Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/920Vm8vcSs5GtWnd22ORSrNJy7E.roa
File:                     920Vm8vcSs5GtWnd22ORSrNJy7E.roa (raw, json)
Hash identifier:          Eym+34P8a0n2AJ2BbmYtyd0VnVkanNH1uU7GM+VfILA=
Subject key identifier:   F7:6D:15:9B:CB:DC:4A:CE:46:B5:69:DD:DB:63:91:4A:B3:49:CB:B1
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       0195E8989AF64DC14981638AC71888FFF97F
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/920Vm8vcSs5GtWnd22ORSrNJy7E.roa
Signing time:             Sun 30 Mar 2025 19:47:49 +0000
ROA not before:           Sun 30 Mar 2025 19:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     152672
IP address blocks:        109.122.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 10:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:e8:98:9a:f6:4d:c1:49:81:63:8a:c7:18:88:ff:f9:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Mar 30 19:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f76d159bcbdc4ace46b569dddb63914ab349cbb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:ab:37:e3:68:ad:db:b4:99:b4:71:58:16:82:
                    7f:63:39:18:fd:ca:b3:39:2a:35:3e:9b:80:4f:9e:
                    ad:11:36:bb:12:25:0c:3d:50:7b:51:a6:ab:d6:5d:
                    cd:d3:83:a1:44:bf:2d:db:9b:c5:95:57:e6:3b:c5:
                    f1:9b:0b:e8:6e:58:7c:be:81:a7:23:06:fe:bc:a8:
                    7f:88:ce:0c:dd:93:3e:96:4a:5f:fe:93:ba:04:a8:
                    a6:23:31:65:42:80:af:40:79:4a:ab:85:23:b9:7f:
                    16:c1:3a:47:66:58:50:e6:d2:c3:cc:e6:0b:db:53:
                    6f:10:c8:a5:44:0c:9d:59:81:0d:9c:ad:e5:a3:54:
                    bd:5b:d7:7f:99:b1:e1:74:ce:cd:24:63:bf:c7:2d:
                    29:7a:09:1f:25:e7:d4:05:84:47:6b:bf:4c:31:d4:
                    7b:b5:4a:43:29:86:0a:69:be:06:a5:14:b3:5a:82:
                    09:50:a6:d9:0d:ff:92:c6:f9:af:78:12:23:a7:05:
                    d1:e3:ff:08:4c:46:44:e2:17:01:c5:47:e7:54:5c:
                    43:a5:9b:7c:b6:07:6a:f3:20:21:27:1b:d1:c9:12:
                    c9:c4:7a:6e:e8:e5:fd:82:cf:27:01:e2:5d:d3:3e:
                    25:43:66:cf:7d:83:3d:c2:06:af:db:cf:96:69:af:
                    f5:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:6D:15:9B:CB:DC:4A:CE:46:B5:69:DD:DB:63:91:4A:B3:49:CB:B1
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/920Vm8vcSs5GtWnd22ORSrNJy7E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:45:b1:17:6f:ae:be:23:3a:ce:2c:d7:b0:60:a3:56:52:52:
         99:a0:86:c8:14:a7:7a:f4:36:d0:62:dc:20:0a:a9:5d:96:dc:
         8b:29:d3:12:61:cf:ee:15:87:38:75:bd:f0:a9:d4:59:7b:92:
         f6:4f:ef:44:d6:b6:c2:21:5c:85:ce:5a:4f:d7:6f:6e:13:e0:
         3f:91:51:86:66:d5:f4:a3:2b:d6:98:ad:0a:fc:2f:2b:a5:be:
         2e:9c:8f:9e:e7:d8:2c:eb:25:d9:a2:3a:e8:2b:c9:27:91:4f:
         5d:2e:20:fb:bb:8d:94:cb:12:0f:1e:10:9a:df:ff:c0:be:6e:
         fb:d0:82:35:fe:f9:f4:cc:cb:9a:22:55:17:c6:ab:94:78:c3:
         6a:96:31:0d:a2:16:f6:63:78:7f:e3:5d:41:65:32:3e:a0:e9:
         43:95:38:0b:b1:f0:cb:45:b9:32:ee:ff:b4:dc:0f:a8:4e:18:
         c5:d8:b4:d1:28:88:99:19:67:1c:c3:d4:36:bd:29:27:0f:cf:
         56:07:19:7f:f9:9a:05:d5:f5:d3:6c:db:a0:1e:f0:36:30:2e:
         fc:12:83:8c:61:e7:bb:35:7a:b4:65:b3:8b:20:a9:12:09:ee:
         56:16:54:d9:e5:41:aa:93:cb:73:0f:33:3e:a9:5c:4c:4e:df:
         2f:7d:90:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXomJr2TcFJgWOKxxiI//l/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjUwMzMwMTk0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzZkMTU5YmNiZGM0YWNlNDZiNTY5ZGRkYjYzOTE0YWIzNDljYmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4as342it27SZtHFYFoJ/YzkY/cqz
OSo1PpuAT56tETa7EiUMPVB7Uaar1l3N04OhRL8t25vFlVfmO8Xxmwvoblh8voGn
Iwb+vKh/iM4M3ZM+lkpf/pO6BKimIzFlQoCvQHlKq4UjuX8WwTpHZlhQ5tLDzOYL
21NvEMilRAydWYENnK3lo1S9W9d/mbHhdM7NJGO/xy0pegkfJefUBYRHa79MMdR7
tUpDKYYKab4GpRSzWoIJUKbZDf+SxvmveBIjpwXR4/8ITEZE4hcBxUfnVFxDpZt8
tgdq8yAhJxvRyRLJxHpu6OX9gs8nAeJd0z4lQ2bPfYM9wgav28+Waa/1vwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPdtFZvL3ErORrVp3dtjkUqzScuxMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvOTIwVm04dmNTczVHdFduZDIyT1JTck5KeTdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXouMA0G
CSqGSIb3DQEBCwUAA4IBAQB9RbEXb66+IzrOLNewYKNWUlKZoIbIFKd69DbQYtwg
CqldltyLKdMSYc/uFYc4db3wqdRZe5L2T+9E1rbCIVyFzlpP129uE+A/kVGGZtX0
oyvWmK0K/C8rpb4unI+e59gs6yXZojroK8knkU9dLiD7u42UyxIPHhCa3//Avm77
0II1/vn0zMuaIlUXxquUeMNqljENohb2Y3h/411BZTI+oOlDlTgLsfDLRbky7v+0
3A+oThjF2LTRKIiZGWccw9Q2vSknD89WBxl/+ZoF1fXTbNugHvA2MC78EoOMYee7
NXq0ZbOLIKkSCe5WFlTZ5UGqk8tzDzM+qVxMTt8vfZDy
-----END CERTIFICATE-----