Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/deaef1-6241-49ab-9825-8fc373757684/1/C4RTKaM1h2dA8JJefj0qonGGGlU.roa
File:                     C4RTKaM1h2dA8JJefj0qonGGGlU.roa (raw, json)
Hash identifier:          qk3heXV0Ip0vKDY0eARNOe6mlD8ytyxCGjkkHMNy3CU=
Subject key identifier:   0B:84:53:29:A3:35:87:67:40:F0:92:5E:7E:3D:2A:A2:71:86:1A:55
Certificate issuer:       /CN=1d65b7b7b898faaee70767d09715c436a83fcdc2
Certificate serial:       018CC64AB1F483D2137FCC49B98FF48C508F
Authority key identifier: 1D:65:B7:B7:B8:98:FA:AE:E7:07:67:D0:97:15:C4:36:A8:3F:CD:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HWW3t7iY-q7nB2fQlxXENqg_zcI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/deaef1-6241-49ab-9825-8fc373757684/1/C4RTKaM1h2dA8JJefj0qonGGGlU.roa
Signing time:             Mon 01 Jan 2024 18:30:33 +0000
ROA not before:           Mon 01 Jan 2024 18:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7155
IP address blocks:        164.215.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/deaef1-6241-49ab-9825-8fc373757684/1/HWW3t7iY-q7nB2fQlxXENqg_zcI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/deaef1-6241-49ab-9825-8fc373757684/1/HWW3t7iY-q7nB2fQlxXENqg_zcI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HWW3t7iY-q7nB2fQlxXENqg_zcI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:b1:f4:83:d2:13:7f:cc:49:b9:8f:f4:8c:50:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d65b7b7b898faaee70767d09715c436a83fcdc2
        Validity
            Not Before: Jan  1 18:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b845329a335876740f0925e7e3d2aa271861a55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:d0:6d:0e:6b:a8:ed:e4:a6:9c:02:83:56:76:
                    37:6f:4e:ef:2a:03:d9:61:af:db:57:30:66:d6:6b:
                    a0:40:55:39:7a:47:dc:ac:bb:64:10:83:cd:f7:e2:
                    c5:97:7a:32:c6:c1:a0:98:8a:ed:fe:0c:c1:b3:6d:
                    a7:4c:43:c0:3f:25:69:7d:ed:f6:e8:7d:33:e7:30:
                    7d:59:b2:d9:0b:ac:18:ec:7f:90:25:b0:67:06:e2:
                    99:d3:65:0a:b8:fa:fd:ba:0f:b0:b0:42:84:e0:4f:
                    e7:d0:74:a3:48:0f:01:51:c2:2f:36:25:e7:8c:05:
                    d6:0a:90:52:8f:03:44:2c:8e:55:5f:d9:df:91:8f:
                    06:81:99:33:f1:80:5a:59:ff:c5:d4:75:29:91:82:
                    84:be:2b:0e:fd:69:96:6e:eb:78:19:36:58:b3:47:
                    3d:ca:be:3d:96:f6:ea:df:c3:85:ec:33:11:80:df:
                    3b:77:97:c3:d1:92:ca:20:81:94:40:b7:95:7e:71:
                    3d:66:cb:33:df:f1:eb:05:5d:44:5b:f9:6d:8d:9b:
                    9b:fb:13:9c:1c:06:01:b6:97:e8:a7:24:c3:2f:87:
                    cd:8d:d7:4e:b1:d8:ac:30:f6:f8:c8:1d:17:ad:07:
                    49:5b:94:7e:7b:92:05:08:01:dc:b5:1f:98:3d:2e:
                    71:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:84:53:29:A3:35:87:67:40:F0:92:5E:7E:3D:2A:A2:71:86:1A:55
            X509v3 Authority Key Identifier:
                keyid:1D:65:B7:B7:B8:98:FA:AE:E7:07:67:D0:97:15:C4:36:A8:3F:CD:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HWW3t7iY-q7nB2fQlxXENqg_zcI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/deaef1-6241-49ab-9825-8fc373757684/1/C4RTKaM1h2dA8JJefj0qonGGGlU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/deaef1-6241-49ab-9825-8fc373757684/1/HWW3t7iY-q7nB2fQlxXENqg_zcI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.215.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:c7:a2:73:f9:3d:61:3f:b0:6b:43:9e:c7:9e:5b:71:0d:de:
         2c:1d:9e:74:04:55:93:f4:49:a3:22:63:de:a2:89:11:57:8d:
         fc:a2:e4:39:62:29:9d:45:a1:b5:f6:f5:6e:d0:11:6e:94:1d:
         9b:8a:ab:f3:0e:98:ca:98:83:48:a2:03:61:64:06:df:a3:a6:
         d7:b1:0e:dc:65:62:74:be:0b:33:7a:07:09:5f:4e:60:db:33:
         16:1d:ae:f7:98:13:7c:1e:7d:64:34:93:e6:30:32:8f:23:c9:
         7c:f8:1c:a6:88:c6:da:ea:3a:94:9c:99:22:63:ba:1b:dd:ab:
         dd:c7:38:f3:d1:f1:1b:2f:e5:81:4f:77:ad:d7:98:22:38:e9:
         0f:9e:2e:98:12:88:7e:68:2b:63:53:97:9e:7a:dc:68:2c:ec:
         3e:e1:7a:91:8e:65:ae:fd:e0:36:30:e2:ae:8e:1f:97:ba:6c:
         bb:0c:f4:ba:dd:fd:3b:01:94:22:37:b5:05:9c:dd:d9:7e:a8:
         cc:2e:b4:25:3c:b1:83:24:fe:ee:c8:00:3d:ad:83:f8:fe:a4:
         72:ed:f2:ae:30:e9:48:d8:d0:fd:70:8e:98:c4:c0:ff:0d:62:
         c1:41:0b:5f:86:fa:4d:fd:a4:7a:be:6a:97:24:82:bb:01:ba:
         57:13:04:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSrH0g9ITf8xJuY/0jFCPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNjViN2I3Yjg5OGZhYWVlNzA3NjdkMDk3MTVjNDM2YTgz
ZmNkYzIwHhcNMjQwMTAxMTgzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjg0NTMyOWEzMzU4NzY3NDBmMDkyNWU3ZTNkMmFhMjcxODYxYTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAndBtDmuo7eSmnAKDVnY3b07vKgPZ
Ya/bVzBm1mugQFU5ekfcrLtkEIPN9+LFl3oyxsGgmIrt/gzBs22nTEPAPyVpfe32
6H0z5zB9WbLZC6wY7H+QJbBnBuKZ02UKuPr9ug+wsEKE4E/n0HSjSA8BUcIvNiXn
jAXWCpBSjwNELI5VX9nfkY8GgZkz8YBaWf/F1HUpkYKEvisO/WmWbut4GTZYs0c9
yr49lvbq38OF7DMRgN87d5fD0ZLKIIGUQLeVfnE9Zssz3/HrBV1EW/ltjZub+xOc
HAYBtpfopyTDL4fNjddOsdisMPb4yB0XrQdJW5R+e5IFCAHctR+YPS5xfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAuEUymjNYdnQPCSXn49KqJxhhpVMB8GA1UdIwQY
MBaAFB1lt7e4mPqu5wdn0JcVxDaoP83CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFdXM3Q3aVktcTduQjJmUWx4WEVOcWdfemNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9kZWFlZjEtNjI0MS00OWFiLTk4MjUt
OGZjMzczNzU3Njg0LzEvQzRSVEthTTFoMmRBOEpKZWZqMHFvbkdHR2xVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9kZWFlZjEtNjI0MS00OWFiLTk4MjUtOGZjMzczNzU3Njg0
LzEvSFdXM3Q3aVktcTduQjJmUWx4WEVOcWdfemNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQApNdtMA0G
CSqGSIb3DQEBCwUAA4IBAQBLx6Jz+T1hP7BrQ57HnltxDd4sHZ50BFWT9EmjImPe
ookRV438ouQ5YimdRaG19vVu0BFulB2biqvzDpjKmINIogNhZAbfo6bXsQ7cZWJ0
vgszegcJX05g2zMWHa73mBN8Hn1kNJPmMDKPI8l8+BymiMba6jqUnJkiY7ob3avd
xzjz0fEbL+WBT3et15giOOkPni6YEoh+aCtjU5eeetxoLOw+4XqRjmWu/eA2MOKu
jh+Xumy7DPS63f07AZQiN7UFnN3ZfqjMLrQlPLGDJP7uyAA9rYP4/qRy7fKuMOlI
2ND9cI6YxMD/DWLBQQtfhvpN/aR6vmqXJIK7AbpXEwQ6
-----END CERTIFICATE-----