Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/0e90c8-2b83-4715-9933-a73f0b7418ab/1/1-nkTyOMqH94a8OlfukcDf7YbkNc.roa
File:                     1-nkTyOMqH94a8OlfukcDf7YbkNc.roa (raw, json)
Hash identifier:          Z6uvUYmhirGQlJwClrs+HtNhQJGa2PNo7VCbu68pXz8=
Subject key identifier:   FA:79:13:C8:E3:2A:1F:DE:1A:F0:E9:5F:BA:47:03:7F:B6:1B:90:D7
Certificate issuer:       /CN=25b1a223b7e73fd23462c204e60e9d4815cf763f
Certificate serial:       01949E42C0F66DE9F724B2923B11F17F8718
Authority key identifier: 25:B1:A2:23:B7:E7:3F:D2:34:62:C2:04:E6:0E:9D:48:15:CF:76:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JbGiI7fnP9I0YsIE5g6dSBXPdj8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/0e90c8-2b83-4715-9933-a73f0b7418ab/1/1-nkTyOMqH94a8OlfukcDf7YbkNc.roa
Signing time:             Sat 25 Jan 2025 16:19:22 +0000
ROA not before:           Sat 25 Jan 2025 16:19:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28753
IP address blocks:        109.70.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/0e90c8-2b83-4715-9933-a73f0b7418ab/1/JbGiI7fnP9I0YsIE5g6dSBXPdj8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/0e90c8-2b83-4715-9933-a73f0b7418ab/1/JbGiI7fnP9I0YsIE5g6dSBXPdj8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JbGiI7fnP9I0YsIE5g6dSBXPdj8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:9e:42:c0:f6:6d:e9:f7:24:b2:92:3b:11:f1:7f:87:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25b1a223b7e73fd23462c204e60e9d4815cf763f
        Validity
            Not Before: Jan 25 16:19:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fa7913c8e32a1fde1af0e95fba47037fb61b90d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:83:91:43:eb:57:50:12:cc:7c:77:51:6f:4f:
                    d6:b5:85:32:2f:cf:7f:21:bd:87:b5:5b:fd:23:e5:
                    a4:dc:8a:44:a9:fa:db:9c:97:d5:0b:1b:f0:5d:00:
                    07:64:05:1c:98:d3:f3:47:a6:36:a5:d8:5a:34:ec:
                    c2:88:07:ea:df:29:63:49:f1:df:f3:4f:29:36:ce:
                    8a:6c:99:49:f7:48:93:c1:96:56:d1:4e:c4:20:d1:
                    5e:bc:41:bb:07:20:3d:97:41:23:20:db:76:15:a9:
                    7e:44:13:6a:b0:ab:af:b3:61:09:94:1e:46:cc:35:
                    d5:24:37:db:05:48:1f:14:4b:64:9d:07:ac:02:6a:
                    8d:29:f4:c2:8d:47:c4:c8:11:ad:fe:bd:3c:75:0d:
                    b8:83:a2:bc:39:43:97:b4:63:a3:6a:dd:36:18:d5:
                    3b:1a:56:3c:a5:5d:76:45:b5:6a:f7:60:f4:dc:d7:
                    8c:0c:8d:20:df:bc:27:c7:c8:e5:0a:f7:f8:20:4b:
                    be:ef:5d:09:57:5d:54:38:be:51:05:dc:39:9f:8d:
                    c5:61:ab:5c:e8:a2:2a:59:8f:0f:ff:f2:1b:05:c7:
                    0c:7e:4a:8d:eb:13:05:02:15:0c:86:a9:57:82:92:
                    25:3f:58:fa:d1:35:25:86:b3:ec:c0:e3:8f:4c:a3:
                    d0:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:79:13:C8:E3:2A:1F:DE:1A:F0:E9:5F:BA:47:03:7F:B6:1B:90:D7
            X509v3 Authority Key Identifier:
                keyid:25:B1:A2:23:B7:E7:3F:D2:34:62:C2:04:E6:0E:9D:48:15:CF:76:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JbGiI7fnP9I0YsIE5g6dSBXPdj8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/0e90c8-2b83-4715-9933-a73f0b7418ab/1/1-nkTyOMqH94a8OlfukcDf7YbkNc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/0e90c8-2b83-4715-9933-a73f0b7418ab/1/JbGiI7fnP9I0YsIE5g6dSBXPdj8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.70.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:57:88:63:3b:4d:9a:bd:8c:b0:3e:e2:f7:67:53:bc:40:14:
         56:3f:c1:02:a2:31:e9:84:a9:c1:da:43:d6:61:36:5e:7f:ad:
         d4:91:35:0a:59:ec:a2:4e:36:b9:ed:ee:4f:ad:b0:64:89:8e:
         3d:39:76:d4:1e:70:d3:ea:48:e4:17:ac:d8:27:8f:e0:90:7b:
         64:fb:42:7e:c3:03:d8:6a:34:ad:e3:ef:77:f8:05:0c:2a:7f:
         bf:1f:4a:2d:3f:b5:ee:f0:42:c6:d4:68:aa:ee:6b:a7:d2:1c:
         d0:76:a9:51:60:23:e4:92:98:f5:8d:ff:98:01:59:76:61:90:
         07:e0:43:b6:79:66:ed:3a:8a:dc:f5:fe:76:f1:9a:03:76:5a:
         b7:d0:73:6c:b2:81:96:8f:c7:36:a2:f7:9d:25:5a:4d:e6:6f:
         2b:5a:3c:16:36:9e:6b:9e:fe:4d:0c:d0:d8:05:e7:5a:3f:ec:
         a8:96:21:3c:ea:17:74:1c:c5:f8:c2:bf:07:90:b7:dc:f1:85:
         83:10:91:42:c8:f4:b2:b3:27:26:c9:b9:33:09:34:f5:51:99:
         b8:8b:95:63:2a:32:17:d8:dc:18:3f:3a:36:b9:8b:36:0e:0c:
         1f:5d:34:12:98:7f:f4:87:24:99:36:bf:aa:2f:1e:b4:83:72:
         04:45:65:fd
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZSeQsD2ben3JLKSOxHxf4cYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1YjFhMjIzYjdlNzNmZDIzNDYyYzIwNGU2MGU5ZDQ4MTVj
Zjc2M2YwHhcNMjUwMTI1MTYxOTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTc5MTNjOGUzMmExZmRlMWFmMGU5NWZiYTQ3MDM3ZmI2MWI5MGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1oORQ+tXUBLMfHdRb0/WtYUyL89/
Ib2HtVv9I+Wk3IpEqfrbnJfVCxvwXQAHZAUcmNPzR6Y2pdhaNOzCiAfq3yljSfHf
808pNs6KbJlJ90iTwZZW0U7EINFevEG7ByA9l0EjINt2Fal+RBNqsKuvs2EJlB5G
zDXVJDfbBUgfFEtknQesAmqNKfTCjUfEyBGt/r08dQ24g6K8OUOXtGOjat02GNU7
GlY8pV12RbVq92D03NeMDI0g37wnx8jlCvf4IEu+710JV11UOL5RBdw5n43FYatc
6KIqWY8P//IbBccMfkqN6xMFAhUMhqlXgpIlP1j60TUlhrPswOOPTKPQeQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPp5E8jjKh/eGvDpX7pHA3+2G5DXMB8GA1UdIwQY
MBaAFCWxoiO35z/SNGLCBOYOnUgVz3Y/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmJHaUk3Zm5QOUkwWXNJRTVnNmRTQlhQZGo4LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8wZTkwYzgtMmI4My00NzE1LTk5MzMt
YTczZjBiNzQxOGFiLzEvMS1ua1R5T01xSDk0YThPbGZ1a2NEZjdZYmtOYy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYmIvMGU5MGM4LTJiODMtNDcxNS05OTMzLWE3M2YwYjc0MThh
Yi8xL0piR2lJN2ZuUDlJMFlzSUU1ZzZkU0JYUGRqOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAG1GSjAN
BgkqhkiG9w0BAQsFAAOCAQEAMleIYztNmr2MsD7i92dTvEAUVj/BAqIx6YSpwdpD
1mE2Xn+t1JE1Clnsok42ue3uT62wZImOPTl21B5w0+pI5Bes2CeP4JB7ZPtCfsMD
2Go0rePvd/gFDCp/vx9KLT+17vBCxtRoqu5rp9Ic0HapUWAj5JKY9Y3/mAFZdmGQ
B+BDtnlm7TqK3PX+dvGaA3Zat9BzbLKBlo/HNqL3nSVaTeZvK1o8Fjaea57+TQzQ
2AXnWj/sqJYhPOoXdBzF+MK/B5C33PGFgxCRQsj0srMnJsm5Mwk09VGZuIuVYyoy
F9jcGD86NrmLNg4MH100Eph/9IckmTa/qi8etINyBEVl/Q==
-----END CERTIFICATE-----