Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/duU8RwQjmibXdkoG3tmv8WevtMY.roa
File:                     duU8RwQjmibXdkoG3tmv8WevtMY.roa (raw, json)
Hash identifier:          JOKvhACEcr1gombyb3LoYQ0TCcAwKchfkjPRIEBjLcg=
Subject key identifier:   76:E5:3C:47:04:23:9A:26:D7:76:4A:06:DE:D9:AF:F1:67:AF:B4:C6
Certificate issuer:       /CN=05e9fca0a8584feb1c12319071423061b08fe456
Certificate serial:       018E37E6E3F057058C2C9935835C8F77A0E4
Authority key identifier: 05:E9:FC:A0:A8:58:4F:EB:1C:12:31:90:71:42:30:61:B0:8F:E4:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/duU8RwQjmibXdkoG3tmv8WevtMY.roa
Signing time:             Wed 13 Mar 2024 13:01:02 +0000
ROA not before:           Wed 13 Mar 2024 13:01:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209242
IP address blocks:        109.107.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:37:e6:e3:f0:57:05:8c:2c:99:35:83:5c:8f:77:a0:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05e9fca0a8584feb1c12319071423061b08fe456
        Validity
            Not Before: Mar 13 13:01:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76e53c4704239a26d7764a06ded9aff167afb4c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:31:32:aa:ff:e2:31:89:f6:76:84:d9:f1:1e:
                    62:98:d0:6c:2d:a2:ba:07:c2:d2:73:49:40:3f:e7:
                    69:e4:69:28:cf:d0:ea:34:81:35:4a:1d:56:2f:37:
                    3d:a0:42:d5:09:69:04:5e:b9:14:53:dd:32:27:e9:
                    cf:00:46:49:78:ef:dc:d7:7d:d6:6d:6e:1b:e6:6c:
                    9e:45:d7:a0:89:cb:df:7e:99:97:23:48:4e:c3:92:
                    fa:a8:57:6a:de:de:8a:da:b8:20:d5:3f:61:0a:68:
                    ce:61:17:cc:64:79:d5:cf:5b:11:77:e4:33:f5:ba:
                    f2:8e:21:25:57:1b:a6:8f:fd:6f:e6:0b:70:8c:c7:
                    6d:0f:d2:2a:5e:51:67:f1:d1:c7:75:b4:07:1f:62:
                    e4:d5:c6:a1:a7:a6:13:17:0a:38:c6:08:5c:7d:af:
                    76:1c:90:a2:c0:25:31:bb:15:df:50:a2:e6:3b:34:
                    dc:42:5e:f7:79:e4:67:24:5d:80:26:8a:41:45:45:
                    f8:8c:11:40:41:0b:3c:ef:49:21:e3:50:c0:24:4f:
                    29:a8:95:56:84:c7:2b:98:c5:e5:ec:e7:7b:0a:16:
                    c8:26:80:98:57:1b:5f:28:0f:bc:88:65:56:b2:23:
                    9c:57:d8:4d:03:f1:13:28:00:fe:c8:46:9f:9b:b5:
                    9b:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:E5:3C:47:04:23:9A:26:D7:76:4A:06:DE:D9:AF:F1:67:AF:B4:C6
            X509v3 Authority Key Identifier:
                keyid:05:E9:FC:A0:A8:58:4F:EB:1C:12:31:90:71:42:30:61:B0:8F:E4:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/duU8RwQjmibXdkoG3tmv8WevtMY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.107.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:a0:39:56:68:a0:b0:b7:d2:4c:fc:14:ef:7d:73:89:b0:dd:
         e9:60:94:99:72:b2:8f:e8:77:c3:69:aa:0a:81:8f:a4:b5:84:
         4d:32:a5:12:48:ad:c1:99:fa:de:30:3c:00:e8:a3:f6:08:79:
         0f:e5:63:b5:f9:d3:9c:a3:a3:ca:1d:a5:57:35:bc:09:b7:1b:
         98:6f:93:3f:91:aa:0d:52:f6:da:e6:79:d5:c8:1b:f5:8a:f3:
         c0:71:39:95:7d:3b:c3:30:7c:ab:a4:a7:8f:09:81:4b:3b:25:
         5f:7f:48:62:98:32:96:88:d5:ce:36:00:58:fc:1a:26:f9:14:
         66:4d:5f:f7:bd:69:63:c0:23:29:fe:df:89:6d:37:99:45:0c:
         18:f0:0c:16:1e:9e:19:a5:1d:7c:c9:3c:7b:0d:fb:84:72:c6:
         75:8b:a6:87:30:cb:39:4c:60:5c:0d:d9:05:5b:bb:be:7c:6f:
         d9:9d:46:64:2d:ce:7d:27:7b:d2:09:05:fe:2c:1e:49:89:5c:
         78:02:ca:5b:92:c0:bd:00:93:f7:eb:38:49:e3:ee:dd:92:03:
         3b:2d:7f:e5:88:64:a1:20:cd:bc:de:1b:07:9e:91:56:35:ca:
         cc:27:0a:56:7c:ec:9b:94:49:84:39:2d:84:77:ea:f0:b4:96:
         42:e9:57:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY435uPwVwWMLJk1g1yPd6DkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZTlmY2EwYTg1ODRmZWIxYzEyMzE5MDcxNDIzMDYxYjA4
ZmU0NTYwHhcNMjQwMzEzMTMwMTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmU1M2M0NzA0MjM5YTI2ZDc3NjRhMDZkZWQ5YWZmMTY3YWZiNGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjEyqv/iMYn2doTZ8R5imNBsLaK6
B8LSc0lAP+dp5Gkoz9DqNIE1Sh1WLzc9oELVCWkEXrkUU90yJ+nPAEZJeO/c133W
bW4b5myeRdegicvffpmXI0hOw5L6qFdq3t6K2rgg1T9hCmjOYRfMZHnVz1sRd+Qz
9bryjiElVxumj/1v5gtwjMdtD9IqXlFn8dHHdbQHH2Lk1cahp6YTFwo4xghcfa92
HJCiwCUxuxXfUKLmOzTcQl73eeRnJF2AJopBRUX4jBFAQQs870kh41DAJE8pqJVW
hMcrmMXl7Od7ChbIJoCYVxtfKA+8iGVWsiOcV9hNA/ETKAD+yEafm7WbRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHblPEcEI5om13ZKBt7Zr/Fnr7TGMB8GA1UdIwQY
MBaAFAXp/KCoWE/rHBIxkHFCMGGwj+RWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmVuOG9LaFlULXNjRWpHUWNVSXdZYkNQNUZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9jN2VlOWUtYjViZi00YzJkLWE5ODMt
ZGVlM2VkNDk3YWVlLzEvZHVVOFJ3UWptaWJYZGtvRzN0bXY4V2V2dE1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9jN2VlOWUtYjViZi00YzJkLWE5ODMtZGVlM2VkNDk3YWVl
LzEvQmVuOG9LaFlULXNjRWpHUWNVSXdZYkNQNUZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbWu3MA0G
CSqGSIb3DQEBCwUAA4IBAQBIoDlWaKCwt9JM/BTvfXOJsN3pYJSZcrKP6HfDaaoK
gY+ktYRNMqUSSK3BmfreMDwA6KP2CHkP5WO1+dOco6PKHaVXNbwJtxuYb5M/kaoN
Uvba5nnVyBv1ivPAcTmVfTvDMHyrpKePCYFLOyVff0himDKWiNXONgBY/Bom+RRm
TV/3vWljwCMp/t+JbTeZRQwY8AwWHp4ZpR18yTx7DfuEcsZ1i6aHMMs5TGBcDdkF
W7u+fG/ZnUZkLc59J3vSCQX+LB5JiVx4AspbksC9AJP36zhJ4+7dkgM7LX/liGSh
IM283hsHnpFWNcrMJwpWfOyblEmEOS2Ed+rwtJZC6VcB
-----END CERTIFICATE-----