Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/c72abe-32dc-4f18-905f-c1ff056fc76f/1/0JgVQnL8yQxdZwvyPDdGA9Pcwsg.roa
File:                     0JgVQnL8yQxdZwvyPDdGA9Pcwsg.roa (raw, json)
Hash identifier:          jn9CvIpFPQ5FhI1aFRqIOUY/lNWzu7Sz/mlYX3pLJMg=
Subject key identifier:   D0:98:15:42:72:FC:C9:0C:5D:67:0B:F2:3C:37:46:03:D3:DC:C2:C8
Certificate issuer:       /CN=4c33c0e14d57eabc3b65e38a7736bebe49092e9e
Certificate serial:       018CC42456CD0F667DF24B7C7061DF6894AD
Authority key identifier: 4C:33:C0:E1:4D:57:EA:BC:3B:65:E3:8A:77:36:BE:BE:49:09:2E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TDPA4U1X6rw7ZeOKdza-vkkJLp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/c72abe-32dc-4f18-905f-c1ff056fc76f/1/0JgVQnL8yQxdZwvyPDdGA9Pcwsg.roa
Signing time:             Mon 01 Jan 2024 08:29:24 +0000
ROA not before:           Mon 01 Jan 2024 08:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49581
IP address blocks:        91.212.121.0/24 maxlen: 24
                          2a12:89c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/c72abe-32dc-4f18-905f-c1ff056fc76f/1/TDPA4U1X6rw7ZeOKdza-vkkJLp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/c72abe-32dc-4f18-905f-c1ff056fc76f/1/TDPA4U1X6rw7ZeOKdza-vkkJLp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TDPA4U1X6rw7ZeOKdza-vkkJLp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 16:01:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:56:cd:0f:66:7d:f2:4b:7c:70:61:df:68:94:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c33c0e14d57eabc3b65e38a7736bebe49092e9e
        Validity
            Not Before: Jan  1 08:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d098154272fcc90c5d670bf23c374603d3dcc2c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:9e:2a:7e:ec:a1:42:d5:a1:61:97:32:ad:a7:
                    c6:d6:c7:f1:31:ea:6c:56:25:3f:51:13:bb:d3:01:
                    6f:d8:f2:ec:20:5d:8f:3c:28:29:9c:c5:5d:21:dd:
                    a2:35:cb:67:ab:4a:3e:51:f4:b6:eb:69:88:3b:1c:
                    18:42:e9:de:27:4e:f8:80:26:02:69:f2:6c:d5:4e:
                    59:60:45:83:b6:4a:2f:97:05:f4:95:66:0a:49:5e:
                    76:a9:68:07:4e:c3:03:ee:7b:63:e4:8f:d2:55:b7:
                    ec:61:c5:cb:f1:29:f2:fa:66:57:c8:d2:87:df:85:
                    e8:b3:21:14:3b:49:92:8d:01:f7:65:63:d9:e1:ce:
                    98:66:21:6d:c3:d4:81:77:c8:d3:7a:67:e6:29:38:
                    0c:92:47:64:2b:a7:0c:33:20:1a:b7:05:a8:ce:65:
                    e9:23:8f:81:b1:9d:82:d2:44:9c:4d:fb:b2:fb:ea:
                    f7:1b:04:47:43:80:dc:e2:f1:30:a9:82:b3:4a:6a:
                    d9:17:89:5d:f0:45:a2:03:14:08:43:0d:eb:48:ad:
                    8e:ba:24:44:33:e5:74:06:19:9c:6a:70:79:71:58:
                    15:a9:a1:7d:ab:ee:8d:b4:59:17:c5:10:02:4f:02:
                    11:9a:d2:ea:4d:73:df:f3:93:b7:ab:f4:52:bd:32:
                    7f:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:98:15:42:72:FC:C9:0C:5D:67:0B:F2:3C:37:46:03:D3:DC:C2:C8
            X509v3 Authority Key Identifier:
                keyid:4C:33:C0:E1:4D:57:EA:BC:3B:65:E3:8A:77:36:BE:BE:49:09:2E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TDPA4U1X6rw7ZeOKdza-vkkJLp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/c72abe-32dc-4f18-905f-c1ff056fc76f/1/0JgVQnL8yQxdZwvyPDdGA9Pcwsg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/c72abe-32dc-4f18-905f-c1ff056fc76f/1/TDPA4U1X6rw7ZeOKdza-vkkJLp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.121.0/24
                IPv6:
                  2a12:89c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         63:77:58:31:ca:96:ed:28:57:e6:99:17:b9:81:62:39:f3:6c:
         d3:95:21:87:e4:a6:97:33:0c:5d:f5:0e:b6:96:5c:9f:92:bf:
         41:d2:d0:46:4e:db:73:56:e7:d8:01:74:9a:9a:65:63:f5:ed:
         2e:8b:91:87:1c:18:95:01:34:39:0f:27:4f:36:f1:90:5a:b5:
         a8:2f:b3:bf:39:e5:30:dd:f7:03:10:f0:cc:a8:ed:0c:78:87:
         73:08:10:37:f3:6f:bc:5b:4a:a0:16:d6:12:42:dc:00:b5:23:
         f4:22:74:21:2c:05:00:e6:65:ff:70:05:79:5e:79:92:d5:f0:
         68:24:a0:76:43:fb:56:44:1b:b0:d9:b8:a0:f0:93:8a:ba:a0:
         67:30:e2:7a:f5:28:5b:37:f6:11:71:3c:81:f5:a5:f8:14:7a:
         15:0b:bc:be:c6:00:f0:94:c5:25:6e:fd:5e:dd:9a:6d:54:c8:
         4b:e0:09:55:33:a1:cb:f1:e9:f9:e8:dc:f3:29:21:23:98:e2:
         3d:82:8c:d9:6b:fc:9d:87:be:16:81:6a:b2:9a:43:9c:55:e2:
         7f:a8:0c:f4:79:b1:69:e0:37:d8:b6:3d:20:05:81:61:33:c6:
         cd:dc:79:63:45:76:20:64:fd:3c:13:95:81:3f:a2:95:55:b4:
         a5:25:87:60
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJFbND2Z98kt8cGHfaJStMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjMzNjMGUxNGQ1N2VhYmMzYjY1ZTM4YTc3MzZiZWJlNDkw
OTJlOWUwHhcNMjQwMTAxMDgyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDk4MTU0MjcyZmNjOTBjNWQ2NzBiZjIzYzM3NDYwM2QzZGNjMmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyZ4qfuyhQtWhYZcyrafG1sfxMeps
ViU/URO70wFv2PLsIF2PPCgpnMVdId2iNctnq0o+UfS262mIOxwYQuneJ074gCYC
afJs1U5ZYEWDtkovlwX0lWYKSV52qWgHTsMD7ntj5I/SVbfsYcXL8Sny+mZXyNKH
34XosyEUO0mSjQH3ZWPZ4c6YZiFtw9SBd8jTemfmKTgMkkdkK6cMMyAatwWozmXp
I4+BsZ2C0kScTfuy++r3GwRHQ4Dc4vEwqYKzSmrZF4ld8EWiAxQIQw3rSK2OuiRE
M+V0BhmcanB5cVgVqaF9q+6NtFkXxRACTwIRmtLqTXPf85O3q/RSvTJ/EQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNCYFUJy/MkMXWcL8jw3RgPT3MLIMB8GA1UdIwQY
MBaAFEwzwOFNV+q8O2Xjinc2vr5JCS6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVERQQTRVMVg2cnc3WmVPS2R6YS12a2tKTHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9jNzJhYmUtMzJkYy00ZjE4LTkwNWYt
YzFmZjA1NmZjNzZmLzEvMEpnVlFuTDh5UXhkWnd2eVBEZEdBOVBjd3NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9jNzJhYmUtMzJkYy00ZjE4LTkwNWYtYzFmZjA1NmZjNzZm
LzEvVERQQTRVMVg2cnc3WmVPS2R6YS12a2tKTHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW9R5MA0E
AgACMAcDBQMqEonAMA0GCSqGSIb3DQEBCwUAA4IBAQBjd1gxypbtKFfmmRe5gWI5
82zTlSGH5KaXMwxd9Q62llyfkr9B0tBGTttzVufYAXSammVj9e0ui5GHHBiVATQ5
DydPNvGQWrWoL7O/OeUw3fcDEPDMqO0MeIdzCBA382+8W0qgFtYSQtwAtSP0InQh
LAUA5mX/cAV5XnmS1fBoJKB2Q/tWRBuw2big8JOKuqBnMOJ69ShbN/YRcTyB9aX4
FHoVC7y+xgDwlMUlbv1e3ZptVMhL4AlVM6HL8en56NzzKSEjmOI9gozZa/ydh74W
gWqymkOcVeJ/qAz0ebFp4DfYtj0gBYFhM8bN3HljRXYgZP08E5WBP6KVVbSlJYdg
-----END CERTIFICATE-----