Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/f10e0e-16ca-48b0-abdc-c14f6ba25cb0/1/TfR0wDApdyMIYllhxPcsoSfbhXc.roa
File:                     TfR0wDApdyMIYllhxPcsoSfbhXc.roa (raw, json)
Hash identifier:          kP7qq1/M/ZKy17F+zOlshrvU5X3wdIPQU/M/r1C1Ypg=
Subject key identifier:   4D:F4:74:C0:30:29:77:23:08:62:59:61:C4:F7:2C:A1:27:DB:85:77
Certificate issuer:       /CN=26425863c309f2655b884c1600394c4338e7fb41
Certificate serial:       018CC94D2DAE34881AEE87500C4F27AE8213
Authority key identifier: 26:42:58:63:C3:09:F2:65:5B:88:4C:16:00:39:4C:43:38:E7:FB:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JkJYY8MJ8mVbiEwWADlMQzjn-0E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/f10e0e-16ca-48b0-abdc-c14f6ba25cb0/1/TfR0wDApdyMIYllhxPcsoSfbhXc.roa
Signing time:             Tue 02 Jan 2024 08:32:07 +0000
ROA not before:           Tue 02 Jan 2024 08:32:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210511
IP address blocks:        109.107.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/f10e0e-16ca-48b0-abdc-c14f6ba25cb0/1/JkJYY8MJ8mVbiEwWADlMQzjn-0E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/f10e0e-16ca-48b0-abdc-c14f6ba25cb0/1/JkJYY8MJ8mVbiEwWADlMQzjn-0E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JkJYY8MJ8mVbiEwWADlMQzjn-0E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 02:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:2d:ae:34:88:1a:ee:87:50:0c:4f:27:ae:82:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=26425863c309f2655b884c1600394c4338e7fb41
        Validity
            Not Before: Jan  2 08:32:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4df474c03029772308625961c4f72ca127db8577
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:5e:33:f9:22:46:b4:29:c1:ac:95:49:c9:7f:
                    b0:42:fe:3a:52:53:d5:fb:79:20:3c:7f:bc:8a:a6:
                    f5:fb:fd:c0:7b:c6:bf:da:36:41:6c:0b:7c:51:92:
                    d2:d5:1a:47:e8:e1:8d:1b:78:4e:38:fa:47:1f:36:
                    f0:0b:08:0f:60:d8:81:94:e2:d6:1e:d8:6e:34:35:
                    2a:92:5f:c1:c4:8d:67:fa:b2:1c:44:c1:1d:c1:37:
                    77:de:b3:90:7f:f3:96:d4:fa:93:57:54:4a:a0:49:
                    39:17:55:4c:ce:07:f1:05:8b:ef:8d:b0:b2:e6:8e:
                    58:1c:21:32:26:8a:d8:5d:c4:20:e2:6b:38:20:e9:
                    d6:52:f0:f4:b3:2a:b0:86:33:d4:f7:35:0a:2a:09:
                    c0:3d:dd:2a:5b:d1:0c:3a:b8:34:7b:c2:b2:99:35:
                    b0:76:4f:10:7c:15:cd:6a:c1:28:4f:31:83:bb:d4:
                    10:f8:e1:c7:12:3d:9e:f2:8b:04:bd:db:58:90:73:
                    56:9a:8f:7d:a2:0d:19:d4:17:bc:23:f0:aa:ca:5c:
                    4d:61:dd:49:5c:e0:ac:44:cc:0e:b1:a6:ab:a6:37:
                    5e:f2:bb:2b:70:de:d4:2c:ec:8c:e1:9d:ee:45:53:
                    93:29:87:b5:94:a9:df:a9:28:fa:10:8f:e2:8a:fa:
                    43:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:F4:74:C0:30:29:77:23:08:62:59:61:C4:F7:2C:A1:27:DB:85:77
            X509v3 Authority Key Identifier:
                keyid:26:42:58:63:C3:09:F2:65:5B:88:4C:16:00:39:4C:43:38:E7:FB:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JkJYY8MJ8mVbiEwWADlMQzjn-0E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/f10e0e-16ca-48b0-abdc-c14f6ba25cb0/1/TfR0wDApdyMIYllhxPcsoSfbhXc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/f10e0e-16ca-48b0-abdc-c14f6ba25cb0/1/JkJYY8MJ8mVbiEwWADlMQzjn-0E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.107.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:32:4d:01:ef:43:74:df:8d:9a:27:cd:51:99:e7:15:7c:16:
         d5:75:65:a7:c5:ae:1e:e5:4c:29:5f:13:a6:8d:0a:e4:4c:8b:
         a9:e6:65:f1:34:1a:b7:eb:b9:fc:c3:49:f3:a2:90:02:96:4e:
         03:90:ba:24:b5:17:6d:55:0e:22:bf:30:c7:93:64:05:25:c5:
         03:42:32:76:46:37:e7:7b:bb:e0:c9:8e:85:8c:de:8a:eb:f2:
         9e:85:ab:4f:d1:ba:f0:76:77:95:d5:a0:ac:26:b5:08:00:f1:
         f7:7f:60:90:da:a1:ac:8d:58:a5:dd:35:e4:eb:38:36:87:cb:
         c1:2c:32:a4:96:d8:ca:f8:e1:74:03:dd:dd:1d:7c:3d:44:52:
         a4:74:a0:d8:72:f2:ba:b6:2e:3c:32:17:1d:74:70:d6:da:16:
         7e:41:d5:f4:87:67:1a:92:2f:5b:f1:a1:ac:db:79:a2:d6:cf:
         d2:8c:08:47:07:24:23:46:3f:0b:75:b8:8e:68:47:bc:9f:ad:
         7f:b3:3a:e7:6f:62:3b:67:c9:93:ce:a0:c1:bc:a3:79:48:26:
         b5:9f:6b:6d:54:34:6c:88:67:d1:10:f2:fd:46:d4:9c:87:b9:
         ac:0d:f0:50:51:45:c5:c3:bb:c4:7e:b6:db:26:cc:f3:6b:6c:
         8f:48:3d:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTS2uNIga7odQDE8nroITMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NDI1ODYzYzMwOWYyNjU1Yjg4NGMxNjAwMzk0YzQzMzhl
N2ZiNDEwHhcNMjQwMTAyMDgzMjA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGY0NzRjMDMwMjk3NzIzMDg2MjU5NjFjNGY3MmNhMTI3ZGI4NTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF4z+SJGtCnBrJVJyX+wQv46UlPV
+3kgPH+8iqb1+/3Ae8a/2jZBbAt8UZLS1RpH6OGNG3hOOPpHHzbwCwgPYNiBlOLW
HthuNDUqkl/BxI1n+rIcRMEdwTd33rOQf/OW1PqTV1RKoEk5F1VMzgfxBYvvjbCy
5o5YHCEyJorYXcQg4ms4IOnWUvD0syqwhjPU9zUKKgnAPd0qW9EMOrg0e8KymTWw
dk8QfBXNasEoTzGDu9QQ+OHHEj2e8osEvdtYkHNWmo99og0Z1Be8I/CqylxNYd1J
XOCsRMwOsaarpjde8rsrcN7ULOyM4Z3uRVOTKYe1lKnfqSj6EI/iivpDmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE30dMAwKXcjCGJZYcT3LKEn24V3MB8GA1UdIwQY
MBaAFCZCWGPDCfJlW4hMFgA5TEM45/tBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmtKWVk4TUo4bVZiaUV3V0FEbE1RempuLTBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9mMTBlMGUtMTZjYS00OGIwLWFiZGMt
YzE0ZjZiYTI1Y2IwLzEvVGZSMHdEQXBkeU1JWWxsaHhQY3NvU2ZiaFhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9mMTBlMGUtMTZjYS00OGIwLWFiZGMtYzE0ZjZiYTI1Y2Iw
LzEvSmtKWVk4TUo4bVZiaUV3V0FEbE1RempuLTBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbWuaMA0G
CSqGSIb3DQEBCwUAA4IBAQCOMk0B70N0342aJ81RmecVfBbVdWWnxa4e5UwpXxOm
jQrkTIup5mXxNBq367n8w0nzopAClk4DkLoktRdtVQ4ivzDHk2QFJcUDQjJ2Rjfn
e7vgyY6FjN6K6/KehatP0brwdneV1aCsJrUIAPH3f2CQ2qGsjVil3TXk6zg2h8vB
LDKkltjK+OF0A93dHXw9RFKkdKDYcvK6ti48MhcddHDW2hZ+QdX0h2caki9b8aGs
23mi1s/SjAhHByQjRj8LdbiOaEe8n61/szrnb2I7Z8mTzqDBvKN5SCa1n2ttVDRs
iGfREPL9RtSch7msDfBQUUXFw7vEfrbbJszza2yPSD0H
-----END CERTIFICATE-----