Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/2b5ed6-3a7c-4631-b49d-bf55b8b1669c/1/R_Gfj-ZqwHwLza7EFWByXo5utCk.roa
File:                     R_Gfj-ZqwHwLza7EFWByXo5utCk.roa (raw, json)
Hash identifier:          nRGV+mkoEyDvtQwPzN0w5ajjeOt+uvAbPIy/hv50DCk=
Subject key identifier:   47:F1:9F:8F:E6:6A:C0:7C:0B:CD:AE:C4:15:60:72:5E:8E:6E:B4:29
Certificate issuer:       /CN=2cce5d51fa75bbb6ed962a4166ef6f8630a02581
Certificate serial:       018CC3494739EE8B035031AEE7DF6D917E2D
Authority key identifier: 2C:CE:5D:51:FA:75:BB:B6:ED:96:2A:41:66:EF:6F:86:30:A0:25:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LM5dUfp1u7btlipBZu9vhjCgJYE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/2b5ed6-3a7c-4631-b49d-bf55b8b1669c/1/R_Gfj-ZqwHwLza7EFWByXo5utCk.roa
Signing time:             Mon 01 Jan 2024 04:30:08 +0000
ROA not before:           Mon 01 Jan 2024 04:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212302
IP address blocks:        109.70.239.0/24 maxlen: 24
                          2a0c:2bc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/2b5ed6-3a7c-4631-b49d-bf55b8b1669c/1/LM5dUfp1u7btlipBZu9vhjCgJYE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/2b5ed6-3a7c-4631-b49d-bf55b8b1669c/1/LM5dUfp1u7btlipBZu9vhjCgJYE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LM5dUfp1u7btlipBZu9vhjCgJYE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 10:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:47:39:ee:8b:03:50:31:ae:e7:df:6d:91:7e:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2cce5d51fa75bbb6ed962a4166ef6f8630a02581
        Validity
            Not Before: Jan  1 04:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47f19f8fe66ac07c0bcdaec41560725e8e6eb429
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:5d:61:cb:58:b2:cd:2e:9f:bf:ca:de:83:64:
                    a8:5b:47:69:ba:60:eb:a9:2e:98:3a:e9:b7:93:77:
                    e9:0a:d9:8e:1d:26:ea:86:54:2a:13:14:2b:b4:30:
                    46:42:da:74:b9:91:28:71:b2:df:d4:7e:99:a3:0f:
                    2f:9a:de:59:f2:cf:02:09:8b:df:88:be:a1:78:56:
                    b6:2d:6c:1d:61:6d:05:b2:1a:9a:31:4b:ef:8e:a9:
                    e6:ab:24:fb:32:ee:01:51:8e:e6:29:e2:ab:31:9d:
                    52:87:ea:55:6c:c3:8b:a7:87:83:40:6d:c1:70:7e:
                    89:ea:73:5e:61:df:6c:31:0b:34:70:ca:62:00:68:
                    c9:fc:83:06:05:64:48:85:db:09:83:0c:51:eb:e8:
                    84:77:6f:fb:b7:a4:bf:a0:1d:71:25:e0:11:b5:5d:
                    60:ab:a5:13:73:a8:0a:eb:20:66:39:82:99:fc:4f:
                    00:a4:82:27:85:42:79:99:88:53:76:f2:c7:25:9c:
                    05:8f:6d:89:41:ef:4e:a7:35:5a:a5:68:de:73:4c:
                    e5:b7:41:82:1b:40:fa:6f:c6:98:57:5d:dc:b4:af:
                    7b:45:a3:bb:dd:0a:f4:df:d6:a4:f6:5b:f6:15:48:
                    14:8d:fa:d6:ef:bf:b9:8e:4a:9d:d5:5b:15:0f:18:
                    c7:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:F1:9F:8F:E6:6A:C0:7C:0B:CD:AE:C4:15:60:72:5E:8E:6E:B4:29
            X509v3 Authority Key Identifier:
                keyid:2C:CE:5D:51:FA:75:BB:B6:ED:96:2A:41:66:EF:6F:86:30:A0:25:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LM5dUfp1u7btlipBZu9vhjCgJYE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/2b5ed6-3a7c-4631-b49d-bf55b8b1669c/1/R_Gfj-ZqwHwLza7EFWByXo5utCk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/2b5ed6-3a7c-4631-b49d-bf55b8b1669c/1/LM5dUfp1u7btlipBZu9vhjCgJYE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.70.239.0/24
                IPv6:
                  2a0c:2bc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         97:e1:ca:9f:7d:26:d5:98:79:58:49:06:65:fe:b9:ae:d2:6f:
         bf:19:4b:f9:8d:f3:02:70:5e:45:59:c9:eb:60:c6:15:a2:36:
         a7:6b:69:ea:24:9e:58:d1:35:e3:bc:eb:b0:d8:eb:7b:59:4c:
         af:52:66:4e:98:1a:4c:36:1f:8a:74:18:96:f9:73:14:34:55:
         7a:51:f4:39:d6:7f:f6:39:30:e4:bd:d4:1b:21:49:dc:fb:ce:
         3d:ee:a1:13:7f:ad:33:7d:c8:22:1a:0c:e7:c8:fb:cf:ed:97:
         6e:78:37:4a:25:e6:9d:d1:a3:87:ff:77:ef:8a:61:4f:a5:57:
         da:bc:93:17:29:d8:3f:85:ca:85:7d:fa:91:17:ec:5d:10:af:
         50:cc:04:b9:f8:25:4f:dc:bd:fd:fa:eb:67:2b:37:7d:35:ce:
         3f:b4:a0:24:ae:4f:b7:ff:16:57:71:cc:c3:c4:e7:ac:86:39:
         d8:13:1c:59:22:22:79:7b:d4:9e:3b:c6:2b:01:47:55:37:b2:
         1f:3b:b4:20:a0:c1:a9:af:7f:8e:09:f1:cc:68:7b:a1:68:ed:
         a9:cb:84:92:b8:bc:d3:8e:e2:89:04:f6:59:6f:de:c9:86:a3:
         61:41:22:1c:be:89:00:92:40:ef:9f:3a:aa:63:24:80:23:75:
         d6:c6:58:3a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDSUc57osDUDGu599tkX4tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjY2U1ZDUxZmE3NWJiYjZlZDk2MmE0MTY2ZWY2Zjg2MzBh
MDI1ODEwHhcNMjQwMTAxMDQzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2YxOWY4ZmU2NmFjMDdjMGJjZGFlYzQxNTYwNzI1ZThlNmViNDI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjV1hy1iyzS6fv8reg2SoW0dpumDr
qS6YOum3k3fpCtmOHSbqhlQqExQrtDBGQtp0uZEocbLf1H6Zow8vmt5Z8s8CCYvf
iL6heFa2LWwdYW0FshqaMUvvjqnmqyT7Mu4BUY7mKeKrMZ1Sh+pVbMOLp4eDQG3B
cH6J6nNeYd9sMQs0cMpiAGjJ/IMGBWRIhdsJgwxR6+iEd2/7t6S/oB1xJeARtV1g
q6UTc6gK6yBmOYKZ/E8ApIInhUJ5mYhTdvLHJZwFj22JQe9OpzVapWjec0zlt0GC
G0D6b8aYV13ctK97RaO73Qr039ak9lv2FUgUjfrW77+5jkqd1VsVDxjHWQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEfxn4/masB8C82uxBVgcl6ObrQpMB8GA1UdIwQY
MBaAFCzOXVH6dbu27ZYqQWbvb4YwoCWBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTE01ZFVmcDF1N2J0bGlwQlp1OXZoakNnSllFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy8yYjVlZDYtM2E3Yy00NjMxLWI0OWQt
YmY1NWI4YjE2NjljLzEvUl9HZmotWnF3SHdMemE3RUZXQnlYbzV1dENrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy8yYjVlZDYtM2E3Yy00NjMxLWI0OWQtYmY1NWI4YjE2Njlj
LzEvTE01ZFVmcDF1N2J0bGlwQlp1OXZoakNnSllFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAbUbvMA0E
AgACMAcDBQMqDCvAMA0GCSqGSIb3DQEBCwUAA4IBAQCX4cqffSbVmHlYSQZl/rmu
0m+/GUv5jfMCcF5FWcnrYMYVojana2nqJJ5Y0TXjvOuw2Ot7WUyvUmZOmBpMNh+K
dBiW+XMUNFV6UfQ51n/2OTDkvdQbIUnc+8497qETf60zfcgiGgznyPvP7ZdueDdK
Jead0aOH/3fvimFPpVfavJMXKdg/hcqFffqRF+xdEK9QzAS5+CVP3L39+utnKzd9
Nc4/tKAkrk+3/xZXcczDxOeshjnYExxZIiJ5e9SeO8YrAUdVN7IfO7QgoMGpr3+O
CfHMaHuhaO2py4SSuLzTjuKJBPZZb97JhqNhQSIcvokAkkDvnzqqYySAI3XWxlg6
-----END CERTIFICATE-----