Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/7a8f3f-304c-4a26-aeca-18bdfe8cc0cd/1/apUQseKQi8gyaxev1hnesC50ZdE.roa
File:                     apUQseKQi8gyaxev1hnesC50ZdE.roa (raw, json)
Hash identifier:          TNMvQYL8n5P7lFXXd7rzRPNTLsXFV+l2sdErDDILJxA=
Subject key identifier:   6A:95:10:B1:E2:90:8B:C8:32:6B:17:AF:D6:19:DE:B0:2E:74:65:D1
Certificate issuer:       /CN=bc663c6e779dae9bdb046854f189fe8c5c3c32e1
Certificate serial:       018CC94CC0E102789B1970744BDF98D0FA5A
Authority key identifier: BC:66:3C:6E:77:9D:AE:9B:DB:04:68:54:F1:89:FE:8C:5C:3C:32:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vGY8bnedrpvbBGhU8Yn-jFw8MuE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/7a8f3f-304c-4a26-aeca-18bdfe8cc0cd/1/apUQseKQi8gyaxev1hnesC50ZdE.roa
Signing time:             Tue 02 Jan 2024 08:31:39 +0000
ROA not before:           Tue 02 Jan 2024 08:31:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51607
IP address blocks:        109.235.191.0/24 maxlen: 24
                          185.30.118.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/7a8f3f-304c-4a26-aeca-18bdfe8cc0cd/1/vGY8bnedrpvbBGhU8Yn-jFw8MuE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/7a8f3f-304c-4a26-aeca-18bdfe8cc0cd/1/vGY8bnedrpvbBGhU8Yn-jFw8MuE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vGY8bnedrpvbBGhU8Yn-jFw8MuE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 20:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:c0:e1:02:78:9b:19:70:74:4b:df:98:d0:fa:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc663c6e779dae9bdb046854f189fe8c5c3c32e1
        Validity
            Not Before: Jan  2 08:31:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a9510b1e2908bc8326b17afd619deb02e7465d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:eb:1a:09:9b:f7:3f:c9:8a:f2:27:e6:18:5c:
                    0d:fb:10:ba:3c:19:71:52:e6:22:73:03:5b:8c:6c:
                    35:be:52:97:b3:f6:03:52:0a:10:b6:9c:67:33:33:
                    fd:28:62:5b:ab:34:e0:bf:a2:49:71:2b:8e:97:f5:
                    b7:b4:47:51:2e:b7:f1:e4:60:3b:28:52:cd:0b:b5:
                    fb:4e:5a:cc:f1:a7:55:9b:41:5d:f9:4f:c9:45:58:
                    09:70:aa:1f:10:12:50:d3:2a:08:3b:bc:1c:04:6a:
                    61:e6:de:39:24:0b:b2:a2:8b:25:7a:9f:02:0b:7b:
                    2b:08:aa:f7:47:84:db:cb:4b:79:2c:bd:6d:78:17:
                    82:55:bf:ba:e1:f6:a3:08:fd:dc:d5:36:a6:7e:03:
                    61:8f:69:6b:44:92:71:c7:c0:0f:08:59:83:3b:46:
                    b1:97:31:7b:71:80:af:c3:38:96:1e:79:05:49:a4:
                    ea:45:e3:d6:78:6a:79:10:b7:ce:ea:e0:0e:73:9b:
                    78:1d:c8:03:be:39:93:85:46:c6:2b:39:57:a3:e7:
                    4f:b4:6e:7d:78:62:c3:c9:8c:19:cb:dd:a9:cf:17:
                    4d:4d:bc:e9:5f:ce:bf:e7:f8:60:33:21:41:dd:d3:
                    88:30:ea:15:5e:2c:76:7f:cd:f8:69:0c:25:83:d0:
                    a8:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:95:10:B1:E2:90:8B:C8:32:6B:17:AF:D6:19:DE:B0:2E:74:65:D1
            X509v3 Authority Key Identifier:
                keyid:BC:66:3C:6E:77:9D:AE:9B:DB:04:68:54:F1:89:FE:8C:5C:3C:32:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vGY8bnedrpvbBGhU8Yn-jFw8MuE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/7a8f3f-304c-4a26-aeca-18bdfe8cc0cd/1/apUQseKQi8gyaxev1hnesC50ZdE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/7a8f3f-304c-4a26-aeca-18bdfe8cc0cd/1/vGY8bnedrpvbBGhU8Yn-jFw8MuE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.235.191.0/24
                  185.30.118.0/23

    Signature Algorithm: sha256WithRSAEncryption
         02:37:01:c7:2f:74:09:a1:8a:a6:43:a0:61:83:4f:6f:04:f4:
         8e:78:88:7c:89:be:16:f6:3c:f8:ca:ee:75:eb:c4:2b:02:71:
         d9:ab:af:93:68:54:a2:27:26:4f:65:64:fd:af:68:25:40:3b:
         45:db:a8:77:35:27:f6:27:39:b5:af:aa:72:7b:48:3e:bf:63:
         d0:33:39:38:ad:2e:fb:1b:13:5c:e3:d9:8c:2c:5a:46:19:44:
         c5:62:25:66:47:45:d9:84:cb:3c:06:3e:43:c8:88:4d:57:60:
         1e:a2:4f:6e:ad:94:4a:e2:c8:a2:0f:63:52:c0:dd:69:c2:67:
         38:55:e2:7d:24:48:11:92:e2:92:fe:6a:1b:8c:fc:0e:41:72:
         78:e0:e2:25:0b:f8:b8:0e:7e:c2:a5:46:a4:27:2d:14:9c:76:
         12:9f:ca:3d:e7:f0:44:3e:48:59:1c:50:e9:2b:76:b0:3c:3e:
         f7:e6:ac:b0:7f:01:9d:69:76:90:36:79:5d:2d:38:3a:46:64:
         5b:93:d2:bd:16:70:cd:59:f1:a8:32:85:c7:52:53:b8:9e:f4:
         75:9d:11:a3:27:3f:19:5b:be:0f:dd:e1:c6:b4:6f:7c:d5:be:
         b3:55:d1:ac:40:97:f1:c1:f1:74:bb:cd:ed:36:4d:17:cc:a6:
         55:10:2d:7d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJTMDhAnibGXB0S9+Y0PpaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNjYzYzZlNzc5ZGFlOWJkYjA0Njg1NGYxODlmZThjNWMz
YzMyZTEwHhcNMjQwMTAyMDgzMTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTk1MTBiMWUyOTA4YmM4MzI2YjE3YWZkNjE5ZGViMDJlNzQ2NWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj+saCZv3P8mK8ifmGFwN+xC6PBlx
UuYicwNbjGw1vlKXs/YDUgoQtpxnMzP9KGJbqzTgv6JJcSuOl/W3tEdRLrfx5GA7
KFLNC7X7TlrM8adVm0Fd+U/JRVgJcKofEBJQ0yoIO7wcBGph5t45JAuyooslep8C
C3srCKr3R4Tby0t5LL1teBeCVb+64fajCP3c1TamfgNhj2lrRJJxx8APCFmDO0ax
lzF7cYCvwziWHnkFSaTqRePWeGp5ELfO6uAOc5t4HcgDvjmThUbGKzlXo+dPtG59
eGLDyYwZy92pzxdNTbzpX86/5/hgMyFB3dOIMOoVXix2f834aQwlg9CoEQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGqVELHikIvIMmsXr9YZ3rAudGXRMB8GA1UdIwQY
MBaAFLxmPG53na6b2wRoVPGJ/oxcPDLhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkdZOGJuZWRycHZiQkdoVThZbi1qRnc4TXVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy83YThmM2YtMzA0Yy00YTI2LWFlY2Et
MThiZGZlOGNjMGNkLzEvYXBVUXNlS1FpOGd5YXhldjFobmVzQzUwWmRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy83YThmM2YtMzA0Yy00YTI2LWFlY2EtMThiZGZlOGNjMGNk
LzEvdkdZOGJuZWRycHZiQkdoVThZbi1qRnc4TXVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbeu/AwQB
uR52MA0GCSqGSIb3DQEBCwUAA4IBAQACNwHHL3QJoYqmQ6Bhg09vBPSOeIh8ib4W
9jz4yu5168QrAnHZq6+TaFSiJyZPZWT9r2glQDtF26h3NSf2Jzm1r6pye0g+v2PQ
Mzk4rS77GxNc49mMLFpGGUTFYiVmR0XZhMs8Bj5DyIhNV2Aeok9urZRK4siiD2NS
wN1pwmc4VeJ9JEgRkuKS/mobjPwOQXJ44OIlC/i4Dn7CpUakJy0UnHYSn8o95/BE
PkhZHFDpK3awPD735qywfwGdaXaQNnldLTg6RmRbk9K9FnDNWfGoMoXHUlO4nvR1
nRGjJz8ZW74P3eHGtG981b6zVdGsQJfxwfF0u83tNk0XzKZVEC19
-----END CERTIFICATE-----