Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/5c3cfa-a363-40a4-bfa6-c29beb1a4734/1/tdh9ilB_ZIQpVoiJw_uO_J1m_Mc.roa
File:                     tdh9ilB_ZIQpVoiJw_uO_J1m_Mc.roa (raw, json)
Hash identifier:          I9BTK6afzCFGDST+1m8BjwCj8+6gfujAsCTQaBgf9jw=
Subject key identifier:   B5:D8:7D:8A:50:7F:64:84:29:56:88:89:C3:FB:8E:FC:9D:66:FC:C7
Certificate issuer:       /CN=8c20753dd51633aa2e17a92c59f4c4845d876cd3
Certificate serial:       01932EEA57E5EB105F14E65B014C707E07AB
Authority key identifier: 8C:20:75:3D:D5:16:33:AA:2E:17:A9:2C:59:F4:C4:84:5D:87:6C:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jCB1PdUWM6ouF6ksWfTEhF2HbNM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/5c3cfa-a363-40a4-bfa6-c29beb1a4734/1/tdh9ilB_ZIQpVoiJw_uO_J1m_Mc.roa
Signing time:             Fri 15 Nov 2024 08:22:10 +0000
ROA not before:           Fri 15 Nov 2024 08:22:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202081
IP address blocks:        91.222.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/5c3cfa-a363-40a4-bfa6-c29beb1a4734/1/jCB1PdUWM6ouF6ksWfTEhF2HbNM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/5c3cfa-a363-40a4-bfa6-c29beb1a4734/1/jCB1PdUWM6ouF6ksWfTEhF2HbNM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jCB1PdUWM6ouF6ksWfTEhF2HbNM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:2e:ea:57:e5:eb:10:5f:14:e6:5b:01:4c:70:7e:07:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c20753dd51633aa2e17a92c59f4c4845d876cd3
        Validity
            Not Before: Nov 15 08:22:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5d87d8a507f648429568889c3fb8efc9d66fcc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:50:64:83:44:4c:37:0e:bf:d5:25:2f:1d:61:
                    dd:3a:21:19:03:13:9d:fb:96:85:8a:db:0b:f8:4b:
                    48:b8:4d:05:11:31:d6:6b:6e:66:b1:1d:7f:d0:aa:
                    a7:14:c3:dd:7d:61:25:03:07:76:00:03:be:f0:95:
                    da:c8:9d:86:8b:af:ba:0c:bb:0a:6a:90:66:4f:df:
                    7d:cf:bd:d7:d4:78:e9:df:2f:f8:f3:1c:8a:0a:ab:
                    c7:36:84:a3:19:1c:69:da:f5:52:d6:5f:65:d0:f1:
                    3b:a3:48:7a:13:c8:54:af:3c:67:27:c7:c3:df:81:
                    03:c8:5f:0e:60:00:58:a1:61:a7:d3:42:11:69:15:
                    d6:b0:1b:fb:54:b5:38:19:b5:1d:40:37:d0:7c:e6:
                    cd:1d:ee:76:09:f9:9e:74:a0:83:49:78:22:4c:52:
                    91:bc:1b:64:92:58:66:45:76:a3:ad:1e:bf:d5:1c:
                    54:ff:c5:85:0b:9e:48:0a:c0:d7:72:cf:5e:a7:84:
                    62:f4:0e:35:5a:0d:bc:bc:ab:e5:f7:7b:24:46:29:
                    35:df:54:f7:ec:7a:e8:d7:96:63:6a:e5:50:33:b5:
                    9e:88:00:f0:e2:11:e3:10:00:72:35:98:6c:ed:ac:
                    65:de:14:2b:e0:46:82:bf:2f:eb:5d:c8:81:5b:58:
                    30:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:D8:7D:8A:50:7F:64:84:29:56:88:89:C3:FB:8E:FC:9D:66:FC:C7
            X509v3 Authority Key Identifier:
                keyid:8C:20:75:3D:D5:16:33:AA:2E:17:A9:2C:59:F4:C4:84:5D:87:6C:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jCB1PdUWM6ouF6ksWfTEhF2HbNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/5c3cfa-a363-40a4-bfa6-c29beb1a4734/1/tdh9ilB_ZIQpVoiJw_uO_J1m_Mc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/5c3cfa-a363-40a4-bfa6-c29beb1a4734/1/jCB1PdUWM6ouF6ksWfTEhF2HbNM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.222.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:dd:36:a8:00:d1:4f:1a:1b:a5:bf:2e:44:8e:44:6e:39:49:
         9b:54:0d:aa:9f:01:cb:5c:e4:05:af:c8:d8:b0:6e:b5:57:7b:
         7b:0b:33:e2:48:09:6b:7e:f3:a8:f4:7a:98:1f:7e:f2:b7:c8:
         24:b2:0b:b3:dc:0f:d7:f1:da:b5:cb:84:42:0d:cd:9c:28:6e:
         2d:e7:45:e9:46:1a:78:1a:b8:5a:a1:4e:c6:3a:1c:28:61:ca:
         3e:17:0f:72:ec:6d:7a:bd:09:3c:95:5f:a5:f7:b9:a5:5a:23:
         24:39:f1:da:bf:3f:04:be:ff:00:be:24:3c:b5:2a:15:24:5c:
         76:34:29:4d:98:70:0b:65:4a:14:45:88:2b:31:3c:1c:29:05:
         f7:37:98:70:10:55:5a:63:82:b4:dd:fa:5f:15:19:2b:05:6f:
         3b:64:61:20:d0:0f:dd:2b:83:b3:67:f9:89:58:a7:1c:d7:60:
         b2:5c:78:a0:e8:d5:72:64:3f:d6:0b:a9:71:85:ef:ad:82:f9:
         a2:6a:8c:64:f1:42:a6:a5:fa:d5:26:bb:31:64:f9:17:72:07:
         66:d0:73:39:ad:61:c8:95:c0:6a:cc:21:95:f2:ad:76:e5:d5:
         e7:9d:18:18:5a:0f:15:4e:59:79:f5:2e:3b:78:11:49:66:b8:
         23:ea:df:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMu6lfl6xBfFOZbAUxwfgerMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjMjA3NTNkZDUxNjMzYWEyZTE3YTkyYzU5ZjRjNDg0NWQ4
NzZjZDMwHhcNMjQxMTE1MDgyMjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWQ4N2Q4YTUwN2Y2NDg0Mjk1Njg4ODljM2ZiOGVmYzlkNjZmY2M3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1Bkg0RMNw6/1SUvHWHdOiEZAxOd
+5aFitsL+EtIuE0FETHWa25msR1/0KqnFMPdfWElAwd2AAO+8JXayJ2Gi6+6DLsK
apBmT999z73X1Hjp3y/48xyKCqvHNoSjGRxp2vVS1l9l0PE7o0h6E8hUrzxnJ8fD
34EDyF8OYABYoWGn00IRaRXWsBv7VLU4GbUdQDfQfObNHe52CfmedKCDSXgiTFKR
vBtkklhmRXajrR6/1RxU/8WFC55ICsDXcs9ep4Ri9A41Wg28vKvl93skRik131T3
7Hro15ZjauVQM7WeiADw4hHjEAByNZhs7axl3hQr4EaCvy/rXciBW1gw1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLXYfYpQf2SEKVaIicP7jvydZvzHMB8GA1UdIwQY
MBaAFIwgdT3VFjOqLhepLFn0xIRdh2zTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakNCMVBkVVdNNm91RjZrc1dmVEVoRjJIYk5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS81YzNjZmEtYTM2My00MGE0LWJmYTYt
YzI5YmViMWE0NzM0LzEvdGRoOWlsQl9aSVFwVm9pSndfdU9fSjFtX01jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS81YzNjZmEtYTM2My00MGE0LWJmYTYtYzI5YmViMWE0NzM0
LzEvakNCMVBkVVdNNm91RjZrc1dmVEVoRjJIYk5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW965MA0G
CSqGSIb3DQEBCwUAA4IBAQCw3TaoANFPGhulvy5EjkRuOUmbVA2qnwHLXOQFr8jY
sG61V3t7CzPiSAlrfvOo9HqYH37yt8gksguz3A/X8dq1y4RCDc2cKG4t50XpRhp4
GrhaoU7GOhwoYco+Fw9y7G16vQk8lV+l97mlWiMkOfHavz8Evv8AviQ8tSoVJFx2
NClNmHALZUoURYgrMTwcKQX3N5hwEFVaY4K03fpfFRkrBW87ZGEg0A/dK4OzZ/mJ
WKcc12CyXHig6NVyZD/WC6lxhe+tgvmiaoxk8UKmpfrVJrsxZPkXcgdm0HM5rWHI
lcBqzCGV8q125dXnnRgYWg8VTll59S47eBFJZrgj6t/j
-----END CERTIFICATE-----