Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/7940ab-f7ca-4c07-a123-a6fb4df5481e/1/9L8cLTRV5dWqtEZxxMwC6cIxFbw.roa
File:                     9L8cLTRV5dWqtEZxxMwC6cIxFbw.roa (raw, json)
Hash identifier:          uOst1jEvtvR4Fw1CNdIOPHqrP6FjR/aTU5pBzUC4ykI=
Subject key identifier:   F4:BF:1C:2D:34:55:E5:D5:AA:B4:46:71:C4:CC:02:E9:C2:31:15:BC
Certificate issuer:       /CN=5a5125afc5ec978b2a321291c2a5570fe619159e
Certificate serial:       018CC86F26AD6DE7E52B27C2C479EB8CD28E
Authority key identifier: 5A:51:25:AF:C5:EC:97:8B:2A:32:12:91:C2:A5:57:0F:E6:19:15:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WlElr8Xsl4sqMhKRwqVXD-YZFZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/7940ab-f7ca-4c07-a123-a6fb4df5481e/1/9L8cLTRV5dWqtEZxxMwC6cIxFbw.roa
Signing time:             Tue 02 Jan 2024 04:29:36 +0000
ROA not before:           Tue 02 Jan 2024 04:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        192.109.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/7940ab-f7ca-4c07-a123-a6fb4df5481e/1/WlElr8Xsl4sqMhKRwqVXD-YZFZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/7940ab-f7ca-4c07-a123-a6fb4df5481e/1/WlElr8Xsl4sqMhKRwqVXD-YZFZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WlElr8Xsl4sqMhKRwqVXD-YZFZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:26:ad:6d:e7:e5:2b:27:c2:c4:79:eb:8c:d2:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a5125afc5ec978b2a321291c2a5570fe619159e
        Validity
            Not Before: Jan  2 04:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4bf1c2d3455e5d5aab44671c4cc02e9c23115bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:f3:64:be:53:87:f6:f8:a1:b5:87:d2:38:49:
                    e2:fe:55:8c:15:d3:f6:d0:09:e7:a8:d4:06:22:92:
                    07:87:92:90:ec:17:a6:e4:b5:5b:b9:fb:95:2f:f3:
                    c4:c7:c7:4f:31:4a:cf:58:3e:e3:4c:d9:73:c9:f0:
                    e9:15:4b:f8:a2:7b:bd:a8:fb:eb:4b:99:69:42:c5:
                    65:90:2b:08:30:74:c1:a1:bd:87:7d:c7:2c:47:65:
                    99:ff:c9:90:a2:9f:31:a2:6a:0e:6c:8e:15:f5:80:
                    2b:8c:6c:dc:59:f6:e1:e8:85:6b:3c:7f:4e:d0:d8:
                    70:5e:7b:19:22:63:b5:f4:1c:2e:16:f5:96:7d:50:
                    d1:4f:9f:b1:a8:d5:aa:ad:a9:44:af:f0:cf:5a:c9:
                    65:0c:e2:b2:90:4a:d0:f6:c4:f9:70:33:93:c3:39:
                    24:bf:7f:fe:d6:7c:59:28:ae:4b:bd:f1:0c:f2:d0:
                    36:70:d8:af:08:59:3f:2e:9c:62:46:47:d6:fe:f6:
                    b9:97:8c:56:be:4f:35:a6:0f:64:0a:eb:fb:ab:c1:
                    00:96:bd:50:24:75:98:8d:69:bd:c5:92:50:19:13:
                    13:59:23:a0:0b:49:81:c5:17:18:3b:7c:0f:2e:87:
                    70:e5:ae:ef:f9:b3:a9:bc:b7:3b:f7:f8:df:57:be:
                    23:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:BF:1C:2D:34:55:E5:D5:AA:B4:46:71:C4:CC:02:E9:C2:31:15:BC
            X509v3 Authority Key Identifier:
                keyid:5A:51:25:AF:C5:EC:97:8B:2A:32:12:91:C2:A5:57:0F:E6:19:15:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WlElr8Xsl4sqMhKRwqVXD-YZFZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/7940ab-f7ca-4c07-a123-a6fb4df5481e/1/9L8cLTRV5dWqtEZxxMwC6cIxFbw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/7940ab-f7ca-4c07-a123-a6fb4df5481e/1/WlElr8Xsl4sqMhKRwqVXD-YZFZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:db:16:ce:b1:0e:97:56:b5:d3:a2:77:69:c2:31:62:82:47:
         a5:5b:3b:5b:13:ff:af:11:1c:d9:47:cc:23:e7:34:e5:35:05:
         97:65:a7:f6:17:0d:66:9f:6b:78:8a:a8:7f:a4:88:5a:50:47:
         eb:a1:eb:fe:4d:18:6a:0c:41:7d:ea:3b:59:bc:da:4b:21:01:
         5b:de:7d:b8:f0:2e:04:e0:17:b9:9d:cf:3c:79:1d:3b:f5:96:
         62:62:e2:0d:8e:6e:ea:9b:a1:bd:5b:f9:9c:d7:c5:36:29:db:
         6e:d6:4f:e5:f9:a2:59:b6:c7:a4:22:4b:14:68:7f:50:59:39:
         e0:ab:ba:df:53:ab:d6:be:1d:7e:6f:ae:d5:65:52:7f:7e:9a:
         e7:46:9a:47:e3:d1:cb:b8:6b:86:cc:82:e9:50:e3:77:43:a2:
         ea:a0:db:c1:7b:bf:76:8d:29:33:4a:8b:23:1b:ad:32:d6:8c:
         ec:a4:fc:8f:3e:d1:0b:a0:1e:54:a1:0f:f4:23:6b:35:86:3f:
         ac:0b:ae:b9:02:59:c7:00:90:3d:0e:74:2e:cf:02:15:55:08:
         68:9b:89:5c:b6:ca:7a:ee:db:3c:66:6f:c0:9f:a4:b7:61:7f:
         cc:17:8b:ae:20:81:90:fb:f7:03:99:11:04:f7:f9:58:9f:fa:
         28:d2:45:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbyatbeflKyfCxHnrjNKOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhNTEyNWFmYzVlYzk3OGIyYTMyMTI5MWMyYTU1NzBmZTYx
OTE1OWUwHhcNMjQwMTAyMDQyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGJmMWMyZDM0NTVlNWQ1YWFiNDQ2NzFjNGNjMDJlOWMyMzExNWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy/NkvlOH9vihtYfSOEni/lWMFdP2
0AnnqNQGIpIHh5KQ7Bem5LVbufuVL/PEx8dPMUrPWD7jTNlzyfDpFUv4onu9qPvr
S5lpQsVlkCsIMHTBob2HfccsR2WZ/8mQop8xomoObI4V9YArjGzcWfbh6IVrPH9O
0NhwXnsZImO19BwuFvWWfVDRT5+xqNWqralEr/DPWsllDOKykErQ9sT5cDOTwzkk
v3/+1nxZKK5LvfEM8tA2cNivCFk/LpxiRkfW/va5l4xWvk81pg9kCuv7q8EAlr1Q
JHWYjWm9xZJQGRMTWSOgC0mBxRcYO3wPLodw5a7v+bOpvLc79/jfV74jZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPS/HC00VeXVqrRGccTMAunCMRW8MB8GA1UdIwQY
MBaAFFpRJa/F7JeLKjISkcKlVw/mGRWeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2xFbHI4WHNsNHNxTWhLUndxVlhELVlaRlo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy83OTQwYWItZjdjYS00YzA3LWExMjMt
YTZmYjRkZjU0ODFlLzEvOUw4Y0xUUlY1ZFdxdEVaeHhNd0M2Y0l4RmJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy83OTQwYWItZjdjYS00YzA3LWExMjMtYTZmYjRkZjU0ODFl
LzEvV2xFbHI4WHNsNHNxTWhLUndxVlhELVlaRlo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwG1lMA0G
CSqGSIb3DQEBCwUAA4IBAQAz2xbOsQ6XVrXTondpwjFigkelWztbE/+vERzZR8wj
5zTlNQWXZaf2Fw1mn2t4iqh/pIhaUEfroev+TRhqDEF96jtZvNpLIQFb3n248C4E
4Be5nc88eR079ZZiYuINjm7qm6G9W/mc18U2Kdtu1k/l+aJZtsekIksUaH9QWTng
q7rfU6vWvh1+b67VZVJ/fprnRppH49HLuGuGzILpUON3Q6LqoNvBe792jSkzSosj
G60y1ozspPyPPtELoB5UoQ/0I2s1hj+sC665AlnHAJA9DnQuzwIVVQhom4lctsp6
7ts8Zm/An6S3YX/MF4uuIIGQ+/cDmREE9/lYn/oo0kX4
-----END CERTIFICATE-----