWFhMGEt
N2NmYjE5ZjZlMTMzLzEvUjJoSXpQSDdXem5wekIzQTlWR0E5NC1ucUQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9iYzkxNzQtYTNkMS00MDU4LWFhMGEtN2NmYjE5ZjZlMTMz
LzEvWjh3NlVqdnFJa3Awdkpha3IwRmt3a2VHdUM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCbc7kMA0E
AgACMAcDBQMqDcRAMA0GCSqGSIb3DQEBCwUAA4IBAQAZDte6R1wWDranHYari0AF
y+T5xHtSlpptG8qEU1VWao6dK5P1ZPvaqjnnJrKsLZY8zKmYA1HaMzbu5Yp0D4NV
MZPtrx7yhkltw9H8d6GiLuYABMuvxs7v7ZE+J94UH4a5tdvIcMLrCNkdod9P4o7C
Sqdhyay7wOI5fNz3BTJSImGDCEpg+rKUAnX+EOapEMUpYgjzxCNcnBPrDXIseWT2
Hkid2QXTckADZdtI4tZ1SFdCPmNkL9yGZEITbfgKhQZw3Z4TgGcKtz28ka5T36jB
3+ojgBqOsXKCozVQKgTZbm/lkhwlVe/ViO7Y0I65hDg+8iKpTmZ3JsYAZpDFNJvs
-----END CERTIFICATE-----