Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/fb9d5e-a628-4f23-88a5-e5ddd2bb51c5/1/C-j834veFsj1jsTX7J6_TWAlAyM.roa
File:                     C-j834veFsj1jsTX7J6_TWAlAyM.roa (raw, json)
Hash identifier:          1/vufO4pJcMpVCQ6/N50OfHCZoID4FXv7ykneVDspNU=
Subject key identifier:   0B:E8:FC:DF:8B:DE:16:C8:F5:8E:C4:D7:EC:9E:BF:4D:60:25:03:23
Certificate issuer:       /CN=699c581aff3d0a90178cfab565a388ccd9bc01ce
Certificate serial:       0194266BEC17ADE12F6AF6FC9CE132B9D28D
Authority key identifier: 69:9C:58:1A:FF:3D:0A:90:17:8C:FA:B5:65:A3:88:CC:D9:BC:01:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aZxYGv89CpAXjPq1ZaOIzNm8Ac4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/fb9d5e-a628-4f23-88a5-e5ddd2bb51c5/1/C-j834veFsj1jsTX7J6_TWAlAyM.roa
Signing time:             Thu 02 Jan 2025 09:49:54 +0000
ROA not before:           Thu 02 Jan 2025 09:49:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208708
IP address blocks:        109.110.192.0/20 maxlen: 20
                          109.110.208.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/fb9d5e-a628-4f23-88a5-e5ddd2bb51c5/1/aZxYGv89CpAXjPq1ZaOIzNm8Ac4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/fb9d5e-a628-4f23-88a5-e5ddd2bb51c5/1/aZxYGv89CpAXjPq1ZaOIzNm8Ac4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aZxYGv89CpAXjPq1ZaOIzNm8Ac4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:ec:17:ad:e1:2f:6a:f6:fc:9c:e1:32:b9:d2:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=699c581aff3d0a90178cfab565a388ccd9bc01ce
        Validity
            Not Before: Jan  2 09:49:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0be8fcdf8bde16c8f58ec4d7ec9ebf4d60250323
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:5e:40:a7:e7:89:e8:06:52:43:63:c4:a4:2d:
                    70:e7:c7:d0:38:ce:8d:0e:c6:a3:e1:bc:1e:48:c7:
                    e2:63:0e:5c:c2:5c:28:4b:73:05:28:e0:bc:b7:b2:
                    56:83:e4:61:6a:5a:21:d3:8f:10:fc:8f:e1:37:32:
                    51:52:7f:2c:32:8f:6d:8c:a3:94:70:69:0c:5d:5c:
                    af:bc:30:ab:2f:7c:f0:b8:34:6e:fb:d7:92:a2:29:
                    bd:58:3b:d5:ae:26:83:1d:2e:bb:71:be:e5:46:ce:
                    07:0e:ff:22:91:62:34:b3:88:34:1f:26:f5:6b:28:
                    1f:25:1e:f8:65:cd:48:41:91:43:7b:fd:57:37:1d:
                    9c:65:cc:45:7e:6d:39:71:f1:c9:73:2a:d1:a6:56:
                    72:d7:f6:b4:ac:2c:c3:ff:1a:bd:72:e6:51:d4:87:
                    09:ce:ca:ae:80:b3:e6:1a:77:a9:99:56:84:3c:1a:
                    77:17:7f:f8:dd:bf:ae:de:9e:0f:05:4b:da:cf:60:
                    d8:69:4e:a0:8f:75:08:a2:5a:f5:f3:ad:c3:84:18:
                    93:d7:5b:e7:29:1b:76:68:74:9e:c7:b5:d2:18:ec:
                    74:33:4b:e9:5b:5e:60:c0:ec:e1:64:2c:d4:74:1d:
                    fe:63:47:11:38:38:ef:50:57:0f:34:df:c2:26:1c:
                    4f:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:E8:FC:DF:8B:DE:16:C8:F5:8E:C4:D7:EC:9E:BF:4D:60:25:03:23
            X509v3 Authority Key Identifier:
                keyid:69:9C:58:1A:FF:3D:0A:90:17:8C:FA:B5:65:A3:88:CC:D9:BC:01:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aZxYGv89CpAXjPq1ZaOIzNm8Ac4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/fb9d5e-a628-4f23-88a5-e5ddd2bb51c5/1/C-j834veFsj1jsTX7J6_TWAlAyM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/fb9d5e-a628-4f23-88a5-e5ddd2bb51c5/1/aZxYGv89CpAXjPq1ZaOIzNm8Ac4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.110.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         a7:f9:e8:f0:0a:6d:85:4d:a6:f2:2a:46:2c:33:a1:1a:4d:de:
         bf:6f:9b:6f:c4:08:97:de:95:c7:19:ca:3d:6f:34:a9:e4:53:
         fa:bf:26:15:3e:fb:7d:2d:67:3c:39:1b:71:c4:c5:ef:dc:77:
         73:2a:a7:d0:a4:6c:34:f3:b8:94:c4:32:ab:c3:01:76:e4:f4:
         f2:d8:80:fc:1b:f5:62:6b:bc:d0:96:89:fd:25:1c:de:4d:28:
         64:2b:90:16:3b:31:84:7c:c2:6b:cc:79:2f:20:e1:45:99:7d:
         5d:d8:c3:8e:7f:d5:4a:a8:12:57:64:dc:63:54:24:ec:57:51:
         88:10:c4:b2:ac:eb:71:71:61:2f:ef:65:5d:34:67:a3:e4:36:
         4e:23:a4:7b:95:06:2c:8e:40:b2:08:6f:df:13:29:65:8e:49:
         3b:98:0a:5d:d4:88:42:04:f1:9f:bf:f3:3b:0b:5d:1d:5c:e0:
         18:49:9f:72:1c:4d:b5:35:24:49:e1:a2:64:e5:8b:fe:69:02:
         13:1c:25:3c:26:c0:d4:1c:27:85:d1:a0:62:69:ca:dc:92:b6:
         dc:bc:69:11:78:69:9a:5a:0b:81:2d:f1:e1:2f:86:b4:31:ad:
         2e:d9:ed:00:49:f3:5b:f6:25:91:87:d5:2c:a0:8c:cc:da:63:
         b6:d3:40:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma+wXreEvavb8nOEyudKNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5OWM1ODFhZmYzZDBhOTAxNzhjZmFiNTY1YTM4OGNjZDli
YzAxY2UwHhcNMjUwMTAyMDk0OTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmU4ZmNkZjhiZGUxNmM4ZjU4ZWM0ZDdlYzllYmY0ZDYwMjUwMzIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsl5Ap+eJ6AZSQ2PEpC1w58fQOM6N
Dsaj4bweSMfiYw5cwlwoS3MFKOC8t7JWg+Rhaloh048Q/I/hNzJRUn8sMo9tjKOU
cGkMXVyvvDCrL3zwuDRu+9eSoim9WDvVriaDHS67cb7lRs4HDv8ikWI0s4g0Hyb1
aygfJR74Zc1IQZFDe/1XNx2cZcxFfm05cfHJcyrRplZy1/a0rCzD/xq9cuZR1IcJ
zsqugLPmGnepmVaEPBp3F3/43b+u3p4PBUvaz2DYaU6gj3UIolr1863DhBiT11vn
KRt2aHSex7XSGOx0M0vpW15gwOzhZCzUdB3+Y0cRODjvUFcPNN/CJhxPQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAvo/N+L3hbI9Y7E1+yev01gJQMjMB8GA1UdIwQY
MBaAFGmcWBr/PQqQF4z6tWWjiMzZvAHOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVp4WUd2ODlDcEFYalBxMVphT0l6Tm04QWM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9mYjlkNWUtYTYyOC00ZjIzLTg4YTUt
ZTVkZGQyYmI1MWM1LzEvQy1qODM0dmVGc2oxanNUWDdKNl9UV0FsQXlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9mYjlkNWUtYTYyOC00ZjIzLTg4YTUtZTVkZGQyYmI1MWM1
LzEvYVp4WUd2ODlDcEFYalBxMVphT0l6Tm04QWM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFbW7AMA0G
CSqGSIb3DQEBCwUAA4IBAQCn+ejwCm2FTabyKkYsM6EaTd6/b5tvxAiX3pXHGco9
bzSp5FP6vyYVPvt9LWc8ORtxxMXv3HdzKqfQpGw087iUxDKrwwF25PTy2ID8G/Vi
a7zQlon9JRzeTShkK5AWOzGEfMJrzHkvIOFFmX1d2MOOf9VKqBJXZNxjVCTsV1GI
EMSyrOtxcWEv72VdNGej5DZOI6R7lQYsjkCyCG/fEylljkk7mApd1IhCBPGfv/M7
C10dXOAYSZ9yHE21NSRJ4aJk5Yv+aQITHCU8JsDUHCeF0aBiacrckrbcvGkReGma
WguBLfHhL4a0Ma0u2e0ASfNb9iWRh9UsoIzM2mO200C8
-----END CERTIFICATE-----