Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/c55fdf-a68a-4aa0-b8c5-7f2333604997/1/09s7ZwJwpj5rvThPKXL3hP5XaxI.roa
File:                     09s7ZwJwpj5rvThPKXL3hP5XaxI.roa (raw, json)
Hash identifier:          lKDt+IHzhSA3jfZezco0bUwDn1E85xnTnc5GRe4DmHM=
Subject key identifier:   D3:DB:3B:67:02:70:A6:3E:6B:BD:38:4F:29:72:F7:84:FE:57:6B:12
Certificate issuer:       /CN=33c342c06aacc359d39439ff58defa8ea1875748
Certificate serial:       018CC500BCD50CE55B95A39BD266CB303FF6
Authority key identifier: 33:C3:42:C0:6A:AC:C3:59:D3:94:39:FF:58:DE:FA:8E:A1:87:57:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M8NCwGqsw1nTlDn_WN76jqGHV0g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/c55fdf-a68a-4aa0-b8c5-7f2333604997/1/09s7ZwJwpj5rvThPKXL3hP5XaxI.roa
Signing time:             Mon 01 Jan 2024 12:30:09 +0000
ROA not before:           Mon 01 Jan 2024 12:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198974
IP address blocks:        109.236.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/c55fdf-a68a-4aa0-b8c5-7f2333604997/1/M8NCwGqsw1nTlDn_WN76jqGHV0g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/c55fdf-a68a-4aa0-b8c5-7f2333604997/1/M8NCwGqsw1nTlDn_WN76jqGHV0g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M8NCwGqsw1nTlDn_WN76jqGHV0g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:bc:d5:0c:e5:5b:95:a3:9b:d2:66:cb:30:3f:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33c342c06aacc359d39439ff58defa8ea1875748
        Validity
            Not Before: Jan  1 12:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3db3b670270a63e6bbd384f2972f784fe576b12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:55:e6:b8:aa:89:04:27:a0:94:f0:56:23:7f:
                    ef:75:f4:2f:33:ab:60:26:6f:cf:cd:9a:b7:79:30:
                    57:2c:bf:67:9e:73:fb:cf:87:33:3d:0e:4f:60:e2:
                    32:2a:2e:a8:9b:16:48:26:1d:9a:51:01:2a:28:96:
                    76:ab:ce:32:62:1b:1d:53:68:58:a6:50:3b:6c:0a:
                    a2:1d:5f:1a:1d:dd:61:1b:9f:ac:6d:52:12:0f:0f:
                    85:87:86:a3:64:2e:a6:25:95:a5:27:9a:19:71:01:
                    b0:bf:f6:b0:56:a1:7b:26:f4:de:27:dd:06:a5:20:
                    6d:e3:52:db:e2:45:3c:cb:19:f3:96:de:5b:20:1f:
                    9a:93:99:9e:76:1c:99:07:b2:a5:a1:55:23:c9:80:
                    9c:9f:73:b3:99:b6:00:d7:44:24:a8:30:1a:fd:aa:
                    c7:fe:4a:cd:68:c9:7d:80:7c:fb:53:fc:06:e7:70:
                    6c:ee:5e:88:c5:b9:8a:5f:52:5f:0e:83:29:3f:3a:
                    4b:fa:f1:0f:d1:33:f3:68:4b:b2:9b:9c:47:08:c5:
                    16:e3:8d:40:bd:c6:62:75:46:82:86:89:cd:67:ed:
                    10:d7:7f:b4:93:fb:ad:99:46:ec:44:b8:b1:1d:f2:
                    3a:6c:d9:0c:34:71:a0:f8:95:3c:ec:45:7c:b3:8f:
                    de:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:DB:3B:67:02:70:A6:3E:6B:BD:38:4F:29:72:F7:84:FE:57:6B:12
            X509v3 Authority Key Identifier:
                keyid:33:C3:42:C0:6A:AC:C3:59:D3:94:39:FF:58:DE:FA:8E:A1:87:57:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M8NCwGqsw1nTlDn_WN76jqGHV0g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/c55fdf-a68a-4aa0-b8c5-7f2333604997/1/09s7ZwJwpj5rvThPKXL3hP5XaxI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/c55fdf-a68a-4aa0-b8c5-7f2333604997/1/M8NCwGqsw1nTlDn_WN76jqGHV0g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.236.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cf:60:db:5a:2c:b5:81:84:e4:e2:55:ba:34:44:54:5e:b0:42:
         88:49:3b:c3:14:14:c9:03:4e:03:d8:0c:fa:f1:7c:3d:5a:2e:
         35:3d:d9:ab:6b:f9:6f:0e:01:e0:94:0e:1c:26:ba:ed:23:a7:
         95:4d:dd:35:c7:d2:ee:80:b1:56:c4:79:4a:7a:0a:77:a8:d7:
         52:93:7a:6a:d6:c0:83:9e:0c:9d:b8:3e:15:48:47:4c:58:ab:
         7b:c1:d2:aa:d4:89:72:c8:86:1b:70:fc:50:dd:bd:2a:17:9c:
         29:36:60:66:79:b7:0d:b6:69:c3:57:4b:ad:56:e6:b2:6b:60:
         d4:90:86:f7:e4:74:f4:b4:06:da:66:8b:96:7c:fb:95:b2:7b:
         b8:61:cf:41:4c:4a:e5:77:02:81:5d:e6:9a:0e:e0:42:ca:ce:
         10:87:e5:94:dc:64:98:97:69:37:46:59:83:ac:28:85:fa:f0:
         be:21:77:ff:24:5b:29:eb:2e:c9:6e:85:b3:84:74:0b:15:0c:
         2a:e8:9d:7c:7f:1d:0f:3a:32:ed:07:3c:af:34:fa:e6:15:8f:
         ca:34:12:6d:d9:d3:1e:48:f3:03:6e:bd:84:02:65:74:86:0c:
         c5:b3:56:ba:f0:7b:4a:7d:ad:8b:3b:7b:87:0d:7d:25:1a:62:
         0f:02:b1:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFALzVDOVblaOb0mbLMD/2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzYzM0MmMwNmFhY2MzNTlkMzk0MzlmZjU4ZGVmYThlYTE4
NzU3NDgwHhcNMjQwMTAxMTIzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2RiM2I2NzAyNzBhNjNlNmJiZDM4NGYyOTcyZjc4NGZlNTc2YjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhFXmuKqJBCeglPBWI3/vdfQvM6tg
Jm/PzZq3eTBXLL9nnnP7z4czPQ5PYOIyKi6omxZIJh2aUQEqKJZ2q84yYhsdU2hY
plA7bAqiHV8aHd1hG5+sbVISDw+Fh4ajZC6mJZWlJ5oZcQGwv/awVqF7JvTeJ90G
pSBt41Lb4kU8yxnzlt5bIB+ak5medhyZB7KloVUjyYCcn3OzmbYA10QkqDAa/arH
/krNaMl9gHz7U/wG53Bs7l6IxbmKX1JfDoMpPzpL+vEP0TPzaEuym5xHCMUW441A
vcZidUaChonNZ+0Q13+0k/utmUbsRLixHfI6bNkMNHGg+JU87EV8s4/ejwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNPbO2cCcKY+a704Tyly94T+V2sSMB8GA1UdIwQY
MBaAFDPDQsBqrMNZ05Q5/1je+o6hh1dIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTThOQ3dHcXN3MW5UbERuX1dONzZqcUdIVjBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9jNTVmZGYtYTY4YS00YWEwLWI4YzUt
N2YyMzMzNjA0OTk3LzEvMDlzN1p3SndwajVydlRoUEtYTDNoUDVYYXhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9jNTVmZGYtYTY4YS00YWEwLWI4YzUtN2YyMzMzNjA0OTk3
LzEvTThOQ3dHcXN3MW5UbERuX1dONzZqcUdIVjBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbez1MA0G
CSqGSIb3DQEBCwUAA4IBAQDPYNtaLLWBhOTiVbo0RFResEKISTvDFBTJA04D2Az6
8Xw9Wi41Pdmra/lvDgHglA4cJrrtI6eVTd01x9LugLFWxHlKegp3qNdSk3pq1sCD
ngyduD4VSEdMWKt7wdKq1IlyyIYbcPxQ3b0qF5wpNmBmebcNtmnDV0utVuaya2DU
kIb35HT0tAbaZouWfPuVsnu4Yc9BTErldwKBXeaaDuBCys4Qh+WU3GSYl2k3RlmD
rCiF+vC+IXf/JFsp6y7JboWzhHQLFQwq6J18fx0POjLtBzyvNPrmFY/KNBJt2dMe
SPMDbr2EAmV0hgzFs1a68HtKfa2LO3uHDX0lGmIPArHp
-----END CERTIFICATE-----