Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/e9203d-cdcf-4f23-a3bf-f449bad29855/1/0SqHgFeBiCzRMzCgEc-NdFaAIpE.roa
File:                     0SqHgFeBiCzRMzCgEc-NdFaAIpE.roa (raw, json)
Hash identifier:          h7NAvOJNv423UgyyUDEeZXdGag07fg4ylUoBX4NppEE=
Subject key identifier:   D1:2A:87:80:57:81:88:2C:D1:33:30:A0:11:CF:8D:74:56:80:22:91
Certificate issuer:       /CN=d70af942465ff265b896f0d1b762490f27dc322c
Certificate serial:       018CC56EF7E20FD5A3ABEE697091CE25342F
Authority key identifier: D7:0A:F9:42:46:5F:F2:65:B8:96:F0:D1:B7:62:49:0F:27:DC:32:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1wr5QkZf8mW4lvDRt2JJDyfcMiw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/e9203d-cdcf-4f23-a3bf-f449bad29855/1/0SqHgFeBiCzRMzCgEc-NdFaAIpE.roa
Signing time:             Mon 01 Jan 2024 14:30:33 +0000
ROA not before:           Mon 01 Jan 2024 14:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30417
IP address blocks:        91.208.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/e9203d-cdcf-4f23-a3bf-f449bad29855/1/1wr5QkZf8mW4lvDRt2JJDyfcMiw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/e9203d-cdcf-4f23-a3bf-f449bad29855/1/1wr5QkZf8mW4lvDRt2JJDyfcMiw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1wr5QkZf8mW4lvDRt2JJDyfcMiw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:f7:e2:0f:d5:a3:ab:ee:69:70:91:ce:25:34:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d70af942465ff265b896f0d1b762490f27dc322c
        Validity
            Not Before: Jan  1 14:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d12a87805781882cd13330a011cf8d7456802291
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:35:c4:0c:d8:dc:10:47:66:4e:5e:9d:11:0b:
                    43:4d:a4:a4:ac:76:70:2b:74:37:35:a5:f6:7d:4d:
                    97:80:70:73:a1:ae:e0:9e:8e:3b:77:6c:79:f7:6b:
                    46:f4:fd:b1:60:84:cb:30:79:f8:51:c2:9e:e9:06:
                    ff:f0:9d:ea:72:7d:4a:2b:01:6c:a3:e3:2e:b1:6d:
                    e1:f3:88:20:81:89:4f:04:57:26:93:e6:05:7c:d3:
                    5a:87:54:c4:0d:c9:cc:93:c2:de:1d:fc:77:d1:ae:
                    8f:c0:4c:0c:02:dc:ca:65:52:2a:b1:70:06:5e:ae:
                    b5:eb:25:e1:7e:67:1f:f4:b1:90:5b:84:d1:a8:8a:
                    9c:f8:28:01:cf:f7:11:3e:ca:26:2a:09:6e:f7:98:
                    a8:3c:6f:d9:61:e1:05:c7:cf:7c:6e:27:da:d3:78:
                    7e:ea:1e:ab:f0:ca:63:e1:9f:3e:ef:5f:8a:b9:0e:
                    c4:1d:3b:e0:3d:59:43:a5:95:02:9b:c6:4a:a5:95:
                    30:77:f7:b3:ad:b4:13:79:6f:7b:da:4b:1e:f1:75:
                    c6:a7:31:3e:21:00:20:c3:2b:d7:bd:21:61:0d:42:
                    db:29:6c:40:de:a8:75:cc:06:c6:c5:d4:fa:dc:f3:
                    02:91:49:a3:f7:52:18:73:e8:bc:5a:ab:fa:c2:25:
                    a0:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:2A:87:80:57:81:88:2C:D1:33:30:A0:11:CF:8D:74:56:80:22:91
            X509v3 Authority Key Identifier:
                keyid:D7:0A:F9:42:46:5F:F2:65:B8:96:F0:D1:B7:62:49:0F:27:DC:32:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1wr5QkZf8mW4lvDRt2JJDyfcMiw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/e9203d-cdcf-4f23-a3bf-f449bad29855/1/0SqHgFeBiCzRMzCgEc-NdFaAIpE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/e9203d-cdcf-4f23-a3bf-f449bad29855/1/1wr5QkZf8mW4lvDRt2JJDyfcMiw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:61:ff:56:dc:09:df:99:5e:41:6f:a4:a1:40:74:94:1f:3d:
         8a:96:e5:6f:b5:ba:90:d1:46:47:cb:ca:4d:b2:20:6f:4c:46:
         3a:2d:aa:84:66:0c:55:74:95:18:3e:d1:ad:47:5e:5c:87:84:
         31:a5:79:4e:ac:c8:59:bb:1b:0c:da:04:b0:87:4d:61:6e:55:
         a0:ee:9e:f0:4f:ef:d0:64:5c:47:87:05:eb:da:d0:ee:7c:95:
         53:08:c2:b0:82:4a:11:d7:e4:2e:ed:e5:31:b9:79:1e:69:dc:
         b2:70:b4:66:4d:4d:c3:b9:fc:65:d4:1e:49:dd:a3:39:b9:e9:
         4a:50:b1:1a:3d:1e:74:0a:52:85:f4:94:05:6e:20:35:66:f5:
         45:2b:63:68:96:04:92:e2:94:99:35:36:1f:1c:4a:49:22:e3:
         51:8f:25:02:c7:eb:51:2b:63:b8:f7:4a:a1:51:cf:83:99:27:
         53:18:a4:a2:36:8a:e0:2e:5e:90:cd:e0:d5:95:27:d2:d6:f1:
         70:cc:a5:dd:ce:35:58:43:51:7d:91:72:20:6f:16:23:38:2e:
         2a:3d:f0:86:58:05:57:d8:d5:78:84:64:f4:2b:25:9c:6d:30:
         8b:13:9a:90:60:0b:ab:9c:9b:85:af:d9:e2:a3:a7:83:59:e4:
         15:e9:78:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbvfiD9Wjq+5pcJHOJTQvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MGFmOTQyNDY1ZmYyNjViODk2ZjBkMWI3NjI0OTBmMjdk
YzMyMmMwHhcNMjQwMTAxMTQzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTJhODc4MDU3ODE4ODJjZDEzMzMwYTAxMWNmOGQ3NDU2ODAyMjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzXEDNjcEEdmTl6dEQtDTaSkrHZw
K3Q3NaX2fU2XgHBzoa7gno47d2x592tG9P2xYITLMHn4UcKe6Qb/8J3qcn1KKwFs
o+MusW3h84gggYlPBFcmk+YFfNNah1TEDcnMk8LeHfx30a6PwEwMAtzKZVIqsXAG
Xq616yXhfmcf9LGQW4TRqIqc+CgBz/cRPsomKglu95ioPG/ZYeEFx898bifa03h+
6h6r8Mpj4Z8+71+KuQ7EHTvgPVlDpZUCm8ZKpZUwd/ezrbQTeW972kse8XXGpzE+
IQAgwyvXvSFhDULbKWxA3qh1zAbGxdT63PMCkUmj91IYc+i8Wqv6wiWgrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNEqh4BXgYgs0TMwoBHPjXRWgCKRMB8GA1UdIwQY
MBaAFNcK+UJGX/JluJbw0bdiSQ8n3DIsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXdyNVFrWmY4bVc0bHZEUnQySkpEeWZjTWl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS9lOTIwM2QtY2RjZi00ZjIzLWEzYmYt
ZjQ0OWJhZDI5ODU1LzEvMFNxSGdGZUJpQ3pSTXpDZ0VjLU5kRmFBSXBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS9lOTIwM2QtY2RjZi00ZjIzLWEzYmYtZjQ0OWJhZDI5ODU1
LzEvMXdyNVFrWmY4bVc0bHZEUnQySkpEeWZjTWl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9D8MA0G
CSqGSIb3DQEBCwUAA4IBAQBWYf9W3AnfmV5Bb6ShQHSUHz2KluVvtbqQ0UZHy8pN
siBvTEY6LaqEZgxVdJUYPtGtR15ch4QxpXlOrMhZuxsM2gSwh01hblWg7p7wT+/Q
ZFxHhwXr2tDufJVTCMKwgkoR1+Qu7eUxuXkeadyycLRmTU3Dufxl1B5J3aM5uelK
ULEaPR50ClKF9JQFbiA1ZvVFK2NolgSS4pSZNTYfHEpJIuNRjyUCx+tRK2O490qh
Uc+DmSdTGKSiNorgLl6QzeDVlSfS1vFwzKXdzjVYQ1F9kXIgbxYjOC4qPfCGWAVX
2NV4hGT0KyWcbTCLE5qQYAurnJuFr9nio6eDWeQV6XjX
-----END CERTIFICATE-----