Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/1RN91i70aQXHnoK4tOMqnSTJBK4.roa
File:                     1RN91i70aQXHnoK4tOMqnSTJBK4.roa (raw, json)
Hash identifier:          rja1ar5I8KOEun7Aob6NAuXI9PMmVZcGY1SNOWjrhTg=
Subject key identifier:   D5:13:7D:D6:2E:F4:69:05:C7:9E:82:B8:B4:E3:2A:9D:24:C9:04:AE
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       018E37CCFDBE333C101602A80F56194836A2
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/1RN91i70aQXHnoK4tOMqnSTJBK4.roa
Signing time:             Wed 13 Mar 2024 12:32:44 +0000
ROA not before:           Wed 13 Mar 2024 12:32:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2914
IP address blocks:        89.249.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:37:cc:fd:be:33:3c:10:16:02:a8:0f:56:19:48:36:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Mar 13 12:32:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d5137dd62ef46905c79e82b8b4e32a9d24c904ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:76:a1:e5:f9:ea:58:0a:b3:69:cd:2c:2f:62:
                    b8:7f:5d:31:bf:f7:83:ef:31:c1:31:bb:80:42:ad:
                    a1:c1:c3:9d:0a:48:d2:1c:0d:e8:dd:03:e0:b9:04:
                    34:5a:11:e4:49:df:42:c1:96:20:06:4a:a8:31:e2:
                    26:65:2e:a2:d9:83:ba:0f:d8:85:d8:e2:a9:1a:6d:
                    95:11:eb:77:c4:e5:5e:e5:53:03:09:c1:5e:00:19:
                    d5:93:87:85:51:3e:5c:11:78:a6:6e:9f:96:a5:4a:
                    39:3e:00:d0:37:09:8e:d8:7e:be:9c:88:1f:b2:d7:
                    2c:ba:15:b9:26:93:13:a8:d4:dd:c0:12:4b:1f:d8:
                    69:66:dc:95:b1:39:e8:a1:e6:98:29:49:2a:ba:0d:
                    5f:02:16:15:4d:1c:6c:7c:45:ee:b2:59:9a:54:43:
                    ac:42:bd:57:5d:90:fd:62:ae:cc:5f:02:db:28:74:
                    48:7b:47:8a:36:f1:ac:f2:bb:8a:58:ae:4e:48:d7:
                    0a:cd:14:5a:46:82:74:ab:b6:5b:56:ac:5a:4b:ee:
                    ab:8c:07:ad:75:db:02:10:d7:e0:9b:98:87:ae:7f:
                    ce:8e:8a:e1:13:46:6a:c1:08:05:b7:7d:86:6b:55:
                    bb:16:3b:06:b2:21:6f:6d:7a:99:8e:8e:e7:81:45:
                    b6:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:13:7D:D6:2E:F4:69:05:C7:9E:82:B8:B4:E3:2A:9D:24:C9:04:AE
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/1RN91i70aQXHnoK4tOMqnSTJBK4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.249.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d9:c6:8d:8b:6c:71:1f:b2:f7:77:6d:c3:30:f7:81:b6:8c:f4:
         bf:01:c1:80:ff:4c:26:a3:2b:3a:83:02:5c:52:c5:6a:e3:e5:
         42:c6:2c:25:c5:fc:a7:4c:06:67:b4:3b:d5:66:5b:12:5a:f1:
         d1:33:9f:2f:78:2e:b8:6a:3c:02:0b:30:9b:32:69:1a:30:1c:
         90:f3:f7:5c:b1:4a:c3:ea:40:4c:42:14:4d:8a:00:ba:c1:e6:
         fa:49:85:52:18:ce:c2:8b:5c:e2:50:fa:a2:7a:c9:7d:1a:a1:
         80:e1:49:fc:a5:0b:16:82:b1:13:e5:2a:b0:68:b3:13:b4:91:
         af:57:5b:b9:af:f7:91:f1:81:91:c4:bc:19:a6:c6:88:14:63:
         cb:36:46:4d:8f:af:32:50:09:f2:ec:9c:14:d4:4e:7c:d9:2b:
         7b:75:3c:bb:10:15:81:97:be:3a:7f:01:44:44:90:fa:fc:c8:
         80:e1:0b:7b:ad:5f:47:ec:5c:7b:e6:9e:2e:90:1b:cc:0a:ff:
         e4:21:1e:8d:0f:24:d6:c2:de:61:a4:d4:f9:d5:5c:c8:94:57:
         12:61:49:dc:1a:04:09:3e:5e:ca:a6:8e:9a:d6:99:0f:be:58:
         8d:e4:76:a7:9e:3f:f3:ad:3b:27:16:a1:fa:84:d0:03:f1:49:
         b8:ea:25:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY43zP2+MzwQFgKoD1YZSDaiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjQwMzEzMTIzMjQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTEzN2RkNjJlZjQ2OTA1Yzc5ZTgyYjhiNGUzMmE5ZDI0YzkwNGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmXah5fnqWAqzac0sL2K4f10xv/eD
7zHBMbuAQq2hwcOdCkjSHA3o3QPguQQ0WhHkSd9CwZYgBkqoMeImZS6i2YO6D9iF
2OKpGm2VEet3xOVe5VMDCcFeABnVk4eFUT5cEXimbp+WpUo5PgDQNwmO2H6+nIgf
stcsuhW5JpMTqNTdwBJLH9hpZtyVsTnooeaYKUkqug1fAhYVTRxsfEXuslmaVEOs
Qr1XXZD9Yq7MXwLbKHRIe0eKNvGs8ruKWK5OSNcKzRRaRoJ0q7ZbVqxaS+6rjAet
ddsCENfgm5iHrn/OjorhE0ZqwQgFt32Ga1W7FjsGsiFvbXqZjo7ngUW2mwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNUTfdYu9GkFx56CuLTjKp0kyQSuMB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvMVJOOTFpNzBhUVhIbm9LNHRPTXFuU1RKQks0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfnNMA0G
CSqGSIb3DQEBCwUAA4IBAQDZxo2LbHEfsvd3bcMw94G2jPS/AcGA/0wmoys6gwJc
UsVq4+VCxiwlxfynTAZntDvVZlsSWvHRM58veC64ajwCCzCbMmkaMByQ8/dcsUrD
6kBMQhRNigC6web6SYVSGM7Ci1ziUPqiesl9GqGA4Un8pQsWgrET5SqwaLMTtJGv
V1u5r/eR8YGRxLwZpsaIFGPLNkZNj68yUAny7JwU1E582St7dTy7EBWBl746fwFE
RJD6/MiA4Qt7rV9H7Fx75p4ukBvMCv/kIR6NDyTWwt5hpNT51VzIlFcSYUncGgQJ
Pl7Kpo6a1pkPvliN5Hannj/zrTsnFqH6hNAD8Um46iX3
-----END CERTIFICATE-----