Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/7-CIZj9uif--br5voFAmQlLSW6c.roa
File:                     7-CIZj9uif--br5voFAmQlLSW6c.roa (raw, json)
Hash identifier:          uTSjmKpL+cFNc34iNkcWzIdWbLSiGj8LHYTNjwuj3bY=
Subject key identifier:   EF:E0:88:66:3F:6E:89:FF:BE:6E:BE:6F:A0:50:26:42:52:D2:5B:A7
Certificate issuer:       /CN=9a1e69368abd34538fe77ddaabcdc835af595eba
Certificate serial:       01941F8C50C174903AC5B80619DB669186BE
Authority key identifier: 9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/7-CIZj9uif--br5voFAmQlLSW6c.roa
Signing time:             Wed 01 Jan 2025 01:47:56 +0000
ROA not before:           Wed 01 Jan 2025 01:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203684
IP address blocks:        109.232.0.0/22 maxlen: 22
                          109.232.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:50:c1:74:90:3a:c5:b8:06:19:db:66:91:86:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a1e69368abd34538fe77ddaabcdc835af595eba
        Validity
            Not Before: Jan  1 01:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=efe088663f6e89ffbe6ebe6fa050264252d25ba7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:36:40:35:ba:1f:0a:18:d3:55:a2:28:49:68:
                    5a:88:79:d2:11:01:55:30:e1:d0:63:4d:46:ce:a9:
                    4c:61:66:58:0f:83:a4:5d:b4:f0:7d:e8:d5:d6:3c:
                    e1:df:0a:31:af:78:1b:58:04:ad:e0:a4:5f:c7:e2:
                    de:5d:c5:c6:40:db:58:c7:06:c8:38:ea:09:82:46:
                    37:bb:e4:00:a4:10:22:82:08:e5:b2:75:f0:70:c7:
                    2a:5b:84:85:fd:99:05:a2:ab:a8:f1:2c:d5:cf:4b:
                    d2:aa:55:b0:cc:41:a5:9a:76:b6:57:dc:7f:9c:84:
                    c4:79:5c:6d:44:f5:7e:ff:c0:d0:3f:12:51:5c:03:
                    2a:3b:7f:57:bd:da:82:b4:eb:d8:48:f7:ea:8b:54:
                    04:98:59:19:52:f3:76:07:89:02:0e:9f:d9:7a:ef:
                    e2:bd:db:fb:f1:e9:13:c2:5f:91:1e:ae:cb:aa:b2:
                    f1:cd:11:2a:1a:be:30:32:45:ef:b0:f6:e8:aa:87:
                    79:66:fa:e8:f2:38:f0:7c:c2:c3:95:9a:97:0a:3f:
                    f4:b6:e1:61:28:94:a6:84:d9:57:f3:49:bb:63:8a:
                    93:ef:3e:65:7a:58:45:e1:aa:ca:20:0c:1d:18:c0:
                    7b:9f:31:ec:44:a2:6f:79:d8:cf:d0:0b:3d:0c:c2:
                    75:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:E0:88:66:3F:6E:89:FF:BE:6E:BE:6F:A0:50:26:42:52:D2:5B:A7
            X509v3 Authority Key Identifier:
                keyid:9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/7-CIZj9uif--br5voFAmQlLSW6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.232.0.0-109.232.4.255

    Signature Algorithm: sha256WithRSAEncryption
         81:78:6e:f5:16:cf:d3:39:1f:f6:91:c2:08:4e:40:0a:20:18:
         3b:2b:bf:52:53:30:65:fb:36:ef:2e:70:49:5e:fb:11:f4:e1:
         23:66:97:f4:6b:16:78:6c:41:f4:81:0a:31:3d:70:fd:10:ff:
         25:c4:83:8e:c3:a2:9b:24:41:4c:60:99:9f:9d:bd:76:71:49:
         44:24:00:35:3a:bb:76:ea:86:ae:fc:6d:3a:42:18:a5:e6:3a:
         a4:e1:f0:70:67:ba:5b:8d:c0:3d:ec:58:83:d0:b6:b0:5d:17:
         4d:ec:b9:5f:2a:d7:dc:3c:cf:9a:7d:25:dd:34:b3:53:b9:c3:
         67:a9:8e:a5:8f:4d:ec:d2:64:34:64:f3:a5:d4:13:2e:46:2e:
         57:3b:32:df:79:97:d4:e3:36:55:71:18:b6:61:64:88:39:fe:
         09:eb:81:67:bb:75:ff:ba:46:a6:2c:9d:51:83:61:18:74:94:
         0a:bf:c8:e6:f8:ce:2d:d6:ea:50:7d:b6:7d:a2:e7:88:6d:26:
         2e:60:2a:a9:0b:43:c0:09:c1:29:8a:fa:94:34:af:24:cf:0b:
         c1:88:d8:2e:aa:2f:f2:df:c4:c2:bc:32:e4:de:d3:12:ff:ae:
         ff:6f:76:2b:d8:81:67:4c:d5:a2:f0:3c:15:cf:80:00:a9:d5:
         ff:28:7c:c4
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZQfjFDBdJA6xbgGGdtmkYa+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMWU2OTM2OGFiZDM0NTM4ZmU3N2RkYWFiY2RjODM1YWY1
OTVlYmEwHhcNMjUwMTAxMDE0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmUwODg2NjNmNmU4OWZmYmU2ZWJlNmZhMDUwMjY0MjUyZDI1YmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwjZANbofChjTVaIoSWhaiHnSEQFV
MOHQY01GzqlMYWZYD4OkXbTwfejV1jzh3woxr3gbWASt4KRfx+LeXcXGQNtYxwbI
OOoJgkY3u+QApBAiggjlsnXwcMcqW4SF/ZkFoquo8SzVz0vSqlWwzEGlmna2V9x/
nITEeVxtRPV+/8DQPxJRXAMqO39XvdqCtOvYSPfqi1QEmFkZUvN2B4kCDp/Zeu/i
vdv78ekTwl+RHq7LqrLxzREqGr4wMkXvsPboqod5Zvro8jjwfMLDlZqXCj/0tuFh
KJSmhNlX80m7Y4qT7z5lelhF4arKIAwdGMB7nzHsRKJvedjP0As9DMJ1fQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFO/giGY/bon/vm6+b6BQJkJS0lunMB8GA1UdIwQY
MBaAFJoeaTaKvTRTj+d92qvNyDWvWV66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjIt
MTA5ODJlMDQwZDUzLzEvNy1DSVpqOXVpZi0tYnI1dm9GQW1RbExTVzZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjItMTA5ODJlMDQwZDUz
LzEvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANMAsDAwNt6AME
AG3oBDANBgkqhkiG9w0BAQsFAAOCAQEAgXhu9RbP0zkf9pHCCE5ACiAYOyu/UlMw
Zfs27y5wSV77EfThI2aX9GsWeGxB9IEKMT1w/RD/JcSDjsOimyRBTGCZn529dnFJ
RCQANTq7duqGrvxtOkIYpeY6pOHwcGe6W43APexYg9C2sF0XTey5XyrX3DzPmn0l
3TSzU7nDZ6mOpY9N7NJkNGTzpdQTLkYuVzsy33mX1OM2VXEYtmFkiDn+CeuBZ7t1
/7pGpiydUYNhGHSUCr/I5vjOLdbqUH22faLniG0mLmAqqQtDwAnBKYr6lDSvJM8L
wYjYLqov8t/Ewrwy5N7TEv+u/292K9iBZ0zVovA8Fc+AAKnV/yh8xA==
-----END CERTIFICATE-----