Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/89f845-5765-4c11-92cd-8472ca40f7a7/1/Ir82nJAUNwbu-AoKyYfR_v_HXhk.roa
File:                     Ir82nJAUNwbu-AoKyYfR_v_HXhk.roa (raw, json)
Hash identifier:          JjYNWRDUkhf9ZkOB/xLLCe/MdYBpHsNFj7eMvAriwf4=
Subject key identifier:   22:BF:36:9C:90:14:37:06:EE:F8:0A:0A:C9:87:D1:FE:FF:C7:5E:19
Certificate issuer:       /CN=23d14afe8750213c280e5b68befb18866f79497f
Certificate serial:       019376C7DCD503E61D02070697E85C99BE53
Authority key identifier: 23:D1:4A:FE:87:50:21:3C:28:0E:5B:68:BE:FB:18:86:6F:79:49:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I9FK_odQITwoDltovvsYhm95SX8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/89f845-5765-4c11-92cd-8472ca40f7a7/1/Ir82nJAUNwbu-AoKyYfR_v_HXhk.roa
Signing time:             Fri 29 Nov 2024 07:17:09 +0000
ROA not before:           Fri 29 Nov 2024 07:17:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200410
IP address blocks:        91.103.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/89f845-5765-4c11-92cd-8472ca40f7a7/1/I9FK_odQITwoDltovvsYhm95SX8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/89f845-5765-4c11-92cd-8472ca40f7a7/1/I9FK_odQITwoDltovvsYhm95SX8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I9FK_odQITwoDltovvsYhm95SX8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:76:c7:dc:d5:03:e6:1d:02:07:06:97:e8:5c:99:be:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23d14afe8750213c280e5b68befb18866f79497f
        Validity
            Not Before: Nov 29 07:17:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22bf369c90143706eef80a0ac987d1feffc75e19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:e6:14:80:cb:6e:c8:55:a0:70:c6:b3:f2:8a:
                    9e:83:3a:d3:a3:df:34:da:f8:61:2f:fe:43:61:90:
                    ab:12:dc:a3:57:e2:08:ca:5f:d8:25:f3:4a:de:a7:
                    76:c5:ec:59:7b:72:54:c9:c9:95:7c:31:12:d7:af:
                    4e:84:cd:29:26:ed:89:28:2f:19:0a:9b:d0:3f:20:
                    b9:e9:d3:ac:32:6f:a3:6a:79:46:97:a6:77:cc:a9:
                    fc:2d:ab:55:04:6d:85:f4:bf:1f:73:7d:99:ba:97:
                    6f:12:25:0c:e9:ef:61:4e:ad:82:ea:8a:d9:a8:d7:
                    26:6f:a1:57:4c:93:2e:46:98:9f:04:d5:99:6e:57:
                    3a:b5:20:82:89:77:88:9d:0d:7b:fb:1f:a7:16:3c:
                    f7:f0:8b:04:2d:b9:73:74:01:c9:04:90:c7:a3:f0:
                    9b:0b:43:c1:70:ca:a4:70:22:51:e5:65:3e:7a:2c:
                    04:d0:a8:f1:2b:8f:64:87:c5:11:1c:ba:c5:c3:90:
                    eb:35:e1:6d:4d:aa:0a:4f:4e:de:10:79:ed:14:21:
                    a8:9b:ef:ee:11:b3:1a:67:a3:65:6b:8f:8c:d6:c7:
                    16:e5:e6:d1:95:aa:4b:9e:3f:dc:01:70:c0:c3:ba:
                    f5:ee:4f:e0:3c:f2:3a:0b:69:7e:cb:35:a9:6c:c9:
                    d5:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:BF:36:9C:90:14:37:06:EE:F8:0A:0A:C9:87:D1:FE:FF:C7:5E:19
            X509v3 Authority Key Identifier:
                keyid:23:D1:4A:FE:87:50:21:3C:28:0E:5B:68:BE:FB:18:86:6F:79:49:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I9FK_odQITwoDltovvsYhm95SX8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/89f845-5765-4c11-92cd-8472ca40f7a7/1/Ir82nJAUNwbu-AoKyYfR_v_HXhk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/89f845-5765-4c11-92cd-8472ca40f7a7/1/I9FK_odQITwoDltovvsYhm95SX8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.103.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:49:b9:be:ea:ee:ae:cf:da:e6:f8:d9:84:82:29:07:d8:c3:
         1d:ba:af:8b:67:20:c8:8f:f6:6d:2b:e2:5e:58:7f:3a:1d:90:
         3c:af:e6:51:01:90:a4:0b:8e:e6:8e:c6:b8:44:c2:da:99:70:
         a7:5e:4b:77:c7:7b:4e:2a:ab:64:65:5c:8b:b0:00:b7:03:08:
         29:19:a1:66:09:87:c5:a0:b1:c3:22:a0:cb:3c:2a:d1:eb:d7:
         3a:1d:a7:8b:38:f4:91:27:54:84:5b:98:11:53:66:ab:0b:24:
         50:b6:63:8c:c5:3b:6b:c7:b5:77:31:fa:3b:6f:c6:30:82:0a:
         bd:24:a5:af:6f:72:a7:0c:b6:bd:95:70:16:55:41:dd:fd:9e:
         59:00:76:a8:ca:f0:e0:57:85:49:70:e8:32:e3:fd:44:a3:0c:
         8a:92:36:b4:06:5a:e7:e7:c9:d2:36:43:bf:c0:7e:4a:b4:69:
         42:33:d5:08:38:bb:bd:32:0c:a9:3d:31:d0:05:17:ad:65:43:
         65:cc:80:2b:7e:65:61:24:f7:81:e0:69:f6:4e:0b:fd:20:49:
         27:b1:d8:ff:35:61:cf:3e:ab:68:46:16:dd:be:32:9a:f4:3a:
         66:76:72:c9:a9:16:d1:c2:10:04:b5:53:ad:c9:1d:83:be:b0:
         76:4e:8b:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZN2x9zVA+YdAgcGl+hcmb5TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzZDE0YWZlODc1MDIxM2MyODBlNWI2OGJlZmIxODg2NmY3
OTQ5N2YwHhcNMjQxMTI5MDcxNzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmJmMzY5YzkwMTQzNzA2ZWVmODBhMGFjOTg3ZDFmZWZmYzc1ZTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsuYUgMtuyFWgcMaz8oqegzrTo980
2vhhL/5DYZCrEtyjV+IIyl/YJfNK3qd2xexZe3JUycmVfDES169OhM0pJu2JKC8Z
CpvQPyC56dOsMm+janlGl6Z3zKn8LatVBG2F9L8fc32ZupdvEiUM6e9hTq2C6orZ
qNcmb6FXTJMuRpifBNWZblc6tSCCiXeInQ17+x+nFjz38IsELblzdAHJBJDHo/Cb
C0PBcMqkcCJR5WU+eiwE0KjxK49kh8URHLrFw5DrNeFtTaoKT07eEHntFCGom+/u
EbMaZ6Nla4+M1scW5ebRlapLnj/cAXDAw7r17k/gPPI6C2l+yzWpbMnV0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCK/NpyQFDcG7vgKCsmH0f7/x14ZMB8GA1UdIwQY
MBaAFCPRSv6HUCE8KA5baL77GIZveUl/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTlGS19vZFFJVHdvRGx0b3Z2c1lobTk1U1g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS84OWY4NDUtNTc2NS00YzExLTkyY2Qt
ODQ3MmNhNDBmN2E3LzEvSXI4Mm5KQVVOd2J1LUFvS3lZZlJfdl9IWGhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS84OWY4NDUtNTc2NS00YzExLTkyY2QtODQ3MmNhNDBmN2E3
LzEvSTlGS19vZFFJVHdvRGx0b3Z2c1lobTk1U1g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2eKMA0G
CSqGSIb3DQEBCwUAA4IBAQAwSbm+6u6uz9rm+NmEgikH2MMduq+LZyDIj/ZtK+Je
WH86HZA8r+ZRAZCkC47mjsa4RMLamXCnXkt3x3tOKqtkZVyLsAC3AwgpGaFmCYfF
oLHDIqDLPCrR69c6HaeLOPSRJ1SEW5gRU2arCyRQtmOMxTtrx7V3Mfo7b8Ywggq9
JKWvb3KnDLa9lXAWVUHd/Z5ZAHaoyvDgV4VJcOgy4/1EowyKkja0Blrn58nSNkO/
wH5KtGlCM9UIOLu9MgypPTHQBRetZUNlzIArfmVhJPeB4Gn2Tgv9IEknsdj/NWHP
PqtoRhbdvjKa9DpmdnLJqRbRwhAEtVOtyR2DvrB2Tot5
-----END CERTIFICATE-----