Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/phO7epvCoYFhkG0dTV5RtGTfFoE.roa
File:                     phO7epvCoYFhkG0dTV5RtGTfFoE.roa (raw, json)
Hash identifier:          jkhzkXF+DB42uMow0dB8LWjmxEVbOyoIZtbBsaP8XFo=
Subject key identifier:   A6:13:BB:7A:9B:C2:A1:81:61:90:6D:1D:4D:5E:51:B4:64:DF:16:81
Certificate issuer:       /CN=05e9fca0a8584feb1c12319071423061b08fe456
Certificate serial:       0195C8BDFFB2FE7584A1BDFE58B31D2D5B5A
Authority key identifier: 05:E9:FC:A0:A8:58:4F:EB:1C:12:31:90:71:42:30:61:B0:8F:E4:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/phO7epvCoYFhkG0dTV5RtGTfFoE.roa
Signing time:             Mon 24 Mar 2025 15:20:49 +0000
ROA not before:           Mon 24 Mar 2025 15:20:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212792
IP address blocks:        109.107.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 22:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:c8:bd:ff:b2:fe:75:84:a1:bd:fe:58:b3:1d:2d:5b:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05e9fca0a8584feb1c12319071423061b08fe456
        Validity
            Not Before: Mar 24 15:20:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a613bb7a9bc2a18161906d1d4d5e51b464df1681
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:8f:7f:2b:6f:3e:74:50:ec:7e:12:88:c3:f8:
                    4a:88:d3:d0:b1:a5:17:81:e5:75:fd:35:64:f1:58:
                    39:8b:eb:38:f3:df:f6:cf:81:68:c6:32:92:3e:15:
                    19:98:b9:ea:5e:a2:70:7e:23:0d:08:b8:24:ae:15:
                    6f:9b:2b:2f:27:33:12:4c:aa:5c:a5:81:0c:9f:fc:
                    ae:19:05:fb:76:83:27:b0:76:df:a3:39:c9:53:ea:
                    9a:85:de:5e:13:63:6c:e5:48:3a:11:18:dc:a4:86:
                    c9:1d:68:ac:93:39:de:c8:fb:44:bf:d7:94:94:83:
                    27:42:2f:23:6b:44:d8:cd:f5:d6:8f:11:d3:4c:0f:
                    ad:12:86:1d:00:0b:b0:93:25:13:22:62:5c:03:ac:
                    e7:30:63:56:df:8b:b4:e0:7b:29:f1:b8:0e:17:87:
                    e1:9b:70:c8:39:67:e8:78:08:6f:33:cc:66:81:17:
                    f9:82:00:de:d0:be:49:4c:94:0f:d8:2f:3c:af:8c:
                    e0:8a:67:91:eb:c9:95:a9:ba:46:0c:3b:fa:e3:c9:
                    3c:ff:85:f1:09:42:6e:a2:0e:5d:a8:8f:5d:f3:a5:
                    49:8e:05:0b:05:f8:1e:51:5f:3f:15:2b:0f:ce:a4:
                    a6:b6:26:0f:50:c7:64:ad:f5:1c:7e:45:d1:6d:9e:
                    1a:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:13:BB:7A:9B:C2:A1:81:61:90:6D:1D:4D:5E:51:B4:64:DF:16:81
            X509v3 Authority Key Identifier:
                keyid:05:E9:FC:A0:A8:58:4F:EB:1C:12:31:90:71:42:30:61:B0:8F:E4:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/phO7epvCoYFhkG0dTV5RtGTfFoE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.107.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:5a:f2:7a:7f:32:74:74:94:54:f6:c0:42:8a:02:2d:fc:ac:
         44:fc:aa:29:74:17:c7:e8:ac:1b:ac:f4:e0:68:b8:81:21:7f:
         6d:35:1a:26:72:45:86:6e:83:ed:9c:3d:7d:d5:e8:90:29:0f:
         2a:01:c5:d9:54:c9:10:34:e6:49:49:be:fe:ff:d4:27:66:e6:
         53:ca:cb:6b:51:ce:d3:93:2d:5c:1c:55:48:48:3e:43:e1:d7:
         23:82:4a:1a:8e:67:46:22:61:00:9b:bd:0a:f5:dc:f2:d3:ec:
         77:08:07:5e:35:18:09:d7:2c:77:4a:49:52:a7:cb:ac:f1:87:
         1c:b4:c6:d5:49:85:81:4d:0d:3a:55:f4:31:c3:4d:af:72:b4:
         f5:fa:10:9b:46:35:40:59:15:6e:73:2f:1a:70:a8:8d:25:91:
         e6:83:3c:d1:7d:3b:5d:bd:b3:f4:d3:f1:c5:4d:b9:b8:5c:32:
         c0:33:01:c8:2c:7e:8f:af:d9:5c:ff:f5:6e:f4:27:e2:b2:a9:
         54:48:52:05:95:b7:6d:b1:63:9e:aa:cd:f0:c5:ad:c9:f6:9b:
         5e:56:c4:66:c0:ae:d3:be:95:c6:69:12:88:e3:4b:0a:cf:e0:
         99:67:ec:86:1d:78:93:ce:bb:9d:87:1c:e1:93:69:11:dd:6a:
         ff:0f:5f:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXIvf+y/nWEob3+WLMdLVtaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZTlmY2EwYTg1ODRmZWIxYzEyMzE5MDcxNDIzMDYxYjA4
ZmU0NTYwHhcNMjUwMzI0MTUyMDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjEzYmI3YTliYzJhMTgxNjE5MDZkMWQ0ZDVlNTFiNDY0ZGYxNjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr49/K28+dFDsfhKIw/hKiNPQsaUX
geV1/TVk8Vg5i+s489/2z4FoxjKSPhUZmLnqXqJwfiMNCLgkrhVvmysvJzMSTKpc
pYEMn/yuGQX7doMnsHbfoznJU+qahd5eE2Ns5Ug6ERjcpIbJHWiskzneyPtEv9eU
lIMnQi8ja0TYzfXWjxHTTA+tEoYdAAuwkyUTImJcA6znMGNW34u04Hsp8bgOF4fh
m3DIOWfoeAhvM8xmgRf5ggDe0L5JTJQP2C88r4zgimeR68mVqbpGDDv648k8/4Xx
CUJuog5dqI9d86VJjgULBfgeUV8/FSsPzqSmtiYPUMdkrfUcfkXRbZ4aUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKYTu3qbwqGBYZBtHU1eUbRk3xaBMB8GA1UdIwQY
MBaAFAXp/KCoWE/rHBIxkHFCMGGwj+RWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmVuOG9LaFlULXNjRWpHUWNVSXdZYkNQNUZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9jN2VlOWUtYjViZi00YzJkLWE5ODMt
ZGVlM2VkNDk3YWVlLzEvcGhPN2VwdkNvWUZoa0cwZFRWNVJ0R1RmRm9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9jN2VlOWUtYjViZi00YzJkLWE5ODMtZGVlM2VkNDk3YWVl
LzEvQmVuOG9LaFlULXNjRWpHUWNVSXdZYkNQNUZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbWu3MA0G
CSqGSIb3DQEBCwUAA4IBAQB6WvJ6fzJ0dJRU9sBCigIt/KxE/KopdBfH6KwbrPTg
aLiBIX9tNRomckWGboPtnD191eiQKQ8qAcXZVMkQNOZJSb7+/9QnZuZTystrUc7T
ky1cHFVISD5D4dcjgkoajmdGImEAm70K9dzy0+x3CAdeNRgJ1yx3SklSp8us8Ycc
tMbVSYWBTQ06VfQxw02vcrT1+hCbRjVAWRVucy8acKiNJZHmgzzRfTtdvbP00/HF
Tbm4XDLAMwHILH6Pr9lc//Vu9CfisqlUSFIFlbdtsWOeqs3wxa3J9pteVsRmwK7T
vpXGaRKI40sKz+CZZ+yGHXiTzrudhxzhk2kR3Wr/D19c
-----END CERTIFICATE-----