Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/RlLhypRUSjsj3dksPWZmZVQIiO0.roa
File:                     RlLhypRUSjsj3dksPWZmZVQIiO0.roa (raw, json)
Hash identifier:          oPJw+xRnRfadhcEqqZjxBP6EyZbCEpYzh4oVbxUQFVU=
Subject key identifier:   46:52:E1:CA:94:54:4A:3B:23:DD:D9:2C:3D:66:66:65:54:08:88:ED
Certificate issuer:       /CN=9fb4a8b93af9ea9cf18aaca4e73f116ec26eb357
Certificate serial:       018EB1A2672A6FC03766171F7D1D7A206A9C
Authority key identifier: 9F:B4:A8:B9:3A:F9:EA:9C:F1:8A:AC:A4:E7:3F:11:6E:C2:6E:B3:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n7SouTr56pzxiqyk5z8RbsJus1c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/RlLhypRUSjsj3dksPWZmZVQIiO0.roa
Signing time:             Sat 06 Apr 2024 04:19:54 +0000
ROA not before:           Sat 06 Apr 2024 04:19:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61263
IP address blocks:        109.207.241.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/n7SouTr56pzxiqyk5z8RbsJus1c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/n7SouTr56pzxiqyk5z8RbsJus1c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n7SouTr56pzxiqyk5z8RbsJus1c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:b1:a2:67:2a:6f:c0:37:66:17:1f:7d:1d:7a:20:6a:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9fb4a8b93af9ea9cf18aaca4e73f116ec26eb357
        Validity
            Not Before: Apr  6 04:19:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4652e1ca94544a3b23ddd92c3d666665540888ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:3c:17:0f:ff:cc:65:28:79:50:54:b2:ad:5e:
                    0d:25:8c:8f:e3:5a:db:8a:fb:f6:ca:86:0d:ea:b3:
                    57:53:b3:f7:6d:35:86:8b:04:d4:99:84:77:a2:c3:
                    50:7f:cb:76:22:54:13:91:41:28:36:15:b1:96:87:
                    17:9b:55:93:0b:fa:8c:08:16:c4:1a:c8:12:b8:dd:
                    fa:27:d8:9b:9f:3c:9a:e2:16:eb:79:08:79:03:6a:
                    0e:fa:5d:0b:a1:bb:98:a9:26:68:da:ed:30:c3:e2:
                    cb:da:9b:d0:6c:c7:94:94:f2:7a:56:c9:88:b3:cf:
                    0f:68:06:87:57:e3:4a:a6:8c:98:b5:8e:43:6b:ff:
                    44:85:6b:fb:25:be:27:44:61:3b:5f:7c:41:85:8f:
                    50:d1:a4:56:ef:26:57:fb:24:f8:56:d3:12:a5:f9:
                    fe:78:b5:ed:43:b5:bd:ce:36:3d:5d:e5:08:0a:f0:
                    38:3d:ca:76:3e:f3:71:c3:ab:23:3d:55:c1:12:a2:
                    95:69:8a:f1:46:c6:9a:29:3b:de:61:c4:20:7a:cc:
                    c2:5a:d7:9d:19:b3:c4:7a:c8:7e:49:15:8f:70:0a:
                    84:12:22:f8:1c:2a:8b:1f:78:1b:cc:74:69:33:1f:
                    5e:71:bd:6d:a4:aa:c1:ee:fe:d5:c1:e0:46:f5:27:
                    48:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:52:E1:CA:94:54:4A:3B:23:DD:D9:2C:3D:66:66:65:54:08:88:ED
            X509v3 Authority Key Identifier:
                keyid:9F:B4:A8:B9:3A:F9:EA:9C:F1:8A:AC:A4:E7:3F:11:6E:C2:6E:B3:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n7SouTr56pzxiqyk5z8RbsJus1c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/RlLhypRUSjsj3dksPWZmZVQIiO0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/n7SouTr56pzxiqyk5z8RbsJus1c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.207.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:62:7a:40:3c:f2:9a:bc:85:51:79:6e:1d:67:80:52:ad:87:
         63:9b:99:a0:71:bd:c8:8e:b0:69:75:9b:49:e9:d5:7d:1f:fb:
         77:b8:cd:43:f0:0e:4d:b7:60:a6:b6:28:70:96:74:e5:35:48:
         9c:21:b4:3f:e5:60:0d:80:7f:1f:cd:18:bc:f0:b3:be:b1:cf:
         dd:4d:1b:d2:f6:40:15:45:a0:59:f2:fa:f1:61:4e:09:e6:32:
         cd:25:25:c5:ef:cc:5b:4d:85:c9:61:55:45:48:3b:76:d3:2d:
         1d:c2:9a:12:8e:f4:01:62:a0:37:c7:46:ea:b0:f9:f0:ee:27:
         50:47:1d:60:f5:28:d0:99:28:61:e4:70:a7:6a:d5:93:64:ea:
         95:d1:3f:7f:45:ca:bb:d8:d1:0c:41:42:b4:f2:2a:36:a4:e3:
         44:ed:26:4d:ab:c9:3f:89:65:98:8f:0e:db:41:7c:52:bd:6a:
         6e:d2:6f:4b:c7:b4:9e:9d:87:af:9b:fc:18:e0:3f:94:bf:42:
         de:33:94:50:d4:5f:6d:a4:98:10:39:05:e2:69:df:44:05:d5:
         18:5d:e1:72:b9:7f:0a:7e:c3:63:8f:e4:cc:0b:03:e7:ec:d7:
         cd:b4:39:4c:6e:1a:2e:f9:9d:c9:eb:77:86:f7:78:4d:0a:71:
         3e:a6:81:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6xomcqb8A3ZhcffR16IGqcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmYjRhOGI5M2FmOWVhOWNmMThhYWNhNGU3M2YxMTZlYzI2
ZWIzNTcwHhcNMjQwNDA2MDQxOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjUyZTFjYTk0NTQ0YTNiMjNkZGQ5MmMzZDY2NjY2NTU0MDg4OGVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjwXD//MZSh5UFSyrV4NJYyP41rb
ivv2yoYN6rNXU7P3bTWGiwTUmYR3osNQf8t2IlQTkUEoNhWxlocXm1WTC/qMCBbE
GsgSuN36J9ibnzya4hbreQh5A2oO+l0LobuYqSZo2u0ww+LL2pvQbMeUlPJ6VsmI
s88PaAaHV+NKpoyYtY5Da/9EhWv7Jb4nRGE7X3xBhY9Q0aRW7yZX+yT4VtMSpfn+
eLXtQ7W9zjY9XeUICvA4Pcp2PvNxw6sjPVXBEqKVaYrxRsaaKTveYcQgeszCWted
GbPEesh+SRWPcAqEEiL4HCqLH3gbzHRpMx9ecb1tpKrB7v7VweBG9SdIVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEZS4cqUVEo7I93ZLD1mZmVUCIjtMB8GA1UdIwQY
MBaAFJ+0qLk6+eqc8YqspOc/EW7CbrNXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjdTb3VUcjU2cHp4aXF5azV6OFJic0p1czFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC84OTg3NDEtZWRhNC00YzVkLWFmOWYt
OGQ2OGViMjBmYmRkLzEvUmxMaHlwUlVTanNqM2Rrc1BXWm1aVlFJaU8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC84OTg3NDEtZWRhNC00YzVkLWFmOWYtOGQ2OGViMjBmYmRk
LzEvbjdTb3VUcjU2cHp4aXF5azV6OFJic0p1czFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbc/xMA0G
CSqGSIb3DQEBCwUAA4IBAQAYYnpAPPKavIVReW4dZ4BSrYdjm5mgcb3IjrBpdZtJ
6dV9H/t3uM1D8A5Nt2CmtihwlnTlNUicIbQ/5WANgH8fzRi88LO+sc/dTRvS9kAV
RaBZ8vrxYU4J5jLNJSXF78xbTYXJYVVFSDt20y0dwpoSjvQBYqA3x0bqsPnw7idQ
Rx1g9SjQmShh5HCnatWTZOqV0T9/Rcq72NEMQUK08io2pONE7SZNq8k/iWWYjw7b
QXxSvWpu0m9Lx7SenYevm/wY4D+Uv0LeM5RQ1F9tpJgQOQXiad9EBdUYXeFyuX8K
fsNjj+TMCwPn7NfNtDlMbhou+Z3J63eG93hNCnE+poEx
-----END CERTIFICATE-----