Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/jB-z6tU49eCpdLJATgE8Ex9roFU.roa
File:                     jB-z6tU49eCpdLJATgE8Ex9roFU.roa (raw, json)
Hash identifier:          i061JOQcxN7EcQaNeqtPKLXeQ2gYUgXTC3ZwpyVqD5g=
Subject key identifier:   8C:1F:B3:EA:D5:38:F5:E0:A9:74:B2:40:4E:01:3C:13:1F:6B:A0:55
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       0194206834D6127EC855393D72952CBA977E
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/jB-z6tU49eCpdLJATgE8Ex9roFU.roa
Signing time:             Wed 01 Jan 2025 05:48:07 +0000
ROA not before:           Wed 01 Jan 2025 05:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211415
IP address blocks:        109.107.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:34:d6:12:7e:c8:55:39:3d:72:95:2c:ba:97:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: Jan  1 05:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8c1fb3ead538f5e0a974b2404e013c131f6ba055
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:ea:1d:da:54:49:47:54:53:8c:f5:f0:9c:85:
                    5b:12:e5:eb:41:56:7d:2a:b6:7b:05:9d:cc:ce:11:
                    eb:76:ce:33:57:bb:87:20:ca:eb:31:88:2e:59:69:
                    ee:07:22:20:79:72:f7:da:50:c9:e7:0c:e0:73:15:
                    07:69:74:ff:b9:6e:89:54:70:65:2b:34:e3:68:db:
                    64:5c:d9:d5:49:c0:6d:7d:44:ce:04:04:21:18:64:
                    7d:4c:eb:2b:a9:9a:3b:c9:09:89:c5:ff:ae:03:04:
                    2c:77:92:fb:57:51:4a:21:00:b7:6b:6d:72:06:6e:
                    c1:36:af:e4:56:00:97:00:81:e3:db:4f:33:01:ff:
                    68:d8:19:c2:9b:3b:82:c0:24:ff:24:24:56:2b:b1:
                    d6:4c:39:55:b1:0a:d1:cb:af:e5:52:64:10:09:1f:
                    c0:49:4a:84:5d:3a:14:b0:6b:94:27:69:fb:52:84:
                    ec:21:1d:ce:96:33:84:49:45:d4:c1:ed:24:d7:78:
                    e0:85:a6:76:d7:e6:1f:ac:44:d7:5c:80:f2:fe:b6:
                    be:55:4e:b0:05:2f:08:cb:b1:04:25:33:a2:17:61:
                    46:bd:40:75:6e:bd:2c:8b:3c:07:97:cb:12:43:c5:
                    54:2a:be:46:f4:83:bc:4e:c5:23:08:2a:25:52:10:
                    31:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:1F:B3:EA:D5:38:F5:E0:A9:74:B2:40:4E:01:3C:13:1F:6B:A0:55
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/jB-z6tU49eCpdLJATgE8Ex9roFU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.107.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:74:d1:cf:00:c5:d7:42:38:54:5f:ee:30:6d:70:b4:15:2e:
         4e:93:b9:36:f9:b4:d8:c2:b1:4e:fd:c3:cc:65:4d:ac:e7:c0:
         43:19:59:c2:08:0e:09:53:55:1c:ce:42:cf:9a:19:0e:12:ea:
         77:ad:5c:d0:c1:26:c3:29:c2:75:fa:a4:cd:06:4e:5e:56:0b:
         96:42:be:fa:0b:c5:99:59:8a:1b:85:d3:8a:0f:ee:8f:29:09:
         05:f0:64:ba:7d:88:b8:49:f3:a2:db:41:6b:a8:d8:fe:33:1b:
         e4:14:27:91:fe:ba:e8:c2:88:5c:c6:41:84:a6:d8:e1:a5:e5:
         7d:89:78:e6:b7:e4:7e:db:47:d5:77:9c:39:b9:70:49:be:33:
         93:98:e5:cd:db:5c:95:0b:19:82:73:6a:66:cd:31:cb:9a:9a:
         95:92:49:fb:30:f5:17:08:c3:73:22:22:03:81:d5:30:57:a3:
         4e:20:50:fd:0e:ab:ac:cc:df:3c:3a:78:82:f9:b2:ae:35:71:
         9c:0d:93:05:37:fd:39:81:ea:90:dd:6b:00:6d:be:c6:15:06:
         8c:6d:f4:13:ce:3a:f2:f1:b8:5f:9f:61:ad:6f:0c:cd:17:c1:
         47:c8:4f:14:d5:38:04:14:ef:3d:a0:aa:e7:29:17:a9:3c:c9:
         e5:5d:0c:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaDTWEn7IVTk9cpUsupd+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjUwMTAxMDU0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzFmYjNlYWQ1MzhmNWUwYTk3NGIyNDA0ZTAxM2MxMzFmNmJhMDU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAluod2lRJR1RTjPXwnIVbEuXrQVZ9
KrZ7BZ3MzhHrds4zV7uHIMrrMYguWWnuByIgeXL32lDJ5wzgcxUHaXT/uW6JVHBl
KzTjaNtkXNnVScBtfUTOBAQhGGR9TOsrqZo7yQmJxf+uAwQsd5L7V1FKIQC3a21y
Bm7BNq/kVgCXAIHj208zAf9o2BnCmzuCwCT/JCRWK7HWTDlVsQrRy6/lUmQQCR/A
SUqEXToUsGuUJ2n7UoTsIR3OljOESUXUwe0k13jghaZ21+YfrETXXIDy/ra+VU6w
BS8Iy7EEJTOiF2FGvUB1br0sizwHl8sSQ8VUKr5G9IO8TsUjCColUhAxKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIwfs+rVOPXgqXSyQE4BPBMfa6BVMB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvakItejZ0VTQ5ZUNwZExKQVRnRThFeDlyb0ZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbWuHMA0G
CSqGSIb3DQEBCwUAA4IBAQBJdNHPAMXXQjhUX+4wbXC0FS5Ok7k2+bTYwrFO/cPM
ZU2s58BDGVnCCA4JU1UczkLPmhkOEup3rVzQwSbDKcJ1+qTNBk5eVguWQr76C8WZ
WYobhdOKD+6PKQkF8GS6fYi4SfOi20FrqNj+MxvkFCeR/rrowohcxkGEptjhpeV9
iXjmt+R+20fVd5w5uXBJvjOTmOXN21yVCxmCc2pmzTHLmpqVkkn7MPUXCMNzIiID
gdUwV6NOIFD9DquszN88OniC+bKuNXGcDZMFN/05geqQ3WsAbb7GFQaMbfQTzjry
8bhfn2GtbwzNF8FHyE8U1TgEFO89oKrnKRepPMnlXQyj
-----END CERTIFICATE-----