Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Z4WfPAHr0U4HuMsBXDWE11AR6SY.roa
File:                     Z4WfPAHr0U4HuMsBXDWE11AR6SY.roa (raw, json)
Hash identifier:          nIFqFX+PoOUUY+ho0HNN5VDHjMoLJi/JVpJHhVS9zMY=
Subject key identifier:   67:85:9F:3C:01:EB:D1:4E:07:B8:CB:01:5C:35:84:D7:50:11:E9:26
Certificate issuer:       /CN=05e9fca0a8584feb1c12319071423061b08fe456
Certificate serial:       0194221F88BBEF45EC74B6C3D27FD5502056
Authority key identifier: 05:E9:FC:A0:A8:58:4F:EB:1C:12:31:90:71:42:30:61:B0:8F:E4:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Z4WfPAHr0U4HuMsBXDWE11AR6SY.roa
Signing time:             Wed 01 Jan 2025 13:47:59 +0000
ROA not before:           Wed 01 Jan 2025 13:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216024
IP address blocks:        109.107.171.0/24 maxlen: 24
                          109.107.182.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:43:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:88:bb:ef:45:ec:74:b6:c3:d2:7f:d5:50:20:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05e9fca0a8584feb1c12319071423061b08fe456
        Validity
            Not Before: Jan  1 13:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=67859f3c01ebd14e07b8cb015c3584d75011e926
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:87:df:ed:b3:d1:75:95:35:06:7b:a5:ba:ea:
                    ff:64:d4:ec:a4:f5:90:fb:16:b8:e8:93:b2:c0:b3:
                    ca:6a:b6:e4:6b:43:67:47:cd:64:32:e2:c3:8d:ad:
                    b2:c6:4f:07:3d:1c:07:46:d0:ae:bf:53:3e:b1:b4:
                    dd:1d:0f:ae:1c:b7:91:0b:c6:5e:d3:38:7b:c8:27:
                    95:25:7f:fb:1f:0f:56:4f:96:dc:aa:68:70:b4:57:
                    91:ac:f3:09:19:3d:f0:9c:96:b2:20:d9:39:dc:d1:
                    d4:8a:a4:32:a2:6a:ab:2f:a4:27:2b:99:02:17:03:
                    52:cb:c6:0b:ed:ce:91:a7:9f:d5:6d:4f:f2:e7:6a:
                    6a:f0:a9:b6:9b:e9:fe:f6:c5:f0:27:de:79:d2:b2:
                    c3:59:cb:35:ab:4a:6b:25:a2:1d:4a:9a:4b:cc:7e:
                    16:44:f4:cf:fd:f5:ec:6d:2d:53:35:bf:7f:54:8b:
                    07:ca:0f:28:3d:a6:57:14:a5:42:69:a6:46:10:a8:
                    80:75:84:9b:7e:4a:75:a0:8c:9d:f2:76:91:0a:ed:
                    40:fa:a2:d5:d0:82:b7:11:b0:7d:51:51:68:fe:de:
                    80:ed:23:2e:37:63:46:67:23:2e:16:77:1b:17:b1:
                    7b:cd:99:7b:f1:12:42:fa:02:2c:2b:c9:78:7f:3e:
                    a0:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:85:9F:3C:01:EB:D1:4E:07:B8:CB:01:5C:35:84:D7:50:11:E9:26
            X509v3 Authority Key Identifier:
                keyid:05:E9:FC:A0:A8:58:4F:EB:1C:12:31:90:71:42:30:61:B0:8F:E4:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Z4WfPAHr0U4HuMsBXDWE11AR6SY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.107.171.0/24
                  109.107.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:a3:2f:44:fc:dd:07:fc:44:a7:17:37:28:1c:7b:3b:d6:31:
         79:fd:bf:a7:2e:2a:86:a5:6d:8e:d4:ab:12:f7:4f:61:1f:3c:
         d4:e0:d3:cf:58:68:48:5f:8c:cf:4f:58:37:0b:56:92:e7:96:
         e6:3b:bf:d0:2d:22:8c:7f:7e:51:67:be:f0:50:76:d3:35:aa:
         5d:48:11:4d:bb:9d:4a:0f:e3:6f:ea:3b:72:0c:5f:26:73:19:
         e2:e6:84:e3:bf:5c:cd:89:ba:68:f7:38:db:14:a2:39:de:01:
         c5:30:fa:d7:30:41:d3:a7:d7:5b:8a:93:68:9b:21:30:f1:89:
         3d:e3:4a:62:35:a9:0d:16:a5:32:e5:1f:fb:51:48:13:5c:c8:
         51:b9:f2:e0:6a:92:53:86:4f:4c:f6:cc:74:c9:52:32:d7:91:
         5e:65:ec:14:51:0d:c2:19:68:98:b0:c7:e5:e4:f8:a5:a3:fa:
         bb:4e:c9:af:44:b9:c6:f1:43:3a:f2:76:b1:dc:35:52:ce:fa:
         d6:68:65:f7:d1:82:10:de:c0:30:af:86:c5:3b:96:b8:9e:00:
         b2:43:aa:a8:61:81:f3:07:ab:6a:1c:3d:69:79:87:1e:20:25:
         97:6b:86:b5:58:b2:b9:2c:e0:c9:25:8c:61:35:7c:3a:0f:0c:
         8a:30:05:29
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiH4i770XsdLbD0n/VUCBWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZTlmY2EwYTg1ODRmZWIxYzEyMzE5MDcxNDIzMDYxYjA4
ZmU0NTYwHhcNMjUwMTAxMTM0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Nzg1OWYzYzAxZWJkMTRlMDdiOGNiMDE1YzM1ODRkNzUwMTFlOTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6Iff7bPRdZU1Bnuluur/ZNTspPWQ
+xa46JOywLPKarbka0NnR81kMuLDja2yxk8HPRwHRtCuv1M+sbTdHQ+uHLeRC8Ze
0zh7yCeVJX/7Hw9WT5bcqmhwtFeRrPMJGT3wnJayINk53NHUiqQyomqrL6QnK5kC
FwNSy8YL7c6Rp5/VbU/y52pq8Km2m+n+9sXwJ9550rLDWcs1q0prJaIdSppLzH4W
RPTP/fXsbS1TNb9/VIsHyg8oPaZXFKVCaaZGEKiAdYSbfkp1oIyd8naRCu1A+qLV
0IK3EbB9UVFo/t6A7SMuN2NGZyMuFncbF7F7zZl78RJC+gIsK8l4fz6gswIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGeFnzwB69FOB7jLAVw1hNdQEekmMB8GA1UdIwQY
MBaAFAXp/KCoWE/rHBIxkHFCMGGwj+RWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmVuOG9LaFlULXNjRWpHUWNVSXdZYkNQNUZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9jN2VlOWUtYjViZi00YzJkLWE5ODMt
ZGVlM2VkNDk3YWVlLzEvWjRXZlBBSHIwVTRIdU1zQlhEV0UxMUFSNlNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9jN2VlOWUtYjViZi00YzJkLWE5ODMtZGVlM2VkNDk3YWVl
LzEvQmVuOG9LaFlULXNjRWpHUWNVSXdZYkNQNUZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbWurAwQA
bWu2MA0GCSqGSIb3DQEBCwUAA4IBAQCPoy9E/N0H/ESnFzcoHHs71jF5/b+nLiqG
pW2O1KsS909hHzzU4NPPWGhIX4zPT1g3C1aS55bmO7/QLSKMf35RZ77wUHbTNapd
SBFNu51KD+Nv6jtyDF8mcxni5oTjv1zNibpo9zjbFKI53gHFMPrXMEHTp9dbipNo
myEw8Yk940piNakNFqUy5R/7UUgTXMhRufLgapJThk9M9sx0yVIy15FeZewUUQ3C
GWiYsMfl5Pilo/q7TsmvRLnG8UM68nax3DVSzvrWaGX30YIQ3sAwr4bFO5a4ngCy
Q6qoYYHzB6tqHD1peYceICWXa4a1WLK5LODJJYxhNXw6DwyKMAUp
-----END CERTIFICATE-----