Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/4b544e-6535-4af8-bbdb-58d2ee982879/1/hS929ZDwuMsbhpE6h3U4g6gKZkE.roa
File:                     hS929ZDwuMsbhpE6h3U4g6gKZkE.roa (raw, json)
Hash identifier:          7y/8Ih+3xInTrTz1I+tlN4m/Ioy0rdgzmyDs7Npo8yo=
Subject key identifier:   85:2F:76:F5:90:F0:B8:CB:1B:86:91:3A:87:75:38:83:A8:0A:66:41
Certificate issuer:       /CN=d826ca5d53c1b5308e2c9c791c630a0f22337943
Certificate serial:       018CC3B695FAAE28B6951B074865C93D2693
Authority key identifier: D8:26:CA:5D:53:C1:B5:30:8E:2C:9C:79:1C:63:0A:0F:22:33:79:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2CbKXVPBtTCOLJx5HGMKDyIzeUM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/4b544e-6535-4af8-bbdb-58d2ee982879/1/hS929ZDwuMsbhpE6h3U4g6gKZkE.roa
Signing time:             Mon 01 Jan 2024 06:29:32 +0000
ROA not before:           Mon 01 Jan 2024 06:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        109.68.71.0/24 maxlen: 24
                          109.68.67.0/24 maxlen: 24
                          109.68.70.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/4b544e-6535-4af8-bbdb-58d2ee982879/1/2CbKXVPBtTCOLJx5HGMKDyIzeUM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/4b544e-6535-4af8-bbdb-58d2ee982879/1/2CbKXVPBtTCOLJx5HGMKDyIzeUM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2CbKXVPBtTCOLJx5HGMKDyIzeUM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:95:fa:ae:28:b6:95:1b:07:48:65:c9:3d:26:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d826ca5d53c1b5308e2c9c791c630a0f22337943
        Validity
            Not Before: Jan  1 06:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=852f76f590f0b8cb1b86913a87753883a80a6641
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:8a:b9:8f:f8:0c:bb:21:84:8a:88:64:2f:1b:
                    c1:22:38:b1:cf:19:21:15:94:02:d3:e2:3e:69:b2:
                    2c:a2:85:d0:9b:34:11:41:c0:52:96:6a:43:f7:f0:
                    c7:42:a6:a4:83:5e:e2:ae:8e:6e:ca:8e:1b:38:a4:
                    90:67:38:55:b3:da:9b:84:2d:5d:06:85:24:91:d2:
                    4e:e3:67:b9:e8:10:1a:6f:03:8c:1b:b0:e9:c5:14:
                    02:46:df:a5:09:3b:35:d3:09:ee:54:c9:09:0b:15:
                    6b:e6:32:97:6d:ee:11:61:25:a1:fc:48:82:80:e0:
                    b2:dd:f8:09:00:dc:84:e5:73:12:10:6c:2c:12:a2:
                    b1:00:5e:99:ec:70:db:b9:bd:57:d8:4d:fa:2b:6b:
                    d1:04:94:4e:e9:22:a0:89:fc:4c:07:66:2a:83:b4:
                    d4:ba:91:b3:d2:b8:e3:b0:c3:32:b4:3b:d5:0d:cb:
                    be:7b:9b:71:0e:89:d4:95:50:8b:a4:d6:c0:a4:5c:
                    a8:1e:d6:16:64:4a:97:95:6b:db:cc:4c:c5:0a:e3:
                    e1:9c:40:70:cc:17:db:9a:8a:23:54:94:6a:a7:5f:
                    83:84:9f:e1:04:19:b6:7d:29:fc:79:b1:cd:27:fb:
                    57:23:48:0b:fc:34:c9:35:ee:af:23:5e:ec:47:f0:
                    74:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:2F:76:F5:90:F0:B8:CB:1B:86:91:3A:87:75:38:83:A8:0A:66:41
            X509v3 Authority Key Identifier:
                keyid:D8:26:CA:5D:53:C1:B5:30:8E:2C:9C:79:1C:63:0A:0F:22:33:79:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2CbKXVPBtTCOLJx5HGMKDyIzeUM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/4b544e-6535-4af8-bbdb-58d2ee982879/1/hS929ZDwuMsbhpE6h3U4g6gKZkE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/4b544e-6535-4af8-bbdb-58d2ee982879/1/2CbKXVPBtTCOLJx5HGMKDyIzeUM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.68.67.0/24
                  109.68.70.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5c:93:73:1f:4e:d4:97:32:99:a7:fa:fa:93:a5:19:cc:04:d4:
         ef:39:b3:ac:e4:95:34:47:4b:6b:c5:e6:92:ce:c2:56:0f:da:
         9c:14:5b:82:b5:0c:1e:29:1a:db:00:c0:03:71:b2:b1:68:af:
         12:0f:d3:be:2f:a0:7a:70:d9:05:bc:1f:e0:ee:07:c4:22:e0:
         63:ae:b4:df:9b:be:10:bf:d6:85:44:d9:fd:21:a5:64:80:5c:
         f6:30:22:6e:e8:49:1d:86:ce:4d:ec:85:a9:4f:f1:62:5c:8e:
         2a:e2:cd:85:1d:c8:c5:52:82:b1:d2:58:3a:af:af:33:af:f5:
         ed:2e:6a:1e:6a:de:0e:a5:12:1e:31:13:36:85:5e:10:3c:79:
         92:90:e9:fe:37:8e:a1:e6:e8:c9:c1:1a:16:9b:0b:3b:81:02:
         1c:71:9a:5a:ac:f7:85:9b:2d:2c:66:b5:d4:7b:27:ca:f9:b5:
         69:6a:03:0e:70:b8:60:88:e1:48:0c:27:3a:98:65:0c:e0:7d:
         90:01:6e:94:2d:05:5e:28:54:e1:d8:a8:ef:01:a2:a3:bc:6c:
         6e:45:aa:ab:76:9e:d0:2a:e7:59:da:1b:5a:b3:6e:5a:9a:d9:
         2b:3c:63:fb:47:3e:a3:0a:ea:48:bb:4f:98:23:7b:c7:33:bd:
         77:75:d4:c1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtpX6rii2lRsHSGXJPSaTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4MjZjYTVkNTNjMWI1MzA4ZTJjOWM3OTFjNjMwYTBmMjIz
Mzc5NDMwHhcNMjQwMTAxMDYyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTJmNzZmNTkwZjBiOGNiMWI4NjkxM2E4Nzc1Mzg4M2E4MGE2NjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgoq5j/gMuyGEiohkLxvBIjixzxkh
FZQC0+I+abIsooXQmzQRQcBSlmpD9/DHQqakg17iro5uyo4bOKSQZzhVs9qbhC1d
BoUkkdJO42e56BAabwOMG7DpxRQCRt+lCTs10wnuVMkJCxVr5jKXbe4RYSWh/EiC
gOCy3fgJANyE5XMSEGwsEqKxAF6Z7HDbub1X2E36K2vRBJRO6SKgifxMB2Yqg7TU
upGz0rjjsMMytDvVDcu+e5txDonUlVCLpNbApFyoHtYWZEqXlWvbzEzFCuPhnEBw
zBfbmoojVJRqp1+DhJ/hBBm2fSn8ebHNJ/tXI0gL/DTJNe6vI17sR/B0KwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIUvdvWQ8LjLG4aROod1OIOoCmZBMB8GA1UdIwQY
MBaAFNgmyl1TwbUwjiyceRxjCg8iM3lDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkNiS1hWUEJ0VENPTEp4NUhHTUtEeUl6ZVVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS80YjU0NGUtNjUzNS00YWY4LWJiZGIt
NThkMmVlOTgyODc5LzEvaFM5MjlaRHd1TXNiaHBFNmgzVTRnNmdLWmtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS80YjU0NGUtNjUzNS00YWY4LWJiZGItNThkMmVlOTgyODc5
LzEvMkNiS1hWUEJ0VENPTEp4NUhHTUtEeUl6ZVVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbURDAwQB
bURGMA0GCSqGSIb3DQEBCwUAA4IBAQBck3MfTtSXMpmn+vqTpRnMBNTvObOs5JU0
R0trxeaSzsJWD9qcFFuCtQweKRrbAMADcbKxaK8SD9O+L6B6cNkFvB/g7gfEIuBj
rrTfm74Qv9aFRNn9IaVkgFz2MCJu6Ekdhs5N7IWpT/FiXI4q4s2FHcjFUoKx0lg6
r68zr/XtLmoeat4OpRIeMRM2hV4QPHmSkOn+N46h5ujJwRoWmws7gQIccZparPeF
my0sZrXUeyfK+bVpagMOcLhgiOFIDCc6mGUM4H2QAW6ULQVeKFTh2KjvAaKjvGxu
Raqrdp7QKudZ2htas25amtkrPGP7Rz6jCupIu0+YI3vHM713ddTB
-----END CERTIFICATE-----