Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/d10841-7d44-46da-b29c-381f23f183d7/1/a9G_ckEJYM9G6DSczv-lBfSs3eY.roa
File:                     a9G_ckEJYM9G6DSczv-lBfSs3eY.roa (raw, json)
Hash identifier:          Ywnm8hsNBxwFdc5NA70gAtYFAt2GconeqcfFBEO8rHU=
Subject key identifier:   6B:D1:BF:72:41:09:60:CF:46:E8:34:9C:CE:FF:A5:05:F4:AC:DD:E6
Certificate issuer:       /CN=1a14445259732aa6736c248234465947fc2374d0
Certificate serial:       0192765F54DFC8C5854850C4144CA63D235D
Authority key identifier: 1A:14:44:52:59:73:2A:A6:73:6C:24:82:34:46:59:47:FC:23:74:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GhREUllzKqZzbCSCNEZZR_wjdNA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/d10841-7d44-46da-b29c-381f23f183d7/1/a9G_ckEJYM9G6DSczv-lBfSs3eY.roa
Signing time:             Thu 10 Oct 2024 12:20:12 +0000
ROA not before:           Thu 10 Oct 2024 12:20:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7029
IP address blocks:        91.214.160.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/d10841-7d44-46da-b29c-381f23f183d7/1/GhREUllzKqZzbCSCNEZZR_wjdNA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/d10841-7d44-46da-b29c-381f23f183d7/1/GhREUllzKqZzbCSCNEZZR_wjdNA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GhREUllzKqZzbCSCNEZZR_wjdNA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:76:5f:54:df:c8:c5:85:48:50:c4:14:4c:a6:3d:23:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a14445259732aa6736c248234465947fc2374d0
        Validity
            Not Before: Oct 10 12:20:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6bd1bf72410960cf46e8349cceffa505f4acdde6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:04:12:f0:43:89:73:3e:7e:54:9d:53:45:9e:
                    7f:49:c0:de:2f:27:08:ef:16:62:ff:96:dc:0e:9d:
                    fe:50:27:a2:f4:62:79:89:30:53:f8:b2:28:13:55:
                    7d:96:89:f5:f3:f3:fa:f9:2f:e5:f2:5b:31:b3:6d:
                    86:63:fc:50:c3:e1:61:2f:a3:85:3b:02:a1:e0:41:
                    47:15:dd:3a:ef:d7:ed:8c:84:78:ea:f3:70:49:18:
                    54:95:05:15:69:63:ea:38:0e:5f:7a:3b:8b:32:47:
                    ee:0a:17:5a:cb:1b:1b:9d:06:f8:bb:d2:e7:40:00:
                    93:eb:27:39:bc:66:81:18:5e:f4:a4:9a:f2:2e:ec:
                    6a:37:6a:16:e2:ad:db:d7:db:59:0a:ec:8b:43:a6:
                    7e:c3:4d:9b:d1:7a:99:8e:ca:f6:95:1d:78:b3:48:
                    75:ad:23:fc:3d:7e:42:a4:22:4f:2c:eb:6e:a3:3e:
                    e9:9a:5b:1a:55:19:57:6c:ce:0e:d0:9b:2a:eb:fe:
                    0c:a9:07:08:d4:27:a9:ae:27:f9:65:c4:0f:52:6d:
                    3a:f6:dc:6d:50:17:d1:5b:ee:c6:f1:8c:72:c8:6b:
                    7b:c5:c5:52:44:f3:2a:86:f0:42:88:57:cd:05:39:
                    60:9c:ba:eb:6a:54:20:d7:b2:be:b8:a9:50:54:0f:
                    db:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:D1:BF:72:41:09:60:CF:46:E8:34:9C:CE:FF:A5:05:F4:AC:DD:E6
            X509v3 Authority Key Identifier:
                keyid:1A:14:44:52:59:73:2A:A6:73:6C:24:82:34:46:59:47:FC:23:74:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GhREUllzKqZzbCSCNEZZR_wjdNA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/d10841-7d44-46da-b29c-381f23f183d7/1/a9G_ckEJYM9G6DSczv-lBfSs3eY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/d10841-7d44-46da-b29c-381f23f183d7/1/GhREUllzKqZzbCSCNEZZR_wjdNA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.214.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:cc:4d:5a:97:5e:e9:c9:1d:5f:9d:1c:7d:42:8b:ab:b1:fe:
         f2:1a:31:0b:c7:e6:5b:b8:d0:45:9e:6f:73:c3:6e:32:b4:95:
         8f:75:31:c1:ec:1c:aa:1f:ca:be:06:c4:1b:d5:60:4b:c0:79:
         5b:d0:cf:8f:12:e2:7e:e7:0b:90:e6:27:5d:6c:89:d9:3d:b5:
         68:d0:3d:6a:3a:59:25:f6:b0:d2:a0:9c:79:8f:53:3b:3f:e5:
         f6:9f:cd:37:f1:f2:90:9b:2c:8b:3f:34:26:15:ea:e5:6e:2c:
         b3:d8:5a:8d:56:31:3e:72:ce:19:13:c5:ba:87:c9:ee:ae:e7:
         12:99:f9:4c:37:31:3d:d9:f2:d9:52:f0:fc:7b:cf:b4:26:bf:
         9b:24:65:94:76:2a:02:1e:ac:6a:bb:04:85:5f:df:94:a9:cd:
         b3:42:ab:ae:94:ea:6f:6c:ab:11:ea:83:de:0b:86:e5:59:40:
         ff:00:db:72:02:8e:8c:84:22:a5:7d:36:07:dc:c4:8c:67:44:
         30:12:77:7d:d1:88:39:6f:54:d7:71:d3:8d:91:18:77:48:53:
         c7:23:9e:c6:54:bc:c9:ae:ad:42:d8:07:f4:ab:7b:53:a3:aa:
         36:8b:94:f3:9c:37:ec:15:68:aa:d4:da:6e:67:56:39:e2:1d:
         10:a1:9d:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJ2X1TfyMWFSFDEFEymPSNdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhMTQ0NDUyNTk3MzJhYTY3MzZjMjQ4MjM0NDY1OTQ3ZmMy
Mzc0ZDAwHhcNMjQxMDEwMTIyMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmQxYmY3MjQxMDk2MGNmNDZlODM0OWNjZWZmYTUwNWY0YWNkZGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAQS8EOJcz5+VJ1TRZ5/ScDeLycI
7xZi/5bcDp3+UCei9GJ5iTBT+LIoE1V9lon18/P6+S/l8lsxs22GY/xQw+FhL6OF
OwKh4EFHFd0679ftjIR46vNwSRhUlQUVaWPqOA5fejuLMkfuChdayxsbnQb4u9Ln
QACT6yc5vGaBGF70pJryLuxqN2oW4q3b19tZCuyLQ6Z+w02b0XqZjsr2lR14s0h1
rSP8PX5CpCJPLOtuoz7pmlsaVRlXbM4O0Jsq6/4MqQcI1Ceprif5ZcQPUm069txt
UBfRW+7G8YxyyGt7xcVSRPMqhvBCiFfNBTlgnLrralQg17K+uKlQVA/bQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGvRv3JBCWDPRug0nM7/pQX0rN3mMB8GA1UdIwQY
MBaAFBoURFJZcyqmc2wkgjRGWUf8I3TQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2hSRVVsbHpLcVp6YkNTQ05FWlpSX3dqZE5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9kMTA4NDEtN2Q0NC00NmRhLWIyOWMt
MzgxZjIzZjE4M2Q3LzEvYTlHX2NrRUpZTTlHNkRTY3p2LWxCZlNzM2VZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9kMTA4NDEtN2Q0NC00NmRhLWIyOWMtMzgxZjIzZjE4M2Q3
LzEvR2hSRVVsbHpLcVp6YkNTQ05FWlpSX3dqZE5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW9agMA0G
CSqGSIb3DQEBCwUAA4IBAQAJzE1al17pyR1fnRx9Qoursf7yGjELx+ZbuNBFnm9z
w24ytJWPdTHB7ByqH8q+BsQb1WBLwHlb0M+PEuJ+5wuQ5iddbInZPbVo0D1qOlkl
9rDSoJx5j1M7P+X2n8038fKQmyyLPzQmFerlbiyz2FqNVjE+cs4ZE8W6h8nurucS
mflMNzE92fLZUvD8e8+0Jr+bJGWUdioCHqxquwSFX9+Uqc2zQquulOpvbKsR6oPe
C4blWUD/ANtyAo6MhCKlfTYH3MSMZ0QwEnd90Yg5b1TXcdONkRh3SFPHI57GVLzJ
rq1C2Af0q3tTo6o2i5TznDfsFWiq1NpuZ1Y54h0QoZ0w
-----END CERTIFICATE-----