Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Bccucrew4bjyQ8UnRskxmRk5LO8.roa
File:                     Bccucrew4bjyQ8UnRskxmRk5LO8.roa (raw, json)
Hash identifier:          FwiEH10BXJ/cBu+2XipPzGvWo2HxP0EF164KuDLTKkI=
Subject key identifier:   05:C7:2E:72:B7:B0:E1:B8:F2:43:C5:27:46:C9:31:99:19:39:2C:EF
Certificate issuer:       /CN=05e9fca0a8584feb1c12319071423061b08fe456
Certificate serial:       019136B089423184072F5B2277F83F78F0B1
Authority key identifier: 05:E9:FC:A0:A8:58:4F:EB:1C:12:31:90:71:42:30:61:B0:8F:E4:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Bccucrew4bjyQ8UnRskxmRk5LO8.roa
Signing time:             Fri 09 Aug 2024 10:30:24 +0000
ROA not before:           Fri 09 Aug 2024 10:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216024
IP address blocks:        109.107.171.0/24 maxlen: 24
                          109.107.182.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:36:b0:89:42:31:84:07:2f:5b:22:77:f8:3f:78:f0:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05e9fca0a8584feb1c12319071423061b08fe456
        Validity
            Not Before: Aug  9 10:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=05c72e72b7b0e1b8f243c52746c9319919392cef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:da:04:37:3a:25:00:98:ec:44:f2:4a:b0:61:
                    9c:3e:78:4e:ad:d5:13:fc:4c:c8:69:72:52:1e:59:
                    eb:6a:4b:ae:01:95:46:35:c3:97:b5:37:5b:da:e9:
                    85:2f:dd:aa:c0:c0:12:a4:f9:07:f2:d1:65:0a:e7:
                    7c:8b:24:3c:11:ab:c7:7c:c9:f0:07:ed:26:fc:2f:
                    e8:48:dc:81:31:24:c7:40:11:73:7e:21:8e:3b:8e:
                    08:9a:b2:90:57:c8:ca:a0:83:22:44:68:b6:d9:82:
                    7d:05:d1:51:af:6a:ec:28:38:5d:d2:45:b6:14:7e:
                    b5:05:97:a6:99:d6:93:a8:6a:08:22:9e:e4:48:0d:
                    02:b2:a1:ec:c0:4b:1c:18:00:63:5e:5e:dc:8b:1e:
                    88:ff:6a:11:7b:63:60:15:39:cc:ae:20:bd:5b:97:
                    81:a3:a5:0f:bd:c1:1d:ec:a5:82:6b:f6:da:af:a6:
                    9d:d7:dd:35:d4:73:96:a7:56:96:af:3e:3a:da:44:
                    46:b9:97:7b:7a:4a:6f:a7:1d:c0:4b:cb:9c:23:7d:
                    74:1b:b2:91:f6:59:81:87:fe:cd:5a:21:81:fa:da:
                    3c:3a:fe:86:bb:25:25:36:24:fe:4b:95:83:da:66:
                    ac:a5:34:d3:0d:df:51:6d:84:91:cc:2a:d9:75:b1:
                    3c:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:C7:2E:72:B7:B0:E1:B8:F2:43:C5:27:46:C9:31:99:19:39:2C:EF
            X509v3 Authority Key Identifier:
                keyid:05:E9:FC:A0:A8:58:4F:EB:1C:12:31:90:71:42:30:61:B0:8F:E4:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Bccucrew4bjyQ8UnRskxmRk5LO8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.107.171.0/24
                  109.107.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:b6:4c:63:9d:2c:02:64:ff:3d:91:8e:4f:15:85:3a:0a:71:
         dd:68:79:84:37:b8:97:41:36:b3:2f:e1:bc:6a:4a:d8:e5:b3:
         bc:44:90:a1:ff:c7:23:55:41:40:1b:4e:9e:b6:92:6b:e3:b2:
         e0:33:03:50:1f:a4:32:47:54:7d:9d:dc:00:8e:f8:ab:3b:94:
         36:7c:88:d5:6b:8c:db:2e:77:48:fd:f7:6f:66:a1:cb:ee:21:
         8f:86:ae:8a:c7:99:40:fc:1e:28:52:60:33:8a:64:9f:d3:26:
         d4:61:c4:3d:f9:2b:99:24:f2:4f:71:64:39:ce:30:10:66:24:
         b4:75:66:8a:76:bb:3e:66:d9:5f:36:50:4a:81:83:5f:75:f6:
         e3:f4:79:79:3c:b4:a9:64:a9:e7:bd:ca:a3:3f:56:a1:47:ce:
         5a:be:75:c0:24:89:2e:3b:f1:a7:e4:82:d9:50:74:5b:21:fd:
         68:d7:e8:93:3d:f5:8b:fd:ec:12:89:92:b3:eb:52:b4:f1:af:
         9a:36:66:c3:4f:74:e3:7c:5e:6f:eb:63:85:a5:27:35:fe:6c:
         5f:ec:62:ca:88:5c:35:5a:81:0d:3e:60:96:32:0b:ae:c7:c6:
         d0:06:a4:41:9b:4c:34:39:b7:e9:8e:a7:d6:91:e5:e3:2a:97:
         2a:fa:ba:21
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZE2sIlCMYQHL1sid/g/ePCxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZTlmY2EwYTg1ODRmZWIxYzEyMzE5MDcxNDIzMDYxYjA4
ZmU0NTYwHhcNMjQwODA5MTAzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWM3MmU3MmI3YjBlMWI4ZjI0M2M1Mjc0NmM5MzE5OTE5MzkyY2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuNoENzolAJjsRPJKsGGcPnhOrdUT
/EzIaXJSHlnrakuuAZVGNcOXtTdb2umFL92qwMASpPkH8tFlCud8iyQ8EavHfMnw
B+0m/C/oSNyBMSTHQBFzfiGOO44ImrKQV8jKoIMiRGi22YJ9BdFRr2rsKDhd0kW2
FH61BZemmdaTqGoIIp7kSA0CsqHswEscGABjXl7cix6I/2oRe2NgFTnMriC9W5eB
o6UPvcEd7KWCa/bar6ad19011HOWp1aWrz462kRGuZd7ekpvpx3AS8ucI310G7KR
9lmBh/7NWiGB+to8Ov6GuyUlNiT+S5WD2maspTTTDd9RbYSRzCrZdbE8XQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAXHLnK3sOG48kPFJ0bJMZkZOSzvMB8GA1UdIwQY
MBaAFAXp/KCoWE/rHBIxkHFCMGGwj+RWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmVuOG9LaFlULXNjRWpHUWNVSXdZYkNQNUZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9jN2VlOWUtYjViZi00YzJkLWE5ODMt
ZGVlM2VkNDk3YWVlLzEvQmNjdWNyZXc0Ymp5UThVblJza3htUms1TE84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9jN2VlOWUtYjViZi00YzJkLWE5ODMtZGVlM2VkNDk3YWVl
LzEvQmVuOG9LaFlULXNjRWpHUWNVSXdZYkNQNUZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbWurAwQA
bWu2MA0GCSqGSIb3DQEBCwUAA4IBAQBjtkxjnSwCZP89kY5PFYU6CnHdaHmEN7iX
QTazL+G8akrY5bO8RJCh/8cjVUFAG06etpJr47LgMwNQH6QyR1R9ndwAjvirO5Q2
fIjVa4zbLndI/fdvZqHL7iGPhq6Kx5lA/B4oUmAzimSf0ybUYcQ9+SuZJPJPcWQ5
zjAQZiS0dWaKdrs+ZtlfNlBKgYNfdfbj9Hl5PLSpZKnnvcqjP1ahR85avnXAJIku
O/Gn5ILZUHRbIf1o1+iTPfWL/ewSiZKz61K08a+aNmbDT3TjfF5v62OFpSc1/mxf
7GLKiFw1WoENPmCWMguux8bQBqRBm0w0ObfpjqfWkeXjKpcq+roh
-----END CERTIFICATE-----