Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/02fde7-d326-43de-8520-6d71fe13d61d/1/Vf8IRTOjd5EHRik_XU5SL231JR0.roa
File:                     Vf8IRTOjd5EHRik_XU5SL231JR0.roa (raw, json)
Hash identifier:          pdMIDPOwO8DUN6tctG8DJMO1R37Vl0PhbVyMv6IZEJE=
Subject key identifier:   55:FF:08:45:33:A3:77:91:07:46:29:3F:5D:4E:52:2F:6D:F5:25:1D
Certificate issuer:       /CN=d5089bce08c55daa57b4f3a3c9070fb391853ccf
Certificate serial:       01963392C892C914E997038EE9919AA3E6CA
Authority key identifier: D5:08:9B:CE:08:C5:5D:AA:57:B4:F3:A3:C9:07:0F:B3:91:85:3C:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1QibzgjFXapXtPOjyQcPs5GFPM8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/02fde7-d326-43de-8520-6d71fe13d61d/1/Vf8IRTOjd5EHRik_XU5SL231JR0.roa
Signing time:             Mon 14 Apr 2025 09:12:59 +0000
ROA not before:           Mon 14 Apr 2025 09:12:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        109.94.102.0/24 maxlen: 24
                          109.94.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/02fde7-d326-43de-8520-6d71fe13d61d/1/1QibzgjFXapXtPOjyQcPs5GFPM8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/02fde7-d326-43de-8520-6d71fe13d61d/1/1QibzgjFXapXtPOjyQcPs5GFPM8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1QibzgjFXapXtPOjyQcPs5GFPM8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 09:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:33:92:c8:92:c9:14:e9:97:03:8e:e9:91:9a:a3:e6:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5089bce08c55daa57b4f3a3c9070fb391853ccf
        Validity
            Not Before: Apr 14 09:12:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=55ff084533a377910746293f5d4e522f6df5251d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:cb:39:58:96:1e:50:b3:28:82:5d:2b:6b:76:
                    b8:9b:66:57:96:9f:59:58:9e:8c:72:84:10:03:af:
                    6b:ee:75:a4:c7:6b:73:a2:44:3a:b6:88:bc:f8:20:
                    49:7e:a2:f7:51:8b:03:80:33:e1:e3:b5:a5:36:15:
                    bc:e8:26:14:e0:8c:79:f6:33:65:77:77:62:88:d1:
                    75:f8:5d:98:eb:7e:90:e7:fc:c6:49:d8:13:62:f0:
                    81:47:c9:f8:32:3d:92:03:18:7b:2c:f5:d4:dd:e3:
                    76:5f:b0:3f:e4:ea:00:18:c4:b6:e6:3d:46:d5:a9:
                    af:b7:d5:9c:69:c7:1b:06:e4:a7:e3:94:a0:60:10:
                    ac:5e:a9:88:b0:b2:4b:df:95:51:61:84:5c:22:d9:
                    8b:49:96:53:72:01:28:f9:0e:f0:96:c8:12:99:45:
                    16:93:d7:4b:04:3e:a2:4d:22:63:b4:75:8c:56:43:
                    a2:39:b3:4e:ce:59:ab:51:c4:d4:30:38:51:97:d8:
                    6a:97:26:f8:16:dd:33:41:3f:83:f6:e2:5d:54:81:
                    17:7a:78:fb:49:8c:ae:99:ec:ee:67:f9:e2:c6:4d:
                    34:71:e3:8b:b3:33:a3:54:6e:d3:c4:d5:57:86:5b:
                    c5:a6:da:0c:dd:4d:f7:33:6d:00:3b:c6:09:15:4b:
                    c0:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:FF:08:45:33:A3:77:91:07:46:29:3F:5D:4E:52:2F:6D:F5:25:1D
            X509v3 Authority Key Identifier:
                keyid:D5:08:9B:CE:08:C5:5D:AA:57:B4:F3:A3:C9:07:0F:B3:91:85:3C:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1QibzgjFXapXtPOjyQcPs5GFPM8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/02fde7-d326-43de-8520-6d71fe13d61d/1/Vf8IRTOjd5EHRik_XU5SL231JR0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/02fde7-d326-43de-8520-6d71fe13d61d/1/1QibzgjFXapXtPOjyQcPs5GFPM8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.94.102.0/23

    Signature Algorithm: sha256WithRSAEncryption
         74:5c:fc:9d:7a:62:03:58:a9:8a:ef:da:85:73:b9:c5:c4:9f:
         98:28:a5:b1:c6:2e:a2:ae:3c:d0:95:c8:4b:e5:92:c4:ff:f4:
         66:da:06:da:01:18:4d:f4:e4:a4:6a:e9:36:4d:d3:b2:97:75:
         f2:6f:a5:65:ee:00:d0:03:a1:73:f3:ea:60:84:a8:6e:77:66:
         f6:e6:ce:4c:3b:9d:d0:54:96:de:d5:d6:eb:2b:4b:da:25:27:
         72:bd:e6:73:0e:c4:b1:e3:5a:5d:21:28:b1:65:f2:82:f4:42:
         fe:e2:21:67:14:73:04:2c:4e:af:a1:13:c8:b4:36:8e:ff:26:
         da:4b:72:c2:f7:3a:43:49:ba:05:37:96:bb:54:e9:6b:c5:17:
         90:ac:69:47:bb:31:48:08:5f:d4:0c:cf:d7:43:98:63:42:41:
         e4:d2:8b:be:b3:d1:7f:2f:70:b9:f1:15:d8:5e:fe:da:3f:2e:
         45:fd:3b:92:38:08:ee:ee:78:d2:7a:6c:4b:6d:77:5e:f0:92:
         0f:a2:05:f2:86:3b:41:e7:50:b3:f3:88:41:a7:f1:c4:cf:6e:
         85:25:5a:02:2e:f8:ab:e8:15:27:4a:17:70:de:38:83:72:1d:
         50:14:3f:39:5f:d7:21:df:be:88:0e:72:fb:09:57:3e:a6:af:
         55:bf:a9:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYzksiSyRTplwOO6ZGao+bKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1MDg5YmNlMDhjNTVkYWE1N2I0ZjNhM2M5MDcwZmIzOTE4
NTNjY2YwHhcNMjUwNDE0MDkxMjU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWZmMDg0NTMzYTM3NzkxMDc0NjI5M2Y1ZDRlNTIyZjZkZjUyNTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqMs5WJYeULMogl0ra3a4m2ZXlp9Z
WJ6McoQQA69r7nWkx2tzokQ6toi8+CBJfqL3UYsDgDPh47WlNhW86CYU4Ix59jNl
d3diiNF1+F2Y636Q5/zGSdgTYvCBR8n4Mj2SAxh7LPXU3eN2X7A/5OoAGMS25j1G
1amvt9WcaccbBuSn45SgYBCsXqmIsLJL35VRYYRcItmLSZZTcgEo+Q7wlsgSmUUW
k9dLBD6iTSJjtHWMVkOiObNOzlmrUcTUMDhRl9hqlyb4Ft0zQT+D9uJdVIEXenj7
SYyumezuZ/nixk00ceOLszOjVG7TxNVXhlvFptoM3U33M20AO8YJFUvAjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFX/CEUzo3eRB0YpP11OUi9t9SUdMB8GA1UdIwQY
MBaAFNUIm84IxV2qV7Tzo8kHD7ORhTzPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVFpYnpnakZYYXBYdFBPanlRY1BzNUdGUE04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy8wMmZkZTctZDMyNi00M2RlLTg1MjAt
NmQ3MWZlMTNkNjFkLzEvVmY4SVJUT2pkNUVIUmlrX1hVNVNMMjMxSlIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy8wMmZkZTctZDMyNi00M2RlLTg1MjAtNmQ3MWZlMTNkNjFk
LzEvMVFpYnpnakZYYXBYdFBPanlRY1BzNUdGUE04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBbV5mMA0G
CSqGSIb3DQEBCwUAA4IBAQB0XPydemIDWKmK79qFc7nFxJ+YKKWxxi6irjzQlchL
5ZLE//Rm2gbaARhN9OSkauk2TdOyl3Xyb6Vl7gDQA6Fz8+pghKhud2b25s5MO53Q
VJbe1dbrK0vaJSdyveZzDsSx41pdISixZfKC9EL+4iFnFHMELE6voRPItDaO/yba
S3LC9zpDSboFN5a7VOlrxReQrGlHuzFICF/UDM/XQ5hjQkHk0ou+s9F/L3C58RXY
Xv7aPy5F/TuSOAju7njSemxLbXde8JIPogXyhjtB51Cz84hBp/HEz26FJVoCLvir
6BUnShdw3jiDch1QFD85X9ch376IDnL7CVc+pq9Vv6m2
-----END CERTIFICATE-----