Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/twVpUYnpTjMJsgNWGXruksUg8CI.roa
File:                     twVpUYnpTjMJsgNWGXruksUg8CI.roa (raw, json)
Hash identifier:          SeMFWO9t80CzArgFOHTK9PDj74fu98aDpk16IxNKMRI=
Subject key identifier:   B7:05:69:51:89:E9:4E:33:09:B2:03:56:19:7A:EE:92:C5:20:F0:22
Certificate issuer:       /CN=4986c73994d02d91fc97d916e9809a6d981e6b17
Certificate serial:       0192B7C95207D3ACAC172520DA27AA7F9244
Authority key identifier: 49:86:C7:39:94:D0:2D:91:FC:97:D9:16:E9:80:9A:6D:98:1E:6B:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/twVpUYnpTjMJsgNWGXruksUg8CI.roa
Signing time:             Wed 23 Oct 2024 05:11:17 +0000
ROA not before:           Wed 23 Oct 2024 05:11:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25369
IP address blocks:        109.234.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b7:c9:52:07:d3:ac:ac:17:25:20:da:27:aa:7f:92:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4986c73994d02d91fc97d916e9809a6d981e6b17
        Validity
            Not Before: Oct 23 05:11:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b705695189e94e3309b20356197aee92c520f022
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:f1:b3:c4:87:61:a4:f7:69:6a:bb:e4:db:2b:
                    9c:cf:21:3c:4a:5f:92:ce:f7:a7:24:29:b4:5b:7c:
                    df:fe:53:3a:a4:e9:54:dc:d1:d3:12:a1:e3:f1:dc:
                    4e:c7:74:6f:a8:07:e1:14:36:1b:07:4f:2c:e4:d7:
                    73:d7:37:77:49:a1:41:78:e9:95:80:11:64:21:90:
                    47:81:06:a8:76:22:77:5f:53:86:e8:ef:2a:f3:ea:
                    55:c8:49:fa:13:cf:6d:8f:c6:42:f8:5d:a5:f0:25:
                    50:a5:52:cb:d6:ba:16:91:0c:ee:b0:ec:a2:bf:87:
                    12:15:23:70:77:a3:03:eb:09:07:c9:7f:b8:65:78:
                    e3:2f:45:ac:d7:e1:6c:51:4c:11:85:e0:c4:7e:f5:
                    e3:bb:92:4f:50:d3:4b:30:b4:d1:af:99:fc:5c:e0:
                    05:ae:4b:df:ec:dc:71:03:61:40:a3:7a:ad:c5:df:
                    78:02:7e:10:92:86:a0:bd:26:34:5e:11:a7:c6:3b:
                    6b:7a:5c:34:eb:9a:cf:11:7c:9b:d4:39:a1:1a:7b:
                    b7:ea:a6:ea:09:dd:00:e6:d6:b0:a9:5e:56:f6:3c:
                    0c:46:dc:dd:f1:16:1f:06:51:2f:76:b9:31:84:a7:
                    36:48:06:8a:e7:a1:b0:1e:76:c0:99:c0:6d:b3:5a:
                    34:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:05:69:51:89:E9:4E:33:09:B2:03:56:19:7A:EE:92:C5:20:F0:22
            X509v3 Authority Key Identifier:
                keyid:49:86:C7:39:94:D0:2D:91:FC:97:D9:16:E9:80:9A:6D:98:1E:6B:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/twVpUYnpTjMJsgNWGXruksUg8CI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.234.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:33:13:f5:2d:50:51:93:2f:75:f9:9c:80:ac:bb:e8:23:95:
         f3:24:73:c3:a6:8d:fc:bd:df:09:f4:ce:6f:07:ce:7b:6b:a4:
         ae:0a:be:8e:b8:6a:2c:97:9f:af:37:07:8f:35:07:e1:fa:92:
         22:27:ca:b5:5f:a3:1d:8e:19:81:8e:d5:ab:f4:9e:b2:a2:87:
         f0:26:0c:8a:c8:34:6b:88:2e:75:18:5a:9f:76:4a:40:8b:51:
         68:28:2f:4c:bd:04:92:a1:ac:f2:9c:e4:73:db:9b:9b:df:52:
         48:4d:c8:a3:d0:e6:d3:52:13:27:bb:31:ad:b7:9e:6a:ef:8f:
         5c:5b:be:ad:31:a3:06:55:12:2d:42:e8:b6:f1:f3:19:c1:a4:
         ff:00:28:3a:72:d9:7b:74:11:62:70:cd:94:79:b7:12:00:81:
         d0:83:61:d9:b6:0d:29:de:04:bc:7c:80:5d:bc:19:7b:cf:17:
         0c:c5:f3:25:cb:12:3b:8f:9d:b6:c2:9c:f2:09:03:26:7d:6e:
         27:14:4a:e9:47:04:2d:93:1f:95:6e:64:82:6a:5a:f8:ea:fc:
         e8:9b:6e:fd:41:1d:87:89:02:6b:3e:b0:3f:0e:d5:ac:0e:3c:
         5b:17:f2:ee:f3:fd:9e:c9:6d:af:72:02:3f:09:76:00:7a:03:
         15:7c:8b:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZK3yVIH06ysFyUg2ieqf5JEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ODZjNzM5OTRkMDJkOTFmYzk3ZDkxNmU5ODA5YTZkOTgx
ZTZiMTcwHhcNMjQxMDIzMDUxMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzA1Njk1MTg5ZTk0ZTMzMDliMjAzNTYxOTdhZWU5MmM1MjBmMDIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxvGzxIdhpPdparvk2yuczyE8Sl+S
zvenJCm0W3zf/lM6pOlU3NHTEqHj8dxOx3RvqAfhFDYbB08s5Ndz1zd3SaFBeOmV
gBFkIZBHgQaodiJ3X1OG6O8q8+pVyEn6E89tj8ZC+F2l8CVQpVLL1roWkQzusOyi
v4cSFSNwd6MD6wkHyX+4ZXjjL0Ws1+FsUUwRheDEfvXju5JPUNNLMLTRr5n8XOAF
rkvf7NxxA2FAo3qtxd94An4QkoagvSY0XhGnxjtrelw065rPEXyb1DmhGnu36qbq
Cd0A5tawqV5W9jwMRtzd8RYfBlEvdrkxhKc2SAaK56GwHnbAmcBts1o0zwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLcFaVGJ6U4zCbIDVhl67pLFIPAiMB8GA1UdIwQY
MBaAFEmGxzmU0C2R/JfZFumAmm2YHmsXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1liSE9aVFFMWkg4bDlrVzZZQ2FiWmdlYXhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS80NTdlMTMtNDFkMy00MGVmLWI1NzIt
OWU4OTVkMGVmOGQyLzEvdHdWcFVZbnBUak1Kc2dOV0dYcnVrc1VnOENJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS80NTdlMTMtNDFkMy00MGVmLWI1NzItOWU4OTVkMGVmOGQy
LzEvU1liSE9aVFFMWkg4bDlrVzZZQ2FiWmdlYXhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbepKMA0G
CSqGSIb3DQEBCwUAA4IBAQBPMxP1LVBRky91+ZyArLvoI5XzJHPDpo38vd8J9M5v
B857a6SuCr6OuGosl5+vNwePNQfh+pIiJ8q1X6MdjhmBjtWr9J6yoofwJgyKyDRr
iC51GFqfdkpAi1FoKC9MvQSSoazynORz25ub31JITcij0ObTUhMnuzGtt55q749c
W76tMaMGVRItQui28fMZwaT/ACg6ctl7dBFicM2UebcSAIHQg2HZtg0p3gS8fIBd
vBl7zxcMxfMlyxI7j522wpzyCQMmfW4nFErpRwQtkx+VbmSCalr46vzom279QR2H
iQJrPrA/DtWsDjxbF/Lu8/2eyW2vcgI/CXYAegMVfIuS
-----END CERTIFICATE-----