Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/d021f9-a001-452b-a5ee-abbf1f078ad3/1/xx1RSleLkv8dV3phwO40UDiukFo.roa
File:                     xx1RSleLkv8dV3phwO40UDiukFo.roa (raw, json)
Hash identifier:          q7EMb0e96VKtY8mE40rudwTF9iEoA6wxXkzFEJRp/uA=
Subject key identifier:   C7:1D:51:4A:57:8B:92:FF:1D:57:7A:61:C0:EE:34:50:38:AE:90:5A
Certificate issuer:       /CN=adbc5f7721a4accb9635de175bbc6d31e17c9a8d
Certificate serial:       018CC56EA27D7D8B499D1B74C1B54BD18DC1
Authority key identifier: AD:BC:5F:77:21:A4:AC:CB:96:35:DE:17:5B:BC:6D:31:E1:7C:9A:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rbxfdyGkrMuWNd4XW7xtMeF8mo0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/d021f9-a001-452b-a5ee-abbf1f078ad3/1/xx1RSleLkv8dV3phwO40UDiukFo.roa
Signing time:             Mon 01 Jan 2024 14:30:11 +0000
ROA not before:           Mon 01 Jan 2024 14:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210592
IP address blocks:        109.107.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/d021f9-a001-452b-a5ee-abbf1f078ad3/1/rbxfdyGkrMuWNd4XW7xtMeF8mo0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/d021f9-a001-452b-a5ee-abbf1f078ad3/1/rbxfdyGkrMuWNd4XW7xtMeF8mo0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rbxfdyGkrMuWNd4XW7xtMeF8mo0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 20:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:a2:7d:7d:8b:49:9d:1b:74:c1:b5:4b:d1:8d:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=adbc5f7721a4accb9635de175bbc6d31e17c9a8d
        Validity
            Not Before: Jan  1 14:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c71d514a578b92ff1d577a61c0ee345038ae905a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:07:e1:f5:1a:e5:6f:7c:0a:3b:af:33:87:88:
                    e3:8b:76:56:89:60:bd:97:59:84:67:ee:e6:7c:f6:
                    ff:49:13:e7:73:01:fb:00:f1:7c:e2:0b:f3:ea:ba:
                    78:a8:27:f8:3f:ff:69:fa:14:2d:48:e4:6d:a4:5c:
                    6e:dd:68:fc:8f:75:fc:e3:03:50:c1:31:68:42:f9:
                    cf:1d:c0:ee:92:cc:dc:dc:3b:ba:c5:36:16:ad:35:
                    1a:90:09:79:2c:0e:54:78:65:f3:0e:3b:0f:a6:e5:
                    a7:0a:67:88:b3:b4:7d:63:b0:09:30:7d:cd:8e:2b:
                    7f:3a:89:db:94:83:d7:07:9b:6e:4f:c9:c2:44:63:
                    04:fe:58:78:c7:54:20:c4:7b:8e:a3:87:94:15:1e:
                    71:c2:8d:ff:f0:37:7c:5b:c1:cb:45:5b:24:07:b2:
                    28:1d:5c:22:94:e7:02:f3:64:a7:d6:e4:96:11:ac:
                    9f:e4:e4:68:10:e7:ae:9a:dc:38:43:29:d4:ce:4d:
                    f3:6c:d3:88:b3:86:5f:f2:47:17:01:45:41:14:21:
                    df:81:41:5c:96:9a:7f:a0:d2:cb:44:58:4e:b2:d1:
                    d0:36:7f:f1:e5:de:b5:e9:f3:41:6b:53:58:dc:ed:
                    7a:59:52:36:92:c1:94:a5:70:5b:78:6a:ef:45:7c:
                    69:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:1D:51:4A:57:8B:92:FF:1D:57:7A:61:C0:EE:34:50:38:AE:90:5A
            X509v3 Authority Key Identifier:
                keyid:AD:BC:5F:77:21:A4:AC:CB:96:35:DE:17:5B:BC:6D:31:E1:7C:9A:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rbxfdyGkrMuWNd4XW7xtMeF8mo0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/d021f9-a001-452b-a5ee-abbf1f078ad3/1/xx1RSleLkv8dV3phwO40UDiukFo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/d021f9-a001-452b-a5ee-abbf1f078ad3/1/rbxfdyGkrMuWNd4XW7xtMeF8mo0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.107.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:83:1f:67:c3:cb:41:8b:4c:6b:9b:ce:28:2c:de:08:8a:84:
         83:c2:dd:44:ec:2e:40:50:d6:32:5c:72:00:fb:17:d3:99:92:
         0a:68:78:d3:89:d1:ff:19:7d:a5:e6:b8:61:06:80:b6:49:e4:
         08:73:66:34:bc:12:b6:ab:60:94:66:c9:6d:bb:82:59:3a:84:
         d8:bb:43:c4:eb:f3:3f:ea:ed:82:a3:3a:78:00:bc:99:f8:77:
         fe:7d:cd:6a:f1:a2:de:1c:fc:a9:38:02:52:09:bc:65:91:aa:
         a3:a3:70:5f:5f:28:67:63:a5:81:86:9a:0e:49:9a:62:c1:79:
         ec:1a:c8:37:e8:5b:d2:bd:df:20:ba:c2:ae:bf:c7:42:7f:e9:
         1f:47:0d:5e:94:fa:26:20:c0:a7:98:74:c8:10:f6:7f:d4:a3:
         a7:4c:e2:e4:10:91:64:97:c8:75:b1:15:92:4b:bb:e9:c7:62:
         b3:af:e6:e7:1e:b8:43:de:c5:5e:4f:1c:42:38:c3:0e:2c:1b:
         ce:6d:27:85:81:e4:ce:21:0b:60:c0:3c:52:83:6a:91:7a:34:
         c7:e0:b4:94:2c:d3:66:05:d5:9f:8c:b2:ba:c0:7c:98:94:94:
         bf:01:39:9a:5f:4c:18:e3:33:a3:a0:9c:33:d6:72:d6:b6:e7:
         57:29:2e:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbqJ9fYtJnRt0wbVL0Y3BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkYmM1Zjc3MjFhNGFjY2I5NjM1ZGUxNzViYmM2ZDMxZTE3
YzlhOGQwHhcNMjQwMTAxMTQzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzFkNTE0YTU3OGI5MmZmMWQ1NzdhNjFjMGVlMzQ1MDM4YWU5MDVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhwfh9Rrlb3wKO68zh4jji3ZWiWC9
l1mEZ+7mfPb/SRPncwH7APF84gvz6rp4qCf4P/9p+hQtSORtpFxu3Wj8j3X84wNQ
wTFoQvnPHcDukszc3Du6xTYWrTUakAl5LA5UeGXzDjsPpuWnCmeIs7R9Y7AJMH3N
jit/OonblIPXB5tuT8nCRGME/lh4x1QgxHuOo4eUFR5xwo3/8Dd8W8HLRVskB7Io
HVwilOcC82Sn1uSWEayf5ORoEOeumtw4QynUzk3zbNOIs4Zf8kcXAUVBFCHfgUFc
lpp/oNLLRFhOstHQNn/x5d616fNBa1NY3O16WVI2ksGUpXBbeGrvRXxpFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMcdUUpXi5L/HVd6YcDuNFA4rpBaMB8GA1UdIwQY
MBaAFK28X3chpKzLljXeF1u8bTHhfJqNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmJ4ZmR5R2tyTXVXTmQ0WFc3eHRNZUY4bW8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9kMDIxZjktYTAwMS00NTJiLWE1ZWUt
YWJiZjFmMDc4YWQzLzEveHgxUlNsZUxrdjhkVjNwaHdPNDBVRGl1a0ZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9kMDIxZjktYTAwMS00NTJiLWE1ZWUtYWJiZjFmMDc4YWQz
LzEvcmJ4ZmR5R2tyTXVXTmQ0WFc3eHRNZUY4bW8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbWuBMA0G
CSqGSIb3DQEBCwUAA4IBAQBQgx9nw8tBi0xrm84oLN4IioSDwt1E7C5AUNYyXHIA
+xfTmZIKaHjTidH/GX2l5rhhBoC2SeQIc2Y0vBK2q2CUZsltu4JZOoTYu0PE6/M/
6u2Cozp4ALyZ+Hf+fc1q8aLeHPypOAJSCbxlkaqjo3BfXyhnY6WBhpoOSZpiwXns
Gsg36FvSvd8gusKuv8dCf+kfRw1elPomIMCnmHTIEPZ/1KOnTOLkEJFkl8h1sRWS
S7vpx2Kzr+bnHrhD3sVeTxxCOMMOLBvObSeFgeTOIQtgwDxSg2qRejTH4LSULNNm
BdWfjLK6wHyYlJS/ATmaX0wY4zOjoJwz1nLWtudXKS6I
-----END CERTIFICATE-----