Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/870bf0-9166-4f60-a603-707b0a38b1e0/1/ozfgmDpQj1CQ_MQ4y7o_C80mGFs.roa
File:                     ozfgmDpQj1CQ_MQ4y7o_C80mGFs.roa (raw, json)
Hash identifier:          9jotbXkTHDD70KovCiDVDlk9x40ZNKxO+1I+Yh1h0q8=
Subject key identifier:   A3:37:E0:98:3A:50:8F:50:90:FC:C4:38:CB:BA:3F:0B:CD:26:18:5B
Certificate issuer:       /CN=97915ba80d3ed704524681488a72be991fa670dc
Certificate serial:       019321962BDFC9BD7302728BC50544A345C0
Authority key identifier: 97:91:5B:A8:0D:3E:D7:04:52:46:81:48:8A:72:BE:99:1F:A6:70:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l5FbqA0-1wRSRoFIinK-mR-mcNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/870bf0-9166-4f60-a603-707b0a38b1e0/1/ozfgmDpQj1CQ_MQ4y7o_C80mGFs.roa
Signing time:             Tue 12 Nov 2024 18:15:09 +0000
ROA not before:           Tue 12 Nov 2024 18:15:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48955
IP address blocks:        91.193.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/870bf0-9166-4f60-a603-707b0a38b1e0/1/l5FbqA0-1wRSRoFIinK-mR-mcNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/870bf0-9166-4f60-a603-707b0a38b1e0/1/l5FbqA0-1wRSRoFIinK-mR-mcNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l5FbqA0-1wRSRoFIinK-mR-mcNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:21:96:2b:df:c9:bd:73:02:72:8b:c5:05:44:a3:45:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97915ba80d3ed704524681488a72be991fa670dc
        Validity
            Not Before: Nov 12 18:15:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a337e0983a508f5090fcc438cbba3f0bcd26185b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:57:ef:7d:11:9a:90:36:ab:9b:dc:f8:af:ec:
                    85:7b:f8:bb:97:36:ea:08:00:08:d1:2e:aa:8a:2b:
                    b7:9b:10:9d:31:ed:41:ee:c3:07:81:93:78:07:50:
                    d6:75:33:e4:03:49:22:cd:ee:22:68:24:d9:a6:cb:
                    8a:14:ac:dd:57:39:9c:89:0d:f2:4c:fc:d5:33:66:
                    48:79:15:25:67:50:cd:be:9f:4e:b5:75:80:7e:c4:
                    ad:ae:aa:94:a4:a1:80:f9:82:81:2b:38:6f:32:31:
                    75:73:df:45:3d:88:a8:d3:02:80:d8:92:3b:2e:cc:
                    7d:6b:67:16:54:43:95:df:a1:2c:65:d1:d3:54:4c:
                    16:6d:69:4e:24:8d:e7:88:4b:09:3d:32:30:7d:33:
                    20:e1:07:58:3f:e1:76:c0:59:69:ce:a2:ce:68:f2:
                    45:6d:25:69:c6:c2:85:98:4a:0f:40:59:17:98:bb:
                    d0:78:6b:b9:dd:4a:b4:a1:d8:a8:6c:c6:8e:71:99:
                    9d:70:cb:c5:de:14:82:d1:7a:ec:27:0e:0c:6c:68:
                    30:45:8e:0c:63:81:b6:4e:00:72:5b:06:d7:80:ea:
                    4d:84:18:ec:a9:f8:c1:e9:97:0c:03:05:4d:60:ed:
                    97:c3:72:f5:72:f0:e9:e2:95:a7:09:e3:e8:c8:43:
                    e5:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:37:E0:98:3A:50:8F:50:90:FC:C4:38:CB:BA:3F:0B:CD:26:18:5B
            X509v3 Authority Key Identifier:
                keyid:97:91:5B:A8:0D:3E:D7:04:52:46:81:48:8A:72:BE:99:1F:A6:70:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l5FbqA0-1wRSRoFIinK-mR-mcNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/870bf0-9166-4f60-a603-707b0a38b1e0/1/ozfgmDpQj1CQ_MQ4y7o_C80mGFs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/870bf0-9166-4f60-a603-707b0a38b1e0/1/l5FbqA0-1wRSRoFIinK-mR-mcNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.193.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:ba:a3:a7:e4:df:8a:bf:c6:b7:0c:b5:66:b5:df:6e:d6:f7:
         cf:f7:43:c9:de:69:89:ca:a6:39:53:ed:54:9e:66:97:4d:eb:
         36:54:91:e0:b2:cb:35:b6:82:97:aa:c7:20:dd:ed:67:4a:81:
         f7:5a:73:85:dc:95:2f:dc:f9:eb:62:63:7f:ea:ec:36:a6:0d:
         75:19:57:69:af:50:53:20:79:9c:1b:7b:96:bb:b7:e6:97:b8:
         72:e5:ae:6b:10:3e:09:12:21:8c:95:1e:09:92:38:c5:bb:1b:
         2a:0d:c3:c0:04:34:b8:21:9b:27:3b:85:c4:04:e6:f6:d3:b2:
         b5:3d:98:c1:5e:88:a6:90:c4:d9:02:ff:e9:3f:35:51:6c:4a:
         77:48:7a:6d:fb:a5:64:5c:c0:58:6e:60:bd:f5:4b:ae:88:42:
         ec:00:06:4c:66:68:42:e3:77:bd:be:60:44:48:c8:0e:df:6e:
         6d:5f:60:1e:20:f3:1e:27:82:ed:d2:4a:e9:77:83:1e:4a:d2:
         2c:f4:5b:72:8f:04:4a:8e:3b:41:f4:cf:0e:2c:3b:a9:93:6c:
         26:05:a1:b7:b0:56:aa:ba:50:54:43:fa:31:11:b6:a8:fd:a2:
         65:6d:22:27:99:5f:a7:37:6b:2a:e4:e3:40:f1:6b:eb:50:e0:
         93:a0:8b:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMhlivfyb1zAnKLxQVEo0XAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3OTE1YmE4MGQzZWQ3MDQ1MjQ2ODE0ODhhNzJiZTk5MWZh
NjcwZGMwHhcNMjQxMTEyMTgxNTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzM3ZTA5ODNhNTA4ZjUwOTBmY2M0MzhjYmJhM2YwYmNkMjYxODViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5lfvfRGakDarm9z4r+yFe/i7lzbq
CAAI0S6qiiu3mxCdMe1B7sMHgZN4B1DWdTPkA0kize4iaCTZpsuKFKzdVzmciQ3y
TPzVM2ZIeRUlZ1DNvp9OtXWAfsStrqqUpKGA+YKBKzhvMjF1c99FPYio0wKA2JI7
Lsx9a2cWVEOV36EsZdHTVEwWbWlOJI3niEsJPTIwfTMg4QdYP+F2wFlpzqLOaPJF
bSVpxsKFmEoPQFkXmLvQeGu53Uq0odiobMaOcZmdcMvF3hSC0XrsJw4MbGgwRY4M
Y4G2TgByWwbXgOpNhBjsqfjB6ZcMAwVNYO2Xw3L1cvDp4pWnCePoyEPl4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKM34Jg6UI9QkPzEOMu6PwvNJhhbMB8GA1UdIwQY
MBaAFJeRW6gNPtcEUkaBSIpyvpkfpnDcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDVGYnFBMC0xd1JTUm9GSWluSy1tUi1tY053LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS84NzBiZjAtOTE2Ni00ZjYwLWE2MDMt
NzA3YjBhMzhiMWUwLzEvb3pmZ21EcFFqMUNRX01RNHk3b19DODBtR0ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS84NzBiZjAtOTE2Ni00ZjYwLWE2MDMtNzA3YjBhMzhiMWUw
LzEvbDVGYnFBMC0xd1JTUm9GSWluSy1tUi1tY053LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8EYMA0G
CSqGSIb3DQEBCwUAA4IBAQBeuqOn5N+Kv8a3DLVmtd9u1vfP90PJ3mmJyqY5U+1U
nmaXTes2VJHgsss1toKXqscg3e1nSoH3WnOF3JUv3PnrYmN/6uw2pg11GVdpr1BT
IHmcG3uWu7fml7hy5a5rED4JEiGMlR4JkjjFuxsqDcPABDS4IZsnO4XEBOb207K1
PZjBXoimkMTZAv/pPzVRbEp3SHpt+6VkXMBYbmC99UuuiELsAAZMZmhC43e9vmBE
SMgO325tX2AeIPMeJ4Lt0krpd4MeStIs9FtyjwRKjjtB9M8OLDupk2wmBaG3sFaq
ulBUQ/oxEbao/aJlbSInmV+nN2sq5ONA8WvrUOCToItC
-----END CERTIFICATE-----