Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/7SqB0LPDCpYuRw3bGnNP1eNeuNQ.roa
File:                     7SqB0LPDCpYuRw3bGnNP1eNeuNQ.roa (raw, json)
Hash identifier:          u6F8sm9O8DZBOKJXeVOslWmGtNA/Sou6o+QAlI2Y47E=
Subject key identifier:   ED:2A:81:D0:B3:C3:0A:96:2E:47:0D:DB:1A:73:4F:D5:E3:5E:B8:D4
Certificate issuer:       /CN=05e9fca0a8584feb1c12319071423061b08fe456
Certificate serial:       0194221F8544E5B4EBAA8C09E63DB4690067
Authority key identifier: 05:E9:FC:A0:A8:58:4F:EB:1C:12:31:90:71:42:30:61:B0:8F:E4:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/7SqB0LPDCpYuRw3bGnNP1eNeuNQ.roa
Signing time:             Wed 01 Jan 2025 13:47:58 +0000
ROA not before:           Wed 01 Jan 2025 13:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58238
IP address blocks:        109.107.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:43:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:85:44:e5:b4:eb:aa:8c:09:e6:3d:b4:69:00:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05e9fca0a8584feb1c12319071423061b08fe456
        Validity
            Not Before: Jan  1 13:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ed2a81d0b3c30a962e470ddb1a734fd5e35eb8d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:5d:bb:8c:75:96:55:0b:13:93:af:15:76:86:
                    55:af:0a:5c:6e:5d:40:8f:8b:8e:d9:6c:f9:49:c7:
                    de:76:c4:e1:9b:be:e1:81:8e:e2:36:62:53:fa:0b:
                    68:a6:2a:bd:ca:e8:6d:4d:79:99:df:00:7b:51:97:
                    49:73:0a:35:e1:93:39:d5:ee:3a:af:a8:da:68:7a:
                    d8:01:1f:1e:55:f2:1f:8a:7e:10:13:5a:a7:cd:04:
                    b5:82:ab:b6:ab:61:8b:09:99:f2:56:72:08:e5:c7:
                    ee:d6:2b:ac:6c:0e:1b:4f:a9:41:fd:e4:9f:c3:03:
                    89:46:6a:f0:80:0d:8e:a6:85:1a:57:fd:f9:b5:e0:
                    c5:37:b6:65:ed:83:fa:40:fd:d7:d1:a5:9c:12:e8:
                    45:27:40:c3:10:69:2c:33:12:13:7a:50:63:66:34:
                    1e:2f:c7:f4:51:32:b7:82:9b:4e:1e:45:dd:b2:41:
                    14:31:51:16:9c:33:75:66:78:f6:cc:36:ac:48:8a:
                    a3:e2:09:e7:e2:3a:52:b6:d9:6e:72:2d:4f:f0:15:
                    5e:87:13:68:ac:cd:39:67:3e:b2:1e:c7:39:37:2a:
                    bc:ea:c0:0c:2a:01:07:f9:4d:9d:41:f8:e5:31:30:
                    7a:c2:b3:88:c7:f8:b6:2b:c7:83:c8:1b:35:b0:c9:
                    64:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:2A:81:D0:B3:C3:0A:96:2E:47:0D:DB:1A:73:4F:D5:E3:5E:B8:D4
            X509v3 Authority Key Identifier:
                keyid:05:E9:FC:A0:A8:58:4F:EB:1C:12:31:90:71:42:30:61:B0:8F:E4:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/7SqB0LPDCpYuRw3bGnNP1eNeuNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.107.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:78:b4:ae:04:dc:1f:4e:b1:5e:23:a2:63:c5:62:b4:e3:7a:
         8c:85:cb:b0:72:f8:2e:fe:28:20:a0:76:85:bf:39:e4:e5:07:
         4c:ae:e9:d3:89:13:ac:2d:93:e8:1a:6e:01:d5:70:15:a1:ae:
         30:40:d1:ab:02:c7:e3:63:bf:59:4c:36:3d:18:9c:7b:9c:c2:
         dd:95:78:4d:a9:4b:13:dd:60:22:0c:6d:d7:cd:ed:d2:71:af:
         b9:43:b7:b9:a1:b2:7a:db:9d:56:4d:6b:61:8f:32:c3:36:aa:
         57:0a:82:c7:53:ae:10:da:c3:65:d6:a5:83:a6:cc:51:54:ab:
         38:58:78:e4:94:e6:22:98:c8:00:7a:a0:75:21:b7:2b:ab:42:
         e0:55:9d:29:7a:75:15:03:35:91:ca:2c:27:83:2a:60:7a:a4:
         dc:1f:30:69:aa:ba:50:e7:43:49:1b:3b:c5:b9:a3:19:79:de:
         1d:cf:b0:9e:4c:bb:69:94:dd:f3:b1:ab:3b:26:72:62:a1:8e:
         09:b1:d2:5a:a1:62:c5:7f:39:b1:a8:21:20:d0:2e:f6:67:3a:
         22:4a:a7:89:80:ce:7d:02:20:9e:fb:ff:3c:58:05:d2:61:a8:
         ce:f9:27:3e:b4:2b:00:a9:63:b1:b9:65:7f:3c:63:21:b7:0a:
         22:de:87:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH4VE5bTrqowJ5j20aQBnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZTlmY2EwYTg1ODRmZWIxYzEyMzE5MDcxNDIzMDYxYjA4
ZmU0NTYwHhcNMjUwMTAxMTM0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDJhODFkMGIzYzMwYTk2MmU0NzBkZGIxYTczNGZkNWUzNWViOGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt127jHWWVQsTk68VdoZVrwpcbl1A
j4uO2Wz5ScfedsThm77hgY7iNmJT+gtopiq9yuhtTXmZ3wB7UZdJcwo14ZM51e46
r6jaaHrYAR8eVfIfin4QE1qnzQS1gqu2q2GLCZnyVnII5cfu1iusbA4bT6lB/eSf
wwOJRmrwgA2OpoUaV/35teDFN7Zl7YP6QP3X0aWcEuhFJ0DDEGksMxITelBjZjQe
L8f0UTK3gptOHkXdskEUMVEWnDN1Znj2zDasSIqj4gnn4jpSttluci1P8BVehxNo
rM05Zz6yHsc5Nyq86sAMKgEH+U2dQfjlMTB6wrOIx/i2K8eDyBs1sMlkVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO0qgdCzwwqWLkcN2xpzT9XjXrjUMB8GA1UdIwQY
MBaAFAXp/KCoWE/rHBIxkHFCMGGwj+RWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmVuOG9LaFlULXNjRWpHUWNVSXdZYkNQNUZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9jN2VlOWUtYjViZi00YzJkLWE5ODMt
ZGVlM2VkNDk3YWVlLzEvN1NxQjBMUERDcFl1UnczYkduTlAxZU5ldU5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9jN2VlOWUtYjViZi00YzJkLWE5ODMtZGVlM2VkNDk3YWVl
LzEvQmVuOG9LaFlULXNjRWpHUWNVSXdZYkNQNUZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbWuoMA0G
CSqGSIb3DQEBCwUAA4IBAQA4eLSuBNwfTrFeI6JjxWK043qMhcuwcvgu/iggoHaF
vznk5QdMrunTiROsLZPoGm4B1XAVoa4wQNGrAsfjY79ZTDY9GJx7nMLdlXhNqUsT
3WAiDG3Xze3Sca+5Q7e5obJ6251WTWthjzLDNqpXCoLHU64Q2sNl1qWDpsxRVKs4
WHjklOYimMgAeqB1Ibcrq0LgVZ0penUVAzWRyiwngypgeqTcHzBpqrpQ50NJGzvF
uaMZed4dz7CeTLtplN3zsas7JnJioY4JsdJaoWLFfzmxqCEg0C72ZzoiSqeJgM59
AiCe+/88WAXSYajO+Sc+tCsAqWOxuWV/PGMhtwoi3oed
-----END CERTIFICATE-----