Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/21_l98tMuuHtah8-s1GQ4s9w80o.roa
File:                     21_l98tMuuHtah8-s1GQ4s9w80o.roa (raw, json)
Hash identifier:          kBh4jdwY3MGZ4Pq8reV1XfNIfs+7zVu2WLUGJ+5lgvc=
Subject key identifier:   DB:5F:E5:F7:CB:4C:BA:E1:ED:6A:1F:3E:B3:51:90:E2:CF:70:F3:4A
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       019422FC1500620A27DF10162FE515CED33D
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/21_l98tMuuHtah8-s1GQ4s9w80o.roa
Signing time:             Wed 01 Jan 2025 17:48:53 +0000
ROA not before:           Wed 01 Jan 2025 17:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     263702
IP address blocks:        109.72.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:15:00:62:0a:27:df:10:16:2f:e5:15:ce:d3:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Jan  1 17:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=db5fe5f7cb4cbae1ed6a1f3eb35190e2cf70f34a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:5a:6a:77:b4:05:27:22:2a:c0:2e:e0:60:c3:
                    40:8f:76:c4:c6:1f:d5:1f:55:98:cd:b8:d2:55:25:
                    24:3a:f1:b6:48:97:f6:29:1a:27:c3:9e:ed:7c:95:
                    a0:a6:4e:39:3f:de:86:e9:db:0f:9c:a6:43:1a:e2:
                    22:76:22:b3:88:f8:49:e9:e4:3f:11:be:56:5b:19:
                    5c:99:a8:c3:7c:2f:8e:1b:db:00:31:66:39:d2:6e:
                    27:7e:8d:05:0d:99:56:95:0b:e5:90:e5:c1:ac:6e:
                    24:c9:94:3f:f9:a7:42:87:4f:c1:18:27:c9:53:49:
                    d3:87:75:e4:a5:82:c6:87:50:d0:19:85:d9:a3:30:
                    18:c8:44:56:48:49:aa:e7:be:f0:80:11:38:4b:0c:
                    9b:bd:35:21:9f:e1:e2:55:a3:9e:67:8f:83:d8:4e:
                    e1:93:1d:c3:9b:1d:64:ae:37:88:8b:ec:34:a2:95:
                    50:c7:db:f2:e7:b4:72:53:44:6d:db:94:34:6a:cc:
                    3f:6a:66:b5:af:7c:68:7d:35:fc:81:4e:bb:13:d6:
                    24:1c:67:3e:56:08:54:ed:a9:73:d0:33:19:6b:ad:
                    48:4c:26:99:44:d9:21:e4:32:59:0a:05:70:27:40:
                    44:cc:64:4e:01:90:bc:ed:90:bd:d1:32:98:b1:f0:
                    bf:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:5F:E5:F7:CB:4C:BA:E1:ED:6A:1F:3E:B3:51:90:E2:CF:70:F3:4A
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/21_l98tMuuHtah8-s1GQ4s9w80o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.72.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:d2:69:4d:32:82:bf:9f:c7:47:05:53:94:0a:52:58:e2:29:
         75:ac:0c:ba:59:cd:c6:4b:f5:82:99:36:fb:c8:bf:2c:e8:ee:
         95:9d:c0:06:e0:c3:cc:85:2c:32:9f:54:07:dd:37:a6:95:54:
         cb:59:5b:98:c1:62:38:da:19:00:42:e8:81:eb:91:36:48:6d:
         32:6d:49:5e:49:61:97:f7:0b:55:fe:9b:5d:d5:42:9a:6d:1f:
         9c:24:80:ad:d0:41:88:3a:da:bd:7a:6b:71:cf:48:80:c9:eb:
         30:8c:3d:e9:09:92:23:9d:fb:64:d6:59:23:0a:2b:4a:d4:6f:
         4b:10:50:b1:35:09:16:60:25:0e:6e:b5:e2:a9:b0:ef:55:ca:
         b4:a6:05:ae:1d:b1:b3:3f:6f:48:82:da:c4:9f:0e:f2:94:de:
         6d:ad:26:86:86:6a:11:8e:cc:86:28:34:83:b2:d4:da:92:62:
         13:34:01:41:ab:a4:16:52:54:9c:36:0b:cb:ca:af:f7:df:5b:
         05:ca:be:1f:84:27:93:71:d4:a3:8b:b7:98:6a:ca:fd:0a:1b:
         90:04:ee:2a:9e:47:fa:60:8c:9c:da:f0:22:16:52:ac:9f:23:
         36:c7:98:e0:30:ff:fc:ec:08:fa:a6:f0:68:e9:dc:fb:85:ff:
         4a:a4:55:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/BUAYgon3xAWL+UVztM9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjUwMTAxMTc0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjVmZTVmN2NiNGNiYWUxZWQ2YTFmM2ViMzUxOTBlMmNmNzBmMzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1pqd7QFJyIqwC7gYMNAj3bExh/V
H1WYzbjSVSUkOvG2SJf2KRonw57tfJWgpk45P96G6dsPnKZDGuIidiKziPhJ6eQ/
Eb5WWxlcmajDfC+OG9sAMWY50m4nfo0FDZlWlQvlkOXBrG4kyZQ/+adCh0/BGCfJ
U0nTh3XkpYLGh1DQGYXZozAYyERWSEmq577wgBE4SwybvTUhn+HiVaOeZ4+D2E7h
kx3Dmx1krjeIi+w0opVQx9vy57RyU0Rt25Q0asw/ama1r3xofTX8gU67E9YkHGc+
VghU7alz0DMZa61ITCaZRNkh5DJZCgVwJ0BEzGROAZC87ZC90TKYsfC/EwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNtf5ffLTLrh7WofPrNRkOLPcPNKMB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvMjFfbDk4dE11dUh0YWg4LXMxR1E0czl3ODBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbUh3MA0G
CSqGSIb3DQEBCwUAA4IBAQCO0mlNMoK/n8dHBVOUClJY4il1rAy6Wc3GS/WCmTb7
yL8s6O6VncAG4MPMhSwyn1QH3TemlVTLWVuYwWI42hkAQuiB65E2SG0ybUleSWGX
9wtV/ptd1UKabR+cJICt0EGIOtq9emtxz0iAyeswjD3pCZIjnftk1lkjCitK1G9L
EFCxNQkWYCUObrXiqbDvVcq0pgWuHbGzP29IgtrEnw7ylN5trSaGhmoRjsyGKDSD
stTakmITNAFBq6QWUlScNgvLyq/331sFyr4fhCeTcdSji7eYasr9ChuQBO4qnkf6
YIyc2vAiFlKsnyM2x5jgMP/87Aj6pvBo6dz7hf9KpFVp
-----END CERTIFICATE-----