Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/33e0dc-19ba-48a4-8086-1ac4c5d4292f/1/gGYNUya7hd4YhNccHfEvkxM2Eqs.roa
File:                     gGYNUya7hd4YhNccHfEvkxM2Eqs.roa (raw, json)
Hash identifier:          +PZ5NaBs3isQXyXkdXVDhQ+KFoQegaXJnJV0w3iIFMc=
Subject key identifier:   80:66:0D:53:26:BB:85:DE:18:84:D7:1C:1D:F1:2F:93:13:36:12:AB
Certificate issuer:       /CN=42f7fb8478177f48cf45bed07cbecf9b6e95de88
Certificate serial:       018CC649A77317E04CDE398D10A7C1C1C5A5
Authority key identifier: 42:F7:FB:84:78:17:7F:48:CF:45:BE:D0:7C:BE:CF:9B:6E:95:DE:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qvf7hHgXf0jPRb7QfL7Pm26V3og.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/33e0dc-19ba-48a4-8086-1ac4c5d4292f/1/gGYNUya7hd4YhNccHfEvkxM2Eqs.roa
Signing time:             Mon 01 Jan 2024 18:29:24 +0000
ROA not before:           Mon 01 Jan 2024 18:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48756
IP address blocks:        91.212.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/33e0dc-19ba-48a4-8086-1ac4c5d4292f/1/Qvf7hHgXf0jPRb7QfL7Pm26V3og.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/33e0dc-19ba-48a4-8086-1ac4c5d4292f/1/Qvf7hHgXf0jPRb7QfL7Pm26V3og.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qvf7hHgXf0jPRb7QfL7Pm26V3og.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:a7:73:17:e0:4c:de:39:8d:10:a7:c1:c1:c5:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42f7fb8478177f48cf45bed07cbecf9b6e95de88
        Validity
            Not Before: Jan  1 18:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=80660d5326bb85de1884d71c1df12f93133612ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:73:40:5a:32:d4:14:58:85:8a:e6:0e:9b:db:
                    be:21:66:a4:75:51:83:d7:90:21:76:e4:67:e4:17:
                    6d:98:72:a4:c7:5b:83:19:c9:96:40:5a:58:8e:41:
                    69:77:44:6d:9a:f2:ed:2c:0e:60:21:7c:48:c3:12:
                    7b:2a:a1:39:e2:2d:ab:f4:7f:ac:59:88:72:fc:df:
                    64:2e:d5:e7:1b:d7:22:8e:55:d3:2d:14:02:bd:9d:
                    9d:91:9c:09:c8:8d:d8:79:22:b3:aa:18:23:81:0c:
                    f3:13:70:d8:2a:2c:b9:1f:cc:09:b2:42:23:67:c7:
                    2b:55:75:10:68:f0:0d:61:58:a6:f3:31:8f:4d:41:
                    93:55:d8:ae:37:ca:9b:06:01:87:c9:15:23:ce:d7:
                    8e:3b:05:f1:97:40:06:6b:d0:f7:dc:ec:8c:02:0a:
                    03:7b:bc:3c:bc:8b:3c:75:3f:05:4b:9c:d1:c3:b9:
                    52:81:df:fa:6e:f5:85:73:d1:9f:93:9b:1a:23:56:
                    88:f4:ca:10:75:71:be:df:3a:7e:4b:c2:94:95:2a:
                    ea:c3:c4:12:8d:8f:73:d6:ae:96:e4:34:e0:29:7d:
                    72:4e:60:9a:18:49:3a:78:ab:84:f7:0b:93:a0:8c:
                    9d:28:bd:f9:b5:79:98:d2:cf:bd:01:e4:06:4d:6f:
                    93:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:66:0D:53:26:BB:85:DE:18:84:D7:1C:1D:F1:2F:93:13:36:12:AB
            X509v3 Authority Key Identifier:
                keyid:42:F7:FB:84:78:17:7F:48:CF:45:BE:D0:7C:BE:CF:9B:6E:95:DE:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qvf7hHgXf0jPRb7QfL7Pm26V3og.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/33e0dc-19ba-48a4-8086-1ac4c5d4292f/1/gGYNUya7hd4YhNccHfEvkxM2Eqs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/33e0dc-19ba-48a4-8086-1ac4c5d4292f/1/Qvf7hHgXf0jPRb7QfL7Pm26V3og.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:49:97:27:43:6e:e0:a9:82:b0:2b:de:a2:47:9f:68:1d:e5:
         8a:bb:3b:65:6e:18:18:8c:7f:b5:d9:a4:3a:1e:f6:69:52:a3:
         d0:9c:64:9e:63:4d:e6:64:ef:10:34:50:22:b3:ea:99:52:3c:
         51:dc:a8:3c:5e:02:f8:5d:4f:7c:8e:c6:c2:ed:44:71:d3:36:
         d4:62:d6:aa:2f:72:cc:84:e7:2a:00:a0:c3:50:13:0f:96:c0:
         08:cd:d3:52:e5:00:e8:c8:44:7d:cc:5a:ba:e3:53:0c:34:c6:
         80:e2:ad:1f:0b:e4:75:a6:c4:50:05:76:06:13:85:1a:dd:f4:
         9d:5a:f4:11:ba:36:cd:71:25:8a:2d:ad:89:56:19:84:eb:21:
         a0:08:60:91:1b:99:df:8d:4e:35:1b:9e:b3:54:ba:86:19:b7:
         ad:62:4d:fe:92:1c:1a:8f:e1:a9:8d:6e:69:31:c3:31:07:20:
         0c:55:25:78:fd:68:be:30:8b:d5:46:5b:30:97:6f:7c:63:dd:
         40:b7:55:33:b6:17:10:81:63:32:d7:b9:d3:95:0c:0e:31:25:
         d4:b2:bd:28:74:61:b8:b5:f8:a1:1f:f7:06:5c:4c:9f:78:da:
         53:5c:f3:cd:72:21:fb:57:bb:ae:db:27:1d:2a:1d:a7:43:3b:
         70:48:d9:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSadzF+BM3jmNEKfBwcWlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyZjdmYjg0NzgxNzdmNDhjZjQ1YmVkMDdjYmVjZjliNmU5
NWRlODgwHhcNMjQwMTAxMTgyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDY2MGQ1MzI2YmI4NWRlMTg4NGQ3MWMxZGYxMmY5MzEzMzYxMmFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqHNAWjLUFFiFiuYOm9u+IWakdVGD
15AhduRn5BdtmHKkx1uDGcmWQFpYjkFpd0RtmvLtLA5gIXxIwxJ7KqE54i2r9H+s
WYhy/N9kLtXnG9cijlXTLRQCvZ2dkZwJyI3YeSKzqhgjgQzzE3DYKiy5H8wJskIj
Z8crVXUQaPANYVim8zGPTUGTVdiuN8qbBgGHyRUjzteOOwXxl0AGa9D33OyMAgoD
e7w8vIs8dT8FS5zRw7lSgd/6bvWFc9Gfk5saI1aI9MoQdXG+3zp+S8KUlSrqw8QS
jY9z1q6W5DTgKX1yTmCaGEk6eKuE9wuToIydKL35tXmY0s+9AeQGTW+T0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIBmDVMmu4XeGITXHB3xL5MTNhKrMB8GA1UdIwQY
MBaAFEL3+4R4F39Iz0W+0Hy+z5tuld6IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXZmN2hIZ1hmMGpQUmI3UWZMN1BtMjZWM29nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi8zM2UwZGMtMTliYS00OGE0LTgwODYt
MWFjNGM1ZDQyOTJmLzEvZ0dZTlV5YTdoZDRZaE5jY0hmRXZreE0yRXFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi8zM2UwZGMtMTliYS00OGE0LTgwODYtMWFjNGM1ZDQyOTJm
LzEvUXZmN2hIZ1hmMGpQUmI3UWZMN1BtMjZWM29nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9QWMA0G
CSqGSIb3DQEBCwUAA4IBAQBBSZcnQ27gqYKwK96iR59oHeWKuztlbhgYjH+12aQ6
HvZpUqPQnGSeY03mZO8QNFAis+qZUjxR3Kg8XgL4XU98jsbC7URx0zbUYtaqL3LM
hOcqAKDDUBMPlsAIzdNS5QDoyER9zFq641MMNMaA4q0fC+R1psRQBXYGE4Ua3fSd
WvQRujbNcSWKLa2JVhmE6yGgCGCRG5nfjU41G56zVLqGGbetYk3+khwaj+GpjW5p
McMxByAMVSV4/Wi+MIvVRlswl298Y91At1UzthcQgWMy17nTlQwOMSXUsr0odGG4
tfihH/cGXEyfeNpTXPPNciH7V7uu2ycdKh2nQztwSNkS
-----END CERTIFICATE-----