Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/jIbMiSFlsQdlGZXR1HxPoO5c35o.roa
File:                     jIbMiSFlsQdlGZXR1HxPoO5c35o.roa (raw, json)
Hash identifier:          QE4Ii8v6WxF41ed0I+H7egny9WwHZOU3Z66ypjFLn7Y=
Subject key identifier:   8C:86:CC:89:21:65:B1:07:65:19:95:D1:D4:7C:4F:A0:EE:5C:DF:9A
Certificate issuer:       /CN=4dd74fbbbae58dd0876d99e80ec82a11a4477f7e
Certificate serial:       019428237BE1435940CAD737D4015335CDD5
Authority key identifier: 4D:D7:4F:BB:BA:E5:8D:D0:87:6D:99:E8:0E:C8:2A:11:A4:47:7F:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TddPu7rljdCHbZnoDsgqEaRHf34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/jIbMiSFlsQdlGZXR1HxPoO5c35o.roa
Signing time:             Thu 02 Jan 2025 17:50:01 +0000
ROA not before:           Thu 02 Jan 2025 17:50:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39650
IP address blocks:        109.162.250.0/24 maxlen: 24
                          109.162.251.0/24 maxlen: 24
                          109.162.252.0/24 maxlen: 24
                          109.162.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/TddPu7rljdCHbZnoDsgqEaRHf34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/TddPu7rljdCHbZnoDsgqEaRHf34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TddPu7rljdCHbZnoDsgqEaRHf34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:7b:e1:43:59:40:ca:d7:37:d4:01:53:35:cd:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd74fbbbae58dd0876d99e80ec82a11a4477f7e
        Validity
            Not Before: Jan  2 17:50:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8c86cc892165b107651995d1d47c4fa0ee5cdf9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:ac:21:f3:85:69:32:03:79:a8:99:e4:56:32:
                    72:c2:6b:09:de:40:bb:53:1f:db:40:c7:ee:ab:4d:
                    03:d3:32:82:91:cc:b9:db:82:80:35:25:6f:af:57:
                    55:d8:ef:4e:a8:a7:67:d2:35:22:cd:bd:15:f3:06:
                    52:8a:3e:e4:c0:60:a9:97:ab:11:01:3a:b9:b0:98:
                    3a:2f:2c:aa:93:f6:b2:06:7b:29:ed:d7:ab:cf:d9:
                    fd:68:36:5c:0d:cf:3b:a4:8f:4f:fc:cc:82:9d:ae:
                    91:eb:37:0b:0d:25:d1:00:57:2e:7c:6e:ae:c3:d9:
                    a9:65:2d:f1:a8:42:24:c7:ac:a9:14:8b:5c:1f:22:
                    90:4a:38:bb:6b:96:02:e4:75:00:47:fb:b3:ba:e9:
                    49:52:23:01:b6:39:0c:08:ac:46:6b:72:fd:55:7c:
                    f6:9a:ae:fe:c0:57:84:8b:ea:60:aa:20:6d:7b:aa:
                    ae:38:7c:97:42:70:dc:9f:99:12:8d:4d:2a:7d:f9:
                    f4:22:1a:cf:76:4d:89:61:93:46:93:b4:f7:b6:1d:
                    91:39:b3:f1:c0:2e:0b:13:2f:f8:76:be:3e:c2:40:
                    ee:00:de:8b:62:64:8c:10:90:0f:8f:77:1f:86:51:
                    b8:f0:ef:03:a3:1e:c4:96:41:e6:34:71:12:88:bd:
                    da:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:86:CC:89:21:65:B1:07:65:19:95:D1:D4:7C:4F:A0:EE:5C:DF:9A
            X509v3 Authority Key Identifier:
                keyid:4D:D7:4F:BB:BA:E5:8D:D0:87:6D:99:E8:0E:C8:2A:11:A4:47:7F:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TddPu7rljdCHbZnoDsgqEaRHf34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/jIbMiSFlsQdlGZXR1HxPoO5c35o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/TddPu7rljdCHbZnoDsgqEaRHf34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.162.250.0-109.162.253.255

    Signature Algorithm: sha256WithRSAEncryption
         68:6d:d6:d0:6d:e0:6b:ec:3b:83:74:74:5f:5d:da:a4:0f:af:
         3b:ce:11:7c:ec:56:c5:05:60:a7:5d:97:a3:36:37:60:b0:40:
         f2:b8:08:81:53:b3:2b:57:09:0c:d3:25:12:54:8c:cc:f7:88:
         7f:cb:9a:d3:3d:1e:b5:ea:cd:0c:b7:cd:54:ea:56:70:8c:af:
         26:0e:1a:05:fe:36:bf:ca:f7:17:27:4b:00:85:c8:e9:a1:aa:
         b8:17:a7:54:41:be:46:09:c2:19:ec:05:19:37:e4:b1:c4:96:
         00:f1:95:7d:5f:07:97:d6:92:b8:5e:3f:f1:ee:31:97:20:be:
         fb:1d:67:8c:30:6b:de:d3:68:ab:6e:62:a6:f9:00:65:8c:95:
         8f:35:90:3c:c6:4e:d4:26:d1:be:be:74:e5:8c:04:23:40:29:
         04:e5:2b:89:63:01:59:2c:90:1d:55:1a:28:50:e2:05:aa:38:
         1c:88:91:55:3e:b3:04:2f:5e:14:33:28:e8:58:91:ad:af:8b:
         cf:a7:ec:9b:9c:19:7c:a9:77:52:c7:74:0c:8f:fc:b2:d5:9d:
         58:0a:7c:ae:d6:5b:a2:58:29:43:e9:a7:9e:a8:c3:17:0e:22:
         9b:ec:6e:14:ff:09:8b:f9:f8:f0:fb:08:c0:34:c2:15:5f:0f:
         3d:8d:14:e6
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQoI3vhQ1lAytc31AFTNc3VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDc0ZmJiYmFlNThkZDA4NzZkOTllODBlYzgyYTExYTQ0
NzdmN2UwHhcNMjUwMTAyMTc1MDAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Yzg2Y2M4OTIxNjViMTA3NjUxOTk1ZDFkNDdjNGZhMGVlNWNkZjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsawh84VpMgN5qJnkVjJywmsJ3kC7
Ux/bQMfuq00D0zKCkcy524KANSVvr1dV2O9OqKdn0jUizb0V8wZSij7kwGCpl6sR
ATq5sJg6Lyyqk/ayBnsp7derz9n9aDZcDc87pI9P/MyCna6R6zcLDSXRAFcufG6u
w9mpZS3xqEIkx6ypFItcHyKQSji7a5YC5HUAR/uzuulJUiMBtjkMCKxGa3L9VXz2
mq7+wFeEi+pgqiBte6quOHyXQnDcn5kSjU0qffn0IhrPdk2JYZNGk7T3th2RObPx
wC4LEy/4dr4+wkDuAN6LYmSMEJAPj3cfhlG48O8Dox7ElkHmNHESiL3awQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIyGzIkhZbEHZRmV0dR8T6DuXN+aMB8GA1UdIwQY
MBaAFE3XT7u65Y3Qh22Z6A7IKhGkR39+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRkUHU3cmxqZENIYlpub0RzZ3FFYVJIZjM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85ZjVmNTctZTgyOC00YmNmLThkMmIt
OGVhYjdmNGZlNzdlLzEvakliTWlTRmxzUWRsR1pYUjFIeFBvTzVjMzVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85ZjVmNTctZTgyOC00YmNmLThkMmItOGVhYjdmNGZlNzdl
LzEvVGRkUHU3cmxqZENIYlpub0RzZ3FFYVJIZjM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAFtovoD
BAFtovwwDQYJKoZIhvcNAQELBQADggEBAGht1tBt4GvsO4N0dF9d2qQPrzvOEXzs
VsUFYKddl6M2N2CwQPK4CIFTsytXCQzTJRJUjMz3iH/LmtM9HrXqzQy3zVTqVnCM
ryYOGgX+Nr/K9xcnSwCFyOmhqrgXp1RBvkYJwhnsBRk35LHElgDxlX1fB5fWkrhe
P/HuMZcgvvsdZ4wwa97TaKtuYqb5AGWMlY81kDzGTtQm0b6+dOWMBCNAKQTlK4lj
AVkskB1VGihQ4gWqOByIkVU+swQvXhQzKOhYka2vi8+n7JucGXypd1LHdAyP/LLV
nVgKfK7WW6JYKUPpp56owxcOIpvsbhT/CYv5+PD7CMA0whVfDz2NFOY=
-----END CERTIFICATE-----