Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/6Kk-tsT9UImB9pMuyl0jeFjwf3g.roa
File:                     6Kk-tsT9UImB9pMuyl0jeFjwf3g.roa (raw, json)
Hash identifier:          v72SNIS+OEllFGMxqQKbKrA8yT/AcpD3yj987bpzJr4=
Subject key identifier:   E8:A9:3E:B6:C4:FD:50:89:81:F6:93:2E:CA:5D:23:78:58:F0:7F:78
Certificate issuer:       /CN=4dd74fbbbae58dd0876d99e80ec82a11a4477f7e
Certificate serial:       018D50B90677B302212EEE667D5F33F47A72
Authority key identifier: 4D:D7:4F:BB:BA:E5:8D:D0:87:6D:99:E8:0E:C8:2A:11:A4:47:7F:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TddPu7rljdCHbZnoDsgqEaRHf34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/6Kk-tsT9UImB9pMuyl0jeFjwf3g.roa
Signing time:             Sun 28 Jan 2024 15:38:39 +0000
ROA not before:           Sun 28 Jan 2024 15:38:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209596
IP address blocks:        109.162.240.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/TddPu7rljdCHbZnoDsgqEaRHf34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/TddPu7rljdCHbZnoDsgqEaRHf34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TddPu7rljdCHbZnoDsgqEaRHf34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:50:b9:06:77:b3:02:21:2e:ee:66:7d:5f:33:f4:7a:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd74fbbbae58dd0876d99e80ec82a11a4477f7e
        Validity
            Not Before: Jan 28 15:38:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e8a93eb6c4fd508981f6932eca5d237858f07f78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:03:8e:3a:71:30:49:c4:da:8c:95:fb:66:ad:
                    cf:0e:e0:b1:cc:0b:08:cc:f4:93:87:6b:a7:dc:98:
                    bb:d2:61:21:95:a7:a8:f1:30:01:03:fd:a1:27:9a:
                    29:b8:21:ac:aa:af:6e:8b:18:8c:1f:52:d5:09:3a:
                    07:a8:9a:9e:00:8c:72:df:f6:de:e1:c0:bb:27:dd:
                    bb:03:4e:0d:f5:41:37:d8:15:21:fd:82:56:27:c0:
                    a2:2a:af:3d:3b:8c:b2:03:13:aa:66:db:92:2d:96:
                    75:85:7b:67:53:1b:33:9c:8c:2f:0d:d1:1e:f1:ac:
                    41:4c:d7:83:22:3c:ea:7a:ce:c3:38:c7:ed:ae:0e:
                    ff:c1:38:d4:91:fd:bd:28:73:da:91:38:71:42:6c:
                    e6:67:2e:46:46:e9:09:d0:32:c3:8d:e8:cc:0e:66:
                    0e:b1:19:19:62:19:78:a0:94:4d:d4:27:0e:4d:37:
                    ed:4a:c9:c2:d1:87:65:58:12:5d:4d:08:da:14:00:
                    6c:de:b1:e6:1a:26:f1:73:88:d4:09:96:55:a4:31:
                    d4:c4:a1:9f:c5:1f:49:a3:a5:48:8a:8f:43:8e:d9:
                    85:5a:b6:20:b1:11:7d:82:f2:d9:cc:16:60:08:1d:
                    fb:10:31:e6:7f:68:4d:63:6d:cc:a0:57:ee:f5:06:
                    8d:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:A9:3E:B6:C4:FD:50:89:81:F6:93:2E:CA:5D:23:78:58:F0:7F:78
            X509v3 Authority Key Identifier:
                keyid:4D:D7:4F:BB:BA:E5:8D:D0:87:6D:99:E8:0E:C8:2A:11:A4:47:7F:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TddPu7rljdCHbZnoDsgqEaRHf34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/6Kk-tsT9UImB9pMuyl0jeFjwf3g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/TddPu7rljdCHbZnoDsgqEaRHf34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.162.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         04:7a:2a:78:12:9b:13:db:6d:d1:fa:42:77:b8:85:97:7b:0b:
         b2:de:db:db:e7:93:92:ca:8a:7d:e0:e0:e7:e6:14:86:19:e6:
         92:8e:17:51:4c:d6:0e:3c:1a:9f:09:43:83:fa:3c:77:79:13:
         68:fa:0e:1c:7f:04:5f:83:df:ca:76:4e:06:2f:82:7c:cc:78:
         e0:b9:1d:06:6e:50:99:56:00:38:30:a6:d4:d2:56:de:b3:82:
         5e:8d:64:53:25:e3:0d:2e:ee:14:dd:f1:8f:eb:9c:12:f8:77:
         98:28:a1:46:49:12:b4:fe:2b:cf:8f:3c:b9:52:06:b8:0c:be:
         56:1c:bb:87:5c:29:f0:30:fe:46:1f:90:04:9d:25:3c:4c:bd:
         0d:f9:eb:8b:82:78:dc:ea:fa:58:ff:4a:c8:e4:da:5f:4d:c5:
         9f:18:57:0f:91:d8:6c:7e:bc:79:1c:1f:e8:c3:13:6c:1e:3b:
         52:59:6f:62:93:d9:6b:21:d8:3a:69:49:1e:01:8a:6d:88:ce:
         cf:45:2b:e1:be:2a:e2:c3:8c:76:98:79:29:68:2e:53:df:77:
         fa:0f:8f:d0:ea:d2:37:cf:6f:77:c2:d7:94:c2:b7:cd:66:51:
         fc:de:db:8f:7d:f9:45:59:ad:eb:54:f7:16:f9:ea:f5:3a:75:
         d5:9d:ec:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1QuQZ3swIhLu5mfV8z9HpyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDc0ZmJiYmFlNThkZDA4NzZkOTllODBlYzgyYTExYTQ0
NzdmN2UwHhcNMjQwMTI4MTUzODM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGE5M2ViNmM0ZmQ1MDg5ODFmNjkzMmVjYTVkMjM3ODU4ZjA3Zjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2AOOOnEwScTajJX7Zq3PDuCxzAsI
zPSTh2un3Ji70mEhlaeo8TABA/2hJ5opuCGsqq9uixiMH1LVCToHqJqeAIxy3/be
4cC7J927A04N9UE32BUh/YJWJ8CiKq89O4yyAxOqZtuSLZZ1hXtnUxsznIwvDdEe
8axBTNeDIjzqes7DOMftrg7/wTjUkf29KHPakThxQmzmZy5GRukJ0DLDjejMDmYO
sRkZYhl4oJRN1CcOTTftSsnC0YdlWBJdTQjaFABs3rHmGibxc4jUCZZVpDHUxKGf
xR9Jo6VIio9DjtmFWrYgsRF9gvLZzBZgCB37EDHmf2hNY23MoFfu9QaN7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOipPrbE/VCJgfaTLspdI3hY8H94MB8GA1UdIwQY
MBaAFE3XT7u65Y3Qh22Z6A7IKhGkR39+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRkUHU3cmxqZENIYlpub0RzZ3FFYVJIZjM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85ZjVmNTctZTgyOC00YmNmLThkMmIt
OGVhYjdmNGZlNzdlLzEvNktrLXRzVDlVSW1COXBNdXlsMGplRmp3ZjNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85ZjVmNTctZTgyOC00YmNmLThkMmItOGVhYjdmNGZlNzdl
LzEvVGRkUHU3cmxqZENIYlpub0RzZ3FFYVJIZjM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDbaLwMA0G
CSqGSIb3DQEBCwUAA4IBAQAEeip4EpsT223R+kJ3uIWXewuy3tvb55OSyop94ODn
5hSGGeaSjhdRTNYOPBqfCUOD+jx3eRNo+g4cfwRfg9/Kdk4GL4J8zHjguR0GblCZ
VgA4MKbU0lbes4JejWRTJeMNLu4U3fGP65wS+HeYKKFGSRK0/ivPjzy5Uga4DL5W
HLuHXCnwMP5GH5AEnSU8TL0N+euLgnjc6vpY/0rI5NpfTcWfGFcPkdhsfrx5HB/o
wxNsHjtSWW9ik9lrIdg6aUkeAYptiM7PRSvhviriw4x2mHkpaC5T33f6D4/Q6tI3
z293wteUwrfNZlH83tuPfflFWa3rVPcW+er1OnXVnex9
-----END CERTIFICATE-----