Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/0f0927-c29b-4698-859e-f9c180ba4801/1/pj_r37O8ymvyjuC6uSrXOKsAL0o.roa
File:                     pj_r37O8ymvyjuC6uSrXOKsAL0o.roa (raw, json)
Hash identifier:          wt8kJLWKI7jt1DkUmOJ01bIYni4fTUbSQrDjjyaL96c=
Subject key identifier:   A6:3F:EB:DF:B3:BC:CA:6B:F2:8E:E0:BA:B9:2A:D7:38:AB:00:2F:4A
Certificate issuer:       /CN=1f810cc3fd228338d9b969725d95bb33c4e65a48
Certificate serial:       019427B6093E5D14C3DDAFCAFFCA5C8A4CB8
Authority key identifier: 1F:81:0C:C3:FD:22:83:38:D9:B9:69:72:5D:95:BB:33:C4:E6:5A:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H4EMw_0igzjZuWlyXZW7M8TmWkg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/0f0927-c29b-4698-859e-f9c180ba4801/1/pj_r37O8ymvyjuC6uSrXOKsAL0o.roa
Signing time:             Thu 02 Jan 2025 15:50:28 +0000
ROA not before:           Thu 02 Jan 2025 15:50:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60700
IP address blocks:        176.120.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/0f0927-c29b-4698-859e-f9c180ba4801/1/H4EMw_0igzjZuWlyXZW7M8TmWkg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/0f0927-c29b-4698-859e-f9c180ba4801/1/H4EMw_0igzjZuWlyXZW7M8TmWkg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H4EMw_0igzjZuWlyXZW7M8TmWkg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 21:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:09:3e:5d:14:c3:dd:af:ca:ff:ca:5c:8a:4c:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f810cc3fd228338d9b969725d95bb33c4e65a48
        Validity
            Not Before: Jan  2 15:50:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a63febdfb3bcca6bf28ee0bab92ad738ab002f4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:08:d9:a3:c1:8e:38:22:80:7a:48:de:08:10:
                    1d:f6:ad:0c:5f:a8:f3:f2:8e:e2:48:a3:9b:db:18:
                    df:37:8f:c2:d8:f1:00:07:ac:6f:01:67:21:f9:2b:
                    8b:04:b9:c3:4d:d7:f1:8c:7c:f8:4c:2f:74:a7:4d:
                    2a:26:1b:64:72:90:6e:09:4e:36:b8:ad:b1:ec:a3:
                    28:89:b7:e4:85:ac:71:39:79:66:af:88:42:36:7b:
                    05:b5:d4:44:2d:1e:f4:db:42:18:8e:ff:5f:6c:f8:
                    be:0d:45:1c:2a:78:f4:72:65:d0:65:e2:19:e2:87:
                    89:4e:43:27:94:40:e8:20:2c:dc:5d:d3:43:c2:95:
                    9c:5e:24:a7:29:4b:77:a6:30:6f:93:c9:15:f1:98:
                    92:6d:9e:64:d7:f9:2b:97:b5:d5:51:68:f5:80:d1:
                    ba:4a:33:bb:85:db:be:cd:e5:83:32:df:93:b1:c9:
                    d2:3a:9a:bb:4b:62:7a:91:11:b0:f4:44:63:c5:ee:
                    b6:2d:7a:9b:30:f6:73:b6:83:6f:0c:f5:c6:42:9e:
                    cd:5b:d3:e6:b9:01:33:e7:7c:13:42:60:cc:2c:9e:
                    59:a2:ef:c5:d2:2c:1a:5e:9b:66:83:3c:51:fb:ac:
                    ed:f6:73:15:5a:ab:a1:ad:e3:98:87:01:f5:e0:16:
                    fb:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:3F:EB:DF:B3:BC:CA:6B:F2:8E:E0:BA:B9:2A:D7:38:AB:00:2F:4A
            X509v3 Authority Key Identifier:
                keyid:1F:81:0C:C3:FD:22:83:38:D9:B9:69:72:5D:95:BB:33:C4:E6:5A:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H4EMw_0igzjZuWlyXZW7M8TmWkg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/0f0927-c29b-4698-859e-f9c180ba4801/1/pj_r37O8ymvyjuC6uSrXOKsAL0o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/0f0927-c29b-4698-859e-f9c180ba4801/1/H4EMw_0igzjZuWlyXZW7M8TmWkg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.120.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:2d:35:c9:92:d9:83:b5:d4:d5:db:40:45:97:d1:8c:6b:7c:
         38:86:cf:0d:7d:24:2c:a6:10:cb:62:0c:03:22:a4:0d:6b:14:
         6d:d4:3d:b5:78:82:c7:83:30:04:1c:85:76:93:ee:53:cb:38:
         7a:64:86:a6:77:c2:d1:66:5e:6a:61:d4:c8:db:8d:8d:6c:6d:
         87:bb:6b:a3:8c:71:86:82:a6:e6:32:e4:f9:fb:04:fd:07:08:
         23:db:40:ba:4a:2e:02:fe:a6:1d:a2:dc:9e:84:7e:54:f0:ce:
         a5:7c:ee:53:6e:9a:fc:5a:8d:6c:7d:ce:73:ff:a2:40:a0:fc:
         d9:68:9c:b0:63:b2:df:16:c2:b0:13:32:05:08:8d:83:2c:6c:
         14:b4:23:7e:b8:c8:19:4b:88:a1:ed:22:89:31:29:e2:e1:a1:
         53:23:0d:c7:27:b3:c2:78:fa:75:3d:80:05:64:fe:03:af:b7:
         c5:d3:6c:89:02:e4:c5:00:d5:ff:bb:59:34:76:b9:cc:e3:8e:
         ed:72:69:db:5a:aa:6a:fd:c6:7f:d7:8a:f3:43:55:da:5e:3a:
         10:64:d1:e5:56:4a:d8:11:25:ee:90:98:2b:09:22:61:70:eb:
         70:94:0f:db:bf:66:04:30:85:cb:89:a1:b7:fc:6d:b4:ac:3c:
         86:16:39:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntgk+XRTD3a/K/8pciky4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmODEwY2MzZmQyMjgzMzhkOWI5Njk3MjVkOTViYjMzYzRl
NjVhNDgwHhcNMjUwMTAyMTU1MDI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjNmZWJkZmIzYmNjYTZiZjI4ZWUwYmFiOTJhZDczOGFiMDAyZjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2QjZo8GOOCKAekjeCBAd9q0MX6jz
8o7iSKOb2xjfN4/C2PEAB6xvAWch+SuLBLnDTdfxjHz4TC90p00qJhtkcpBuCU42
uK2x7KMoibfkhaxxOXlmr4hCNnsFtdRELR7020IYjv9fbPi+DUUcKnj0cmXQZeIZ
4oeJTkMnlEDoICzcXdNDwpWcXiSnKUt3pjBvk8kV8ZiSbZ5k1/krl7XVUWj1gNG6
SjO7hdu+zeWDMt+TscnSOpq7S2J6kRGw9ERjxe62LXqbMPZztoNvDPXGQp7NW9Pm
uQEz53wTQmDMLJ5Zou/F0iwaXptmgzxR+6zt9nMVWquhreOYhwH14Bb7kQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKY/69+zvMpr8o7gurkq1zirAC9KMB8GA1UdIwQY
MBaAFB+BDMP9IoM42blpcl2VuzPE5lpIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDRFTXdfMGlnempadVdseVhaVzdNOFRtV2tnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS8wZjA5MjctYzI5Yi00Njk4LTg1OWUt
ZjljMTgwYmE0ODAxLzEvcGpfcjM3Tzh5bXZ5anVDNnVTclhPS3NBTDBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS8wZjA5MjctYzI5Yi00Njk4LTg1OWUtZjljMTgwYmE0ODAx
LzEvSDRFTXdfMGlnempadVdseVhaVzdNOFRtV2tnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHhrMA0G
CSqGSIb3DQEBCwUAA4IBAQAXLTXJktmDtdTV20BFl9GMa3w4hs8NfSQsphDLYgwD
IqQNaxRt1D21eILHgzAEHIV2k+5Tyzh6ZIamd8LRZl5qYdTI242NbG2Hu2ujjHGG
gqbmMuT5+wT9Bwgj20C6Si4C/qYdotyehH5U8M6lfO5Tbpr8Wo1sfc5z/6JAoPzZ
aJywY7LfFsKwEzIFCI2DLGwUtCN+uMgZS4ih7SKJMSni4aFTIw3HJ7PCePp1PYAF
ZP4Dr7fF02yJAuTFANX/u1k0drnM447tcmnbWqpq/cZ/14rzQ1XaXjoQZNHlVkrY
ESXukJgrCSJhcOtwlA/bv2YEMIXLiaG3/G20rDyGFjmU
-----END CERTIFICATE-----