Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/1d7f08-e77c-4338-9a39-8e19c0db86c2/1/dPRGSxF8Jun1BG0qHd4WbhuUpV4.roa
File:                     dPRGSxF8Jun1BG0qHd4WbhuUpV4.roa (raw, json)
Hash identifier:          B4uFRpML8rK79qrZE1e3fB7UXX7FSvIZ9nOW5dZN1+w=
Subject key identifier:   74:F4:46:4B:11:7C:26:E9:F5:04:6D:2A:1D:DE:16:6E:1B:94:A5:5E
Certificate issuer:       /CN=239572ddfcab6291e6410ccd4e860ee36000e668
Certificate serial:       018CC86F8F47213892A51E0337A95D8CD411
Authority key identifier: 23:95:72:DD:FC:AB:62:91:E6:41:0C:CD:4E:86:0E:E3:60:00:E6:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I5Vy3fyrYpHmQQzNToYO42AA5mg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/1d7f08-e77c-4338-9a39-8e19c0db86c2/1/dPRGSxF8Jun1BG0qHd4WbhuUpV4.roa
Signing time:             Tue 02 Jan 2024 04:30:03 +0000
ROA not before:           Tue 02 Jan 2024 04:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201225
IP address blocks:        109.232.160.0/24 maxlen: 24
                          109.232.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/1d7f08-e77c-4338-9a39-8e19c0db86c2/1/I5Vy3fyrYpHmQQzNToYO42AA5mg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/1d7f08-e77c-4338-9a39-8e19c0db86c2/1/I5Vy3fyrYpHmQQzNToYO42AA5mg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I5Vy3fyrYpHmQQzNToYO42AA5mg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:8f:47:21:38:92:a5:1e:03:37:a9:5d:8c:d4:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=239572ddfcab6291e6410ccd4e860ee36000e668
        Validity
            Not Before: Jan  2 04:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=74f4464b117c26e9f5046d2a1dde166e1b94a55e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:5e:d6:ca:2b:c3:51:b8:89:cc:34:90:e7:d7:
                    75:3c:0e:e0:4d:5d:50:01:f2:d8:71:d5:73:2e:2b:
                    d8:61:5c:a2:e8:6b:0c:42:4e:1e:e7:0a:fe:19:a4:
                    07:7b:dc:c9:5c:9f:fb:43:02:1c:06:0f:e1:3b:c4:
                    a5:36:8e:d0:f6:e5:50:4c:b0:0b:4e:c9:5d:a6:29:
                    56:82:5a:ce:55:4f:70:fb:08:d3:ff:f7:a0:9d:ea:
                    ab:a8:ce:4b:95:29:a1:a1:92:a1:23:e5:53:6a:30:
                    f3:0f:7c:cb:0c:01:0d:88:2a:bc:04:33:71:4e:d6:
                    b1:9d:4a:33:b5:45:af:60:fb:43:49:fb:2b:17:2f:
                    7c:11:1c:3b:61:73:53:d1:2e:5e:36:d0:29:10:6d:
                    8c:37:fa:05:cd:cc:4c:52:29:42:ea:5f:d4:1b:ca:
                    96:a4:14:cf:8d:c0:4c:51:13:79:dc:82:c2:b6:89:
                    15:8b:db:f0:da:e4:47:e9:eb:c7:d5:91:2c:81:89:
                    b7:c2:09:c1:c9:43:6a:6c:70:d8:ed:27:39:93:80:
                    90:27:25:69:e8:68:8d:3e:7c:dc:5c:ab:0e:78:84:
                    2d:ca:34:9f:85:66:ea:7d:36:5a:48:4c:72:bc:ed:
                    e1:1e:8b:81:d4:69:20:37:d6:64:9a:a3:bd:43:5b:
                    bc:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:F4:46:4B:11:7C:26:E9:F5:04:6D:2A:1D:DE:16:6E:1B:94:A5:5E
            X509v3 Authority Key Identifier:
                keyid:23:95:72:DD:FC:AB:62:91:E6:41:0C:CD:4E:86:0E:E3:60:00:E6:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I5Vy3fyrYpHmQQzNToYO42AA5mg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/1d7f08-e77c-4338-9a39-8e19c0db86c2/1/dPRGSxF8Jun1BG0qHd4WbhuUpV4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/1d7f08-e77c-4338-9a39-8e19c0db86c2/1/I5Vy3fyrYpHmQQzNToYO42AA5mg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.232.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         03:34:f4:78:1f:52:f8:03:53:e3:51:10:10:7e:e4:48:fc:52:
         95:e9:25:e1:b1:b3:ea:14:bb:83:31:15:9d:81:db:ea:7d:7e:
         66:47:d1:0f:28:0d:31:a7:69:dd:ae:1f:ea:38:29:97:b9:b2:
         92:43:5b:08:6f:ef:56:8c:e3:9f:c7:ca:26:3d:70:a9:c1:03:
         fd:db:19:9e:81:59:b3:83:55:e6:f8:a1:03:86:9f:a2:5a:f4:
         ee:4b:6c:e1:4f:7e:71:11:94:4b:fa:37:d7:a1:66:2e:4e:af:
         08:6e:a4:85:b2:0d:c9:06:80:7d:1e:4a:42:64:41:86:8e:b6:
         9c:fd:53:a8:b1:c0:ad:39:d5:c3:d1:ef:99:32:58:5a:fd:9a:
         42:b4:53:c0:27:28:77:1f:bb:52:23:c4:d6:1f:e2:5b:50:32:
         05:01:61:70:db:3b:41:42:c9:3f:71:a3:ec:b4:fd:f9:c7:c0:
         08:63:3b:3d:ba:71:3d:f6:b0:68:46:50:f0:02:91:08:1d:53:
         43:e0:5a:1a:89:02:10:c3:73:a2:c0:6c:99:85:73:ac:19:0b:
         73:e6:32:28:7a:4d:f4:c1:65:dd:6c:87:65:55:e9:dd:d9:b8:
         89:07:d6:2c:6a:4d:e4:89:30:5d:4a:a9:cb:f4:fd:7c:56:5d:
         1f:20:86:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb49HITiSpR4DN6ldjNQRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzOTU3MmRkZmNhYjYyOTFlNjQxMGNjZDRlODYwZWUzNjAw
MGU2NjgwHhcNMjQwMTAyMDQzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGY0NDY0YjExN2MyNmU5ZjUwNDZkMmExZGRlMTY2ZTFiOTRhNTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1F7WyivDUbiJzDSQ59d1PA7gTV1Q
AfLYcdVzLivYYVyi6GsMQk4e5wr+GaQHe9zJXJ/7QwIcBg/hO8SlNo7Q9uVQTLAL
TsldpilWglrOVU9w+wjT//egneqrqM5LlSmhoZKhI+VTajDzD3zLDAENiCq8BDNx
TtaxnUoztUWvYPtDSfsrFy98ERw7YXNT0S5eNtApEG2MN/oFzcxMUilC6l/UG8qW
pBTPjcBMURN53ILCtokVi9vw2uRH6evH1ZEsgYm3wgnByUNqbHDY7Sc5k4CQJyVp
6GiNPnzcXKsOeIQtyjSfhWbqfTZaSExyvO3hHouB1GkgN9ZkmqO9Q1u8UQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHT0RksRfCbp9QRtKh3eFm4blKVeMB8GA1UdIwQY
MBaAFCOVct38q2KR5kEMzU6GDuNgAOZoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTVWeTNmeXJZcEhtUVF6TlRvWU80MkFBNW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8xZDdmMDgtZTc3Yy00MzM4LTlhMzkt
OGUxOWMwZGI4NmMyLzEvZFBSR1N4RjhKdW4xQkcwcUhkNFdiaHVVcFY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC8xZDdmMDgtZTc3Yy00MzM4LTlhMzktOGUxOWMwZGI4NmMy
LzEvSTVWeTNmeXJZcEhtUVF6TlRvWU80MkFBNW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBbeigMA0G
CSqGSIb3DQEBCwUAA4IBAQADNPR4H1L4A1PjURAQfuRI/FKV6SXhsbPqFLuDMRWd
gdvqfX5mR9EPKA0xp2ndrh/qOCmXubKSQ1sIb+9WjOOfx8omPXCpwQP92xmegVmz
g1Xm+KEDhp+iWvTuS2zhT35xEZRL+jfXoWYuTq8IbqSFsg3JBoB9HkpCZEGGjrac
/VOoscCtOdXD0e+ZMlha/ZpCtFPAJyh3H7tSI8TWH+JbUDIFAWFw2ztBQsk/caPs
tP35x8AIYzs9unE99rBoRlDwApEIHVND4FoaiQIQw3OiwGyZhXOsGQtz5jIoek30
wWXdbIdlVend2biJB9Ysak3kiTBdSqnL9P18Vl0fIIaH
-----END CERTIFICATE-----