Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/yirmRb8tPKv1RajY0nGbVUtctKk.roa
File:                     yirmRb8tPKv1RajY0nGbVUtctKk.roa (raw, json)
Hash identifier:          0QuORams0ApEyzjdjvhDzMgX8t13KN+Y3UOqvbsgaYE=
Subject key identifier:   CA:2A:E6:45:BF:2D:3C:AB:F5:45:A8:D8:D2:71:9B:55:4B:5C:B4:A9
Certificate issuer:       /CN=c1098a1905bbd3381533828f6b7fd227170431ef
Certificate serial:       01934A40A1738AE9AAEAA7EB691FB656BA83
Authority key identifier: C1:09:8A:19:05:BB:D3:38:15:33:82:8F:6B:7F:D2:27:17:04:31:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wQmKGQW70zgVM4KPa3_SJxcEMe8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/yirmRb8tPKv1RajY0nGbVUtctKk.roa
Signing time:             Wed 20 Nov 2024 15:46:09 +0000
ROA not before:           Wed 20 Nov 2024 15:46:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16625
IP address blocks:        109.230.116.0/22 maxlen: 22
                          109.230.116.0/24 maxlen: 24
                          109.230.117.0/24 maxlen: 24
                          109.230.118.0/24 maxlen: 24
                          109.230.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/wQmKGQW70zgVM4KPa3_SJxcEMe8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/wQmKGQW70zgVM4KPa3_SJxcEMe8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wQmKGQW70zgVM4KPa3_SJxcEMe8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4a:40:a1:73:8a:e9:aa:ea:a7:eb:69:1f:b6:56:ba:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1098a1905bbd3381533828f6b7fd227170431ef
        Validity
            Not Before: Nov 20 15:46:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca2ae645bf2d3cabf545a8d8d2719b554b5cb4a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:c8:8d:7b:89:32:e9:cb:98:83:be:80:d9:16:
                    de:5d:e1:50:f7:38:a8:8a:be:be:ce:8e:85:45:97:
                    31:5b:0d:46:03:35:13:06:43:cc:1d:b5:fb:fb:8b:
                    eb:93:d1:9e:ef:3e:8a:37:d0:1b:7c:c1:fb:c2:53:
                    00:a6:99:1c:e5:41:08:00:f8:12:9f:0e:65:7a:ff:
                    44:ab:9c:b0:3c:fd:93:60:98:96:a2:5c:63:91:2e:
                    f2:21:1f:b8:e6:37:f8:19:8b:34:44:3a:f9:15:83:
                    97:58:dd:c8:53:a6:10:5f:04:62:32:61:0f:b5:95:
                    f7:18:8f:48:f0:80:0d:a6:bf:60:3a:36:6b:9e:13:
                    5c:40:b7:d3:c3:93:34:6f:16:0b:3e:26:25:cd:bf:
                    01:97:83:0b:59:fa:7e:9e:77:84:be:be:a4:6d:1d:
                    6f:95:87:af:4f:f8:78:9e:1c:90:51:2a:8d:b0:30:
                    ac:41:95:20:29:df:c3:e6:b1:96:7e:e7:93:98:a8:
                    f6:40:47:e4:fb:3a:47:1b:07:31:20:29:4c:be:26:
                    7b:27:37:f1:b9:48:26:2b:e2:fa:24:44:8b:60:e6:
                    bd:3d:55:3e:54:78:ab:13:07:50:09:e5:33:ce:fd:
                    8d:08:d6:cf:8d:9c:92:6c:9f:0b:12:e0:fd:cc:cb:
                    5e:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:2A:E6:45:BF:2D:3C:AB:F5:45:A8:D8:D2:71:9B:55:4B:5C:B4:A9
            X509v3 Authority Key Identifier:
                keyid:C1:09:8A:19:05:BB:D3:38:15:33:82:8F:6B:7F:D2:27:17:04:31:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wQmKGQW70zgVM4KPa3_SJxcEMe8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/yirmRb8tPKv1RajY0nGbVUtctKk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/wQmKGQW70zgVM4KPa3_SJxcEMe8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.230.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6f:3e:f6:9f:61:39:eb:f9:b5:61:a8:14:65:ea:0d:81:9a:53:
         96:07:2f:01:73:9b:c8:11:25:2f:d9:94:57:26:aa:86:d6:0e:
         86:0d:eb:fd:a4:fd:5c:c4:ac:d8:86:37:12:41:08:a8:9c:91:
         e0:05:76:4a:f6:e4:97:17:71:9a:01:86:ef:1b:8a:94:25:a7:
         5a:93:22:fb:65:ea:d2:26:91:ef:d0:64:cd:4c:d5:6c:79:dd:
         f6:ac:d2:81:77:e9:df:9c:f7:d8:d4:11:d9:5d:be:20:20:92:
         11:b2:c4:7f:34:09:6d:35:57:c0:23:46:f6:20:4d:fc:21:bc:
         d4:9c:c4:bb:cd:f5:aa:15:65:fc:f3:d3:55:42:b3:d1:86:14:
         7c:7c:e9:b4:23:12:28:0f:43:50:9c:08:29:c2:c9:1a:07:57:
         f3:68:24:db:3a:fc:65:3a:26:b1:2e:d6:7c:bb:c0:e1:e8:fc:
         14:86:ab:4e:12:1d:31:bf:54:7e:61:df:89:aa:1f:48:2a:d9:
         f6:f5:b3:1a:ae:36:70:dc:d7:86:18:d5:59:7e:8f:ae:7c:a7:
         99:48:6c:fd:75:f3:ae:b7:16:46:61:b4:15:e1:22:bf:39:4f:
         9d:c6:d8:33:10:b7:aa:7b:ce:0e:77:ca:33:7e:c3:de:39:cb:
         73:8c:fe:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNKQKFziumq6qfraR+2VrqDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMDk4YTE5MDViYmQzMzgxNTMzODI4ZjZiN2ZkMjI3MTcw
NDMxZWYwHhcNMjQxMTIwMTU0NjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTJhZTY0NWJmMmQzY2FiZjU0NWE4ZDhkMjcxOWI1NTRiNWNiNGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAisiNe4ky6cuYg76A2RbeXeFQ9zio
ir6+zo6FRZcxWw1GAzUTBkPMHbX7+4vrk9Ge7z6KN9AbfMH7wlMAppkc5UEIAPgS
nw5lev9Eq5ywPP2TYJiWolxjkS7yIR+45jf4GYs0RDr5FYOXWN3IU6YQXwRiMmEP
tZX3GI9I8IANpr9gOjZrnhNcQLfTw5M0bxYLPiYlzb8Bl4MLWfp+nneEvr6kbR1v
lYevT/h4nhyQUSqNsDCsQZUgKd/D5rGWfueTmKj2QEfk+zpHGwcxIClMviZ7Jzfx
uUgmK+L6JESLYOa9PVU+VHirEwdQCeUzzv2NCNbPjZySbJ8LEuD9zMteFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMoq5kW/LTyr9UWo2NJxm1VLXLSpMB8GA1UdIwQY
MBaAFMEJihkFu9M4FTOCj2t/0icXBDHvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1FtS0dRVzcwemdWTTRLUGEzX1NKeGNFTWU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8yZWVkNzEtNDY2NS00OTQ4LWEzYzUt
YjJhNzEzZDJlYWIyLzEveWlybVJiOHRQS3YxUmFqWTBuR2JWVXRjdEtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8yZWVkNzEtNDY2NS00OTQ4LWEzYzUtYjJhNzEzZDJlYWIy
LzEvd1FtS0dRVzcwemdWTTRLUGEzX1NKeGNFTWU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCbeZ0MA0G
CSqGSIb3DQEBCwUAA4IBAQBvPvafYTnr+bVhqBRl6g2BmlOWBy8Bc5vIESUv2ZRX
JqqG1g6GDev9pP1cxKzYhjcSQQionJHgBXZK9uSXF3GaAYbvG4qUJadakyL7ZerS
JpHv0GTNTNVsed32rNKBd+nfnPfY1BHZXb4gIJIRssR/NAltNVfAI0b2IE38IbzU
nMS7zfWqFWX889NVQrPRhhR8fOm0IxIoD0NQnAgpwskaB1fzaCTbOvxlOiaxLtZ8
u8Dh6PwUhqtOEh0xv1R+Yd+Jqh9IKtn29bMarjZw3NeGGNVZfo+ufKeZSGz9dfOu
txZGYbQV4SK/OU+dxtgzELeqe84Od8ozfsPeOctzjP63
-----END CERTIFICATE-----