Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/4cb687-87fd-4af0-a36b-607272d737cb/1/xoUCqTRZNhZqRein_zyWrsRqWHE.roa
File:                     xoUCqTRZNhZqRein_zyWrsRqWHE.roa (raw, json)
Hash identifier:          RLpFV8Zr/LMkBTaTFkn9DJ4T8W/7rBHfgGYXEZc7IFc=
Subject key identifier:   C6:85:02:A9:34:59:36:16:6A:45:E8:A7:FF:3C:96:AE:C4:6A:58:71
Certificate issuer:       /CN=97242dba26ed882b380dabebab3c5f3942006ecc
Certificate serial:       018CC8DE3E21B2002544382E930DB62C218B
Authority key identifier: 97:24:2D:BA:26:ED:88:2B:38:0D:AB:EB:AB:3C:5F:39:42:00:6E:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lyQtuibtiCs4DavrqzxfOUIAbsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/4cb687-87fd-4af0-a36b-607272d737cb/1/xoUCqTRZNhZqRein_zyWrsRqWHE.roa
Signing time:             Tue 02 Jan 2024 06:30:57 +0000
ROA not before:           Tue 02 Jan 2024 06:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        109.68.248.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/4cb687-87fd-4af0-a36b-607272d737cb/1/lyQtuibtiCs4DavrqzxfOUIAbsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/4cb687-87fd-4af0-a36b-607272d737cb/1/lyQtuibtiCs4DavrqzxfOUIAbsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lyQtuibtiCs4DavrqzxfOUIAbsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:3e:21:b2:00:25:44:38:2e:93:0d:b6:2c:21:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97242dba26ed882b380dabebab3c5f3942006ecc
        Validity
            Not Before: Jan  2 06:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c68502a9345936166a45e8a7ff3c96aec46a5871
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c8:18:30:92:7f:00:92:5d:c0:e1:9a:09:bb:
                    4e:97:47:e4:bc:69:cc:e8:b5:1b:74:7e:71:7b:72:
                    ed:75:c6:3c:44:2a:28:93:e2:8c:23:15:5a:fa:5b:
                    e4:9e:bc:5d:26:76:63:73:0d:74:72:56:06:48:39:
                    fd:9c:48:34:ff:ff:9f:80:14:90:6b:7e:70:c1:33:
                    cb:b3:88:13:fd:cc:b0:a2:db:39:be:d4:b9:11:ee:
                    2e:88:b6:96:59:24:5b:46:5e:f6:b5:13:9a:96:20:
                    97:44:87:0c:b1:e7:90:a1:cd:0b:d7:cb:a4:64:0f:
                    84:72:a7:73:61:90:25:5a:26:c7:e9:f8:60:25:8a:
                    84:31:24:d4:2a:0c:11:14:80:c3:4b:bf:92:50:2c:
                    fe:a9:d1:50:ff:26:b6:f9:8a:a6:cc:5a:fd:22:b2:
                    ae:90:a8:b8:82:b8:01:fe:db:5c:61:89:6b:61:38:
                    20:63:04:e1:72:1d:fb:54:b1:97:33:53:da:e3:6f:
                    9d:49:5d:20:e0:a5:15:f0:a2:31:c1:c4:fa:83:02:
                    39:b9:6b:04:51:6f:fd:b2:5e:71:63:29:b0:65:11:
                    aa:f7:91:a5:f7:59:a9:32:de:22:e0:9c:b8:9d:d4:
                    66:ef:ff:66:6f:40:cb:b8:93:75:82:1e:6d:28:ca:
                    f7:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:85:02:A9:34:59:36:16:6A:45:E8:A7:FF:3C:96:AE:C4:6A:58:71
            X509v3 Authority Key Identifier:
                keyid:97:24:2D:BA:26:ED:88:2B:38:0D:AB:EB:AB:3C:5F:39:42:00:6E:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lyQtuibtiCs4DavrqzxfOUIAbsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/4cb687-87fd-4af0-a36b-607272d737cb/1/xoUCqTRZNhZqRein_zyWrsRqWHE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/4cb687-87fd-4af0-a36b-607272d737cb/1/lyQtuibtiCs4DavrqzxfOUIAbsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.68.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c6:77:9f:53:d9:f0:4e:7b:d8:5c:02:f8:c6:2d:95:ec:db:fe:
         06:9d:2d:3b:3a:be:cc:a1:2a:16:49:74:22:df:4e:5d:9b:6d:
         ae:39:65:51:c3:40:e5:40:6f:29:7c:23:a5:17:e2:b0:a3:98:
         73:d5:90:e8:b1:fd:66:4b:74:50:1b:1f:70:3b:aa:43:66:c4:
         49:1f:f4:b9:77:a0:2a:95:c9:57:f2:f1:a4:3e:5c:2a:f7:3b:
         ec:9f:62:90:1f:0e:b5:ea:db:c7:14:aa:a1:cd:28:df:45:fe:
         33:dc:f7:28:53:47:78:71:e9:d2:ab:cc:ef:bc:12:0f:0f:12:
         8b:b8:06:ff:51:0e:48:b8:b4:c4:28:fa:9a:b3:b0:aa:9c:4d:
         f3:a6:89:8d:55:cd:e6:9c:71:43:83:b8:c6:3d:28:e7:cc:1f:
         18:0d:c4:ac:b2:40:28:93:85:91:44:2c:dc:34:f7:75:31:22:
         de:29:3a:b6:f5:9d:f5:32:49:d3:56:3f:50:29:4a:d8:90:c7:
         97:ca:36:b5:2c:00:11:7e:6c:1e:91:7b:b9:fe:dd:ef:3d:15:
         70:16:28:1d:09:fe:f9:19:03:04:a5:96:bf:76:48:fa:05:30:
         1c:bc:9d:43:5a:51:9c:37:7f:f8:33:55:e7:01:7a:30:c9:ab:
         41:c5:48:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3j4hsgAlRDgukw22LCGLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3MjQyZGJhMjZlZDg4MmIzODBkYWJlYmFiM2M1ZjM5NDIw
MDZlY2MwHhcNMjQwMTAyMDYzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjg1MDJhOTM0NTkzNjE2NmE0NWU4YTdmZjNjOTZhZWM0NmE1ODcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqcgYMJJ/AJJdwOGaCbtOl0fkvGnM
6LUbdH5xe3LtdcY8RCook+KMIxVa+lvknrxdJnZjcw10clYGSDn9nEg0//+fgBSQ
a35wwTPLs4gT/cywots5vtS5Ee4uiLaWWSRbRl72tROaliCXRIcMseeQoc0L18uk
ZA+EcqdzYZAlWibH6fhgJYqEMSTUKgwRFIDDS7+SUCz+qdFQ/ya2+YqmzFr9IrKu
kKi4grgB/ttcYYlrYTggYwThch37VLGXM1Pa42+dSV0g4KUV8KIxwcT6gwI5uWsE
UW/9sl5xYymwZRGq95Gl91mpMt4i4Jy4ndRm7/9mb0DLuJN1gh5tKMr39wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMaFAqk0WTYWakXop/88lq7EalhxMB8GA1UdIwQY
MBaAFJckLbom7YgrOA2r66s8XzlCAG7MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHlRdHVpYnRpQ3M0RGF2cnF6eGZPVUlBYnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy80Y2I2ODctODdmZC00YWYwLWEzNmIt
NjA3MjcyZDczN2NiLzEveG9VQ3FUUlpOaFpxUmVpbl96eVdyc1JxV0hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy80Y2I2ODctODdmZC00YWYwLWEzNmItNjA3MjcyZDczN2Ni
LzEvbHlRdHVpYnRpQ3M0RGF2cnF6eGZPVUlBYnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbUT4MA0G
CSqGSIb3DQEBCwUAA4IBAQDGd59T2fBOe9hcAvjGLZXs2/4GnS07Or7MoSoWSXQi
305dm22uOWVRw0DlQG8pfCOlF+Kwo5hz1ZDosf1mS3RQGx9wO6pDZsRJH/S5d6Aq
lclX8vGkPlwq9zvsn2KQHw616tvHFKqhzSjfRf4z3PcoU0d4cenSq8zvvBIPDxKL
uAb/UQ5IuLTEKPqas7CqnE3zpomNVc3mnHFDg7jGPSjnzB8YDcSsskAok4WRRCzc
NPd1MSLeKTq29Z31MknTVj9QKUrYkMeXyja1LAARfmwekXu5/t3vPRVwFigdCf75
GQMEpZa/dkj6BTAcvJ1DWlGcN3/4M1XnAXowyatBxUgC
-----END CERTIFICATE-----