Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/4JQtl6CjZI4Ed81VYmD8y3s93nc.roa
File:                     4JQtl6CjZI4Ed81VYmD8y3s93nc.roa (raw, json)
Hash identifier:          DNWzfbgNl38BTmSJIdFxCJ7U9WCYuq21jLucbQaekUg=
Subject key identifier:   E0:94:2D:97:A0:A3:64:8E:04:77:CD:55:62:60:FC:CB:7B:3D:DE:77
Certificate issuer:       /CN=05e9fca0a8584feb1c12319071423061b08fe456
Certificate serial:       0194221F83C145588032B3D4F538D8B6D7A5
Authority key identifier: 05:E9:FC:A0:A8:58:4F:EB:1C:12:31:90:71:42:30:61:B0:8F:E4:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/4JQtl6CjZI4Ed81VYmD8y3s93nc.roa
Signing time:             Wed 01 Jan 2025 13:47:58 +0000
ROA not before:           Wed 01 Jan 2025 13:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51765
IP address blocks:        109.107.171.0/24 maxlen: 24
                          109.107.182.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:83:c1:45:58:80:32:b3:d4:f5:38:d8:b6:d7:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05e9fca0a8584feb1c12319071423061b08fe456
        Validity
            Not Before: Jan  1 13:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e0942d97a0a3648e0477cd556260fccb7b3dde77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:3d:26:03:4d:60:87:65:fb:19:61:8e:cf:7c:
                    96:52:9a:dd:dc:9a:46:40:d0:26:d0:27:3a:de:e3:
                    da:ce:27:1e:1f:95:6a:e8:60:08:57:bf:9f:27:12:
                    aa:29:8d:57:1c:ad:0a:49:2d:c3:1a:09:6e:7a:a4:
                    ea:9a:c8:52:5a:a2:fe:cc:42:e4:f5:b2:2c:63:d2:
                    3a:78:3e:a7:7f:60:d9:39:d2:ff:27:47:0a:e0:02:
                    f2:93:b9:62:30:c2:6a:66:97:6e:06:a8:42:a4:b0:
                    ac:da:6f:eb:6c:51:26:23:2a:95:85:d1:db:c0:b8:
                    fd:52:f4:6d:fc:ad:78:df:e8:a3:c5:8e:f5:84:c2:
                    78:e2:b6:8e:e8:3a:df:6c:e6:6e:b2:8e:82:7c:0b:
                    ad:2d:10:59:86:d2:ad:79:06:ac:2b:28:27:da:47:
                    d7:d1:02:94:5b:e9:59:8a:1c:01:0e:35:5f:af:ac:
                    71:aa:e2:19:f0:f4:5c:a3:07:12:1f:8b:c9:a8:c6:
                    e6:5a:dd:ab:98:87:88:e4:66:76:ba:c0:2f:93:d9:
                    dd:37:a0:05:85:f4:2f:1f:d6:ab:ce:01:15:39:f7:
                    19:6d:b1:22:76:db:72:38:aa:65:ae:b8:b3:e5:13:
                    34:c0:b5:0d:bc:f9:5f:f0:29:73:db:ae:e4:c7:c2:
                    c7:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:94:2D:97:A0:A3:64:8E:04:77:CD:55:62:60:FC:CB:7B:3D:DE:77
            X509v3 Authority Key Identifier:
                keyid:05:E9:FC:A0:A8:58:4F:EB:1C:12:31:90:71:42:30:61:B0:8F:E4:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/4JQtl6CjZI4Ed81VYmD8y3s93nc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.107.171.0/24
                  109.107.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:db:a3:e6:af:38:57:a6:4b:05:ee:00:33:37:43:c4:f8:eb:
         3d:04:d2:99:e8:7f:28:dc:5b:0f:5f:92:70:4f:07:f8:37:2f:
         e9:fe:4c:93:90:3f:cd:a5:22:3f:e2:bc:e1:7b:f3:09:97:9f:
         76:5d:f8:e2:b1:48:0d:1b:74:57:bb:08:05:7b:44:6e:6a:28:
         59:8a:06:27:3b:ba:15:f9:a6:be:cf:db:33:e2:21:f9:39:7b:
         d7:ce:b1:d6:bb:1c:f3:14:9a:8e:f7:c1:69:49:34:db:cb:77:
         b6:5e:00:45:7d:6c:ff:e5:48:16:04:95:1a:6f:10:64:d0:9e:
         9c:bc:9d:d5:2c:b0:80:f7:49:cb:70:e1:4e:5c:18:ea:ed:df:
         30:27:4d:1a:2c:d8:cc:7a:75:66:d1:5c:8e:36:2c:c9:a5:35:
         07:5e:77:65:5e:fe:15:64:8c:c7:a2:68:3c:c2:ce:c3:0b:5f:
         05:1a:a0:fc:19:0a:41:ae:36:52:21:a7:c2:ba:21:13:12:f2:
         0d:2f:b7:99:41:a7:01:48:b8:c0:d8:00:ab:96:a7:d0:58:66:
         80:82:a4:e8:82:9e:9f:7f:8a:b6:28:a4:83:a5:58:45:c6:e0:
         4f:a3:6a:62:c1:26:6c:1a:06:e8:ac:b5:89:64:51:c9:f5:bf:
         71:7e:03:72
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiH4PBRViAMrPU9TjYttelMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZTlmY2EwYTg1ODRmZWIxYzEyMzE5MDcxNDIzMDYxYjA4
ZmU0NTYwHhcNMjUwMTAxMTM0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDk0MmQ5N2EwYTM2NDhlMDQ3N2NkNTU2MjYwZmNjYjdiM2RkZTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwj0mA01gh2X7GWGOz3yWUprd3JpG
QNAm0Cc63uPaziceH5Vq6GAIV7+fJxKqKY1XHK0KSS3DGglueqTqmshSWqL+zELk
9bIsY9I6eD6nf2DZOdL/J0cK4ALyk7liMMJqZpduBqhCpLCs2m/rbFEmIyqVhdHb
wLj9UvRt/K143+ijxY71hMJ44raO6DrfbOZuso6CfAutLRBZhtKteQasKygn2kfX
0QKUW+lZihwBDjVfr6xxquIZ8PRcowcSH4vJqMbmWt2rmIeI5GZ2usAvk9ndN6AF
hfQvH9arzgEVOfcZbbEidttyOKplrriz5RM0wLUNvPlf8Clz267kx8LHSQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOCULZego2SOBHfNVWJg/Mt7Pd53MB8GA1UdIwQY
MBaAFAXp/KCoWE/rHBIxkHFCMGGwj+RWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmVuOG9LaFlULXNjRWpHUWNVSXdZYkNQNUZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9jN2VlOWUtYjViZi00YzJkLWE5ODMt
ZGVlM2VkNDk3YWVlLzEvNEpRdGw2Q2paSTRFZDgxVlltRDh5M3M5M25jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9jN2VlOWUtYjViZi00YzJkLWE5ODMtZGVlM2VkNDk3YWVl
LzEvQmVuOG9LaFlULXNjRWpHUWNVSXdZYkNQNUZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbWurAwQA
bWu2MA0GCSqGSIb3DQEBCwUAA4IBAQAu26PmrzhXpksF7gAzN0PE+Os9BNKZ6H8o
3FsPX5JwTwf4Ny/p/kyTkD/NpSI/4rzhe/MJl592XfjisUgNG3RXuwgFe0RuaihZ
igYnO7oV+aa+z9sz4iH5OXvXzrHWuxzzFJqO98FpSTTby3e2XgBFfWz/5UgWBJUa
bxBk0J6cvJ3VLLCA90nLcOFOXBjq7d8wJ00aLNjMenVm0VyONizJpTUHXndlXv4V
ZIzHomg8ws7DC18FGqD8GQpBrjZSIafCuiETEvINL7eZQacBSLjA2ACrlqfQWGaA
gqTogp6ff4q2KKSDpVhFxuBPo2piwSZsGgborLWJZFHJ9b9xfgNy
-----END CERTIFICATE-----