Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/c129ab-79a7-4bc0-9a3b-41efeace7a71/1/CJ9C45YmYTDqomJn5CUxEaWUj9Q.roa
File:                     CJ9C45YmYTDqomJn5CUxEaWUj9Q.roa (raw, json)
Hash identifier:          aTF2XiEUQ6OpfHX7fiduKH8B65KA5Yt2M6Ra4/ptVLw=
Subject key identifier:   08:9F:42:E3:96:26:61:30:EA:A2:62:67:E4:25:31:11:A5:94:8F:D4
Certificate issuer:       /CN=03969a13cb7c3718bd3717712628e7ab1b33b0a5
Certificate serial:       018D7DB6E9763178C17762DED451478B90F9
Authority key identifier: 03:96:9A:13:CB:7C:37:18:BD:37:17:71:26:28:E7:AB:1B:33:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A5aaE8t8Nxi9NxdxJijnqxszsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/c129ab-79a7-4bc0-9a3b-41efeace7a71/1/CJ9C45YmYTDqomJn5CUxEaWUj9Q.roa
Signing time:             Tue 06 Feb 2024 09:19:15 +0000
ROA not before:           Tue 06 Feb 2024 09:19:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49326
IP address blocks:        80.244.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/c129ab-79a7-4bc0-9a3b-41efeace7a71/1/A5aaE8t8Nxi9NxdxJijnqxszsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/c129ab-79a7-4bc0-9a3b-41efeace7a71/1/A5aaE8t8Nxi9NxdxJijnqxszsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A5aaE8t8Nxi9NxdxJijnqxszsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 17 Nov 2024 16:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7d:b6:e9:76:31:78:c1:77:62:de:d4:51:47:8b:90:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03969a13cb7c3718bd3717712628e7ab1b33b0a5
        Validity
            Not Before: Feb  6 09:19:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=089f42e396266130eaa26267e4253111a5948fd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:51:08:de:c4:37:1d:68:15:0b:b5:37:c4:ca:
                    d9:5c:28:31:ac:34:5b:f9:29:7a:ea:25:c5:25:dd:
                    1d:a6:75:5e:e8:e8:e0:02:17:7b:38:9d:f2:b4:e4:
                    8a:bc:99:4b:a1:a9:3f:9b:17:af:b9:8f:58:f6:59:
                    e9:9e:67:33:93:b1:dc:e5:db:68:4c:45:d6:33:b2:
                    5b:26:e5:ee:84:a1:e7:b6:9a:41:9c:37:aa:72:71:
                    a1:b3:e0:c3:0e:0a:d7:ab:5b:09:b8:80:af:01:20:
                    8c:08:ae:c9:34:b4:d3:07:cd:e6:66:fc:e2:59:da:
                    ed:37:a0:dd:14:08:56:b8:97:9c:2f:5c:fa:93:28:
                    47:ca:8e:c9:db:c8:22:20:1d:39:8e:42:21:4b:47:
                    1e:e1:0e:32:f0:40:b0:3b:32:28:92:ae:e0:50:3e:
                    58:f0:1c:1d:b8:56:0c:b4:14:a7:17:58:16:8e:7d:
                    d3:ab:b1:f6:c0:8e:ac:fe:f3:8e:24:cf:47:30:24:
                    a1:a8:b8:23:3a:a2:05:bb:0e:7e:c0:85:bd:91:1d:
                    28:14:d2:25:c6:6f:9a:0b:d9:71:d8:4f:18:bb:46:
                    e6:74:c9:04:b9:a5:b7:ea:2a:ba:9b:9a:7e:32:51:
                    11:74:0e:8b:a6:38:8c:1a:90:d5:96:85:bf:ac:f5:
                    17:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:9F:42:E3:96:26:61:30:EA:A2:62:67:E4:25:31:11:A5:94:8F:D4
            X509v3 Authority Key Identifier:
                keyid:03:96:9A:13:CB:7C:37:18:BD:37:17:71:26:28:E7:AB:1B:33:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A5aaE8t8Nxi9NxdxJijnqxszsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/c129ab-79a7-4bc0-9a3b-41efeace7a71/1/CJ9C45YmYTDqomJn5CUxEaWUj9Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/c129ab-79a7-4bc0-9a3b-41efeace7a71/1/A5aaE8t8Nxi9NxdxJijnqxszsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.244.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:16:24:f3:09:49:28:b9:55:41:8b:8f:d1:23:fc:de:98:18:
         a1:8f:1e:99:3c:8b:da:a4:30:e9:15:7b:ec:8a:8e:c9:d4:28:
         b3:86:3b:fe:bc:a4:f3:6d:37:e0:ba:81:14:d2:27:6d:09:97:
         dd:04:01:5e:07:d0:80:f9:c7:c6:6f:00:cf:0a:1a:e1:c3:c6:
         c6:70:ff:70:6e:e1:59:92:74:d6:d8:70:0f:48:84:51:de:98:
         e8:15:ce:ce:e1:b0:ce:79:72:29:b1:6f:f0:e3:4d:5b:bc:51:
         2e:1e:fb:ef:cc:9e:aa:4d:ef:d7:19:f7:66:71:dd:e7:b4:d9:
         38:2e:89:de:c1:1e:75:84:76:f1:77:50:92:b9:56:f9:80:9a:
         b7:3a:ac:cc:60:e2:2e:d2:61:88:69:61:25:cc:ff:ee:4f:7e:
         5d:4f:5a:f1:ed:ad:11:57:1a:6a:16:d6:fc:2e:4a:03:64:8f:
         53:e3:c8:bd:28:27:46:ea:a6:ad:b7:27:2d:b6:19:ad:43:81:
         e6:8b:46:26:00:49:d4:99:97:90:ab:c4:cf:00:5d:22:0f:68:
         18:72:69:ae:8a:6c:cc:03:97:76:02:5d:a1:37:f4:9d:40:e5:
         2f:0c:85:12:e2:e9:84:68:07:c7:e5:26:51:8d:e7:88:f7:2f:
         7b:8e:e5:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY19tul2MXjBd2Le1FFHi5D5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzOTY5YTEzY2I3YzM3MThiZDM3MTc3MTI2MjhlN2FiMWIz
M2IwYTUwHhcNMjQwMjA2MDkxOTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODlmNDJlMzk2MjY2MTMwZWFhMjYyNjdlNDI1MzExMWE1OTQ4ZmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1VEI3sQ3HWgVC7U3xMrZXCgxrDRb
+Sl66iXFJd0dpnVe6OjgAhd7OJ3ytOSKvJlLoak/mxevuY9Y9lnpnmczk7Hc5dto
TEXWM7JbJuXuhKHntppBnDeqcnGhs+DDDgrXq1sJuICvASCMCK7JNLTTB83mZvzi
WdrtN6DdFAhWuJecL1z6kyhHyo7J28giIB05jkIhS0ce4Q4y8ECwOzIokq7gUD5Y
8BwduFYMtBSnF1gWjn3Tq7H2wI6s/vOOJM9HMCShqLgjOqIFuw5+wIW9kR0oFNIl
xm+aC9lx2E8Yu0bmdMkEuaW36iq6m5p+MlERdA6LpjiMGpDVloW/rPUXcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAifQuOWJmEw6qJiZ+QlMRGllI/UMB8GA1UdIwQY
MBaAFAOWmhPLfDcYvTcXcSYo56sbM7ClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTVhYUU4dDhOeGk5TnhkeEppam5xeHN6c0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9jMTI5YWItNzlhNy00YmMwLTlhM2It
NDFlZmVhY2U3YTcxLzEvQ0o5QzQ1WW1ZVERxb21KbjVDVXhFYVdVajlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9jMTI5YWItNzlhNy00YmMwLTlhM2ItNDFlZmVhY2U3YTcx
LzEvQTVhYUU4dDhOeGk5TnhkeEppam5xeHN6c0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPQAMA0G
CSqGSIb3DQEBCwUAA4IBAQCzFiTzCUkouVVBi4/RI/zemBihjx6ZPIvapDDpFXvs
io7J1Cizhjv+vKTzbTfguoEU0idtCZfdBAFeB9CA+cfGbwDPChrhw8bGcP9wbuFZ
knTW2HAPSIRR3pjoFc7O4bDOeXIpsW/w401bvFEuHvvvzJ6qTe/XGfdmcd3ntNk4
LonewR51hHbxd1CSuVb5gJq3OqzMYOIu0mGIaWElzP/uT35dT1rx7a0RVxpqFtb8
LkoDZI9T48i9KCdG6qattyctthmtQ4Hmi0YmAEnUmZeQq8TPAF0iD2gYcmmuimzM
A5d2Al2hN/SdQOUvDIUS4umEaAfH5SZRjeeI9y97juXR
-----END CERTIFICATE-----