Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/4b544e-6535-4af8-bbdb-58d2ee982879/1/XVhTCzbVuyZv1pRWZ6knSHc8Y2o.roa
File:                     XVhTCzbVuyZv1pRWZ6knSHc8Y2o.roa (raw, json)
Hash identifier:          Xl7iWjENIYr9umPtNnMSeB7YWYoSDRk/+GxnMXY+clg=
Subject key identifier:   5D:58:53:0B:36:D5:BB:26:6F:D6:94:56:67:A9:27:48:77:3C:63:6A
Certificate issuer:       /CN=d826ca5d53c1b5308e2c9c791c630a0f22337943
Certificate serial:       019425FDB12DF4F80420BB67FE4440920E68
Authority key identifier: D8:26:CA:5D:53:C1:B5:30:8E:2C:9C:79:1C:63:0A:0F:22:33:79:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2CbKXVPBtTCOLJx5HGMKDyIzeUM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/4b544e-6535-4af8-bbdb-58d2ee982879/1/XVhTCzbVuyZv1pRWZ6knSHc8Y2o.roa
Signing time:             Thu 02 Jan 2025 07:49:30 +0000
ROA not before:           Thu 02 Jan 2025 07:49:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        109.68.67.0/24 maxlen: 24
                          109.68.70.0/24 maxlen: 24
                          109.68.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/4b544e-6535-4af8-bbdb-58d2ee982879/1/2CbKXVPBtTCOLJx5HGMKDyIzeUM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/4b544e-6535-4af8-bbdb-58d2ee982879/1/2CbKXVPBtTCOLJx5HGMKDyIzeUM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2CbKXVPBtTCOLJx5HGMKDyIzeUM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:b1:2d:f4:f8:04:20:bb:67:fe:44:40:92:0e:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d826ca5d53c1b5308e2c9c791c630a0f22337943
        Validity
            Not Before: Jan  2 07:49:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5d58530b36d5bb266fd6945667a92748773c636a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:21:b0:ef:52:c7:4f:c8:bc:20:1a:f3:25:42:
                    7a:aa:f8:10:d1:90:59:1b:c5:db:2f:44:51:71:69:
                    a7:f9:eb:85:01:cf:52:92:84:58:9b:7e:d0:84:61:
                    f3:38:fc:a3:af:e0:e2:06:43:f8:c0:a1:4b:73:f4:
                    36:36:0f:90:48:38:eb:07:a4:86:19:d5:0e:8a:ad:
                    03:6c:91:af:05:a7:83:2d:b0:ca:81:dc:04:a8:77:
                    23:f1:c0:a6:ed:a7:15:c3:04:fe:ad:ff:eb:60:50:
                    de:b0:75:0f:b1:5f:8f:91:c7:4f:b8:b9:0c:60:ee:
                    94:2e:9e:fb:4e:23:be:c8:80:c6:4c:af:e5:9b:c7:
                    33:5a:2e:db:ed:de:1a:c2:5c:61:9e:81:26:39:04:
                    9f:f1:18:15:4f:ba:c7:7e:1d:9d:7a:84:7a:73:30:
                    b0:14:31:67:5b:c8:1c:1d:7b:79:fd:56:49:2f:97:
                    38:8e:df:23:9a:21:d2:9a:23:e3:c6:80:99:c7:53:
                    14:70:bd:1e:53:4b:e5:6f:47:25:02:80:1e:1b:a0:
                    dd:3d:92:2b:b3:fa:44:83:ae:fc:51:f4:14:21:d3:
                    3f:7b:54:54:14:83:dd:f3:2e:62:b9:b0:9e:b7:00:
                    ba:8f:c3:3f:47:a0:f5:26:2c:92:fe:cf:89:41:fe:
                    e5:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:58:53:0B:36:D5:BB:26:6F:D6:94:56:67:A9:27:48:77:3C:63:6A
            X509v3 Authority Key Identifier:
                keyid:D8:26:CA:5D:53:C1:B5:30:8E:2C:9C:79:1C:63:0A:0F:22:33:79:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2CbKXVPBtTCOLJx5HGMKDyIzeUM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/4b544e-6535-4af8-bbdb-58d2ee982879/1/XVhTCzbVuyZv1pRWZ6knSHc8Y2o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/4b544e-6535-4af8-bbdb-58d2ee982879/1/2CbKXVPBtTCOLJx5HGMKDyIzeUM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.68.67.0/24
                  109.68.70.0/23

    Signature Algorithm: sha256WithRSAEncryption
         43:8b:0d:cb:58:3b:a5:63:17:e9:10:f0:14:ca:09:02:fc:9b:
         61:d7:9c:a7:d3:c1:31:67:71:9b:9b:52:0c:d3:34:b1:da:df:
         41:c3:9c:f3:55:70:d4:17:da:cd:1f:f0:b1:34:f9:62:11:2a:
         7b:fc:3c:f0:c9:c2:d3:40:c6:ab:24:37:97:b3:d0:56:83:82:
         67:95:77:b5:87:c1:07:34:65:02:88:9d:19:f5:bf:ae:60:ad:
         4c:99:43:ce:02:d5:4c:1d:2f:0a:98:f4:ef:20:93:72:a0:47:
         25:a3:73:e3:0c:19:71:90:85:66:c8:dc:dd:e5:8c:4a:b3:6e:
         8b:0c:31:88:b9:ea:c4:56:ab:0d:2e:25:83:b7:93:e8:8e:2c:
         12:b0:f0:c7:d1:e1:de:55:07:8d:a3:8d:f4:8d:35:1d:59:11:
         1e:15:90:3b:1e:ee:80:3e:8e:dc:47:67:01:a9:6e:8b:74:1a:
         a8:83:58:13:a1:b5:a7:fd:c7:b8:cf:2f:bb:cb:f1:7f:fb:d0:
         7e:65:44:09:67:1f:0e:bf:6b:45:09:a5:4d:33:0a:55:e7:98:
         76:14:d6:cb:42:bc:04:03:db:38:f2:56:ba:6c:69:fb:49:ca:
         7a:e7:7f:7e:3d:d2:52:5a:0c:b9:b7:79:c1:a6:26:83:66:dc:
         0d:6a:26:85
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQl/bEt9PgEILtn/kRAkg5oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4MjZjYTVkNTNjMWI1MzA4ZTJjOWM3OTFjNjMwYTBmMjIz
Mzc5NDMwHhcNMjUwMTAyMDc0OTMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDU4NTMwYjM2ZDViYjI2NmZkNjk0NTY2N2E5Mjc0ODc3M2M2MzZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1CGw71LHT8i8IBrzJUJ6qvgQ0ZBZ
G8XbL0RRcWmn+euFAc9SkoRYm37QhGHzOPyjr+DiBkP4wKFLc/Q2Ng+QSDjrB6SG
GdUOiq0DbJGvBaeDLbDKgdwEqHcj8cCm7acVwwT+rf/rYFDesHUPsV+PkcdPuLkM
YO6ULp77TiO+yIDGTK/lm8czWi7b7d4awlxhnoEmOQSf8RgVT7rHfh2deoR6czCw
FDFnW8gcHXt5/VZJL5c4jt8jmiHSmiPjxoCZx1MUcL0eU0vlb0clAoAeG6DdPZIr
s/pEg678UfQUIdM/e1RUFIPd8y5iubCetwC6j8M/R6D1JiyS/s+JQf7l1wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF1YUws21bsmb9aUVmepJ0h3PGNqMB8GA1UdIwQY
MBaAFNgmyl1TwbUwjiyceRxjCg8iM3lDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkNiS1hWUEJ0VENPTEp4NUhHTUtEeUl6ZVVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS80YjU0NGUtNjUzNS00YWY4LWJiZGIt
NThkMmVlOTgyODc5LzEvWFZoVEN6YlZ1eVp2MXBSV1o2a25TSGM4WTJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS80YjU0NGUtNjUzNS00YWY4LWJiZGItNThkMmVlOTgyODc5
LzEvMkNiS1hWUEJ0VENPTEp4NUhHTUtEeUl6ZVVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbURDAwQB
bURGMA0GCSqGSIb3DQEBCwUAA4IBAQBDiw3LWDulYxfpEPAUygkC/Jth15yn08Ex
Z3Gbm1IM0zSx2t9Bw5zzVXDUF9rNH/CxNPliESp7/DzwycLTQMarJDeXs9BWg4Jn
lXe1h8EHNGUCiJ0Z9b+uYK1MmUPOAtVMHS8KmPTvIJNyoEclo3PjDBlxkIVmyNzd
5YxKs26LDDGIuerEVqsNLiWDt5PojiwSsPDH0eHeVQeNo430jTUdWREeFZA7Hu6A
Po7cR2cBqW6LdBqog1gTobWn/ce4zy+7y/F/+9B+ZUQJZx8Ov2tFCaVNMwpV55h2
FNbLQrwEA9s48la6bGn7Scp6539+PdJSWgy5t3nBpiaDZtwNaiaF
-----END CERTIFICATE-----