Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/4X9OOZldc0fX97ZLZ6dWObvK0Kg.roa
File:                     4X9OOZldc0fX97ZLZ6dWObvK0Kg.roa (raw, json)
Hash identifier:          x/ozK5i7M+5xK74PPVGdQPhZbLhoNhN6wLvo9WrZV4U=
Subject key identifier:   E1:7F:4E:39:99:5D:73:47:D7:F7:B6:4B:67:A7:56:39:BB:CA:D0:A8
Certificate issuer:       /CN=722a8c1d311895016108ffbd14575c77cc28773a
Certificate serial:       018CC56EF6401FCCABE01078EEDD2B2EE007
Authority key identifier: 72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/4X9OOZldc0fX97ZLZ6dWObvK0Kg.roa
Signing time:             Mon 01 Jan 2024 14:30:32 +0000
ROA not before:           Mon 01 Jan 2024 14:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204210
IP address blocks:        109.160.11.0/24 maxlen: 24
                          109.160.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Apr 2024 23:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:f6:40:1f:cc:ab:e0:10:78:ee:dd:2b:2e:e0:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=722a8c1d311895016108ffbd14575c77cc28773a
        Validity
            Not Before: Jan  1 14:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e17f4e39995d7347d7f7b64b67a75639bbcad0a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:de:b4:98:ae:55:0d:02:85:03:b2:ba:12:33:
                    21:43:8f:bf:15:3b:00:e0:6b:30:9a:6d:83:cd:06:
                    19:66:2a:6f:db:4b:c1:96:b5:69:a7:4d:45:0a:b3:
                    aa:ac:55:dd:17:47:68:6a:dc:c6:af:42:23:e3:36:
                    a7:aa:ed:a7:89:27:2e:3a:a4:d5:ba:b1:bd:d8:5f:
                    89:7b:44:ab:b5:26:f1:60:9f:f9:69:1b:20:51:f1:
                    f6:cd:3c:5e:15:1c:60:6f:ed:82:81:b7:3c:c2:81:
                    02:56:ee:d7:7d:22:d3:1b:fd:d5:99:b3:f4:43:6d:
                    54:25:2c:fe:2a:3d:28:f9:c8:b0:04:c2:c6:8e:10:
                    64:f5:a5:88:b6:46:e5:46:a5:1f:54:d2:c6:bb:58:
                    5c:99:2a:22:20:a0:05:f4:94:9c:4c:1d:81:56:12:
                    0a:25:98:76:40:b6:70:5e:54:04:7a:32:dc:47:d1:
                    a4:28:9a:a2:6a:4a:ee:be:a9:66:8a:09:f9:0a:c5:
                    ab:33:45:a3:d0:38:ee:63:49:f2:b3:11:35:b1:cf:
                    a4:50:c5:72:4e:e5:d5:3d:11:e4:88:8f:a4:b3:d0:
                    77:e4:78:27:42:65:82:2c:6c:c3:28:d6:65:6d:dc:
                    6d:74:bc:dd:b5:82:d4:45:4f:3a:db:c6:a0:e8:43:
                    08:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:7F:4E:39:99:5D:73:47:D7:F7:B6:4B:67:A7:56:39:BB:CA:D0:A8
            X509v3 Authority Key Identifier:
                keyid:72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/4X9OOZldc0fX97ZLZ6dWObvK0Kg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.160.11.0-109.160.12.255

    Signature Algorithm: sha256WithRSAEncryption
         a1:f2:58:43:3f:d5:b7:3d:b5:6f:1e:a9:30:6c:e3:69:bc:9a:
         0b:ad:60:9e:93:c6:e4:50:9a:93:2d:ab:72:fe:78:b5:6b:58:
         2b:2c:81:c5:98:09:db:c3:45:21:9f:db:be:92:62:f2:39:8a:
         12:df:e7:02:5e:4d:50:b6:57:40:f4:36:e0:4b:36:8e:4e:46:
         5f:36:fb:96:f3:c3:a7:ac:e0:e5:98:f2:e0:71:38:b6:73:aa:
         93:c7:2e:53:98:af:c0:ba:1b:63:f5:bf:84:d4:47:20:09:69:
         5e:e2:ce:34:09:de:da:03:a9:45:f8:e3:21:ea:bd:58:44:19:
         83:fd:ae:bf:de:0e:44:b5:6b:5e:99:25:41:74:b7:c8:69:d2:
         b9:cd:df:b9:ad:02:b5:35:1f:ab:45:88:60:d3:a5:46:40:a2:
         22:9d:13:fd:c6:30:34:f2:44:a5:86:4c:97:d8:a8:1a:a9:81:
         02:c0:97:09:82:57:5a:b9:a3:af:ec:95:c6:23:a0:7f:68:75:
         94:5f:ef:7b:89:f6:83:70:59:23:aa:bb:9e:90:9d:f3:e3:50:
         7d:30:cf:b6:d9:42:91:b3:b2:5d:3a:36:7f:d0:36:47:41:cb:
         ef:fa:e7:53:bd:5c:7e:c8:bd:15:4d:89:48:17:ae:c2:9f:b2:
         c4:fe:e3:83
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzFbvZAH8yr4BB47t0rLuAHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMmE4YzFkMzExODk1MDE2MTA4ZmZiZDE0NTc1Yzc3Y2My
ODc3M2EwHhcNMjQwMTAxMTQzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTdmNGUzOTk5NWQ3MzQ3ZDdmN2I2NGI2N2E3NTYzOWJiY2FkMGE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArt60mK5VDQKFA7K6EjMhQ4+/FTsA
4Gswmm2DzQYZZipv20vBlrVpp01FCrOqrFXdF0doatzGr0Ij4zanqu2niScuOqTV
urG92F+Je0SrtSbxYJ/5aRsgUfH2zTxeFRxgb+2Cgbc8woECVu7XfSLTG/3VmbP0
Q21UJSz+Kj0o+ciwBMLGjhBk9aWItkblRqUfVNLGu1hcmSoiIKAF9JScTB2BVhIK
JZh2QLZwXlQEejLcR9GkKJqiakruvqlmign5CsWrM0Wj0DjuY0nysxE1sc+kUMVy
TuXVPRHkiI+ks9B35HgnQmWCLGzDKNZlbdxtdLzdtYLURU8628ag6EMItQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFOF/TjmZXXNH1/e2S2enVjm7ytCoMB8GA1UdIwQY
MBaAFHIqjB0xGJUBYQj/vRRXXHfMKHc6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYt
YTU1OGVlNjU0MzFmLzEvNFg5T09abGRjMGZYOTdaTFo2ZFdPYnZLMEtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYtYTU1OGVlNjU0MzFm
LzEvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABtoAsD
BABtoAwwDQYJKoZIhvcNAQELBQADggEBAKHyWEM/1bc9tW8eqTBs42m8mgutYJ6T
xuRQmpMtq3L+eLVrWCssgcWYCdvDRSGf276SYvI5ihLf5wJeTVC2V0D0NuBLNo5O
Rl82+5bzw6es4OWY8uBxOLZzqpPHLlOYr8C6G2P1v4TURyAJaV7izjQJ3toDqUX4
4yHqvVhEGYP9rr/eDkS1a16ZJUF0t8hp0rnN37mtArU1H6tFiGDTpUZAoiKdE/3G
MDTyRKWGTJfYqBqpgQLAlwmCV1q5o6/slcYjoH9odZRf73uJ9oNwWSOqu56QnfPj
UH0wz7bZQpGzsl06Nn/QNkdBy+/651O9XH7IvRVNiUgXrsKfssT+44M=
-----END CERTIFICATE-----