Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/38bc90-1d53-4d47-bbdb-f4e7c9cc43ff/1/X4DPqtKQyZOWAKBMlN7mRtcd1Ms.roa
File:                     X4DPqtKQyZOWAKBMlN7mRtcd1Ms.roa (raw, json)
Hash identifier:          kXRcohahU5UXZUtKpTF4pyZvtQAWUIYvj9zgl+Pf9XM=
Subject key identifier:   5F:80:CF:AA:D2:90:C9:93:96:00:A0:4C:94:DE:E6:46:D7:1D:D4:CB
Certificate issuer:       /CN=87b1396fd11c730ef20448129b282856ac504cb7
Certificate serial:       01941FFAA9127E917FBC548A62307FD66C3C
Authority key identifier: 87:B1:39:6F:D1:1C:73:0E:F2:04:48:12:9B:28:28:56:AC:50:4C:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h7E5b9Eccw7yBEgSmygoVqxQTLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/38bc90-1d53-4d47-bbdb-f4e7c9cc43ff/1/X4DPqtKQyZOWAKBMlN7mRtcd1Ms.roa
Signing time:             Wed 01 Jan 2025 03:48:28 +0000
ROA not before:           Wed 01 Jan 2025 03:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215436
IP address blocks:        192.109.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/38bc90-1d53-4d47-bbdb-f4e7c9cc43ff/1/h7E5b9Eccw7yBEgSmygoVqxQTLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/38bc90-1d53-4d47-bbdb-f4e7c9cc43ff/1/h7E5b9Eccw7yBEgSmygoVqxQTLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h7E5b9Eccw7yBEgSmygoVqxQTLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Apr 2025 22:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:a9:12:7e:91:7f:bc:54:8a:62:30:7f:d6:6c:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87b1396fd11c730ef20448129b282856ac504cb7
        Validity
            Not Before: Jan  1 03:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5f80cfaad290c9939600a04c94dee646d71dd4cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:d1:71:88:bf:80:b1:08:a4:0f:56:4f:6c:7f:
                    47:22:5e:23:26:0d:1f:b2:0b:83:52:41:4f:49:e6:
                    f6:3f:b0:5d:f4:b3:69:76:21:3e:86:c7:bd:48:b5:
                    8d:4b:2a:b1:cc:26:80:98:96:5d:2c:f4:54:09:79:
                    9a:3f:23:d2:2f:de:48:50:ff:7f:7a:fa:66:df:c5:
                    7e:3f:c3:4a:1f:25:6b:23:1d:be:41:50:f0:07:1c:
                    93:19:11:66:57:51:df:c1:69:c8:76:3a:a0:ac:13:
                    fa:85:84:b4:6b:48:f2:96:4f:31:86:c7:68:bf:7e:
                    36:78:46:24:6c:e9:73:b7:e2:9e:d9:6a:4f:2f:95:
                    39:0d:a5:48:ba:79:7e:87:c9:98:e1:9d:aa:f8:90:
                    d2:3b:f9:b5:86:11:20:ae:85:f3:fc:1b:cc:e4:7b:
                    e6:5b:60:9b:d0:80:e5:86:6f:20:7a:6f:71:0d:b2:
                    bb:a4:59:e8:9a:51:19:e0:0e:1b:ae:8a:ac:50:ff:
                    32:0f:5e:f8:16:85:ba:db:54:3d:07:06:2e:df:d8:
                    85:27:c9:72:d8:f3:bd:b8:0b:9a:5c:2d:90:ef:6a:
                    ed:13:0c:46:01:2e:1a:37:14:a3:61:1d:81:b8:d1:
                    62:85:09:ae:ac:ba:d9:5d:38:f2:bb:a5:fa:df:18:
                    cd:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:80:CF:AA:D2:90:C9:93:96:00:A0:4C:94:DE:E6:46:D7:1D:D4:CB
            X509v3 Authority Key Identifier:
                keyid:87:B1:39:6F:D1:1C:73:0E:F2:04:48:12:9B:28:28:56:AC:50:4C:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h7E5b9Eccw7yBEgSmygoVqxQTLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/38bc90-1d53-4d47-bbdb-f4e7c9cc43ff/1/X4DPqtKQyZOWAKBMlN7mRtcd1Ms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/38bc90-1d53-4d47-bbdb-f4e7c9cc43ff/1/h7E5b9Eccw7yBEgSmygoVqxQTLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:21:ef:cd:7a:33:a6:0f:ca:6b:a4:ee:06:97:61:c6:8c:82:
         90:5f:cc:70:8f:57:d6:b8:68:77:21:10:4f:22:5b:ed:f0:d2:
         dc:c6:eb:9b:6a:01:5a:5e:37:51:1e:17:44:59:12:20:b3:5d:
         a5:0a:3f:74:c7:81:47:56:23:e9:a4:25:19:e9:61:29:c3:71:
         67:32:67:34:47:7b:14:fd:d8:22:dc:b4:39:33:14:3f:f7:b3:
         99:ae:38:06:47:bd:73:72:ec:b3:3c:31:a9:d4:54:c7:89:50:
         21:9f:ef:5f:37:90:4b:98:03:24:28:88:51:7c:f9:68:99:ad:
         19:09:94:42:aa:11:c8:35:3c:36:54:a1:dc:9e:7b:0c:4a:ed:
         c2:c0:1a:34:cf:51:54:04:0f:bc:f3:88:dd:10:df:b1:7f:63:
         ba:98:c3:5e:56:c7:23:20:36:b9:61:92:51:aa:3a:b0:06:42:
         e6:3d:76:78:ba:13:0a:13:89:4f:e5:bc:be:e3:cc:e1:aa:d5:
         4a:05:7d:2a:c9:9f:a0:02:c3:f5:80:af:d7:d3:4e:81:ab:e3:
         83:a4:3c:56:84:b7:38:eb:a8:99:f4:99:35:22:8b:47:b1:88:
         43:21:84:02:03:59:06:8e:d8:ae:51:3e:72:ea:0c:67:59:c9:
         1e:f4:dd:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+qkSfpF/vFSKYjB/1mw8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3YjEzOTZmZDExYzczMGVmMjA0NDgxMjliMjgyODU2YWM1
MDRjYjcwHhcNMjUwMTAxMDM0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjgwY2ZhYWQyOTBjOTkzOTYwMGEwNGM5NGRlZTY0NmQ3MWRkNGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAntFxiL+AsQikD1ZPbH9HIl4jJg0f
sguDUkFPSeb2P7Bd9LNpdiE+hse9SLWNSyqxzCaAmJZdLPRUCXmaPyPSL95IUP9/
evpm38V+P8NKHyVrIx2+QVDwBxyTGRFmV1HfwWnIdjqgrBP6hYS0a0jylk8xhsdo
v342eEYkbOlzt+Ke2WpPL5U5DaVIunl+h8mY4Z2q+JDSO/m1hhEgroXz/BvM5Hvm
W2Cb0IDlhm8gem9xDbK7pFnomlEZ4A4broqsUP8yD174FoW621Q9BwYu39iFJ8ly
2PO9uAuaXC2Q72rtEwxGAS4aNxSjYR2BuNFihQmurLrZXTjyu6X63xjN+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF+Az6rSkMmTlgCgTJTe5kbXHdTLMB8GA1UdIwQY
MBaAFIexOW/RHHMO8gRIEpsoKFasUEy3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDdFNWI5RWNjdzd5QkVnU215Z29WcXhRVExjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8zOGJjOTAtMWQ1My00ZDQ3LWJiZGIt
ZjRlN2M5Y2M0M2ZmLzEvWDREUHF0S1F5Wk9XQUtCTWxON21SdGNkMU1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8zOGJjOTAtMWQ1My00ZDQ3LWJiZGItZjRlN2M5Y2M0M2Zm
LzEvaDdFNWI5RWNjdzd5QkVnU215Z29WcXhRVExjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwG3OMA0G
CSqGSIb3DQEBCwUAA4IBAQAoIe/NejOmD8prpO4Gl2HGjIKQX8xwj1fWuGh3IRBP
Ilvt8NLcxuubagFaXjdRHhdEWRIgs12lCj90x4FHViPppCUZ6WEpw3FnMmc0R3sU
/dgi3LQ5MxQ/97OZrjgGR71zcuyzPDGp1FTHiVAhn+9fN5BLmAMkKIhRfPloma0Z
CZRCqhHINTw2VKHcnnsMSu3CwBo0z1FUBA+884jdEN+xf2O6mMNeVscjIDa5YZJR
qjqwBkLmPXZ4uhMKE4lP5by+48zhqtVKBX0qyZ+gAsP1gK/X006Bq+ODpDxWhLc4
66iZ9Jk1IotHsYhDIYQCA1kGjtiuUT5y6gxnWcke9N13
-----END CERTIFICATE-----