Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/949b8b-cd51-4370-ae7d-38f8ed0001ed/1/dTai_6VE8y2p-JoMxYx7ikADCCk.roa
File:                     dTai_6VE8y2p-JoMxYx7ikADCCk.roa (raw, json)
Hash identifier:          beCu4eOSDQ5HmBM7uVvrqgzKmxYG4PoSHprgHHRssaE=
Subject key identifier:   75:36:A2:FF:A5:44:F3:2D:A9:F8:9A:0C:C5:8C:7B:8A:40:03:08:29
Certificate issuer:       /CN=2065ced829c011cdb5abb381c164782ded1627e0
Certificate serial:       019251036081E20F0FDD658CAB197485C1F9
Authority key identifier: 20:65:CE:D8:29:C0:11:CD:B5:AB:B3:81:C1:64:78:2D:ED:16:27:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IGXO2CnAEc21q7OBwWR4Le0WJ-A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/949b8b-cd51-4370-ae7d-38f8ed0001ed/1/dTai_6VE8y2p-JoMxYx7ikADCCk.roa
Signing time:             Thu 03 Oct 2024 06:13:48 +0000
ROA not before:           Thu 03 Oct 2024 06:13:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31027
IP address blocks:        91.224.174.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/949b8b-cd51-4370-ae7d-38f8ed0001ed/1/IGXO2CnAEc21q7OBwWR4Le0WJ-A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/949b8b-cd51-4370-ae7d-38f8ed0001ed/1/IGXO2CnAEc21q7OBwWR4Le0WJ-A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IGXO2CnAEc21q7OBwWR4Le0WJ-A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:51:03:60:81:e2:0f:0f:dd:65:8c:ab:19:74:85:c1:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2065ced829c011cdb5abb381c164782ded1627e0
        Validity
            Not Before: Oct  3 06:13:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7536a2ffa544f32da9f89a0cc58c7b8a40030829
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:14:73:72:5a:fc:37:9f:f6:81:ca:63:65:bb:
                    1f:18:b3:f5:fc:43:c5:86:a2:e7:a2:67:18:4e:24:
                    8b:d9:a7:13:63:82:c3:29:0f:63:01:3c:3c:bc:b5:
                    85:59:87:d1:a2:3e:27:ae:6b:90:f5:fc:96:63:2d:
                    7e:26:9e:46:89:87:2b:ae:69:1b:cc:58:f5:18:e2:
                    f1:3c:b9:33:03:1e:c1:2e:60:21:f1:1b:8a:99:0c:
                    70:f0:d7:e6:37:ca:3e:f7:a6:9d:2e:ea:9e:c6:cc:
                    da:9b:fa:24:7d:00:c7:90:8d:db:bc:e6:99:e9:80:
                    7b:86:1e:9e:44:43:e7:62:f9:2e:e8:78:87:20:ed:
                    0c:32:62:8b:70:4d:6a:d0:94:fe:18:df:11:09:3f:
                    05:48:e2:19:fa:86:c9:df:82:eb:d8:5c:8f:17:17:
                    d4:a8:2a:14:5e:61:3f:f1:9f:33:7c:bd:b7:c4:2a:
                    3d:48:62:f9:94:b8:b8:46:f5:57:25:5a:23:d6:2f:
                    a7:87:29:cd:fc:ec:d5:6b:57:85:00:56:04:23:3e:
                    e4:bb:bd:c3:db:74:11:87:d1:15:46:bc:e3:88:6b:
                    0f:7a:56:61:7a:43:73:ae:7f:8d:7a:c1:82:46:a5:
                    76:3f:96:0b:9c:32:0a:74:2f:97:19:d8:c8:64:63:
                    76:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:36:A2:FF:A5:44:F3:2D:A9:F8:9A:0C:C5:8C:7B:8A:40:03:08:29
            X509v3 Authority Key Identifier:
                keyid:20:65:CE:D8:29:C0:11:CD:B5:AB:B3:81:C1:64:78:2D:ED:16:27:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IGXO2CnAEc21q7OBwWR4Le0WJ-A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/949b8b-cd51-4370-ae7d-38f8ed0001ed/1/dTai_6VE8y2p-JoMxYx7ikADCCk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/949b8b-cd51-4370-ae7d-38f8ed0001ed/1/IGXO2CnAEc21q7OBwWR4Le0WJ-A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.174.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8a:07:07:3c:54:4d:f8:d5:de:a9:f8:0a:b9:f7:a0:fa:95:2f:
         08:01:43:f2:29:2d:62:67:ce:fe:d3:a9:0c:52:55:05:96:8d:
         67:33:59:ee:e4:44:91:55:26:4d:56:ae:84:6b:6e:72:83:cf:
         d7:f5:b6:d9:a3:0c:cc:c0:ec:55:06:4a:45:b8:04:b2:f4:f4:
         b0:6d:84:31:69:5f:e4:0f:12:20:ee:69:4b:4e:99:79:1c:ee:
         75:71:dd:a4:42:32:18:58:37:7b:c5:b8:c7:2c:7d:31:74:1c:
         2c:73:aa:b0:aa:23:7d:ed:f5:47:57:67:c3:1d:81:54:3c:57:
         c8:1d:53:d4:9c:5f:fe:5d:59:84:fc:56:84:d3:38:80:cf:45:
         d9:b3:ee:53:7a:b6:65:0e:f9:9f:03:88:d3:6a:b7:b4:15:e9:
         20:df:8d:c0:ba:5f:a7:5c:c6:21:c6:b4:34:f0:46:b6:eb:c3:
         a7:29:05:a1:27:b1:31:1c:39:3d:42:85:f3:a5:2b:2b:3b:aa:
         3a:e8:1c:07:f9:e8:9b:74:c6:b5:28:b1:4d:d6:a2:69:58:8c:
         3c:d7:c0:f8:00:42:89:49:97:2d:94:28:cf:56:e2:41:1d:a5:
         07:cc:33:34:20:e4:85:d0:16:c9:fb:03:cc:9f:4c:7b:c4:d6:
         35:12:b7:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJRA2CB4g8P3WWMqxl0hcH5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwNjVjZWQ4MjljMDExY2RiNWFiYjM4MWMxNjQ3ODJkZWQx
NjI3ZTAwHhcNMjQxMDAzMDYxMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTM2YTJmZmE1NDRmMzJkYTlmODlhMGNjNThjN2I4YTQwMDMwODI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzxRzclr8N5/2gcpjZbsfGLP1/EPF
hqLnomcYTiSL2acTY4LDKQ9jATw8vLWFWYfRoj4nrmuQ9fyWYy1+Jp5GiYcrrmkb
zFj1GOLxPLkzAx7BLmAh8RuKmQxw8NfmN8o+96adLuqexszam/okfQDHkI3bvOaZ
6YB7hh6eREPnYvku6HiHIO0MMmKLcE1q0JT+GN8RCT8FSOIZ+obJ34Lr2FyPFxfU
qCoUXmE/8Z8zfL23xCo9SGL5lLi4RvVXJVoj1i+nhynN/OzVa1eFAFYEIz7ku73D
23QRh9EVRrzjiGsPelZhekNzrn+NesGCRqV2P5YLnDIKdC+XGdjIZGN2YQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHU2ov+lRPMtqfiaDMWMe4pAAwgpMB8GA1UdIwQY
MBaAFCBlztgpwBHNtauzgcFkeC3tFifgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUdYTzJDbkFFYzIxcTdPQndXUjRMZTBXSi1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy85NDliOGItY2Q1MS00MzcwLWFlN2Qt
MzhmOGVkMDAwMWVkLzEvZFRhaV82VkU4eTJwLUpvTXhZeDdpa0FEQ0NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy85NDliOGItY2Q1MS00MzcwLWFlN2QtMzhmOGVkMDAwMWVk
LzEvSUdYTzJDbkFFYzIxcTdPQndXUjRMZTBXSi1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+CuMA0G
CSqGSIb3DQEBCwUAA4IBAQCKBwc8VE341d6p+Aq596D6lS8IAUPyKS1iZ87+06kM
UlUFlo1nM1nu5ESRVSZNVq6Ea25yg8/X9bbZowzMwOxVBkpFuASy9PSwbYQxaV/k
DxIg7mlLTpl5HO51cd2kQjIYWDd7xbjHLH0xdBwsc6qwqiN97fVHV2fDHYFUPFfI
HVPUnF/+XVmE/FaE0ziAz0XZs+5TerZlDvmfA4jTare0Fekg343Aul+nXMYhxrQ0
8Ea268OnKQWhJ7ExHDk9QoXzpSsrO6o66BwH+eibdMa1KLFN1qJpWIw818D4AEKJ
SZctlCjPVuJBHaUHzDM0IOSF0BbJ+wPMn0x7xNY1Erc3
-----END CERTIFICATE-----