Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/9SJ3_ZhW6GT4r4w3W6Yc8PtcH8M.roa
File:                     9SJ3_ZhW6GT4r4w3W6Yc8PtcH8M.roa (raw, json)
Hash identifier:          ayCCnNZ/3XdRWaduFCsJ5i4Cm3PKcViG4czN04yer6M=
Subject key identifier:   F5:22:77:FD:98:56:E8:64:F8:AF:8C:37:5B:A6:1C:F0:FB:5C:1F:C3
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       0194266C8BAE4FA24D86C3919E196B3F0DE5
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/9SJ3_ZhW6GT4r4w3W6Yc8PtcH8M.roa
Signing time:             Thu 02 Jan 2025 09:50:35 +0000
ROA not before:           Thu 02 Jan 2025 09:50:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207548
IP address blocks:        109.108.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 20:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:8b:ae:4f:a2:4d:86:c3:91:9e:19:6b:3f:0d:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Jan  2 09:50:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f52277fd9856e864f8af8c375ba61cf0fb5c1fc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:37:ff:05:4b:01:6c:0e:0f:6b:86:b9:0e:26:
                    b8:80:31:e2:48:c9:64:9d:49:15:f9:30:f9:08:99:
                    d5:03:ed:29:eb:cb:86:6a:49:d6:0f:d7:81:c7:2f:
                    85:45:8b:0b:a0:7b:ad:ff:00:25:fe:63:82:cc:1a:
                    94:8b:dd:51:23:4b:be:89:4c:8e:22:b5:90:8f:2e:
                    48:d7:6b:47:13:17:38:a1:c9:2d:78:22:c0:a1:54:
                    b1:b7:b5:27:c7:e5:98:72:e7:6f:4d:05:cc:53:6e:
                    1d:bb:81:ae:e9:79:c1:22:03:1d:2f:c6:c8:60:cb:
                    3b:14:96:52:3f:5d:41:24:6a:6f:96:05:8d:57:a2:
                    06:54:44:59:86:df:cc:37:af:5c:a7:72:41:ae:10:
                    26:8b:e2:99:36:e5:e2:74:69:c4:21:30:1f:ba:2d:
                    b7:47:bc:f1:bf:1f:f7:e7:99:35:9d:6b:5d:04:3a:
                    db:a0:72:08:23:b2:01:7d:61:a9:bb:71:e9:2f:37:
                    16:a5:72:e5:c5:25:ae:13:9b:be:ac:e4:64:f4:40:
                    09:f7:ff:22:c3:04:67:58:01:b0:8f:de:0b:aa:05:
                    ed:a0:c5:5e:54:21:54:db:d1:96:cd:ca:fc:b3:2d:
                    9d:d1:67:d0:19:c9:36:4c:a6:22:79:8d:a4:9f:24:
                    b9:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:22:77:FD:98:56:E8:64:F8:AF:8C:37:5B:A6:1C:F0:FB:5C:1F:C3
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/9SJ3_ZhW6GT4r4w3W6Yc8PtcH8M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.108.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:67:04:a7:f3:0f:38:e5:aa:ab:aa:28:55:71:9e:28:47:bd:
         37:6f:9f:7e:1c:d9:09:26:a2:cd:ef:d6:2c:e6:4d:78:17:7c:
         64:8b:48:ff:94:68:f3:5a:17:6e:8f:29:a4:b8:17:2a:eb:36:
         7e:09:9a:c1:44:40:33:31:7e:d9:46:3b:7c:fc:9b:f0:2d:28:
         47:1c:8b:b4:ca:f0:52:08:d5:f4:5e:c1:ff:e8:c5:e9:63:5b:
         2d:a7:60:79:2c:a9:1e:43:77:9d:16:17:56:bb:f0:a2:c6:17:
         dd:f4:13:42:d2:19:34:62:a9:18:37:c8:2f:a2:14:6a:24:d4:
         a6:6a:38:17:26:46:65:ca:77:36:fc:ff:20:d5:2d:bc:c9:31:
         14:91:4a:0c:c1:bc:b6:f8:dd:ef:53:9e:8c:f2:b9:1e:a6:7e:
         a9:50:e6:46:4a:ec:1d:2c:89:68:17:5b:fe:d5:9a:e4:99:59:
         db:fb:01:5a:58:d1:e4:84:32:b5:36:d4:8f:0b:1c:b5:32:bb:
         2b:80:e3:35:c3:7e:66:72:18:2a:cc:f0:c8:77:61:1b:25:87:
         2e:01:61:54:3f:03:b8:4a:89:64:16:24:34:1e:94:ed:dd:bc:
         a2:95:e2:cc:d4:f8:a3:9e:64:8a:65:51:fb:91:ee:56:7b:c7:
         a4:a5:dd:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbIuuT6JNhsORnhlrPw3lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjUwMTAyMDk1MDM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTIyNzdmZDk4NTZlODY0ZjhhZjhjMzc1YmE2MWNmMGZiNWMxZmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjjf/BUsBbA4Pa4a5Dia4gDHiSMlk
nUkV+TD5CJnVA+0p68uGaknWD9eBxy+FRYsLoHut/wAl/mOCzBqUi91RI0u+iUyO
IrWQjy5I12tHExc4ockteCLAoVSxt7Unx+WYcudvTQXMU24du4Gu6XnBIgMdL8bI
YMs7FJZSP11BJGpvlgWNV6IGVERZht/MN69cp3JBrhAmi+KZNuXidGnEITAfui23
R7zxvx/355k1nWtdBDrboHIII7IBfWGpu3HpLzcWpXLlxSWuE5u+rORk9EAJ9/8i
wwRnWAGwj94LqgXtoMVeVCFU29GWzcr8sy2d0WfQGck2TKYieY2knyS59QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPUid/2YVuhk+K+MN1umHPD7XB/DMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvOVNKM19aaFc2R1Q0cjR3M1c2WWM4UHRjSDhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbWwoMA0G
CSqGSIb3DQEBCwUAA4IBAQACZwSn8w845aqrqihVcZ4oR703b59+HNkJJqLN79Ys
5k14F3xki0j/lGjzWhdujymkuBcq6zZ+CZrBREAzMX7ZRjt8/JvwLShHHIu0yvBS
CNX0XsH/6MXpY1stp2B5LKkeQ3edFhdWu/Cixhfd9BNC0hk0YqkYN8gvohRqJNSm
ajgXJkZlync2/P8g1S28yTEUkUoMwby2+N3vU56M8rkepn6pUOZGSuwdLIloF1v+
1ZrkmVnb+wFaWNHkhDK1NtSPCxy1MrsrgOM1w35mchgqzPDId2EbJYcuAWFUPwO4
SolkFiQ0HpTt3byileLM1PijnmSKZVH7ke5We8ekpd3L
-----END CERTIFICATE-----