Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/1PkG4fEwdXoMD-WH6ZRxyY8sELw.roa
File:                     1PkG4fEwdXoMD-WH6ZRxyY8sELw.roa (raw, json)
Hash identifier:          a0iYtGmAHDkDdbaG2u7+3yZnQS7AVnDIsCyUz86fNxA=
Subject key identifier:   D4:F9:06:E1:F1:30:75:7A:0C:0F:E5:87:E9:94:71:C9:8F:2C:10:BC
Certificate issuer:       /CN=9fb4a8b93af9ea9cf18aaca4e73f116ec26eb357
Certificate serial:       019421446AB6E8155F2E15EA5792F8C19E90
Authority key identifier: 9F:B4:A8:B9:3A:F9:EA:9C:F1:8A:AC:A4:E7:3F:11:6E:C2:6E:B3:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n7SouTr56pzxiqyk5z8RbsJus1c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/1PkG4fEwdXoMD-WH6ZRxyY8sELw.roa
Signing time:             Wed 01 Jan 2025 09:48:39 +0000
ROA not before:           Wed 01 Jan 2025 09:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61263
IP address blocks:        109.207.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/n7SouTr56pzxiqyk5z8RbsJus1c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/n7SouTr56pzxiqyk5z8RbsJus1c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n7SouTr56pzxiqyk5z8RbsJus1c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:6a:b6:e8:15:5f:2e:15:ea:57:92:f8:c1:9e:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9fb4a8b93af9ea9cf18aaca4e73f116ec26eb357
        Validity
            Not Before: Jan  1 09:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d4f906e1f130757a0c0fe587e99471c98f2c10bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:72:ff:78:95:7f:cd:9c:66:ed:0d:31:60:fb:
                    a7:6f:12:c1:64:f0:51:e0:52:9b:ba:56:f1:6d:85:
                    5a:77:80:c2:52:2e:f2:fe:1f:69:e1:fd:fe:cd:55:
                    ef:e7:b9:fa:64:04:94:35:41:25:ed:fa:8e:79:c1:
                    d8:b0:9b:2f:fb:6d:92:7b:c7:a5:42:25:f1:b9:8b:
                    c5:81:c4:79:19:90:0e:79:64:a2:2b:f7:05:8b:1f:
                    cb:e6:5b:30:cb:3e:cc:ae:31:f6:9b:75:d1:a0:73:
                    9b:18:a6:0a:66:ab:dd:d8:31:db:cb:e3:0f:c6:52:
                    10:b6:1e:01:29:6c:9c:04:cd:c4:f6:ca:07:2c:6c:
                    13:97:a0:66:21:77:71:d2:ad:a7:2e:87:9c:ac:f5:
                    3e:88:40:e6:b2:f6:18:13:ad:b7:31:d6:c2:f1:ac:
                    01:73:ca:cd:46:c1:5d:98:05:7e:bd:d1:f8:c2:92:
                    33:d9:5b:c1:77:60:ab:65:ba:a1:0a:10:23:fd:40:
                    e2:c4:cf:6d:0e:2a:63:b5:20:b1:75:79:df:2e:00:
                    6b:b5:12:51:08:3b:14:7e:a6:aa:54:15:ea:aa:e8:
                    32:92:90:3b:1a:ab:8d:c8:c1:ca:89:be:6b:63:e8:
                    04:4a:ad:4b:a7:14:97:50:8a:25:ad:9d:e3:a0:62:
                    e0:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:F9:06:E1:F1:30:75:7A:0C:0F:E5:87:E9:94:71:C9:8F:2C:10:BC
            X509v3 Authority Key Identifier:
                keyid:9F:B4:A8:B9:3A:F9:EA:9C:F1:8A:AC:A4:E7:3F:11:6E:C2:6E:B3:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n7SouTr56pzxiqyk5z8RbsJus1c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/1PkG4fEwdXoMD-WH6ZRxyY8sELw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/n7SouTr56pzxiqyk5z8RbsJus1c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.207.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:e4:12:19:42:2c:e6:68:4c:01:d1:aa:45:a9:7b:a8:ee:7a:
         74:86:11:67:00:9f:a2:a5:2f:a1:cd:c4:3e:ca:09:03:28:ee:
         fa:d5:14:bd:74:c0:88:14:45:1e:8c:c8:fa:76:6c:77:ed:01:
         35:c9:a3:11:07:f6:ee:4a:de:40:3f:55:80:a2:c2:5e:5a:02:
         a7:ce:a9:e1:9c:6f:a0:d8:26:d9:cd:0e:ce:42:59:6a:fe:33:
         fa:fb:dd:cf:c1:fc:db:94:c1:3a:11:24:1b:6e:83:3d:b1:90:
         96:b6:3d:c1:bd:77:4b:f7:cd:10:cb:ec:32:84:23:e2:87:39:
         9e:3c:5e:d7:aa:52:2b:d7:f2:83:b5:fb:42:37:d2:bd:37:ef:
         7d:ad:85:fa:fd:04:83:2f:25:ec:23:9a:26:84:1a:8f:25:e7:
         9b:71:7d:99:fb:b7:bc:0b:f5:4a:59:5c:66:27:ef:c2:73:b0:
         3c:cf:0e:d7:71:8e:41:cb:de:f0:43:64:9d:71:6f:dc:6d:56:
         46:ce:5c:df:e0:6f:80:36:88:24:42:27:40:f6:c0:d6:e0:19:
         d7:b4:1b:e8:16:8a:20:6e:dd:29:73:9e:07:33:48:f8:fc:a6:
         8c:bc:90:da:44:5c:e8:c3:b5:e6:c3:fc:d5:fc:c7:01:49:fc:
         cd:ec:de:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRGq26BVfLhXqV5L4wZ6QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmYjRhOGI5M2FmOWVhOWNmMThhYWNhNGU3M2YxMTZlYzI2
ZWIzNTcwHhcNMjUwMTAxMDk0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGY5MDZlMWYxMzA3NTdhMGMwZmU1ODdlOTk0NzFjOThmMmMxMGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA13L/eJV/zZxm7Q0xYPunbxLBZPBR
4FKbulbxbYVad4DCUi7y/h9p4f3+zVXv57n6ZASUNUEl7fqOecHYsJsv+22Se8el
QiXxuYvFgcR5GZAOeWSiK/cFix/L5lswyz7MrjH2m3XRoHObGKYKZqvd2DHby+MP
xlIQth4BKWycBM3E9soHLGwTl6BmIXdx0q2nLoecrPU+iEDmsvYYE623MdbC8awB
c8rNRsFdmAV+vdH4wpIz2VvBd2CrZbqhChAj/UDixM9tDipjtSCxdXnfLgBrtRJR
CDsUfqaqVBXqqugykpA7GquNyMHKib5rY+gESq1LpxSXUIolrZ3joGLgwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNT5BuHxMHV6DA/lh+mUccmPLBC8MB8GA1UdIwQY
MBaAFJ+0qLk6+eqc8YqspOc/EW7CbrNXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjdTb3VUcjU2cHp4aXF5azV6OFJic0p1czFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC84OTg3NDEtZWRhNC00YzVkLWFmOWYt
OGQ2OGViMjBmYmRkLzEvMVBrRzRmRXdkWG9NRC1XSDZaUnh5WThzRUx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC84OTg3NDEtZWRhNC00YzVkLWFmOWYtOGQ2OGViMjBmYmRk
LzEvbjdTb3VUcjU2cHp4aXF5azV6OFJic0p1czFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbc/xMA0G
CSqGSIb3DQEBCwUAA4IBAQCy5BIZQizmaEwB0apFqXuo7np0hhFnAJ+ipS+hzcQ+
ygkDKO761RS9dMCIFEUejMj6dmx37QE1yaMRB/buSt5AP1WAosJeWgKnzqnhnG+g
2CbZzQ7OQllq/jP6+93PwfzblME6ESQbboM9sZCWtj3BvXdL980Qy+wyhCPihzme
PF7XqlIr1/KDtftCN9K9N+99rYX6/QSDLyXsI5omhBqPJeebcX2Z+7e8C/VKWVxm
J+/Cc7A8zw7XcY5By97wQ2SdcW/cbVZGzlzf4G+ANogkQidA9sDW4BnXtBvoFoog
bt0pc54HM0j4/KaMvJDaRFzow7Xmw/zV/McBSfzN7N51
-----END CERTIFICATE-----