Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/ec85f5-7f65-49f2-98b9-cf0907133241/1/ssPqQnAvYvovvcck-_F-8gPwawg.roa
File:                     ssPqQnAvYvovvcck-_F-8gPwawg.roa (raw, json)
Hash identifier:          8N01R6wqxjFiH/XnChJPBaqAeA2RonHHHbx/WT7hEoI=
Subject key identifier:   B2:C3:EA:42:70:2F:62:FA:2F:BD:C7:24:FB:F1:7E:F2:03:F0:6B:08
Certificate issuer:       /CN=2d18d87e8b9fe974bedf097f88948398861ac47e
Certificate serial:       018CCF6FED849DE8E19F025BE09975DFF259
Authority key identifier: 2D:18:D8:7E:8B:9F:E9:74:BE:DF:09:7F:88:94:83:98:86:1A:C4:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LRjYfouf6XS-3wl_iJSDmIYaxH4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/ec85f5-7f65-49f2-98b9-cf0907133241/1/ssPqQnAvYvovvcck-_F-8gPwawg.roa
Signing time:             Wed 03 Jan 2024 13:07:48 +0000
ROA not before:           Wed 03 Jan 2024 13:07:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200724
IP address blocks:        109.121.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/ec85f5-7f65-49f2-98b9-cf0907133241/1/LRjYfouf6XS-3wl_iJSDmIYaxH4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/ec85f5-7f65-49f2-98b9-cf0907133241/1/LRjYfouf6XS-3wl_iJSDmIYaxH4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LRjYfouf6XS-3wl_iJSDmIYaxH4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:cf:6f:ed:84:9d:e8:e1:9f:02:5b:e0:99:75:df:f2:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d18d87e8b9fe974bedf097f88948398861ac47e
        Validity
            Not Before: Jan  3 13:07:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b2c3ea42702f62fa2fbdc724fbf17ef203f06b08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:e4:e0:80:85:5e:c6:5f:d2:df:0d:dd:0c:21:
                    34:27:7e:d2:e0:01:c3:49:57:e9:9f:58:24:54:61:
                    ea:6f:ef:42:fe:30:5c:7d:13:36:13:0f:64:19:15:
                    2d:04:ef:41:3b:0e:a8:a3:c6:3c:ef:d3:e2:48:6f:
                    bd:15:c9:6a:33:3f:b4:04:25:09:78:97:db:c7:fb:
                    b6:9a:e4:67:bd:4e:ba:dd:c0:1e:f0:77:da:98:05:
                    fd:56:c8:54:34:78:6b:19:4c:7c:25:07:4b:1b:3b:
                    aa:28:43:a1:55:ba:64:40:80:c4:72:51:3e:5a:14:
                    ce:64:5d:17:33:69:38:5e:d1:37:56:99:9b:1d:9d:
                    2a:88:85:9f:e6:0a:0e:4e:41:b1:f3:b1:e4:45:86:
                    1a:2d:04:d8:3b:d2:6d:66:d7:04:73:b0:3f:42:07:
                    48:df:c8:e6:2f:cb:b4:e7:12:24:97:45:d7:68:70:
                    41:0e:87:14:0c:8f:77:eb:ae:9c:ca:d9:b5:ca:1f:
                    43:00:52:2b:eb:6d:fb:83:16:07:bb:10:11:70:88:
                    f1:ca:da:85:24:3c:d3:75:3a:8a:4f:c3:27:05:37:
                    48:65:e7:2a:9c:f4:3e:e4:83:c5:32:ff:5a:d2:84:
                    b8:d4:70:66:e7:cd:2c:87:f3:1e:78:92:78:3c:3e:
                    80:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:C3:EA:42:70:2F:62:FA:2F:BD:C7:24:FB:F1:7E:F2:03:F0:6B:08
            X509v3 Authority Key Identifier:
                keyid:2D:18:D8:7E:8B:9F:E9:74:BE:DF:09:7F:88:94:83:98:86:1A:C4:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LRjYfouf6XS-3wl_iJSDmIYaxH4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/ec85f5-7f65-49f2-98b9-cf0907133241/1/ssPqQnAvYvovvcck-_F-8gPwawg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/ec85f5-7f65-49f2-98b9-cf0907133241/1/LRjYfouf6XS-3wl_iJSDmIYaxH4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.121.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:54:9c:54:4f:dc:ef:d2:98:70:3c:bf:98:e0:68:8b:23:c8:
         eb:ae:68:7a:4a:06:27:b0:0e:26:ba:0b:18:5b:86:04:f7:2b:
         6d:88:6a:9e:4d:74:4b:64:33:0f:7d:45:7e:e1:68:5f:5a:80:
         38:57:32:68:35:e0:1c:04:9e:40:40:41:e2:11:14:c7:f6:a1:
         f2:42:bb:13:5e:9f:8f:c3:d5:06:3d:ad:2e:bb:4f:b8:6b:ff:
         ce:c7:42:a7:73:13:e8:90:00:6a:56:d1:48:f5:4b:d0:11:50:
         90:54:bf:c5:67:78:b3:ab:87:9d:75:07:ab:43:b8:87:28:7a:
         ee:22:0f:a1:63:5a:2e:8b:58:fb:93:58:18:26:63:28:92:e7:
         8a:53:6c:98:fa:25:5e:ca:d2:24:ca:62:65:fe:09:3c:2d:a1:
         a0:65:49:e9:59:5d:6b:63:be:32:21:90:85:28:30:e4:8c:01:
         c9:f8:5c:88:59:b3:5d:48:6f:8c:3b:3a:36:f0:aa:44:3a:e1:
         07:64:7f:35:21:82:61:d0:e2:7c:ef:5b:18:d9:a4:24:04:78:
         3b:d5:10:69:ff:1d:16:60:4b:5b:12:4e:e9:13:26:f0:47:f0:
         13:a8:2b:43:a3:d9:b2:03:fd:f2:b3:e5:93:f7:f8:a7:61:af:
         7b:c1:77:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzPb+2EnejhnwJb4Jl13/JZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMThkODdlOGI5ZmU5NzRiZWRmMDk3Zjg4OTQ4Mzk4ODYx
YWM0N2UwHhcNMjQwMTAzMTMwNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmMzZWE0MjcwMmY2MmZhMmZiZGM3MjRmYmYxN2VmMjAzZjA2YjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAleTggIVexl/S3w3dDCE0J37S4AHD
SVfpn1gkVGHqb+9C/jBcfRM2Ew9kGRUtBO9BOw6oo8Y879PiSG+9FclqMz+0BCUJ
eJfbx/u2muRnvU663cAe8HfamAX9VshUNHhrGUx8JQdLGzuqKEOhVbpkQIDEclE+
WhTOZF0XM2k4XtE3VpmbHZ0qiIWf5goOTkGx87HkRYYaLQTYO9JtZtcEc7A/QgdI
38jmL8u05xIkl0XXaHBBDocUDI93666cytm1yh9DAFIr6237gxYHuxARcIjxytqF
JDzTdTqKT8MnBTdIZecqnPQ+5IPFMv9a0oS41HBm580sh/MeeJJ4PD6AXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLLD6kJwL2L6L73HJPvxfvID8GsIMB8GA1UdIwQY
MBaAFC0Y2H6Ln+l0vt8Jf4iUg5iGGsR+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFJqWWZvdWY2WFMtM3dsX2lKU0RtSVlheEg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9lYzg1ZjUtN2Y2NS00OWYyLTk4Yjkt
Y2YwOTA3MTMzMjQxLzEvc3NQcVFuQXZZdm92dmNjay1fRi04Z1B3YXdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9lYzg1ZjUtN2Y2NS00OWYyLTk4YjktY2YwOTA3MTMzMjQx
LzEvTFJqWWZvdWY2WFMtM3dsX2lKU0RtSVlheEg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXl/MA0G
CSqGSIb3DQEBCwUAA4IBAQBSVJxUT9zv0phwPL+Y4GiLI8jrrmh6SgYnsA4mugsY
W4YE9yttiGqeTXRLZDMPfUV+4WhfWoA4VzJoNeAcBJ5AQEHiERTH9qHyQrsTXp+P
w9UGPa0uu0+4a//Ox0KncxPokABqVtFI9UvQEVCQVL/FZ3izq4eddQerQ7iHKHru
Ig+hY1oui1j7k1gYJmMokueKU2yY+iVeytIkymJl/gk8LaGgZUnpWV1rY74yIZCF
KDDkjAHJ+FyIWbNdSG+MOzo28KpEOuEHZH81IYJh0OJ871sY2aQkBHg71RBp/x0W
YEtbEk7pEybwR/ATqCtDo9myA/3ys+WT9/inYa97wXf1
-----END CERTIFICATE-----