Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/BL3LZfi-f3ywcf3FmAmJwnbzASI.roa
File:                     BL3LZfi-f3ywcf3FmAmJwnbzASI.roa (raw, json)
Hash identifier:          DVAE75CLKTBw2pzOs2zlkLoQMMQUvF717xgboLC73+I=
Subject key identifier:   04:BD:CB:65:F8:BE:7F:7C:B0:71:FD:C5:98:09:89:C2:76:F3:01:22
Certificate issuer:       /CN=05e9fca0a8584feb1c12319071423061b08fe456
Certificate serial:       0194221F836A43D1957B27A763F610E9D310
Authority key identifier: 05:E9:FC:A0:A8:58:4F:EB:1C:12:31:90:71:42:30:61:B0:8F:E4:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/BL3LZfi-f3ywcf3FmAmJwnbzASI.roa
Signing time:             Wed 01 Jan 2025 13:47:58 +0000
ROA not before:           Wed 01 Jan 2025 13:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48030
IP address blocks:        109.107.160.0/24 maxlen: 24
                          109.107.180.0/24 maxlen: 24
                          109.107.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Mar 2025 13:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:83:6a:43:d1:95:7b:27:a7:63:f6:10:e9:d3:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05e9fca0a8584feb1c12319071423061b08fe456
        Validity
            Not Before: Jan  1 13:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=04bdcb65f8be7f7cb071fdc5980989c276f30122
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:db:ef:90:cd:76:dc:1a:bb:45:92:6a:ac:ca:
                    84:51:3a:98:99:f8:03:b0:51:2e:89:a7:d0:9f:cf:
                    f3:9c:2f:05:5c:d8:cf:f8:2c:d5:22:3f:e5:ff:db:
                    4e:51:92:6e:06:48:a3:6c:66:eb:81:b5:da:e4:7e:
                    b3:92:68:2f:cc:61:ff:c0:ae:48:fd:3e:a3:84:5d:
                    c7:65:da:66:3e:31:e1:a0:ae:d2:fa:15:66:01:0d:
                    d4:4b:63:0b:32:54:0c:f4:4f:ca:84:42:52:b9:4f:
                    08:34:4d:f6:d8:9d:0f:8a:77:fc:4f:81:aa:1c:2d:
                    58:bd:76:10:56:5c:8e:04:c4:df:c8:0b:06:f0:95:
                    c5:78:aa:93:d6:d1:80:c6:7f:c6:74:dc:a5:f8:f3:
                    f3:60:cc:28:69:89:d0:9a:7a:c5:30:5d:70:74:46:
                    50:2b:1c:07:1f:a6:88:a5:1f:4c:04:0b:73:b2:8f:
                    fe:de:29:ca:20:34:d8:77:41:c6:3f:fb:9e:f7:4f:
                    21:af:e2:fd:1d:20:98:ed:2f:7b:2a:d2:59:c6:1a:
                    3d:8d:a9:99:eb:bd:1c:20:b1:4b:f9:8a:e6:b1:31:
                    2d:ea:ec:ee:f8:87:67:88:06:5e:65:f3:df:9d:be:
                    98:56:9f:f6:64:a5:68:6d:64:5b:58:d4:8d:38:a4:
                    ac:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:BD:CB:65:F8:BE:7F:7C:B0:71:FD:C5:98:09:89:C2:76:F3:01:22
            X509v3 Authority Key Identifier:
                keyid:05:E9:FC:A0:A8:58:4F:EB:1C:12:31:90:71:42:30:61:B0:8F:E4:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/BL3LZfi-f3ywcf3FmAmJwnbzASI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.107.160.0/24
                  109.107.180.0/24
                  109.107.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:3b:39:ad:fe:20:5c:cd:a4:7f:ab:fd:2f:3d:90:d9:f7:e9:
         a0:09:17:1a:dd:51:a7:c0:c8:d5:8b:0c:9c:2b:2e:b7:b7:20:
         32:1a:0a:31:27:8d:30:bd:c6:a5:35:36:cb:b5:82:b8:0c:ed:
         a7:b9:c3:0d:09:85:09:50:f0:9c:ed:3f:37:29:18:f2:e3:9c:
         b7:9c:d9:93:8d:1f:05:24:e1:70:ea:50:55:c3:ce:20:dd:f2:
         b8:4a:b1:a2:d0:74:ef:d1:2a:17:b1:35:f6:3d:71:06:16:11:
         82:33:fd:e0:1c:97:ba:2b:c2:00:a3:51:18:b7:51:e7:0d:cc:
         07:34:18:1f:57:cd:59:44:56:01:f0:85:30:bb:17:29:bc:d1:
         05:87:6f:25:56:2f:ab:44:27:2a:64:68:c2:51:36:f0:11:ef:
         cf:22:18:86:80:72:a4:5d:91:ca:04:75:17:c6:28:43:53:92:
         41:e9:83:66:f8:01:da:e0:66:d6:d1:f7:74:52:c1:2d:9b:c7:
         25:1d:20:71:66:03:12:ef:58:d1:79:01:56:b1:f9:99:5f:1c:
         97:af:fe:86:3a:88:77:37:db:ed:4c:38:64:52:a8:3f:00:6a:
         b2:0a:af:27:e0:ea:fe:1b:83:58:77:ae:f8:e9:03:2b:f5:0b:
         6d:1e:38:de
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQiH4NqQ9GVeyenY/YQ6dMQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZTlmY2EwYTg1ODRmZWIxYzEyMzE5MDcxNDIzMDYxYjA4
ZmU0NTYwHhcNMjUwMTAxMTM0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGJkY2I2NWY4YmU3ZjdjYjA3MWZkYzU5ODA5ODljMjc2ZjMwMTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzNvvkM123Bq7RZJqrMqEUTqYmfgD
sFEuiafQn8/znC8FXNjP+CzVIj/l/9tOUZJuBkijbGbrgbXa5H6zkmgvzGH/wK5I
/T6jhF3HZdpmPjHhoK7S+hVmAQ3US2MLMlQM9E/KhEJSuU8INE322J0Pinf8T4Gq
HC1YvXYQVlyOBMTfyAsG8JXFeKqT1tGAxn/GdNyl+PPzYMwoaYnQmnrFMF1wdEZQ
KxwHH6aIpR9MBAtzso/+3inKIDTYd0HGP/ue908hr+L9HSCY7S97KtJZxho9jamZ
670cILFL+YrmsTEt6uzu+IdniAZeZfPfnb6YVp/2ZKVobWRbWNSNOKSs2wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAS9y2X4vn98sHH9xZgJicJ28wEiMB8GA1UdIwQY
MBaAFAXp/KCoWE/rHBIxkHFCMGGwj+RWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmVuOG9LaFlULXNjRWpHUWNVSXdZYkNQNUZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9jN2VlOWUtYjViZi00YzJkLWE5ODMt
ZGVlM2VkNDk3YWVlLzEvQkwzTFpmaS1mM3l3Y2YzRm1BbUp3bmJ6QVNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9jN2VlOWUtYjViZi00YzJkLWE5ODMtZGVlM2VkNDk3YWVl
LzEvQmVuOG9LaFlULXNjRWpHUWNVSXdZYkNQNUZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAbWugAwQA
bWu0AwQAbWu/MA0GCSqGSIb3DQEBCwUAA4IBAQC9Ozmt/iBczaR/q/0vPZDZ9+mg
CRca3VGnwMjViwycKy63tyAyGgoxJ40wvcalNTbLtYK4DO2nucMNCYUJUPCc7T83
KRjy45y3nNmTjR8FJOFw6lBVw84g3fK4SrGi0HTv0SoXsTX2PXEGFhGCM/3gHJe6
K8IAo1EYt1HnDcwHNBgfV81ZRFYB8IUwuxcpvNEFh28lVi+rRCcqZGjCUTbwEe/P
IhiGgHKkXZHKBHUXxihDU5JB6YNm+AHa4GbW0fd0UsEtm8clHSBxZgMS71jReQFW
sfmZXxyXr/6GOoh3N9vtTDhkUqg/AGqyCq8n4Or+G4NYd6746QMr9QttHjje
-----END CERTIFICATE-----