Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/621_rbgr-WFg6ea7ClKlLXrNc-w.roa
File:                     621_rbgr-WFg6ea7ClKlLXrNc-w.roa (raw, json)
Hash identifier:          NP35KeKahpPb885x4h31WfJXwFlazz0C8uBw5oOQkFY=
Subject key identifier:   EB:6D:7F:AD:B8:2B:F9:61:60:E9:E6:BB:0A:52:A5:2D:7A:CD:73:EC
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01923318FE9D46F9D17050AFF597A58DA02E
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/621_rbgr-WFg6ea7ClKlLXrNc-w.roa
Signing time:             Fri 27 Sep 2024 10:48:48 +0000
ROA not before:           Fri 27 Sep 2024 10:48:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     150654
IP address blocks:        109.176.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:33:18:fe:9d:46:f9:d1:70:50:af:f5:97:a5:8d:a0:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Sep 27 10:48:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eb6d7fadb82bf96160e9e6bb0a52a52d7acd73ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:f3:85:1e:e2:86:7e:e1:2d:63:9d:1b:5f:6c:
                    6b:53:a6:ca:31:d1:2f:58:95:57:00:f2:9e:45:a0:
                    65:09:74:79:a7:40:e2:a4:5c:b2:be:a0:53:4b:00:
                    ba:46:5b:5e:d6:cb:74:dc:5d:37:6f:44:18:91:b6:
                    36:7d:c1:c3:1f:c4:14:06:df:5f:fa:bd:38:ca:d1:
                    80:c9:f3:78:7b:67:d2:ce:0f:d6:3c:c2:e5:d2:8a:
                    59:f4:1f:39:09:eb:0b:ed:f1:35:2e:ec:19:e0:5d:
                    89:1c:86:5a:2a:be:00:58:70:15:8e:71:ee:25:eb:
                    66:f7:e4:56:bd:fe:e4:29:6c:e9:a1:ed:7b:6c:98:
                    61:8f:91:b8:b1:19:15:70:b6:39:09:89:27:25:ae:
                    97:30:bb:09:f6:5b:eb:25:7d:e6:f9:c4:33:25:b3:
                    57:26:9e:c6:0d:53:a9:97:c1:38:f6:27:1e:50:40:
                    3d:fb:d3:3c:8d:c7:2e:e0:41:65:75:3a:0a:54:b1:
                    22:0a:e0:42:bd:9f:06:27:e7:b4:c3:53:3b:0b:f0:
                    25:d7:42:75:e8:eb:0e:4d:c4:ae:fb:fd:39:2b:c6:
                    aa:33:71:c4:46:43:60:5b:36:30:fa:c6:5f:20:f2:
                    c1:f1:6c:b6:41:56:c1:03:44:c5:6e:1c:cd:78:0d:
                    3a:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:6D:7F:AD:B8:2B:F9:61:60:E9:E6:BB:0A:52:A5:2D:7A:CD:73:EC
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/621_rbgr-WFg6ea7ClKlLXrNc-w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:04:35:78:d7:df:13:d1:ba:db:27:30:99:c8:82:c1:55:d1:
         50:2d:e8:31:ba:9f:14:13:17:0e:29:e1:b8:eb:50:76:ef:c0:
         4b:d4:55:f6:89:ff:d2:98:1b:23:e6:0e:dd:08:68:1d:6f:0e:
         0c:58:77:6c:18:73:2a:19:cd:cf:b9:13:75:fc:39:43:ed:bc:
         dd:09:4b:76:13:38:9f:ca:05:5e:50:0f:49:e4:19:e1:29:8e:
         04:23:86:e6:92:d0:75:3d:ea:9c:09:35:98:e0:29:8b:62:14:
         47:1a:74:d8:d7:26:f7:21:d9:7c:79:f3:5d:3a:f7:c4:14:21:
         4b:c0:6a:14:2c:c7:4c:86:0c:02:33:38:d3:6f:80:8e:23:56:
         5b:9a:3e:6a:33:dd:f9:b5:10:d5:ca:d9:00:0f:fe:76:9c:0c:
         ec:8e:84:f8:03:c8:79:2a:eb:89:c4:c4:23:98:bf:c3:2f:a2:
         1b:df:c3:43:32:a5:b3:de:fd:7b:20:a7:f5:26:52:c4:74:a4:
         af:46:d0:61:ec:94:83:c0:1e:7b:e5:22:0e:3f:7b:fe:a6:07:
         78:17:f4:9f:b2:f8:56:07:05:dc:fb:fd:f3:04:53:e1:64:9a:
         44:44:63:aa:68:69:2c:20:f9:42:77:dc:a5:4e:5a:cf:8c:15:
         69:b4:e7:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIzGP6dRvnRcFCv9ZeljaAuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwOTI3MTA0ODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjZkN2ZhZGI4MmJmOTYxNjBlOWU2YmIwYTUyYTUyZDdhY2Q3M2VjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5/OFHuKGfuEtY50bX2xrU6bKMdEv
WJVXAPKeRaBlCXR5p0DipFyyvqBTSwC6Rlte1st03F03b0QYkbY2fcHDH8QUBt9f
+r04ytGAyfN4e2fSzg/WPMLl0opZ9B85CesL7fE1LuwZ4F2JHIZaKr4AWHAVjnHu
Jetm9+RWvf7kKWzpoe17bJhhj5G4sRkVcLY5CYknJa6XMLsJ9lvrJX3m+cQzJbNX
Jp7GDVOpl8E49iceUEA9+9M8jccu4EFldToKVLEiCuBCvZ8GJ+e0w1M7C/Al10J1
6OsOTcSu+/05K8aqM3HERkNgWzYw+sZfIPLB8Wy2QVbBA0TFbhzNeA06NQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOttf624K/lhYOnmuwpSpS16zXPsMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvNjIxX3JiZ3ItV0ZnNmVhN0NsS2xMWHJOYy13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbbAUMA0G
CSqGSIb3DQEBCwUAA4IBAQAUBDV4198T0brbJzCZyILBVdFQLegxup8UExcOKeG4
61B278BL1FX2if/SmBsj5g7dCGgdbw4MWHdsGHMqGc3PuRN1/DlD7bzdCUt2Ezif
ygVeUA9J5BnhKY4EI4bmktB1PeqcCTWY4CmLYhRHGnTY1yb3Idl8efNdOvfEFCFL
wGoULMdMhgwCMzjTb4COI1Zbmj5qM935tRDVytkAD/52nAzsjoT4A8h5KuuJxMQj
mL/DL6Ib38NDMqWz3v17IKf1JlLEdKSvRtBh7JSDwB575SIOP3v+pgd4F/SfsvhW
BwXc+/3zBFPhZJpERGOqaGksIPlCd9ylTlrPjBVptOeJ
-----END CERTIFICATE-----