Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Q146qaaxZ1xmkBzI32xjl700K7Q.roa
File:                     Q146qaaxZ1xmkBzI32xjl700K7Q.roa (raw, json)
Hash identifier:          Dmot/z3pbyFtlPpe5Va8TlDgzImhsPNQJ1rELTx4Aro=
Subject key identifier:   43:5E:3A:A9:A6:B1:67:5C:66:90:1C:C8:DF:6C:63:97:BD:34:2B:B4
Certificate issuer:       /CN=05e9fca0a8584feb1c12319071423061b08fe456
Certificate serial:       0194221F87F8FA6F07D8D3500158C0D16A14
Authority key identifier: 05:E9:FC:A0:A8:58:4F:EB:1C:12:31:90:71:42:30:61:B0:8F:E4:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Q146qaaxZ1xmkBzI32xjl700K7Q.roa
Signing time:             Wed 01 Jan 2025 13:47:59 +0000
ROA not before:           Wed 01 Jan 2025 13:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213369
IP address blocks:        109.107.162.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:43:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:87:f8:fa:6f:07:d8:d3:50:01:58:c0:d1:6a:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05e9fca0a8584feb1c12319071423061b08fe456
        Validity
            Not Before: Jan  1 13:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=435e3aa9a6b1675c66901cc8df6c6397bd342bb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:94:32:3b:ab:5d:4d:42:40:b7:9a:a4:f8:a7:
                    92:a0:51:50:59:2e:1b:10:7d:f9:61:09:5a:f4:09:
                    23:06:60:30:4a:35:21:ac:93:5d:e0:03:a5:a0:7b:
                    81:e0:3e:ad:9d:67:52:26:f7:57:c8:8e:43:96:aa:
                    c0:4a:ab:f4:81:3d:0f:b4:2f:25:2d:7b:be:a1:b9:
                    db:e8:19:a4:14:53:71:83:e6:a6:01:bd:05:87:74:
                    4d:19:5e:6a:6d:82:4e:8d:4d:98:fb:d4:4e:ba:e9:
                    73:29:14:26:cd:21:fd:d3:89:26:45:2c:d3:da:bd:
                    1b:61:17:c2:53:31:3b:0e:0d:60:6b:46:7b:60:cf:
                    1a:78:18:2a:54:6f:d7:5e:c1:36:27:16:14:c9:a7:
                    13:62:a7:28:f5:39:53:21:58:84:c2:81:87:fe:4c:
                    31:6e:f6:c4:1f:7c:15:88:af:35:00:53:14:39:59:
                    00:29:c3:81:01:42:8f:ff:3b:6b:f4:2b:93:44:25:
                    7b:cb:44:b6:af:00:1a:00:86:47:ac:01:c1:16:30:
                    2b:b0:b3:b4:5a:1f:00:cf:2a:92:ea:a4:be:25:f5:
                    79:a8:4d:b5:f7:76:28:54:5c:2e:7e:c9:63:81:0a:
                    cb:93:cf:42:cd:f8:1f:c7:4e:f2:c7:bf:e4:b2:41:
                    d6:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:5E:3A:A9:A6:B1:67:5C:66:90:1C:C8:DF:6C:63:97:BD:34:2B:B4
            X509v3 Authority Key Identifier:
                keyid:05:E9:FC:A0:A8:58:4F:EB:1C:12:31:90:71:42:30:61:B0:8F:E4:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Q146qaaxZ1xmkBzI32xjl700K7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.107.162.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2a:db:ef:81:48:97:f4:ea:ad:bf:93:42:54:2b:fa:4e:0f:fd:
         23:24:b0:39:9f:34:0b:a8:17:80:97:0d:c3:fa:c9:30:d6:b3:
         94:20:3d:c7:31:36:07:d9:8d:83:8f:28:63:a4:2e:63:ab:3d:
         b6:76:21:93:25:06:14:f6:47:4e:3a:82:d4:34:af:75:55:10:
         4b:2c:5f:02:d0:43:9a:39:5a:2b:a1:5f:76:89:03:77:6b:70:
         29:83:d7:d0:8c:a9:3f:ac:dd:7b:7c:a4:1c:08:60:08:90:3a:
         8a:75:f6:d8:da:01:2e:ee:9a:d7:28:3b:47:60:ae:b4:d6:00:
         91:a6:d9:71:d4:14:73:05:fa:ab:34:d3:d9:8a:a7:27:a1:ff:
         bd:96:aa:11:4f:dd:50:38:dc:d0:c0:93:01:8f:b8:43:49:89:
         b1:1c:cb:67:ff:97:1e:04:fa:20:2d:ed:8e:96:74:71:bb:fa:
         a8:e3:90:04:8d:10:ed:19:2d:b5:80:ce:cd:af:46:5f:3f:65:
         b6:71:ab:da:5e:67:b0:3a:1d:90:dc:59:c7:94:c6:ee:fe:47:
         6c:a8:61:9b:a5:a3:53:2e:20:7d:c8:a6:0c:7a:73:ec:18:16:
         be:9d:4a:e9:2d:ea:9c:d3:d4:ec:a6:35:85:90:66:fe:6e:71:
         e5:fa:15:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH4f4+m8H2NNQAVjA0WoUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZTlmY2EwYTg1ODRmZWIxYzEyMzE5MDcxNDIzMDYxYjA4
ZmU0NTYwHhcNMjUwMTAxMTM0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzVlM2FhOWE2YjE2NzVjNjY5MDFjYzhkZjZjNjM5N2JkMzQyYmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxZQyO6tdTUJAt5qk+KeSoFFQWS4b
EH35YQla9AkjBmAwSjUhrJNd4AOloHuB4D6tnWdSJvdXyI5DlqrASqv0gT0PtC8l
LXu+obnb6BmkFFNxg+amAb0Fh3RNGV5qbYJOjU2Y+9ROuulzKRQmzSH904kmRSzT
2r0bYRfCUzE7Dg1ga0Z7YM8aeBgqVG/XXsE2JxYUyacTYqco9TlTIViEwoGH/kwx
bvbEH3wViK81AFMUOVkAKcOBAUKP/ztr9CuTRCV7y0S2rwAaAIZHrAHBFjArsLO0
Wh8AzyqS6qS+JfV5qE2193YoVFwufsljgQrLk89Czfgfx07yx7/kskHWQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFENeOqmmsWdcZpAcyN9sY5e9NCu0MB8GA1UdIwQY
MBaAFAXp/KCoWE/rHBIxkHFCMGGwj+RWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmVuOG9LaFlULXNjRWpHUWNVSXdZYkNQNUZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9jN2VlOWUtYjViZi00YzJkLWE5ODMt
ZGVlM2VkNDk3YWVlLzEvUTE0NnFhYXhaMXhta0J6STMyeGpsNzAwSzdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9jN2VlOWUtYjViZi00YzJkLWE5ODMtZGVlM2VkNDk3YWVl
LzEvQmVuOG9LaFlULXNjRWpHUWNVSXdZYkNQNUZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBbWuiMA0G
CSqGSIb3DQEBCwUAA4IBAQAq2++BSJf06q2/k0JUK/pOD/0jJLA5nzQLqBeAlw3D
+skw1rOUID3HMTYH2Y2DjyhjpC5jqz22diGTJQYU9kdOOoLUNK91VRBLLF8C0EOa
OVoroV92iQN3a3Apg9fQjKk/rN17fKQcCGAIkDqKdfbY2gEu7prXKDtHYK601gCR
ptlx1BRzBfqrNNPZiqcnof+9lqoRT91QONzQwJMBj7hDSYmxHMtn/5ceBPogLe2O
lnRxu/qo45AEjRDtGS21gM7Nr0ZfP2W2cavaXmewOh2Q3FnHlMbu/kdsqGGbpaNT
LiB9yKYMenPsGBa+nUrpLeqc09TspjWFkGb+bnHl+hVz
-----END CERTIFICATE-----