Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/vSFUAztM4xg8pnCN2uvJ0r0ZpOY.roa
File:                     vSFUAztM4xg8pnCN2uvJ0r0ZpOY.roa (raw, json)
Hash identifier:          lfAk2RkoT9Z6h0Jxb78c4RLN4P2hpHz0D8+Q/p7nmkA=
Subject key identifier:   BD:21:54:03:3B:4C:E3:18:3C:A6:70:8D:DA:EB:C9:D2:BD:19:A4:E6
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       019420D5D8D5E56DFA400A492FC3DEB46E45
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/vSFUAztM4xg8pnCN2uvJ0r0ZpOY.roa
Signing time:             Wed 01 Jan 2025 07:47:53 +0000
ROA not before:           Wed 01 Jan 2025 07:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19318
IP address blocks:        109.205.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:d8:d5:e5:6d:fa:40:0a:49:2f:c3:de:b4:6e:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Jan  1 07:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bd2154033b4ce3183ca6708ddaebc9d2bd19a4e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:9a:a5:50:16:d7:cd:0e:33:7c:9d:53:bb:51:
                    5e:1f:2c:e7:99:dc:5f:64:21:26:7f:b0:b8:49:a6:
                    b5:1d:e0:d0:c3:4c:a4:93:fb:15:fe:1a:18:00:70:
                    5e:60:ed:a4:0d:54:ae:72:0c:16:65:90:87:5d:ad:
                    e5:78:60:d5:4b:ae:cd:1c:f0:20:65:ea:7d:76:09:
                    ac:ec:df:47:0a:39:b2:15:3e:68:68:a6:05:9a:96:
                    1e:c4:ad:9b:4f:81:81:00:3e:1c:52:98:a4:23:f8:
                    20:30:e1:c5:7c:69:1c:28:1e:88:16:76:fb:c6:6f:
                    29:3b:0b:cc:ef:e9:ac:55:d4:c8:27:f4:6f:b5:99:
                    cd:2e:ba:b2:f0:16:49:93:0a:fd:15:e3:9d:78:0c:
                    8b:43:97:f4:5c:bb:1f:87:b4:95:ec:35:d1:07:ed:
                    6e:1c:d2:3f:8b:c1:37:a1:9b:cd:c8:93:7e:0e:80:
                    ba:7c:c4:a2:72:95:36:bc:f5:a2:82:37:7c:88:8d:
                    40:af:0d:a3:c8:f4:6c:55:08:63:41:a1:2c:0d:a4:
                    da:81:b8:b2:8c:10:28:55:a1:c7:af:26:a5:55:ea:
                    ff:f0:54:84:4c:16:3a:14:ae:2d:8c:76:8f:b2:20:
                    e7:bc:c9:dd:f9:47:2b:94:f0:79:03:7d:78:7c:09:
                    04:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:21:54:03:3B:4C:E3:18:3C:A6:70:8D:DA:EB:C9:D2:BD:19:A4:E6
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/vSFUAztM4xg8pnCN2uvJ0r0ZpOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.205.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         db:8c:3a:c5:50:0a:7c:c3:e1:0c:0d:b3:11:95:3f:8d:4b:3d:
         3f:5b:93:b2:dc:2f:0b:f3:3c:79:f9:c7:54:0f:d0:84:ef:bc:
         83:18:c7:31:06:fc:ff:84:51:50:5b:78:9a:5b:63:96:85:61:
         ee:dd:dc:95:ed:bb:18:05:d3:2f:f7:d7:71:c2:dd:ee:1d:23:
         3d:d5:3d:22:3c:7c:23:bd:23:bb:b3:e6:45:b5:ee:73:8c:65:
         52:0c:05:e3:31:22:c9:e1:53:a9:80:fa:11:12:54:bd:5a:ad:
         d1:a7:4c:b0:74:d1:6e:c9:c0:50:01:7a:11:87:43:bb:4c:3c:
         4c:a0:f8:57:57:f0:42:56:cd:40:a0:02:6f:29:2a:c8:d6:e2:
         28:90:16:39:b2:32:b6:eb:74:ae:03:34:86:43:35:d2:a9:22:
         aa:58:5d:75:be:19:5c:da:16:f2:f7:ec:01:d3:ec:ec:a6:d7:
         05:08:eb:92:6b:90:fe:dc:6e:72:97:5a:51:56:34:80:fa:f9:
         15:e8:7c:90:80:08:46:ba:89:79:88:2c:de:0d:98:87:d6:f0:
         7d:53:81:1a:6d:5f:e9:4b:01:c4:21:45:db:51:cf:0d:8c:c3:
         a7:81:c2:12:68:3b:5c:d5:94:b1:fd:5c:5a:1c:70:49:b9:2d:
         8b:be:7a:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1djV5W36QApJL8PetG5FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjUwMTAxMDc0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDIxNTQwMzNiNGNlMzE4M2NhNjcwOGRkYWViYzlkMmJkMTlhNGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm5qlUBbXzQ4zfJ1Tu1FeHyznmdxf
ZCEmf7C4Saa1HeDQw0ykk/sV/hoYAHBeYO2kDVSucgwWZZCHXa3leGDVS67NHPAg
Zep9dgms7N9HCjmyFT5oaKYFmpYexK2bT4GBAD4cUpikI/ggMOHFfGkcKB6IFnb7
xm8pOwvM7+msVdTIJ/RvtZnNLrqy8BZJkwr9FeOdeAyLQ5f0XLsfh7SV7DXRB+1u
HNI/i8E3oZvNyJN+DoC6fMSicpU2vPWigjd8iI1Arw2jyPRsVQhjQaEsDaTagbiy
jBAoVaHHryalVer/8FSETBY6FK4tjHaPsiDnvMnd+UcrlPB5A314fAkE4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL0hVAM7TOMYPKZwjdrrydK9GaTmMB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvdlNGVUF6dE00eGc4cG5DTjJ1dkowcjBacE9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbc3VMA0G
CSqGSIb3DQEBCwUAA4IBAQDbjDrFUAp8w+EMDbMRlT+NSz0/W5Oy3C8L8zx5+cdU
D9CE77yDGMcxBvz/hFFQW3iaW2OWhWHu3dyV7bsYBdMv99dxwt3uHSM91T0iPHwj
vSO7s+ZFte5zjGVSDAXjMSLJ4VOpgPoRElS9Wq3Rp0ywdNFuycBQAXoRh0O7TDxM
oPhXV/BCVs1AoAJvKSrI1uIokBY5sjK263SuAzSGQzXSqSKqWF11vhlc2hby9+wB
0+zsptcFCOuSa5D+3G5yl1pRVjSA+vkV6HyQgAhGuol5iCzeDZiH1vB9U4EabV/p
SwHEIUXbUc8NjMOngcISaDtc1ZSx/VxaHHBJuS2Lvnrg
-----END CERTIFICATE-----