Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/deaef1-6241-49ab-9825-8fc373757684/1/ESdFHrMTT9CdnTueAws85KzTpOo.roa
File:                     ESdFHrMTT9CdnTueAws85KzTpOo.roa (raw, json)
Hash identifier:          EFe4+WtiIfRKsYq3EhY1PIgLIFzMrHc8WS2QY4wWHBs=
Subject key identifier:   11:27:45:1E:B3:13:4F:D0:9D:9D:3B:9E:03:0B:3C:E4:AC:D3:A4:EA
Certificate issuer:       /CN=1d65b7b7b898faaee70767d09715c436a83fcdc2
Certificate serial:       0194221FBCAE2A3B09BB85B9F4323750496F
Authority key identifier: 1D:65:B7:B7:B8:98:FA:AE:E7:07:67:D0:97:15:C4:36:A8:3F:CD:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HWW3t7iY-q7nB2fQlxXENqg_zcI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/deaef1-6241-49ab-9825-8fc373757684/1/ESdFHrMTT9CdnTueAws85KzTpOo.roa
Signing time:             Wed 01 Jan 2025 13:48:12 +0000
ROA not before:           Wed 01 Jan 2025 13:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7155
IP address blocks:        164.215.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/deaef1-6241-49ab-9825-8fc373757684/1/HWW3t7iY-q7nB2fQlxXENqg_zcI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/deaef1-6241-49ab-9825-8fc373757684/1/HWW3t7iY-q7nB2fQlxXENqg_zcI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HWW3t7iY-q7nB2fQlxXENqg_zcI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:bc:ae:2a:3b:09:bb:85:b9:f4:32:37:50:49:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d65b7b7b898faaee70767d09715c436a83fcdc2
        Validity
            Not Before: Jan  1 13:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1127451eb3134fd09d9d3b9e030b3ce4acd3a4ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:d8:9c:01:cd:74:19:9e:50:9c:a2:d4:47:ac:
                    bb:c8:57:4d:94:44:27:6e:4b:7f:c2:5d:dc:2d:b1:
                    25:be:89:6a:95:d3:61:05:fa:80:05:e3:1e:76:4c:
                    ae:b4:da:1a:6b:01:bf:9d:f8:e8:8b:5b:08:68:59:
                    9c:c0:c2:80:85:80:cb:30:e4:20:27:45:b1:21:70:
                    99:7e:c3:c7:95:9b:a9:f5:72:de:4d:23:3f:42:37:
                    f8:a7:f0:d8:cb:58:14:56:f0:70:3a:dd:34:1c:e1:
                    e5:fc:64:65:7f:10:9e:2a:e7:0a:18:4c:72:7a:4e:
                    85:33:97:05:25:f2:ef:40:6e:4f:82:a5:c0:0c:08:
                    28:04:f8:e6:64:05:5d:2d:ed:90:69:06:e9:fd:44:
                    61:99:61:8c:de:8b:d2:79:96:95:bc:62:65:76:00:
                    b0:f3:50:8d:b7:f1:5d:72:c5:d1:ab:04:a3:43:57:
                    35:04:31:f9:63:db:66:c5:4d:78:41:a1:4c:ca:8f:
                    e0:84:e1:c7:1c:a1:d3:89:48:d5:ba:0b:d2:43:4a:
                    15:70:fe:bd:b0:b7:f6:25:35:19:52:a7:52:72:a0:
                    45:3c:0f:53:3b:18:d1:0f:f7:40:c4:de:75:66:d6:
                    50:3a:a8:89:f7:3b:19:17:d8:9c:bf:5e:34:ae:85:
                    68:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:27:45:1E:B3:13:4F:D0:9D:9D:3B:9E:03:0B:3C:E4:AC:D3:A4:EA
            X509v3 Authority Key Identifier:
                keyid:1D:65:B7:B7:B8:98:FA:AE:E7:07:67:D0:97:15:C4:36:A8:3F:CD:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HWW3t7iY-q7nB2fQlxXENqg_zcI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/deaef1-6241-49ab-9825-8fc373757684/1/ESdFHrMTT9CdnTueAws85KzTpOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/deaef1-6241-49ab-9825-8fc373757684/1/HWW3t7iY-q7nB2fQlxXENqg_zcI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.215.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:7e:0b:1f:f8:e5:61:70:be:37:fe:ec:9f:9e:a4:80:95:f5:
         a5:15:c9:0c:20:c5:e8:b2:ad:e7:77:34:4d:26:92:6f:69:17:
         71:74:4f:fe:d2:31:52:b9:ed:31:18:1c:ad:19:63:a3:81:c8:
         a5:d2:12:cf:2c:f5:8b:47:8d:42:42:2f:bb:68:3f:5b:39:ee:
         14:50:20:ef:a8:84:3c:56:70:66:4f:8e:55:4e:0f:30:7f:2a:
         bf:ef:c1:ee:91:00:ac:51:b8:a6:28:55:e1:d9:96:b4:6e:91:
         3e:4f:8b:1c:36:1e:45:50:03:68:cc:f1:83:22:c9:8b:af:c8:
         f8:eb:c0:75:ee:18:28:75:0d:41:ad:7f:fa:96:5a:c0:55:90:
         33:68:88:fd:00:ec:ed:ff:e0:f1:df:e8:4c:62:8a:fb:f2:a8:
         4c:ac:bf:3a:56:a7:29:74:2b:e5:9c:b4:d8:ff:fe:17:72:5b:
         de:ac:54:bd:2d:39:69:b4:aa:ca:4b:72:9d:9c:71:72:da:0a:
         fc:77:f1:05:01:fa:6c:c9:c3:fd:d2:6a:46:4f:ad:d9:e2:fe:
         3c:91:8d:3a:e8:ba:66:8b:14:dc:ad:2b:09:d1:ba:77:cd:48:
         d1:af:77:c8:f4:6f:be:d3:26:77:ad:95:e4:62:59:8e:93:e5:
         56:ac:cf:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH7yuKjsJu4W59DI3UElvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNjViN2I3Yjg5OGZhYWVlNzA3NjdkMDk3MTVjNDM2YTgz
ZmNkYzIwHhcNMjUwMTAxMTM0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTI3NDUxZWIzMTM0ZmQwOWQ5ZDNiOWUwMzBiM2NlNGFjZDNhNGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7ticAc10GZ5QnKLUR6y7yFdNlEQn
bkt/wl3cLbElvolqldNhBfqABeMedkyutNoaawG/nfjoi1sIaFmcwMKAhYDLMOQg
J0WxIXCZfsPHlZup9XLeTSM/Qjf4p/DYy1gUVvBwOt00HOHl/GRlfxCeKucKGExy
ek6FM5cFJfLvQG5PgqXADAgoBPjmZAVdLe2QaQbp/URhmWGM3ovSeZaVvGJldgCw
81CNt/FdcsXRqwSjQ1c1BDH5Y9tmxU14QaFMyo/ghOHHHKHTiUjVugvSQ0oVcP69
sLf2JTUZUqdScqBFPA9TOxjRD/dAxN51ZtZQOqiJ9zsZF9icv140roVoUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBEnRR6zE0/QnZ07ngMLPOSs06TqMB8GA1UdIwQY
MBaAFB1lt7e4mPqu5wdn0JcVxDaoP83CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFdXM3Q3aVktcTduQjJmUWx4WEVOcWdfemNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9kZWFlZjEtNjI0MS00OWFiLTk4MjUt
OGZjMzczNzU3Njg0LzEvRVNkRkhyTVRUOUNkblR1ZUF3czg1S3pUcE9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9kZWFlZjEtNjI0MS00OWFiLTk4MjUtOGZjMzczNzU3Njg0
LzEvSFdXM3Q3aVktcTduQjJmUWx4WEVOcWdfemNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQApNdtMA0G
CSqGSIb3DQEBCwUAA4IBAQB8fgsf+OVhcL43/uyfnqSAlfWlFckMIMXosq3ndzRN
JpJvaRdxdE/+0jFSue0xGBytGWOjgcil0hLPLPWLR41CQi+7aD9bOe4UUCDvqIQ8
VnBmT45VTg8wfyq/78HukQCsUbimKFXh2Za0bpE+T4scNh5FUANozPGDIsmLr8j4
68B17hgodQ1BrX/6llrAVZAzaIj9AOzt/+Dx3+hMYor78qhMrL86VqcpdCvlnLTY
//4XclverFS9LTlptKrKS3KdnHFy2gr8d/EFAfpsycP90mpGT63Z4v48kY066Lpm
ixTcrSsJ0bp3zUjRr3fI9G++0yZ3rZXkYlmOk+VWrM+w
-----END CERTIFICATE-----