Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/L3xdjIH2zy7v5Cj6gtkLDE8Ij7M.roa
File:                     L3xdjIH2zy7v5Cj6gtkLDE8Ij7M.roa (raw, json)
Hash identifier:          Q+o3qtQDOHZiPtx1qsjKwH4+/xbmKCsf4LWPeNV0Toc=
Subject key identifier:   2F:7C:5D:8C:81:F6:CF:2E:EF:E4:28:FA:82:D9:0B:0C:4F:08:8F:B3
Certificate issuer:       /CN=929352a8d2dd70c91ffcec8e323fe69f1e9a4139
Certificate serial:       01942368FA9EE20F412FAE4D303516CF497B
Authority key identifier: 92:93:52:A8:D2:DD:70:C9:1F:FC:EC:8E:32:3F:E6:9F:1E:9A:41:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kpNSqNLdcMkf_OyOMj_mnx6aQTk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/L3xdjIH2zy7v5Cj6gtkLDE8Ij7M.roa
Signing time:             Wed 01 Jan 2025 19:47:49 +0000
ROA not before:           Wed 01 Jan 2025 19:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8747
IP address blocks:        109.235.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/kpNSqNLdcMkf_OyOMj_mnx6aQTk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/kpNSqNLdcMkf_OyOMj_mnx6aQTk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kpNSqNLdcMkf_OyOMj_mnx6aQTk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:68:fa:9e:e2:0f:41:2f:ae:4d:30:35:16:cf:49:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=929352a8d2dd70c91ffcec8e323fe69f1e9a4139
        Validity
            Not Before: Jan  1 19:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2f7c5d8c81f6cf2eefe428fa82d90b0c4f088fb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:b2:4b:50:44:27:b1:50:fc:5b:f5:e0:cf:e4:
                    0a:18:1e:a2:31:13:9c:a5:84:7a:01:ad:59:8b:47:
                    eb:e2:ff:db:ad:fe:03:5c:81:6f:1c:03:91:dc:1e:
                    5e:bf:03:f3:62:b9:25:0a:af:19:af:dd:03:06:85:
                    dd:f4:c0:48:03:ac:ba:79:c9:0f:0d:da:4e:1d:20:
                    c0:66:89:a2:0f:51:cd:17:bb:6d:1c:1a:8e:b1:4d:
                    dc:ba:8c:bd:2b:b2:e4:6d:96:3e:09:90:45:57:5c:
                    f1:87:68:02:7c:ca:6a:96:cf:92:a2:e6:17:61:44:
                    c7:e7:bd:03:55:9a:db:4d:75:5c:4e:b0:57:27:3f:
                    d4:1c:f4:25:54:8c:50:df:3b:57:15:03:29:25:f5:
                    5c:db:7c:2d:f9:8f:94:41:14:7c:18:f1:ff:3c:84:
                    4c:b2:9e:67:d2:b2:a1:cb:0c:ed:4c:95:68:0e:4e:
                    c0:6e:67:c6:bf:33:16:0b:89:7f:56:dc:ca:2b:ab:
                    ae:90:58:b9:6e:56:d4:e0:6f:c5:93:5f:1e:ac:23:
                    d5:90:d6:aa:ac:8d:96:af:fd:8f:4a:45:3e:95:e9:
                    d5:23:c5:d5:2f:7a:0e:03:2e:45:62:06:9b:84:b4:
                    d4:4d:50:26:57:11:b5:b0:bf:7d:7a:dd:58:a3:0a:
                    ee:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:7C:5D:8C:81:F6:CF:2E:EF:E4:28:FA:82:D9:0B:0C:4F:08:8F:B3
            X509v3 Authority Key Identifier:
                keyid:92:93:52:A8:D2:DD:70:C9:1F:FC:EC:8E:32:3F:E6:9F:1E:9A:41:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kpNSqNLdcMkf_OyOMj_mnx6aQTk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/L3xdjIH2zy7v5Cj6gtkLDE8Ij7M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/kpNSqNLdcMkf_OyOMj_mnx6aQTk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.235.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e2:85:c2:30:d4:bf:0d:29:a3:4e:e6:0e:9e:84:d4:43:d7:0d:
         1a:46:07:05:93:e0:ac:f5:5f:cc:c3:8b:e4:1e:6f:10:91:28:
         7a:f5:38:fe:e2:53:4b:bc:d4:79:c1:2c:11:46:fe:a3:4e:0d:
         6f:8b:37:1e:98:76:b1:a1:98:a9:e6:04:1c:3d:d5:22:47:1a:
         5b:39:51:3b:b0:10:a6:41:4b:4a:57:5d:84:1a:6e:da:fc:aa:
         c6:2d:81:11:fc:5a:f5:98:8a:c1:cf:c7:41:e9:3f:7d:4b:0d:
         b3:09:08:c2:1b:ef:bd:cf:5b:5a:b2:63:ab:40:e3:c5:9c:3a:
         e7:2b:6d:ba:cf:e6:ec:1f:d2:33:08:d3:12:bb:98:1f:a9:5c:
         e3:19:96:12:f6:de:28:95:0f:59:46:34:3d:2d:69:57:68:c1:
         e8:0b:c0:f7:7a:4f:dc:ae:02:96:47:9f:2c:8f:ce:ce:72:e3:
         d2:b2:83:84:4a:ca:7a:26:8f:9e:fc:2d:ef:7e:10:73:76:3a:
         64:3d:6e:1c:ae:ef:a9:80:b9:c3:6f:58:9e:a3:98:5f:c2:cf:
         c3:28:3e:09:0f:c3:57:87:f7:7e:ee:26:14:16:15:18:f6:03:
         6d:18:4f:ca:af:74:9d:b4:f5:50:6d:23:56:a8:04:be:c7:c6:
         70:12:e5:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaPqe4g9BL65NMDUWz0l7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyOTM1MmE4ZDJkZDcwYzkxZmZjZWM4ZTMyM2ZlNjlmMWU5
YTQxMzkwHhcNMjUwMTAxMTk0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjdjNWQ4YzgxZjZjZjJlZWZlNDI4ZmE4MmQ5MGIwYzRmMDg4ZmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA17JLUEQnsVD8W/Xgz+QKGB6iMROc
pYR6Aa1Zi0fr4v/brf4DXIFvHAOR3B5evwPzYrklCq8Zr90DBoXd9MBIA6y6eckP
DdpOHSDAZomiD1HNF7ttHBqOsU3cuoy9K7LkbZY+CZBFV1zxh2gCfMpqls+SouYX
YUTH570DVZrbTXVcTrBXJz/UHPQlVIxQ3ztXFQMpJfVc23wt+Y+UQRR8GPH/PIRM
sp5n0rKhywztTJVoDk7AbmfGvzMWC4l/VtzKK6uukFi5blbU4G/Fk18erCPVkNaq
rI2Wr/2PSkU+lenVI8XVL3oOAy5FYgabhLTUTVAmVxG1sL99et1YowruUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC98XYyB9s8u7+Qo+oLZCwxPCI+zMB8GA1UdIwQY
MBaAFJKTUqjS3XDJH/zsjjI/5p8emkE5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3BOU3FOTGRjTWtmX095T01qX21ueDZhUVRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi83YjZlZGMtYWQyMy00ZDczLWFiNTYt
MGExYTM1ODk3ZjEwLzEvTDN4ZGpJSDJ6eTd2NUNqNmd0a0xERThJajdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi83YjZlZGMtYWQyMy00ZDczLWFiNTYtMGExYTM1ODk3ZjEw
LzEva3BOU3FOTGRjTWtmX095T01qX21ueDZhUVRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbeu0MA0G
CSqGSIb3DQEBCwUAA4IBAQDihcIw1L8NKaNO5g6ehNRD1w0aRgcFk+Cs9V/Mw4vk
Hm8QkSh69Tj+4lNLvNR5wSwRRv6jTg1vizcemHaxoZip5gQcPdUiRxpbOVE7sBCm
QUtKV12EGm7a/KrGLYER/Fr1mIrBz8dB6T99Sw2zCQjCG++9z1tasmOrQOPFnDrn
K226z+bsH9IzCNMSu5gfqVzjGZYS9t4olQ9ZRjQ9LWlXaMHoC8D3ek/crgKWR58s
j87OcuPSsoOESsp6Jo+e/C3vfhBzdjpkPW4cru+pgLnDb1ieo5hfws/DKD4JD8NX
h/d+7iYUFhUY9gNtGE/Kr3SdtPVQbSNWqAS+x8ZwEuUX
-----END CERTIFICATE-----