Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/toAtmFEkjhnorhD8eVm55Txj9XM.roa
File:                     toAtmFEkjhnorhD8eVm55Txj9XM.roa (raw, json)
Hash identifier:          /FBLoYtt4a0KxbFHPyFCQ9VvcwmmxqKrr/HFfBeMSQQ=
Subject key identifier:   B6:80:2D:98:51:24:8E:19:E8:AE:10:FC:79:59:B9:E5:3C:63:F5:73
Certificate issuer:       /CN=4dd74fbbbae58dd0876d99e80ec82a11a4477f7e
Certificate serial:       018CC26D07C184073C282EADA401C9C49314
Authority key identifier: 4D:D7:4F:BB:BA:E5:8D:D0:87:6D:99:E8:0E:C8:2A:11:A4:47:7F:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TddPu7rljdCHbZnoDsgqEaRHf34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/toAtmFEkjhnorhD8eVm55Txj9XM.roa
Signing time:             Mon 01 Jan 2024 00:29:34 +0000
ROA not before:           Mon 01 Jan 2024 00:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204203
IP address blocks:        109.162.249.0/24 maxlen: 24
                          109.162.248.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/TddPu7rljdCHbZnoDsgqEaRHf34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/TddPu7rljdCHbZnoDsgqEaRHf34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TddPu7rljdCHbZnoDsgqEaRHf34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:07:c1:84:07:3c:28:2e:ad:a4:01:c9:c4:93:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd74fbbbae58dd0876d99e80ec82a11a4477f7e
        Validity
            Not Before: Jan  1 00:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6802d9851248e19e8ae10fc7959b9e53c63f573
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:44:c6:d2:d8:33:aa:88:b6:d9:46:f9:1b:e2:
                    5d:31:f4:98:e6:28:8a:ca:83:89:ea:85:18:28:bc:
                    2d:16:78:2e:31:2d:4f:8a:1c:a1:f0:2c:da:f5:26:
                    4c:8a:cc:d0:9e:ea:5a:bb:dc:b2:22:f5:be:b7:6b:
                    48:7c:96:ec:29:f0:d8:40:9a:61:c7:ec:9b:f1:c8:
                    4f:39:c4:a7:cc:b7:2e:94:e4:e9:d4:96:e6:c2:12:
                    11:23:8b:eb:57:f3:b1:9e:85:e3:4e:db:37:ee:9f:
                    1e:25:25:7b:50:7f:17:01:bf:67:5d:4a:ca:70:7d:
                    ac:f7:6c:df:15:87:5f:15:ae:0e:55:86:27:5e:fa:
                    03:f2:1d:76:85:00:ae:4f:a5:09:2d:ae:8b:87:f5:
                    1c:a2:26:36:1e:ee:2e:ee:d9:4c:db:6e:bd:cd:4a:
                    08:4f:97:3c:fc:c7:9d:0d:51:50:cf:90:dc:25:c6:
                    d1:ad:5a:13:2f:5a:9f:2f:b6:e4:34:9e:bf:22:7b:
                    e6:8d:87:1a:35:3c:f6:89:38:3e:4c:8e:bd:67:ef:
                    be:ca:c7:ab:17:8e:e2:92:bf:93:6b:30:7f:e2:e6:
                    df:59:cd:63:ec:4a:c1:3c:40:08:5b:6f:02:0c:96:
                    1d:d5:9a:35:db:ca:89:21:9d:4c:d1:10:09:f4:4f:
                    3a:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:80:2D:98:51:24:8E:19:E8:AE:10:FC:79:59:B9:E5:3C:63:F5:73
            X509v3 Authority Key Identifier:
                keyid:4D:D7:4F:BB:BA:E5:8D:D0:87:6D:99:E8:0E:C8:2A:11:A4:47:7F:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TddPu7rljdCHbZnoDsgqEaRHf34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/toAtmFEkjhnorhD8eVm55Txj9XM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/TddPu7rljdCHbZnoDsgqEaRHf34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.162.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9e:f5:4e:87:08:ab:b0:27:b5:7a:cb:bf:6d:4d:7e:15:56:f0:
         ae:2b:3e:85:15:74:36:04:77:88:e4:f2:0f:b6:e9:0d:4d:39:
         24:43:d4:fd:e9:2b:54:7c:42:3c:6a:c8:e9:0b:31:f3:fd:a6:
         fd:0b:d2:8c:92:f3:d3:8a:20:d0:41:7b:9d:17:da:20:6a:f5:
         b2:6f:b7:56:4c:c1:1f:c6:fd:be:79:94:0e:28:ca:42:36:8c:
         f9:72:01:75:e8:6e:de:4d:4d:a4:be:9d:80:6f:96:e5:ce:e1:
         49:2f:59:7a:7d:91:75:61:02:f6:10:03:ac:08:49:21:36:78:
         5d:a6:31:b9:cc:58:31:5b:df:87:60:89:73:54:eb:be:a0:d0:
         b4:7e:ae:ae:09:3d:44:e0:0d:b2:37:a5:64:23:71:18:47:d4:
         b2:25:77:5d:ba:a3:70:34:0e:95:e3:e9:71:d6:d3:d8:90:37:
         55:90:4a:a1:7a:18:15:5a:06:34:0f:00:da:46:4c:0a:94:4b:
         f2:86:98:d6:2d:1a:7d:f0:9b:a9:f2:b3:e1:ab:87:ce:ba:e8:
         16:99:d7:9d:d1:ab:e3:0c:b1:2c:b9:41:e4:d0:b3:9d:f4:2c:
         5f:13:bf:c5:0d:73:a0:5d:48:e3:8b:10:b4:27:bd:23:e5:2f:
         48:b5:3d:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbQfBhAc8KC6tpAHJxJMUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDc0ZmJiYmFlNThkZDA4NzZkOTllODBlYzgyYTExYTQ0
NzdmN2UwHhcNMjQwMTAxMDAyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjgwMmQ5ODUxMjQ4ZTE5ZThhZTEwZmM3OTU5YjllNTNjNjNmNTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh0TG0tgzqoi22Ub5G+JdMfSY5iiK
yoOJ6oUYKLwtFnguMS1Pihyh8Cza9SZMiszQnupau9yyIvW+t2tIfJbsKfDYQJph
x+yb8chPOcSnzLculOTp1JbmwhIRI4vrV/OxnoXjTts37p8eJSV7UH8XAb9nXUrK
cH2s92zfFYdfFa4OVYYnXvoD8h12hQCuT6UJLa6Lh/UcoiY2Hu4u7tlM2269zUoI
T5c8/MedDVFQz5DcJcbRrVoTL1qfL7bkNJ6/InvmjYcaNTz2iTg+TI69Z+++yser
F47ikr+TazB/4ubfWc1j7ErBPEAIW28CDJYd1Zo128qJIZ1M0RAJ9E864wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLaALZhRJI4Z6K4Q/HlZueU8Y/VzMB8GA1UdIwQY
MBaAFE3XT7u65Y3Qh22Z6A7IKhGkR39+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRkUHU3cmxqZENIYlpub0RzZ3FFYVJIZjM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85ZjVmNTctZTgyOC00YmNmLThkMmIt
OGVhYjdmNGZlNzdlLzEvdG9BdG1GRWtqaG5vcmhEOGVWbTU1VHhqOVhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85ZjVmNTctZTgyOC00YmNmLThkMmItOGVhYjdmNGZlNzdl
LzEvVGRkUHU3cmxqZENIYlpub0RzZ3FFYVJIZjM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBbaL4MA0G
CSqGSIb3DQEBCwUAA4IBAQCe9U6HCKuwJ7V6y79tTX4VVvCuKz6FFXQ2BHeI5PIP
tukNTTkkQ9T96StUfEI8asjpCzHz/ab9C9KMkvPTiiDQQXudF9ogavWyb7dWTMEf
xv2+eZQOKMpCNoz5cgF16G7eTU2kvp2Ab5blzuFJL1l6fZF1YQL2EAOsCEkhNnhd
pjG5zFgxW9+HYIlzVOu+oNC0fq6uCT1E4A2yN6VkI3EYR9SyJXdduqNwNA6V4+lx
1tPYkDdVkEqhehgVWgY0DwDaRkwKlEvyhpjWLRp98Jup8rPhq4fOuugWmded0avj
DLEsuUHk0LOd9CxfE7/FDXOgXUjjixC0J70j5S9ItT2r
-----END CERTIFICATE-----