Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/4cb687-87fd-4af0-a36b-607272d737cb/1/AtGQauV6CTkT87C33OkUgR29-80.roa
File:                     AtGQauV6CTkT87C33OkUgR29-80.roa (raw, json)
Hash identifier:          mQ7oZ8ZiEhjB96qN0IVYJ0rpwHs7PyG1QGiWWyYsjPY=
Subject key identifier:   02:D1:90:6A:E5:7A:09:39:13:F3:B0:B7:DC:E9:14:81:1D:BD:FB:CD
Certificate issuer:       /CN=97242dba26ed882b380dabebab3c5f3942006ecc
Certificate serial:       018CC8DE3EEB9EE07A226C3AFBE4FEBC76E7
Authority key identifier: 97:24:2D:BA:26:ED:88:2B:38:0D:AB:EB:AB:3C:5F:39:42:00:6E:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lyQtuibtiCs4DavrqzxfOUIAbsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/4cb687-87fd-4af0-a36b-607272d737cb/1/AtGQauV6CTkT87C33OkUgR29-80.roa
Signing time:             Tue 02 Jan 2024 06:30:57 +0000
ROA not before:           Tue 02 Jan 2024 06:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        109.68.248.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/4cb687-87fd-4af0-a36b-607272d737cb/1/lyQtuibtiCs4DavrqzxfOUIAbsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/4cb687-87fd-4af0-a36b-607272d737cb/1/lyQtuibtiCs4DavrqzxfOUIAbsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lyQtuibtiCs4DavrqzxfOUIAbsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:3e:eb:9e:e0:7a:22:6c:3a:fb:e4:fe:bc:76:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97242dba26ed882b380dabebab3c5f3942006ecc
        Validity
            Not Before: Jan  2 06:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=02d1906ae57a093913f3b0b7dce914811dbdfbcd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:c9:57:51:ea:81:33:e3:e1:88:b7:0f:04:8c:
                    7e:60:65:8e:da:db:5d:57:6a:97:01:7c:04:12:b0:
                    66:d6:d7:1a:35:ce:ac:44:6e:4b:2f:ab:11:6f:ce:
                    e5:70:da:f6:0a:0f:4c:bb:73:ee:96:c3:af:2d:79:
                    76:c8:e7:cb:56:68:c0:8d:13:99:08:8d:1f:17:f2:
                    33:1e:c5:51:b5:10:13:a5:1b:e2:99:ef:8c:7d:3f:
                    47:2a:67:a0:4d:0e:b9:ac:2b:60:7b:ea:69:17:eb:
                    e2:17:14:ed:d9:b3:6e:79:99:07:ed:10:2f:a5:c3:
                    32:12:fd:de:72:5a:0f:6a:49:31:a9:59:42:d5:e5:
                    c1:4d:f2:17:46:14:06:c5:6a:2e:52:99:9b:32:2c:
                    5f:b3:f7:db:f6:2c:32:19:6d:49:c6:0e:6a:58:8c:
                    67:90:9a:4b:0e:3c:aa:3e:b9:75:eb:d2:47:a3:91:
                    22:10:a8:94:61:2c:bb:37:3b:5d:5b:8d:97:b8:01:
                    1c:e6:66:68:cc:8a:06:46:ed:47:4d:ef:9a:24:93:
                    89:7a:46:42:59:03:11:6a:c4:a3:4c:62:c5:f8:ee:
                    93:35:e2:30:06:d6:55:15:4f:73:85:c1:a2:32:fb:
                    cf:91:21:e7:76:89:14:a8:cf:b2:44:83:a3:37:10:
                    da:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:D1:90:6A:E5:7A:09:39:13:F3:B0:B7:DC:E9:14:81:1D:BD:FB:CD
            X509v3 Authority Key Identifier:
                keyid:97:24:2D:BA:26:ED:88:2B:38:0D:AB:EB:AB:3C:5F:39:42:00:6E:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lyQtuibtiCs4DavrqzxfOUIAbsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/4cb687-87fd-4af0-a36b-607272d737cb/1/AtGQauV6CTkT87C33OkUgR29-80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/4cb687-87fd-4af0-a36b-607272d737cb/1/lyQtuibtiCs4DavrqzxfOUIAbsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.68.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         dc:27:0f:fa:fa:2c:6d:42:7b:31:8a:81:c7:90:d7:4b:c2:51:
         e6:c7:1c:bc:56:87:96:f8:55:a6:f4:24:33:7b:ef:a8:3d:67:
         37:a9:39:e2:47:e1:0f:7a:9a:88:99:99:4f:3f:dc:ae:69:a8:
         aa:07:37:4a:6d:90:19:d7:dd:43:95:55:df:7d:1e:74:f2:c2:
         db:4a:b5:34:28:6f:98:f6:ca:2e:e6:90:05:e5:52:d9:3e:ed:
         12:34:04:fa:fc:b1:73:96:d8:ee:02:ce:d4:16:79:f4:e2:b5:
         b8:9f:76:9b:96:73:9e:12:a0:d5:1b:11:f9:e7:7a:9e:83:7d:
         9e:80:d9:71:d6:8d:6e:30:76:cf:33:fc:28:f5:3b:5a:a9:89:
         ea:9a:6f:0b:50:6e:fb:d5:e6:e2:c0:1e:00:89:95:40:8c:10:
         3d:b0:d7:9a:16:73:ea:21:36:4b:1c:42:79:7c:6a:7c:88:46:
         48:b2:69:b1:5a:74:b6:aa:92:a6:61:a9:20:25:ad:07:45:44:
         c2:72:a9:39:d6:d9:2d:7e:81:f9:97:c5:20:80:9a:42:b6:f3:
         8a:d5:17:70:88:0e:db:bd:5e:15:81:fb:05:9e:9d:e0:24:08:
         e6:e7:79:a0:17:52:06:f1:d6:41:af:ff:1f:e6:73:3f:d3:d3:
         12:8b:da:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3j7rnuB6Imw6++T+vHbnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3MjQyZGJhMjZlZDg4MmIzODBkYWJlYmFiM2M1ZjM5NDIw
MDZlY2MwHhcNMjQwMTAyMDYzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmQxOTA2YWU1N2EwOTM5MTNmM2IwYjdkY2U5MTQ4MTFkYmRmYmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxslXUeqBM+PhiLcPBIx+YGWO2ttd
V2qXAXwEErBm1tcaNc6sRG5LL6sRb87lcNr2Cg9Mu3PulsOvLXl2yOfLVmjAjROZ
CI0fF/IzHsVRtRATpRvime+MfT9HKmegTQ65rCtge+ppF+viFxTt2bNueZkH7RAv
pcMyEv3ecloPakkxqVlC1eXBTfIXRhQGxWouUpmbMixfs/fb9iwyGW1Jxg5qWIxn
kJpLDjyqPrl169JHo5EiEKiUYSy7NztdW42XuAEc5mZozIoGRu1HTe+aJJOJekZC
WQMRasSjTGLF+O6TNeIwBtZVFU9zhcGiMvvPkSHndokUqM+yRIOjNxDajwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFALRkGrlegk5E/Owt9zpFIEdvfvNMB8GA1UdIwQY
MBaAFJckLbom7YgrOA2r66s8XzlCAG7MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHlRdHVpYnRpQ3M0RGF2cnF6eGZPVUlBYnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy80Y2I2ODctODdmZC00YWYwLWEzNmIt
NjA3MjcyZDczN2NiLzEvQXRHUWF1VjZDVGtUODdDMzNPa1VnUjI5LTgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy80Y2I2ODctODdmZC00YWYwLWEzNmItNjA3MjcyZDczN2Ni
LzEvbHlRdHVpYnRpQ3M0RGF2cnF6eGZPVUlBYnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbUT4MA0G
CSqGSIb3DQEBCwUAA4IBAQDcJw/6+ixtQnsxioHHkNdLwlHmxxy8VoeW+FWm9CQz
e++oPWc3qTniR+EPepqImZlPP9yuaaiqBzdKbZAZ191DlVXffR508sLbSrU0KG+Y
9sou5pAF5VLZPu0SNAT6/LFzltjuAs7UFnn04rW4n3ablnOeEqDVGxH553qeg32e
gNlx1o1uMHbPM/wo9TtaqYnqmm8LUG771ebiwB4AiZVAjBA9sNeaFnPqITZLHEJ5
fGp8iEZIsmmxWnS2qpKmYakgJa0HRUTCcqk51tktfoH5l8UggJpCtvOK1RdwiA7b
vV4VgfsFnp3gJAjm53mgF1IG8dZBr/8f5nM/09MSi9pd
-----END CERTIFICATE-----