Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/1-zO_X8m4H1rJu5YxrTfq1_LtFUw.roa
File:                     1-zO_X8m4H1rJu5YxrTfq1_LtFUw.roa (raw, json)
Hash identifier:          8XULk9NSCsk6wJTdGSnM5MpRbtNCX8jvKKx3+n/QI24=
Subject key identifier:   FB:33:BF:5F:C9:B8:1F:5A:C9:BB:96:31:AD:37:EA:D7:F2:ED:15:4C
Certificate issuer:       /CN=4456c14cd8724f9a909627b94e006cf69d12307b
Certificate serial:       019778259372488F05B3DA803AFE2C2C4D01
Authority key identifier: 44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/1-zO_X8m4H1rJu5YxrTfq1_LtFUw.roa
Signing time:             Mon 16 Jun 2025 09:50:17 +0000
ROA not before:           Mon 16 Jun 2025 09:50:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215114
IP address blocks:        109.205.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:78:25:93:72:48:8f:05:b3:da:80:3a:fe:2c:2c:4d:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4456c14cd8724f9a909627b94e006cf69d12307b
        Validity
            Not Before: Jun 16 09:50:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fb33bf5fc9b81f5ac9bb9631ad37ead7f2ed154c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:e9:a3:80:40:84:08:86:51:10:35:53:92:3e:
                    b5:4c:01:52:77:da:c3:22:1f:3b:28:19:d9:a6:c6:
                    28:b6:3b:88:4c:4c:03:01:78:e9:f2:f8:25:8c:4c:
                    95:f0:4e:63:53:45:01:7b:81:4b:1a:13:bb:7a:b1:
                    79:ef:70:f5:52:58:2c:3c:a6:fa:9d:90:28:51:63:
                    25:75:0f:60:91:d7:d0:46:a0:a5:b9:ee:74:2b:01:
                    a4:d1:7f:db:e7:da:78:d9:a8:2c:b2:20:47:3a:7e:
                    8f:e3:92:79:0b:05:5a:55:ce:55:96:93:a5:05:de:
                    39:12:e2:78:48:a2:7b:3e:45:93:c3:3f:6c:01:35:
                    d8:84:eb:49:12:02:4a:5e:4a:d8:98:f2:46:5d:b2:
                    72:d0:20:31:8b:f1:b3:3b:ff:fb:fa:e6:e7:a0:43:
                    58:52:6a:38:39:96:45:83:ef:89:d0:73:bd:93:6d:
                    68:15:a0:0c:6e:9f:1f:01:50:5c:1d:f4:57:cf:20:
                    65:90:3d:01:31:39:13:29:24:56:ca:d6:c1:58:da:
                    d6:4f:a1:6b:2e:17:2a:b8:bd:3a:6f:1c:13:94:17:
                    c0:5f:a5:b1:0c:8f:97:0e:d3:c2:72:14:6c:42:2a:
                    e8:3a:f0:9e:7d:70:92:27:11:df:7c:20:eb:3e:77:
                    35:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:33:BF:5F:C9:B8:1F:5A:C9:BB:96:31:AD:37:EA:D7:F2:ED:15:4C
            X509v3 Authority Key Identifier:
                keyid:44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/1-zO_X8m4H1rJu5YxrTfq1_LtFUw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.205.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:43:19:46:ba:b2:bc:53:14:22:bf:19:91:71:73:4d:02:d2:
         32:34:7a:a8:34:cb:bb:3d:83:17:98:ab:66:8d:1a:bc:07:6d:
         d8:9c:a2:fe:81:f0:18:b6:62:f1:21:51:1f:b4:d4:50:a5:07:
         85:ef:07:8f:13:e7:0b:e2:ed:e3:2b:1e:42:c4:17:25:24:6b:
         9e:90:6c:3a:fc:51:b7:7b:31:dc:6a:7d:9f:56:d3:3d:51:75:
         a5:29:e6:f3:49:b3:ff:fc:d2:ec:8f:8d:a0:ea:61:81:16:c7:
         40:18:b7:b8:9a:d1:35:59:ca:02:44:0e:cd:fe:6d:3b:61:04:
         5c:dc:83:70:14:0c:e8:31:5d:b7:5a:2f:7c:11:b0:d4:f2:9a:
         52:93:ca:a9:07:a0:e8:75:fe:8f:5e:e0:af:23:47:fd:e2:9a:
         44:21:88:9a:4a:0a:e6:76:9b:85:c8:60:92:49:18:5c:2f:66:
         19:61:9f:88:fa:9c:8c:27:f8:7c:7d:20:6c:29:77:ce:08:6f:
         2a:fb:b6:4f:87:4e:6b:94:11:41:e2:98:90:35:64:4a:4b:12:
         b3:1a:2e:29:97:28:e7:85:99:b7:cd:a7:cb:1f:d0:64:a8:b3:
         7a:67:86:c3:cc:92:eb:0b:c9:c8:cb:ba:15:ce:43:14:e6:94:
         01:b2:a3:6d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZd4JZNySI8Fs9qAOv4sLE0BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTZjMTRjZDg3MjRmOWE5MDk2MjdiOTRlMDA2Y2Y2OWQx
MjMwN2IwHhcNMjUwNjE2MDk1MDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjMzYmY1ZmM5YjgxZjVhYzliYjk2MzFhZDM3ZWFkN2YyZWQxNTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsumjgECECIZREDVTkj61TAFSd9rD
Ih87KBnZpsYotjuITEwDAXjp8vgljEyV8E5jU0UBe4FLGhO7erF573D1UlgsPKb6
nZAoUWMldQ9gkdfQRqClue50KwGk0X/b59p42agssiBHOn6P45J5CwVaVc5VlpOl
Bd45EuJ4SKJ7PkWTwz9sATXYhOtJEgJKXkrYmPJGXbJy0CAxi/GzO//7+ubnoENY
Umo4OZZFg++J0HO9k21oFaAMbp8fAVBcHfRXzyBlkD0BMTkTKSRWytbBWNrWT6Fr
LhcquL06bxwTlBfAX6WxDI+XDtPCchRsQiroOvCefXCSJxHffCDrPnc1EQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPszv1/JuB9aybuWMa036tfy7RVMMB8GA1UdIwQY
MBaAFERWwUzYck+akJYnuU4AbPadEjB7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYt
NWI4NzgyNWMwN2VlLzEvMS16T19YOG00SDFySnU1WXhyVGZxMV9MdEZVdy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMzUvNWVjZmMyLWRhNzAtNDMzMy04Zjk2LTViODc4MjVjMDdl
ZS8xL1JGYkJUTmh5VDVxUWxpZTVUZ0JzOXAwU01Icy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAG3NCDAN
BgkqhkiG9w0BAQsFAAOCAQEAV0MZRrqyvFMUIr8ZkXFzTQLSMjR6qDTLuz2DF5ir
Zo0avAdt2Jyi/oHwGLZi8SFRH7TUUKUHhe8HjxPnC+Lt4yseQsQXJSRrnpBsOvxR
t3sx3Gp9n1bTPVF1pSnm80mz//zS7I+NoOphgRbHQBi3uJrRNVnKAkQOzf5tO2EE
XNyDcBQM6DFdt1ovfBGw1PKaUpPKqQeg6HX+j17gryNH/eKaRCGImkoK5nabhchg
kkkYXC9mGWGfiPqcjCf4fH0gbCl3zghvKvu2T4dOa5QRQeKYkDVkSksSsxouKZco
54WZt82nyx/QZKizemeGw8yS6wvJyMu6Fc5DFOaUAbKjbQ==
-----END CERTIFICATE-----