Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/rPUiYOwFFBXwEbG0rI7AP5flCD0.roa
File:                     rPUiYOwFFBXwEbG0rI7AP5flCD0.roa (raw, json)
Hash identifier:          fpp2fjiduFcCROlP6+vFm2e63EILUjHK8HyGsStaukM=
Subject key identifier:   AC:F5:22:60:EC:05:14:15:F0:11:B1:B4:AC:8E:C0:3F:97:E5:08:3D
Certificate issuer:       /CN=9bed36af13da482fdf79fb5403e5074860eecd0d
Certificate serial:       019421B1E1C3CD2618D1DA3A584A2FCCF314
Authority key identifier: 9B:ED:36:AF:13:DA:48:2F:DF:79:FB:54:03:E5:07:48:60:EE:CD:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m-02rxPaSC_feftUA-UHSGDuzQ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/rPUiYOwFFBXwEbG0rI7AP5flCD0.roa
Signing time:             Wed 01 Jan 2025 11:48:13 +0000
ROA not before:           Wed 01 Jan 2025 11:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207251
IP address blocks:        109.235.194.0/23 maxlen: 23
                          109.235.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/m-02rxPaSC_feftUA-UHSGDuzQ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/m-02rxPaSC_feftUA-UHSGDuzQ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m-02rxPaSC_feftUA-UHSGDuzQ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 23:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:e1:c3:cd:26:18:d1:da:3a:58:4a:2f:cc:f3:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bed36af13da482fdf79fb5403e5074860eecd0d
        Validity
            Not Before: Jan  1 11:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=acf52260ec051415f011b1b4ac8ec03f97e5083d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:98:07:44:41:72:66:1e:f9:bf:dc:4d:4f:e6:
                    96:0b:43:a2:fc:5c:6d:d6:ab:8b:51:82:01:db:9a:
                    f2:cb:f3:e7:ce:e9:ae:08:ca:32:bf:95:07:e3:51:
                    6e:55:80:a8:1a:47:f1:ce:e5:75:61:a9:3c:a6:fc:
                    02:b7:13:3b:5a:37:0c:91:a8:dc:bf:7c:78:a5:44:
                    b9:18:53:fa:27:1f:00:84:8a:48:25:b0:59:37:15:
                    66:09:a0:ec:28:59:60:df:b6:1d:d6:08:b5:d0:4b:
                    94:f4:05:15:65:86:25:50:35:9a:42:c3:ff:67:17:
                    1e:48:0d:8f:d5:bd:3d:2d:87:95:56:07:e5:78:5e:
                    42:3e:b7:be:d5:e4:b9:d1:b7:db:eb:66:fb:1e:3d:
                    6f:d0:cc:82:42:b0:f2:ae:7c:71:92:c8:30:63:77:
                    1c:ae:0e:ab:dc:2d:25:4b:d4:11:e4:23:60:3b:e7:
                    fd:33:60:94:f9:07:a3:f0:54:56:f5:d2:c8:b8:35:
                    7e:39:5c:de:de:4c:b3:1b:9c:ab:68:7b:95:50:9f:
                    cd:76:32:64:b9:76:e2:54:1a:f3:e5:26:2f:47:03:
                    0f:c3:53:25:9c:bc:2d:29:64:39:b8:cc:7c:3a:a4:
                    40:8a:e6:b6:c8:c9:21:ea:60:44:a8:6b:ef:46:3c:
                    3d:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:F5:22:60:EC:05:14:15:F0:11:B1:B4:AC:8E:C0:3F:97:E5:08:3D
            X509v3 Authority Key Identifier:
                keyid:9B:ED:36:AF:13:DA:48:2F:DF:79:FB:54:03:E5:07:48:60:EE:CD:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m-02rxPaSC_feftUA-UHSGDuzQ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/rPUiYOwFFBXwEbG0rI7AP5flCD0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/m-02rxPaSC_feftUA-UHSGDuzQ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.235.194.0-109.235.196.255

    Signature Algorithm: sha256WithRSAEncryption
         9d:4a:45:30:b3:4f:5f:78:36:c4:53:00:0a:b2:8e:91:2b:88:
         89:f6:e3:99:ff:0c:33:85:a0:aa:b3:37:77:b3:2f:bd:f3:4f:
         fa:93:b6:0a:34:b0:07:62:68:86:af:5f:ae:1e:e2:bd:74:2e:
         7c:15:c8:c9:99:82:df:54:31:d0:cc:8d:d8:03:66:d9:06:a6:
         eb:67:d1:65:33:9d:3f:8d:bc:3c:5a:2a:aa:ad:1b:33:ad:c0:
         9d:a2:ee:43:bc:a9:73:58:16:34:7a:ae:c1:4b:de:4e:e6:11:
         0c:b2:ba:e1:b7:db:c1:66:18:bb:4c:a0:d9:e9:2d:e6:01:e1:
         69:52:5e:5c:76:c6:aa:33:78:74:58:cb:ac:39:70:e6:f6:b9:
         4a:e6:e2:aa:85:80:4e:09:d3:75:57:0c:06:4c:0d:55:a7:43:
         5a:1a:e8:7e:dd:e4:7b:26:41:54:73:43:a4:3e:f0:58:98:e4:
         98:e0:68:a1:df:e6:75:c7:6d:4f:8e:c7:e2:6d:c3:50:1f:f2:
         ce:5e:ed:b0:4c:ae:af:7c:71:5e:31:99:46:cd:76:9e:4d:b8:
         06:e4:5d:7c:61:f4:c5:01:b6:78:2c:17:49:0e:a1:81:4b:3b:
         2e:df:b9:11:cc:7f:f5:25:1b:77:1e:8e:2a:d8:4d:f8:0c:d8:
         1e:0d:aa:c3
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQhseHDzSYY0do6WEovzPMUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliZWQzNmFmMTNkYTQ4MmZkZjc5ZmI1NDAzZTUwNzQ4NjBl
ZWNkMGQwHhcNMjUwMTAxMTE0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2Y1MjI2MGVjMDUxNDE1ZjAxMWIxYjRhYzhlYzAzZjk3ZTUwODNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZgHREFyZh75v9xNT+aWC0Oi/Fxt
1quLUYIB25ryy/PnzumuCMoyv5UH41FuVYCoGkfxzuV1Yak8pvwCtxM7WjcMkajc
v3x4pUS5GFP6Jx8AhIpIJbBZNxVmCaDsKFlg37Yd1gi10EuU9AUVZYYlUDWaQsP/
ZxceSA2P1b09LYeVVgfleF5CPre+1eS50bfb62b7Hj1v0MyCQrDyrnxxksgwY3cc
rg6r3C0lS9QR5CNgO+f9M2CU+Qej8FRW9dLIuDV+OVze3kyzG5yraHuVUJ/NdjJk
uXbiVBrz5SYvRwMPw1MlnLwtKWQ5uMx8OqRAiua2yMkh6mBEqGvvRjw9LwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFKz1ImDsBRQV8BGxtKyOwD+X5Qg9MB8GA1UdIwQY
MBaAFJvtNq8T2kgv33n7VAPlB0hg7s0NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbS0wMnJ4UGFTQ19mZWZ0VUEtVUhTR0R1elEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni80YjAyODMtYTkwYy00ZDY0LTgzMDEt
ZDIyMWViZDA4MThkLzEvclBVaVlPd0ZGQlh3RWJHMHJJN0FQNWZsQ0QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni80YjAyODMtYTkwYy00ZDY0LTgzMDEtZDIyMWViZDA4MThk
LzEvbS0wMnJ4UGFTQ19mZWZ0VUEtVUhTR0R1elEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAFt68ID
BABt68QwDQYJKoZIhvcNAQELBQADggEBAJ1KRTCzT194NsRTAAqyjpEriIn245n/
DDOFoKqzN3ezL73zT/qTtgo0sAdiaIavX64e4r10LnwVyMmZgt9UMdDMjdgDZtkG
putn0WUznT+NvDxaKqqtGzOtwJ2i7kO8qXNYFjR6rsFL3k7mEQyyuuG328FmGLtM
oNnpLeYB4WlSXlx2xqozeHRYy6w5cOb2uUrm4qqFgE4J03VXDAZMDVWnQ1oa6H7d
5HsmQVRzQ6Q+8FiY5JjgaKHf5nXHbU+Ox+Jtw1Af8s5e7bBMrq98cV4xmUbNdp5N
uAbkXXxh9MUBtngsF0kOoYFLOy7fuRHMf/UlG3cejirYTfgM2B4NqsM=
-----END CERTIFICATE-----