Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/8fxZqSR7j1jR2S4ISx2zF9kol2A.roa
File:                     8fxZqSR7j1jR2S4ISx2zF9kol2A.roa (raw, json)
Hash identifier:          RStWsPGRSU9cg/ezGKJDCAlagpXkuOpkp4aEPLU8EEE=
Subject key identifier:   F1:FC:59:A9:24:7B:8F:58:D1:D9:2E:08:4B:1D:B3:17:D9:28:97:60
Certificate issuer:       /CN=c1098a1905bbd3381533828f6b7fd227170431ef
Certificate serial:       0192BE50276F9961B815C0F04EAAE53D5B44
Authority key identifier: C1:09:8A:19:05:BB:D3:38:15:33:82:8F:6B:7F:D2:27:17:04:31:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wQmKGQW70zgVM4KPa3_SJxcEMe8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/8fxZqSR7j1jR2S4ISx2zF9kol2A.roa
Signing time:             Thu 24 Oct 2024 11:36:16 +0000
ROA not before:           Thu 24 Oct 2024 11:36:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20940
IP address blocks:        109.230.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/wQmKGQW70zgVM4KPa3_SJxcEMe8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/wQmKGQW70zgVM4KPa3_SJxcEMe8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wQmKGQW70zgVM4KPa3_SJxcEMe8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:be:50:27:6f:99:61:b8:15:c0:f0:4e:aa:e5:3d:5b:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1098a1905bbd3381533828f6b7fd227170431ef
        Validity
            Not Before: Oct 24 11:36:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f1fc59a9247b8f58d1d92e084b1db317d9289760
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:01:db:c0:95:47:cd:cb:49:57:b7:4b:b3:23:
                    bc:69:1f:46:c3:66:8a:ba:15:5f:c9:05:67:90:0a:
                    a7:81:1c:7a:44:d1:f8:28:c2:26:09:f6:5e:a4:ca:
                    86:b8:e0:9c:0d:a9:54:0e:0e:0e:6d:1c:e3:df:47:
                    32:74:a4:0b:f6:3c:70:a1:db:42:35:b8:66:99:c1:
                    1b:d0:98:4f:0b:88:e8:59:59:db:43:cf:f5:9f:b4:
                    ef:5b:48:1d:92:5f:3b:ad:2b:fe:40:ba:ec:f5:3f:
                    e4:a2:84:40:f6:ab:e1:c5:1b:09:65:f4:8d:e2:41:
                    5d:36:29:a9:61:9b:84:4e:17:43:83:09:21:28:85:
                    75:5f:9c:35:00:1f:f8:e4:d6:27:bd:f1:a9:ed:35:
                    e3:de:c9:2c:27:8a:ed:44:a7:af:8f:4c:b9:eb:cd:
                    54:d5:6d:e9:99:ba:f3:1a:93:dc:b9:ec:5f:ce:32:
                    29:83:8a:d2:1b:96:6e:93:70:f3:c4:17:dc:2e:2f:
                    3f:fa:95:2e:f1:31:cd:93:91:19:ee:d7:15:3e:f8:
                    68:44:25:27:92:f8:23:20:01:2d:73:87:79:c0:fe:
                    d0:e2:50:93:eb:2c:70:2e:6c:80:47:8c:f8:97:1b:
                    4d:55:28:bc:dc:ea:a8:8b:86:d3:90:18:39:4c:5c:
                    a9:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:FC:59:A9:24:7B:8F:58:D1:D9:2E:08:4B:1D:B3:17:D9:28:97:60
            X509v3 Authority Key Identifier:
                keyid:C1:09:8A:19:05:BB:D3:38:15:33:82:8F:6B:7F:D2:27:17:04:31:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wQmKGQW70zgVM4KPa3_SJxcEMe8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/8fxZqSR7j1jR2S4ISx2zF9kol2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/wQmKGQW70zgVM4KPa3_SJxcEMe8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.230.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:48:44:60:d4:a5:19:72:5b:56:04:43:09:31:dd:40:2d:e8:
         8f:09:f8:90:23:1a:41:2d:f2:ad:b2:0f:f4:cd:72:ea:a0:09:
         6a:9d:4d:ba:cf:48:1a:9a:d7:4c:bc:ad:e8:a9:7e:f1:26:30:
         2a:f3:45:3f:df:44:10:bc:63:6f:4c:7d:1d:e9:a6:b6:8a:d1:
         92:3a:a9:69:78:54:56:d1:c9:bd:93:5f:30:f5:71:4e:86:c3:
         c6:f7:71:d7:b8:d3:b3:58:21:18:77:74:d0:37:33:96:fc:8e:
         2e:12:93:b0:38:fe:87:71:ed:a8:78:95:60:47:6c:19:62:49:
         8b:d3:94:6c:96:3b:92:2b:a0:19:1f:f1:06:5d:ec:fa:6b:d1:
         02:18:1c:e4:e9:44:11:cc:21:ac:f9:10:f5:a9:fc:58:ba:7b:
         e4:75:f8:77:df:58:e2:bb:cd:e6:13:96:fe:34:ea:23:89:c1:
         b8:27:ce:b7:c1:47:8e:7c:36:48:9a:e2:48:40:b6:db:32:3e:
         f4:d7:a5:9a:cc:5d:c6:52:ed:42:62:d0:53:0d:6b:1f:b9:df:
         fc:92:15:86:ee:71:7a:b8:e7:0d:b8:72:0f:8b:67:f5:95:63:
         a1:05:ac:9d:37:2a:79:8f:06:7e:e1:67:e7:30:2d:eb:e0:ea:
         73:78:f4:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZK+UCdvmWG4FcDwTqrlPVtEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMDk4YTE5MDViYmQzMzgxNTMzODI4ZjZiN2ZkMjI3MTcw
NDMxZWYwHhcNMjQxMDI0MTEzNjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWZjNTlhOTI0N2I4ZjU4ZDFkOTJlMDg0YjFkYjMxN2Q5Mjg5NzYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwHbwJVHzctJV7dLsyO8aR9Gw2aK
uhVfyQVnkAqngRx6RNH4KMImCfZepMqGuOCcDalUDg4ObRzj30cydKQL9jxwodtC
NbhmmcEb0JhPC4joWVnbQ8/1n7TvW0gdkl87rSv+QLrs9T/kooRA9qvhxRsJZfSN
4kFdNimpYZuEThdDgwkhKIV1X5w1AB/45NYnvfGp7TXj3sksJ4rtRKevj0y5681U
1W3pmbrzGpPcuexfzjIpg4rSG5Zuk3DzxBfcLi8/+pUu8THNk5EZ7tcVPvhoRCUn
kvgjIAEtc4d5wP7Q4lCT6yxwLmyAR4z4lxtNVSi83Oqoi4bTkBg5TFypGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPH8Wakke49Y0dkuCEsdsxfZKJdgMB8GA1UdIwQY
MBaAFMEJihkFu9M4FTOCj2t/0icXBDHvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1FtS0dRVzcwemdWTTRLUGEzX1NKeGNFTWU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8yZWVkNzEtNDY2NS00OTQ4LWEzYzUt
YjJhNzEzZDJlYWIyLzEvOGZ4WnFTUjdqMWpSMlM0SVN4MnpGOWtvbDJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8yZWVkNzEtNDY2NS00OTQ4LWEzYzUtYjJhNzEzZDJlYWIy
LzEvd1FtS0dRVzcwemdWTTRLUGEzX1NKeGNFTWU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbeZ/MA0G
CSqGSIb3DQEBCwUAA4IBAQBcSERg1KUZcltWBEMJMd1ALeiPCfiQIxpBLfKtsg/0
zXLqoAlqnU26z0gamtdMvK3oqX7xJjAq80U/30QQvGNvTH0d6aa2itGSOqlpeFRW
0cm9k18w9XFOhsPG93HXuNOzWCEYd3TQNzOW/I4uEpOwOP6Hce2oeJVgR2wZYkmL
05RsljuSK6AZH/EGXez6a9ECGBzk6UQRzCGs+RD1qfxYunvkdfh331jiu83mE5b+
NOojicG4J863wUeOfDZImuJIQLbbMj7016WazF3GUu1CYtBTDWsfud/8khWG7nF6
uOcNuHIPi2f1lWOhBaydNyp5jwZ+4WfnMC3r4OpzePRI
-----END CERTIFICATE-----