Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/4b544e-6535-4af8-bbdb-58d2ee982879/1/zRIOfX819hVR6kwU2VEs6o7IjrU.roa
File:                     zRIOfX819hVR6kwU2VEs6o7IjrU.roa (raw, json)
Hash identifier:          4JPdhes33Cvcse41/gIkHjJ97yYm0IocMZexm9Nl9fI=
Subject key identifier:   CD:12:0E:7D:7F:35:F6:15:51:EA:4C:14:D9:51:2C:EA:8E:C8:8E:B5
Certificate issuer:       /CN=d826ca5d53c1b5308e2c9c791c630a0f22337943
Certificate serial:       018CC3B696252FD602D28C1EE9B8A8525399
Authority key identifier: D8:26:CA:5D:53:C1:B5:30:8E:2C:9C:79:1C:63:0A:0F:22:33:79:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2CbKXVPBtTCOLJx5HGMKDyIzeUM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/4b544e-6535-4af8-bbdb-58d2ee982879/1/zRIOfX819hVR6kwU2VEs6o7IjrU.roa
Signing time:             Mon 01 Jan 2024 06:29:32 +0000
ROA not before:           Mon 01 Jan 2024 06:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25577
IP address blocks:        109.68.64.0/23 maxlen: 23
                          109.68.68.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/4b544e-6535-4af8-bbdb-58d2ee982879/1/2CbKXVPBtTCOLJx5HGMKDyIzeUM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/4b544e-6535-4af8-bbdb-58d2ee982879/1/2CbKXVPBtTCOLJx5HGMKDyIzeUM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2CbKXVPBtTCOLJx5HGMKDyIzeUM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:96:25:2f:d6:02:d2:8c:1e:e9:b8:a8:52:53:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d826ca5d53c1b5308e2c9c791c630a0f22337943
        Validity
            Not Before: Jan  1 06:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd120e7d7f35f61551ea4c14d9512cea8ec88eb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:94:5e:3f:81:02:c0:22:80:c1:73:02:49:69:
                    8d:4b:4c:20:a3:87:1c:83:c8:0d:33:de:9c:40:8f:
                    c9:50:a7:01:ef:b7:ae:03:cb:d6:5b:98:e6:ef:fd:
                    dd:de:8f:44:6d:70:45:c4:81:e4:19:8c:9a:29:ea:
                    dd:15:85:73:16:03:db:6c:7e:6b:44:22:f8:2e:4e:
                    44:23:ab:5a:32:81:dd:fc:05:77:0f:6d:c6:a2:18:
                    01:fd:00:44:fb:d3:ec:fb:fa:16:ba:29:98:bc:eb:
                    63:1a:3e:2c:cd:c2:8a:e5:81:2e:c2:8e:e1:56:9e:
                    ba:b8:f6:e5:39:f5:ea:36:b5:c0:d3:4b:14:a0:9f:
                    2d:a3:81:2e:e3:5c:8b:8c:26:94:5d:e8:2a:5e:41:
                    c5:cb:b7:22:d8:1e:f0:16:4b:0a:6d:54:47:e3:d5:
                    5d:fc:78:6f:6c:70:a5:bb:60:3c:3c:ba:e1:5f:2b:
                    c9:c0:b5:84:05:8f:bf:fa:71:c1:42:01:d1:7b:09:
                    1b:9d:f8:e1:66:0e:34:06:bf:6b:f0:e6:be:55:d6:
                    b6:ba:6e:01:ab:92:7f:11:0d:57:40:95:96:a7:00:
                    6c:31:6d:08:07:a4:2a:8d:e5:69:ce:ba:64:9b:9e:
                    af:0f:7f:d3:7c:65:0b:72:69:10:ef:03:d6:91:a0:
                    2b:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:12:0E:7D:7F:35:F6:15:51:EA:4C:14:D9:51:2C:EA:8E:C8:8E:B5
            X509v3 Authority Key Identifier:
                keyid:D8:26:CA:5D:53:C1:B5:30:8E:2C:9C:79:1C:63:0A:0F:22:33:79:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2CbKXVPBtTCOLJx5HGMKDyIzeUM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/4b544e-6535-4af8-bbdb-58d2ee982879/1/zRIOfX819hVR6kwU2VEs6o7IjrU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/4b544e-6535-4af8-bbdb-58d2ee982879/1/2CbKXVPBtTCOLJx5HGMKDyIzeUM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.68.64.0/23
                  109.68.68.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0f:fa:7f:03:db:ea:e5:e8:78:c7:1b:fc:5a:f6:ef:c6:ae:3e:
         03:ba:cf:c8:f4:6d:6a:cc:e6:20:ca:a5:b0:61:d6:86:3f:c1:
         be:20:07:23:d0:6f:34:cb:46:bc:12:47:09:5e:9c:8c:1b:b7:
         17:ca:0a:a0:3a:09:c5:a8:61:ac:0b:e9:15:9c:27:f2:6b:7f:
         1c:f5:34:d9:dd:62:e1:54:90:95:28:b8:31:56:b7:28:dd:b3:
         90:dc:6d:6e:75:a7:3a:ac:bc:7f:38:4d:8c:7b:68:89:3c:2d:
         2c:3a:9f:2a:d4:90:5b:53:a8:fa:5a:01:95:f7:fc:a9:94:e6:
         8f:ba:bf:83:c6:5a:a9:99:81:31:60:4b:f6:db:27:f1:df:ee:
         4e:aa:bc:34:c5:04:24:1a:3b:93:d1:87:a6:00:b4:e7:57:7b:
         3d:c4:a2:dc:79:50:62:7e:aa:a6:12:f5:aa:e8:9d:d1:43:13:
         bb:42:d3:02:8b:ff:e4:c3:9a:62:53:e2:f0:a3:31:76:0b:06:
         e5:7e:7f:7e:2c:63:ae:18:1a:ef:4a:70:c4:c6:44:8d:a0:18:
         6f:69:0a:99:54:2e:4a:3a:b1:50:e2:bc:03:26:4f:39:9b:0d:
         40:2a:1a:04:ad:60:ff:0c:a7:80:55:ec:62:2f:10:cf:17:b1:
         76:8e:8b:ce
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtpYlL9YC0owe6bioUlOZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4MjZjYTVkNTNjMWI1MzA4ZTJjOWM3OTFjNjMwYTBmMjIz
Mzc5NDMwHhcNMjQwMTAxMDYyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDEyMGU3ZDdmMzVmNjE1NTFlYTRjMTRkOTUxMmNlYThlYzg4ZWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJReP4ECwCKAwXMCSWmNS0wgo4cc
g8gNM96cQI/JUKcB77euA8vWW5jm7/3d3o9EbXBFxIHkGYyaKerdFYVzFgPbbH5r
RCL4Lk5EI6taMoHd/AV3D23GohgB/QBE+9Ps+/oWuimYvOtjGj4szcKK5YEuwo7h
Vp66uPblOfXqNrXA00sUoJ8to4Eu41yLjCaUXegqXkHFy7ci2B7wFksKbVRH49Vd
/HhvbHClu2A8PLrhXyvJwLWEBY+/+nHBQgHRewkbnfjhZg40Br9r8Oa+Vda2um4B
q5J/EQ1XQJWWpwBsMW0IB6QqjeVpzrpkm56vD3/TfGULcmkQ7wPWkaArdwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM0SDn1/NfYVUepMFNlRLOqOyI61MB8GA1UdIwQY
MBaAFNgmyl1TwbUwjiyceRxjCg8iM3lDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkNiS1hWUEJ0VENPTEp4NUhHTUtEeUl6ZVVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS80YjU0NGUtNjUzNS00YWY4LWJiZGIt
NThkMmVlOTgyODc5LzEvelJJT2ZYODE5aFZSNmt3VTJWRXM2bzdJanJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS80YjU0NGUtNjUzNS00YWY4LWJiZGItNThkMmVlOTgyODc5
LzEvMkNiS1hWUEJ0VENPTEp4NUhHTUtEeUl6ZVVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBbURAAwQB
bUREMA0GCSqGSIb3DQEBCwUAA4IBAQAP+n8D2+rl6HjHG/xa9u/Grj4Dus/I9G1q
zOYgyqWwYdaGP8G+IAcj0G80y0a8EkcJXpyMG7cXygqgOgnFqGGsC+kVnCfya38c
9TTZ3WLhVJCVKLgxVrco3bOQ3G1udac6rLx/OE2Me2iJPC0sOp8q1JBbU6j6WgGV
9/yplOaPur+DxlqpmYExYEv22yfx3+5Oqrw0xQQkGjuT0YemALTnV3s9xKLceVBi
fqqmEvWq6J3RQxO7QtMCi//kw5piU+LwozF2Cwblfn9+LGOuGBrvSnDExkSNoBhv
aQqZVC5KOrFQ4rwDJk85mw1AKhoErWD/DKeAVexiLxDPF7F2jovO
-----END CERTIFICATE-----