Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/f545a4-22fa-451c-87af-62f316d07d70/1/uRe0GGNfqE13BEvplg9miN3Ucjs.roa
File:                     uRe0GGNfqE13BEvplg9miN3Ucjs.roa (raw, json)
Hash identifier:          eB2VTOuH0V/wJjrj+Nidcf+IAzBxD+AoRJS1QznGVgc=
Subject key identifier:   B9:17:B4:18:63:5F:A8:4D:77:04:4B:E9:96:0F:66:88:DD:D4:72:3B
Certificate issuer:       /CN=fb6efed2a24ac120ed26ae92ae48581b77d24971
Certificate serial:       01965302A8302E1BBCC143B690BE6AFA2E78
Authority key identifier: FB:6E:FE:D2:A2:4A:C1:20:ED:26:AE:92:AE:48:58:1B:77:D2:49:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-27-0qJKwSDtJq6SrkhYG3fSSXE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/f545a4-22fa-451c-87af-62f316d07d70/1/uRe0GGNfqE13BEvplg9miN3Ucjs.roa
Signing time:             Sun 20 Apr 2025 11:43:25 +0000
ROA not before:           Sun 20 Apr 2025 11:43:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49556
IP address blocks:        109.70.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/f545a4-22fa-451c-87af-62f316d07d70/1/1-27-0qJKwSDtJq6SrkhYG3fSSXE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/f545a4-22fa-451c-87af-62f316d07d70/1/1-27-0qJKwSDtJq6SrkhYG3fSSXE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-27-0qJKwSDtJq6SrkhYG3fSSXE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 20:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:53:02:a8:30:2e:1b:bc:c1:43:b6:90:be:6a:fa:2e:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb6efed2a24ac120ed26ae92ae48581b77d24971
        Validity
            Not Before: Apr 20 11:43:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b917b418635fa84d77044be9960f6688ddd4723b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:f3:56:01:e0:bb:1e:c1:ce:da:70:f3:82:81:
                    a0:04:e1:ed:cf:4c:0c:a6:bc:59:e9:24:f5:c2:64:
                    4b:73:31:75:40:d1:bf:c9:88:95:9f:f8:a8:a9:d8:
                    b0:42:d0:29:24:8c:22:60:9e:ce:ce:73:77:e7:98:
                    37:e5:1d:3a:9d:e5:e5:b8:79:7e:ef:c2:a1:d7:9b:
                    2e:8b:7e:5a:59:4e:f2:af:3e:e2:35:a8:02:5d:67:
                    fd:ee:ad:e0:93:e2:2b:fc:d2:93:b9:e3:49:51:94:
                    ce:ca:4c:c4:36:09:4d:1f:39:5d:6b:59:df:1b:3e:
                    e8:39:2e:b7:9c:a4:c3:53:57:92:61:ae:ea:3b:65:
                    42:7f:8d:32:e9:a0:36:e6:8a:63:76:ee:8d:6b:31:
                    ed:2c:ba:56:39:68:f2:e1:a4:fd:f5:dc:9b:2b:05:
                    b5:25:c2:fa:16:c9:52:b6:b6:e9:7b:06:8c:9e:40:
                    be:39:a7:29:12:bd:fe:5b:84:1a:70:f8:e1:85:c7:
                    b5:de:b2:6f:53:87:3c:85:67:c9:09:39:b7:8e:a6:
                    52:05:e0:ca:1e:55:9f:01:53:a6:78:7c:9e:9c:93:
                    0b:1b:05:15:fd:fd:b9:b5:ee:14:99:a1:77:2d:49:
                    91:fb:0b:ee:26:a3:60:71:25:12:33:6b:f4:22:cc:
                    aa:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:17:B4:18:63:5F:A8:4D:77:04:4B:E9:96:0F:66:88:DD:D4:72:3B
            X509v3 Authority Key Identifier:
                keyid:FB:6E:FE:D2:A2:4A:C1:20:ED:26:AE:92:AE:48:58:1B:77:D2:49:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-27-0qJKwSDtJq6SrkhYG3fSSXE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/f545a4-22fa-451c-87af-62f316d07d70/1/uRe0GGNfqE13BEvplg9miN3Ucjs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/f545a4-22fa-451c-87af-62f316d07d70/1/1-27-0qJKwSDtJq6SrkhYG3fSSXE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.70.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:03:d1:f6:09:15:ac:48:9b:cb:67:18:09:be:a2:be:06:5a:
         b8:26:d7:69:57:c3:79:ce:11:6f:6e:a2:c2:a3:6c:7b:37:e5:
         86:52:6b:0d:19:de:9b:6f:24:2a:2f:de:a6:a4:11:ad:4a:be:
         7e:6d:c1:d4:cd:07:01:1e:cc:2b:85:cc:40:cc:55:d8:9c:e1:
         d7:38:46:4c:bb:42:e9:a7:44:96:12:a8:fe:7c:95:27:65:62:
         b4:8a:31:7d:99:fa:0b:e7:25:26:dc:f4:a6:41:83:97:e9:b8:
         66:83:29:36:8b:3f:fc:ed:59:dd:fc:53:ee:07:10:ea:4d:7a:
         96:01:ea:a3:ef:4c:67:76:c2:3c:a5:8c:a8:23:9e:48:d8:91:
         85:fc:c0:99:28:8b:3b:6a:94:94:e9:a7:6d:72:b2:d7:53:35:
         dc:2c:96:59:a9:f1:b6:8c:96:bd:32:f3:87:4e:51:5f:a0:a9:
         ec:04:31:2a:ed:a4:38:1f:db:00:73:25:30:e6:00:a4:f1:e7:
         6f:f7:26:1e:0a:02:b2:78:8e:27:e8:6f:e4:22:e8:25:1a:01:
         72:91:6d:82:ed:be:12:f5:d7:0b:6e:2c:54:b1:e5:4d:b4:ab:
         95:f8:03:e9:e4:88:14:15:d6:4c:d2:5d:b0:8e:57:89:25:6b:
         8f:e9:59:40
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZZTAqgwLhu8wUO2kL5q+i54MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiNmVmZWQyYTI0YWMxMjBlZDI2YWU5MmFlNDg1ODFiNzdk
MjQ5NzEwHhcNMjUwNDIwMTE0MzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTE3YjQxODYzNWZhODRkNzcwNDRiZTk5NjBmNjY4OGRkZDQ3MjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtfNWAeC7HsHO2nDzgoGgBOHtz0wM
prxZ6ST1wmRLczF1QNG/yYiVn/ioqdiwQtApJIwiYJ7OznN355g35R06neXluHl+
78Kh15sui35aWU7yrz7iNagCXWf97q3gk+Ir/NKTueNJUZTOykzENglNHzlda1nf
Gz7oOS63nKTDU1eSYa7qO2VCf40y6aA25opjdu6NazHtLLpWOWjy4aT99dybKwW1
JcL6FslStrbpewaMnkC+OacpEr3+W4QacPjhhce13rJvU4c8hWfJCTm3jqZSBeDK
HlWfAVOmeHyenJMLGwUV/f25te4UmaF3LUmR+wvuJqNgcSUSM2v0IsyqYwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFLkXtBhjX6hNdwRL6ZYPZojd1HI7MB8GA1UdIwQY
MBaAFPtu/tKiSsEg7Saukq5IWBt30klxMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS0yNy0wcUpLd1NEdEpxNlNya2hZRzNmU1NYRS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmEvZjU0NWE0LTIyZmEtNDUxYy04N2Fm
LTYyZjMxNmQwN2Q3MC8xL3VSZTBHR05mcUUxM0JFdnBsZzltaU4zVWNqcy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYmEvZjU0NWE0LTIyZmEtNDUxYy04N2FmLTYyZjMxNmQwN2Q3
MC8xLzEtMjctMHFKS3dTRHRKcTZTcmtoWUczZlNTWEUuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABtRk0w
DQYJKoZIhvcNAQELBQADggEBAAgD0fYJFaxIm8tnGAm+or4GWrgm12lXw3nOEW9u
osKjbHs35YZSaw0Z3ptvJCov3qakEa1Kvn5twdTNBwEezCuFzEDMVdic4dc4Rky7
QumnRJYSqP58lSdlYrSKMX2Z+gvnJSbc9KZBg5fpuGaDKTaLP/ztWd38U+4HEOpN
epYB6qPvTGd2wjyljKgjnkjYkYX8wJkoiztqlJTpp21ystdTNdwsllmp8baMlr0y
84dOUV+gqewEMSrtpDgf2wBzJTDmAKTx52/3Jh4KArJ4jifob+Qi6CUaAXKRbYLt
vhL11wtuLFSx5U20q5X4A+nkiBQV1kzSXbCOV4kla4/pWUA=
-----END CERTIFICATE-----