Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/58af24-c454-44b0-a7ca-c6f1e6ac9ba9/1/X3mjlS0kP1_gDPQOjCRjCsFnLaI.roa
File:                     X3mjlS0kP1_gDPQOjCRjCsFnLaI.roa (raw, json)
Hash identifier:          hwSZpEKMbELDqWpq461WiiXJPJpa28F2eqYSsjZhkvI=
Subject key identifier:   5F:79:A3:95:2D:24:3F:5F:E0:0C:F4:0E:8C:24:63:0A:C1:67:2D:A2
Certificate issuer:       /CN=ae7f747df5f24353154dc4d4bf70d2ddcb53e900
Certificate serial:       018CC9BCDC66C8D354F2BB014A1BAD3CD4B8
Authority key identifier: AE:7F:74:7D:F5:F2:43:53:15:4D:C4:D4:BF:70:D2:DD:CB:53:E9:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rn90ffXyQ1MVTcTUv3DS3ctT6QA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/58af24-c454-44b0-a7ca-c6f1e6ac9ba9/1/X3mjlS0kP1_gDPQOjCRjCsFnLaI.roa
Signing time:             Tue 02 Jan 2024 10:34:06 +0000
ROA not before:           Tue 02 Jan 2024 10:34:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60980
IP address blocks:        109.226.247.0/24 maxlen: 24
                          2a05:7400:c000::/34 maxlen: 34

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/58af24-c454-44b0-a7ca-c6f1e6ac9ba9/1/rn90ffXyQ1MVTcTUv3DS3ctT6QA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/58af24-c454-44b0-a7ca-c6f1e6ac9ba9/1/rn90ffXyQ1MVTcTUv3DS3ctT6QA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rn90ffXyQ1MVTcTUv3DS3ctT6QA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:dc:66:c8:d3:54:f2:bb:01:4a:1b:ad:3c:d4:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae7f747df5f24353154dc4d4bf70d2ddcb53e900
        Validity
            Not Before: Jan  2 10:34:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f79a3952d243f5fe00cf40e8c24630ac1672da2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:9a:cb:13:d4:1e:eb:0f:13:ab:b5:51:18:5c:
                    da:c3:58:b2:f0:94:61:18:53:72:69:d7:6a:4f:84:
                    78:ec:7f:aa:4d:f1:13:cd:39:cf:fd:c5:56:93:61:
                    89:22:fb:8b:0f:6c:7f:6e:00:e7:14:22:dc:02:35:
                    20:33:1c:2a:07:b6:5d:81:a1:b6:73:f3:70:bb:1b:
                    85:89:02:39:ef:f7:c4:3a:f6:d6:b6:06:7a:45:3a:
                    cc:9a:f1:15:9a:a3:3c:4e:dc:0a:28:c1:c8:07:3d:
                    99:35:18:76:ed:ee:c5:e4:bf:5b:be:e6:4f:30:50:
                    07:c7:2f:d1:f4:fc:02:bd:6f:8a:ff:bb:6c:a9:f7:
                    a3:da:33:10:e5:53:da:83:b3:8d:55:79:64:de:2b:
                    12:0f:f9:66:a3:44:45:ed:7c:00:91:76:c8:ee:13:
                    7a:dc:8b:1a:9d:3d:92:87:41:09:cf:ae:e0:49:9a:
                    30:81:a4:ba:5c:0c:aa:83:f8:4d:f0:ca:0d:33:37:
                    e7:31:ee:6d:f3:51:86:cb:6b:22:74:0c:4f:ce:bf:
                    88:a2:16:ad:ec:7b:8c:25:91:02:4d:ff:3c:5f:85:
                    71:06:a2:c9:37:88:53:22:f7:ab:e0:18:f2:1f:c8:
                    10:16:30:19:b9:40:a7:bc:97:95:13:77:7c:0a:fb:
                    cc:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:79:A3:95:2D:24:3F:5F:E0:0C:F4:0E:8C:24:63:0A:C1:67:2D:A2
            X509v3 Authority Key Identifier:
                keyid:AE:7F:74:7D:F5:F2:43:53:15:4D:C4:D4:BF:70:D2:DD:CB:53:E9:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rn90ffXyQ1MVTcTUv3DS3ctT6QA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/58af24-c454-44b0-a7ca-c6f1e6ac9ba9/1/X3mjlS0kP1_gDPQOjCRjCsFnLaI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/58af24-c454-44b0-a7ca-c6f1e6ac9ba9/1/rn90ffXyQ1MVTcTUv3DS3ctT6QA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.226.247.0/24
                IPv6:
                  2a05:7400:c000::/34

    Signature Algorithm: sha256WithRSAEncryption
         b1:df:59:60:12:39:3b:78:89:0c:17:35:c9:db:c2:80:ce:bc:
         90:f7:32:20:38:96:f2:f3:5b:8d:f1:0d:e2:49:d6:df:2f:3b:
         20:0e:44:e3:62:3c:17:71:65:24:be:2b:7d:c1:20:67:08:d0:
         9f:bb:d6:41:1c:44:1e:01:25:06:0f:04:f8:51:63:b6:96:c6:
         2a:f3:c5:ac:f9:bb:4a:5b:65:47:ad:c7:c6:07:67:a7:ad:c3:
         93:81:ec:f7:3f:62:a2:d5:44:cd:91:b0:71:fc:5b:5e:c7:0e:
         0e:bf:eb:ec:4e:28:5a:9a:02:b4:1c:8a:61:be:db:ba:b3:fc:
         52:9e:0b:78:65:06:3a:8b:c5:08:81:42:b0:19:00:4a:2b:0c:
         8e:3a:a0:98:5a:82:36:cd:33:1f:64:b7:7d:d1:23:6b:c0:95:
         3b:a6:38:30:ed:d5:9c:ab:56:25:08:3b:e6:c5:0a:bb:b1:38:
         a2:5a:29:d0:f9:86:29:60:fc:e8:7b:43:e8:90:8a:bc:00:42:
         e6:94:06:e4:cc:c4:bc:63:55:4a:80:d1:7f:9e:b4:82:83:d3:
         7d:6e:8d:86:c8:7f:a9:e1:92:bb:b3:32:d9:33:eb:6b:68:72:
         a5:5e:e8:f5:9b:05:e6:1f:ea:2e:e0:df:ab:c6:1d:c8:f4:29:
         dc:51:32:fd
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzJvNxmyNNU8rsBShutPNS4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlN2Y3NDdkZjVmMjQzNTMxNTRkYzRkNGJmNzBkMmRkY2I1
M2U5MDAwHhcNMjQwMTAyMTAzNDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Zjc5YTM5NTJkMjQzZjVmZTAwY2Y0MGU4YzI0NjMwYWMxNjcyZGEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhJrLE9Qe6w8Tq7VRGFzaw1iy8JRh
GFNyaddqT4R47H+qTfETzTnP/cVWk2GJIvuLD2x/bgDnFCLcAjUgMxwqB7ZdgaG2
c/NwuxuFiQI57/fEOvbWtgZ6RTrMmvEVmqM8TtwKKMHIBz2ZNRh27e7F5L9bvuZP
MFAHxy/R9PwCvW+K/7tsqfej2jMQ5VPag7ONVXlk3isSD/lmo0RF7XwAkXbI7hN6
3IsanT2Sh0EJz67gSZowgaS6XAyqg/hN8MoNMzfnMe5t81GGy2sidAxPzr+Iohat
7HuMJZECTf88X4VxBqLJN4hTIver4BjyH8gQFjAZuUCnvJeVE3d8CvvMIwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFF95o5UtJD9f4Az0DowkYwrBZy2iMB8GA1UdIwQY
MBaAFK5/dH318kNTFU3E1L9w0t3LU+kAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcm45MGZmWHlRMU1WVGNUVXYzRFMzY3RUNlFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi81OGFmMjQtYzQ1NC00NGIwLWE3Y2Et
YzZmMWU2YWM5YmE5LzEvWDNtamxTMGtQMV9nRFBRT2pDUmpDc0ZuTGFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi81OGFmMjQtYzQ1NC00NGIwLWE3Y2EtYzZmMWU2YWM5YmE5
LzEvcm45MGZmWHlRMU1WVGNUVXYzRFMzY3RUNlFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAbeL3MA4E
AgACMAgDBgYqBXQAwDANBgkqhkiG9w0BAQsFAAOCAQEAsd9ZYBI5O3iJDBc1ydvC
gM68kPcyIDiW8vNbjfEN4knW3y87IA5E42I8F3FlJL4rfcEgZwjQn7vWQRxEHgEl
Bg8E+FFjtpbGKvPFrPm7SltlR63Hxgdnp63Dk4Hs9z9iotVEzZGwcfxbXscODr/r
7E4oWpoCtByKYb7burP8Up4LeGUGOovFCIFCsBkASisMjjqgmFqCNs0zH2S3fdEj
a8CVO6Y4MO3VnKtWJQg75sUKu7E4olop0PmGKWD86HtD6JCKvABC5pQG5MzEvGNV
SoDRf560goPTfW6Nhsh/qeGSu7My2TPra2hypV7o9ZsF5h/qLuDfq8YdyPQp3FEy
/Q==
-----END CERTIFICATE-----