Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/8ef740-1052-49ec-a409-e615493117d2/1/Ij0njqk33184S3YZPsGZATyJ-9U.roa
File:                     Ij0njqk33184S3YZPsGZATyJ-9U.roa (raw, json)
Hash identifier:          QPZsef/iNir3j9mlo9VaywKZzSOWhkSiEG2elWhq4rM=
Subject key identifier:   22:3D:27:8E:A9:37:DF:5F:38:4B:76:19:3E:C1:99:01:3C:89:FB:D5
Certificate issuer:       /CN=3befe50a40fb1732541e8a97450ab5de774771d8
Certificate serial:       01916FFC2AF568BEC983DBFFF336DF45685B
Authority key identifier: 3B:EF:E5:0A:40:FB:17:32:54:1E:8A:97:45:0A:B5:DE:77:47:71:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O-_lCkD7FzJUHoqXRQq13ndHcdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/8ef740-1052-49ec-a409-e615493117d2/1/Ij0njqk33184S3YZPsGZATyJ-9U.roa
Signing time:             Tue 20 Aug 2024 13:31:22 +0000
ROA not before:           Tue 20 Aug 2024 13:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212217
IP address blocks:        91.238.194.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/8ef740-1052-49ec-a409-e615493117d2/1/O-_lCkD7FzJUHoqXRQq13ndHcdg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/8ef740-1052-49ec-a409-e615493117d2/1/O-_lCkD7FzJUHoqXRQq13ndHcdg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O-_lCkD7FzJUHoqXRQq13ndHcdg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:6f:fc:2a:f5:68:be:c9:83:db:ff:f3:36:df:45:68:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3befe50a40fb1732541e8a97450ab5de774771d8
        Validity
            Not Before: Aug 20 13:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=223d278ea937df5f384b76193ec199013c89fbd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:e1:67:5a:45:36:cc:d8:06:5a:71:81:1b:f9:
                    8f:4a:17:8f:a8:0b:46:b5:69:27:69:82:26:9d:a6:
                    d1:5c:55:01:fd:2e:71:ba:70:85:ff:f9:5a:70:ba:
                    b4:e4:6c:d1:c0:57:98:c0:55:bc:11:36:4a:b5:19:
                    b3:fd:c0:15:42:39:5c:12:5f:a2:4c:66:65:30:00:
                    be:31:db:8a:ca:4c:2b:2a:d7:54:0a:13:b5:6f:74:
                    c4:cc:10:89:46:3b:a1:07:7c:74:e2:3c:38:1c:ca:
                    da:bd:d2:49:81:4f:b0:34:ab:ca:c3:6b:9c:c6:4e:
                    3b:79:5b:dd:95:2f:24:dc:b3:1c:38:9a:ae:5a:05:
                    8e:ae:b5:5d:0f:41:01:d3:87:1f:ec:ea:3a:aa:fd:
                    29:a9:77:9b:50:f9:24:fe:4a:13:c5:b6:2b:d5:d3:
                    60:74:d4:ed:14:a6:89:e3:2e:81:cb:a8:7c:7b:60:
                    39:f3:99:c2:1f:7c:e5:63:7a:f3:f5:48:a9:16:a9:
                    8d:c9:60:4b:dd:6d:11:26:12:2f:7d:08:71:a5:7e:
                    40:78:39:30:58:13:20:64:e0:cb:a6:ff:de:7d:12:
                    71:36:1c:fd:51:87:94:79:e5:53:43:6f:86:9a:ea:
                    43:1d:34:ad:a3:db:dc:ff:75:d2:47:03:e9:b8:60:
                    ed:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:3D:27:8E:A9:37:DF:5F:38:4B:76:19:3E:C1:99:01:3C:89:FB:D5
            X509v3 Authority Key Identifier:
                keyid:3B:EF:E5:0A:40:FB:17:32:54:1E:8A:97:45:0A:B5:DE:77:47:71:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O-_lCkD7FzJUHoqXRQq13ndHcdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/8ef740-1052-49ec-a409-e615493117d2/1/Ij0njqk33184S3YZPsGZATyJ-9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/8ef740-1052-49ec-a409-e615493117d2/1/O-_lCkD7FzJUHoqXRQq13ndHcdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:00:0d:38:60:46:37:75:5f:30:32:4d:29:0c:86:ae:31:32:
         05:b7:b7:98:06:45:79:08:d1:ea:aa:08:cf:60:43:7a:da:6a:
         89:ac:7a:07:d5:f4:ee:6a:75:b1:58:6a:d6:47:26:29:04:b0:
         b1:5b:88:c5:2d:c8:04:9f:46:21:8c:71:fb:ee:95:e3:bf:13:
         6a:f5:32:1a:66:7f:7f:ed:8b:eb:6c:4d:63:64:b4:5b:cc:c0:
         82:bf:a5:38:70:15:a0:5f:c4:b2:46:f7:9f:0e:09:8c:5f:2d:
         20:ea:68:8e:21:c9:65:21:af:87:29:77:16:40:72:b6:83:a1:
         b7:12:f7:3f:16:54:f0:6c:96:fe:6e:f5:b7:c7:69:24:b6:3a:
         b2:53:35:bf:a2:04:82:98:c5:88:95:36:ce:e1:92:13:f0:82:
         b7:09:55:25:d3:65:74:e6:02:76:60:59:ed:b2:59:50:25:69:
         37:41:50:25:ec:24:0e:24:4c:85:d2:0d:5b:2d:b9:c8:39:5e:
         fd:e2:8a:c9:0f:6f:82:1b:e7:24:39:ce:0a:86:41:bf:27:0a:
         81:4f:f9:fe:2f:e9:79:47:4d:4b:53:bc:93:68:93:f6:17:db:
         93:73:5b:a0:0b:19:91:17:dd:71:50:5d:d2:d8:a8:60:25:fc:
         90:49:79:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFv/Cr1aL7Jg9v/8zbfRWhbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiZWZlNTBhNDBmYjE3MzI1NDFlOGE5NzQ1MGFiNWRlNzc0
NzcxZDgwHhcNMjQwODIwMTMzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjNkMjc4ZWE5MzdkZjVmMzg0Yjc2MTkzZWMxOTkwMTNjODlmYmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmuFnWkU2zNgGWnGBG/mPShePqAtG
tWknaYImnabRXFUB/S5xunCF//lacLq05GzRwFeYwFW8ETZKtRmz/cAVQjlcEl+i
TGZlMAC+MduKykwrKtdUChO1b3TEzBCJRjuhB3x04jw4HMravdJJgU+wNKvKw2uc
xk47eVvdlS8k3LMcOJquWgWOrrVdD0EB04cf7Oo6qv0pqXebUPkk/koTxbYr1dNg
dNTtFKaJ4y6By6h8e2A585nCH3zlY3rz9UipFqmNyWBL3W0RJhIvfQhxpX5AeDkw
WBMgZODLpv/efRJxNhz9UYeUeeVTQ2+GmupDHTSto9vc/3XSRwPpuGDtmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCI9J46pN99fOEt2GT7BmQE8ifvVMB8GA1UdIwQY
MBaAFDvv5QpA+xcyVB6Kl0UKtd53R3HYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTy1fbENrRDdGekpVSG9xWFJRcTEzbmRIY2RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi84ZWY3NDAtMTA1Mi00OWVjLWE0MDkt
ZTYxNTQ5MzExN2QyLzEvSWowbmpxazMzMTg0UzNZWlBzR1pBVHlKLTlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi84ZWY3NDAtMTA1Mi00OWVjLWE0MDktZTYxNTQ5MzExN2Qy
LzEvTy1fbENrRDdGekpVSG9xWFJRcTEzbmRIY2RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+7CMA0G
CSqGSIb3DQEBCwUAA4IBAQCVAA04YEY3dV8wMk0pDIauMTIFt7eYBkV5CNHqqgjP
YEN62mqJrHoH1fTuanWxWGrWRyYpBLCxW4jFLcgEn0YhjHH77pXjvxNq9TIaZn9/
7YvrbE1jZLRbzMCCv6U4cBWgX8SyRvefDgmMXy0g6miOIcllIa+HKXcWQHK2g6G3
Evc/FlTwbJb+bvW3x2kktjqyUzW/ogSCmMWIlTbO4ZIT8IK3CVUl02V05gJ2YFnt
sllQJWk3QVAl7CQOJEyF0g1bLbnIOV794orJD2+CG+ckOc4KhkG/JwqBT/n+L+l5
R01LU7yTaJP2F9uTc1ugCxmRF91xUF3S2KhgJfyQSXl7
-----END CERTIFICATE-----