Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/5da375-99a9-4329-9d29-cec8931ce631/1/yfXJQT3HT8RGmciybK7GjhMLKEo.roa
File:                     yfXJQT3HT8RGmciybK7GjhMLKEo.roa (raw, json)
Hash identifier:          ctTxVWiZDMUoc7GPk/CTTM/TSP36vf0o8VduPxsf0wU=
Subject key identifier:   C9:F5:C9:41:3D:C7:4F:C4:46:99:C8:B2:6C:AE:C6:8E:13:0B:28:4A
Certificate issuer:       /CN=ad5c2e74c6d46cc73c98a4c16087a8a3b3a6f759
Certificate serial:       0191742FE9EBE6AE91F1169C17DF04609E2D
Authority key identifier: AD:5C:2E:74:C6:D4:6C:C7:3C:98:A4:C1:60:87:A8:A3:B3:A6:F7:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rVwudMbUbMc8mKTBYIeoo7Om91k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/5da375-99a9-4329-9d29-cec8931ce631/1/yfXJQT3HT8RGmciybK7GjhMLKEo.roa
Signing time:             Wed 21 Aug 2024 09:06:22 +0000
ROA not before:           Wed 21 Aug 2024 09:06:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212384
IP address blocks:        45.91.32.0/24 maxlen: 24
                          45.91.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/5da375-99a9-4329-9d29-cec8931ce631/1/rVwudMbUbMc8mKTBYIeoo7Om91k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/5da375-99a9-4329-9d29-cec8931ce631/1/rVwudMbUbMc8mKTBYIeoo7Om91k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rVwudMbUbMc8mKTBYIeoo7Om91k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 15:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:74:2f:e9:eb:e6:ae:91:f1:16:9c:17:df:04:60:9e:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad5c2e74c6d46cc73c98a4c16087a8a3b3a6f759
        Validity
            Not Before: Aug 21 09:06:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9f5c9413dc74fc44699c8b26caec68e130b284a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:ab:32:7e:25:a9:fe:b7:c1:15:33:77:43:a6:
                    b3:fb:f4:f5:00:08:36:18:1c:96:74:a7:73:a0:8b:
                    15:c6:ed:77:1e:9a:66:e4:5a:54:8d:bc:d3:ac:87:
                    fe:d9:a2:4c:a3:a5:b8:7b:1b:92:e7:78:bd:94:43:
                    c3:ad:de:79:ed:95:f1:86:ad:59:b5:d3:d7:26:4a:
                    16:55:7b:e0:69:56:6f:0d:a7:44:70:f5:bc:c8:29:
                    e1:7c:29:5a:be:58:4a:60:fc:72:23:00:1f:b7:4c:
                    df:8b:dc:e1:c9:10:31:be:7b:69:61:c3:e0:7d:f7:
                    72:64:71:4a:5d:1f:00:ed:d7:50:d4:9b:a1:69:da:
                    ff:fd:74:7f:cf:db:9e:3a:a6:7a:df:c4:f2:b2:96:
                    e0:d6:b2:ba:f9:a5:46:98:e5:12:d3:c4:6f:d2:ff:
                    6c:89:02:d8:b3:ce:ae:5d:1c:c6:ad:b4:6a:ff:c8:
                    c2:e3:88:21:d6:86:6a:53:8c:4d:17:12:0a:e4:fa:
                    da:9b:13:78:2f:6b:5f:90:1b:5c:8d:a5:1d:69:19:
                    d5:22:2f:68:5f:d2:2e:9d:ce:77:ca:26:99:b1:e8:
                    71:b1:54:92:a0:76:9d:62:fc:f0:3e:88:50:d2:ac:
                    20:1b:ba:e6:c1:28:3c:23:c1:b4:5c:64:7b:2f:a1:
                    bd:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:F5:C9:41:3D:C7:4F:C4:46:99:C8:B2:6C:AE:C6:8E:13:0B:28:4A
            X509v3 Authority Key Identifier:
                keyid:AD:5C:2E:74:C6:D4:6C:C7:3C:98:A4:C1:60:87:A8:A3:B3:A6:F7:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rVwudMbUbMc8mKTBYIeoo7Om91k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/5da375-99a9-4329-9d29-cec8931ce631/1/yfXJQT3HT8RGmciybK7GjhMLKEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/5da375-99a9-4329-9d29-cec8931ce631/1/rVwudMbUbMc8mKTBYIeoo7Om91k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.32.0/24
                  45.91.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:bf:1e:37:6c:10:6d:ca:64:4c:a2:29:b4:88:7a:16:1e:f7:
         81:a1:ed:c6:01:32:60:75:f9:b7:cf:22:0e:aa:f4:42:ca:a1:
         8c:32:28:38:8a:29:d0:b6:55:c4:88:1f:26:5c:83:4d:af:fa:
         b4:37:3f:e3:a9:0a:42:d0:cc:2b:b5:de:a6:e6:ba:36:7e:f3:
         f0:2d:fe:6f:30:ea:e6:99:88:4a:37:e5:c3:41:6c:23:95:0f:
         11:36:81:c9:79:37:8c:6b:4f:fb:ef:d3:cc:d8:7f:b6:68:92:
         80:d2:07:a2:1a:4b:75:b6:bb:0c:f1:3d:02:fc:69:f5:71:1b:
         0b:93:36:a5:1a:5a:4e:f5:51:3f:c7:8c:b7:b1:1a:32:93:38:
         ff:3c:ac:ed:3f:db:62:79:1f:ef:d5:66:6d:37:cf:0a:b6:32:
         aa:fa:d4:f4:e1:1c:37:28:e8:3c:15:40:3b:05:70:a8:8c:0c:
         64:c9:65:c9:c7:bc:c4:fd:61:8e:d3:43:40:16:34:29:36:20:
         64:29:d2:53:53:e5:a3:54:42:e9:d3:eb:8a:8d:b8:df:8c:1f:
         de:6e:2f:53:75:35:81:7b:e8:19:9d:80:e5:b0:25:f7:31:a3:
         38:cb:a3:e7:16:12:a5:1b:e3:45:25:8d:46:3d:a6:27:e6:f0:
         79:ef:3a:3d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZF0L+nr5q6R8RacF98EYJ4tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkNWMyZTc0YzZkNDZjYzczYzk4YTRjMTYwODdhOGEzYjNh
NmY3NTkwHhcNMjQwODIxMDkwNjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWY1Yzk0MTNkYzc0ZmM0NDY5OWM4YjI2Y2FlYzY4ZTEzMGIyODRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0qsyfiWp/rfBFTN3Q6az+/T1AAg2
GByWdKdzoIsVxu13Hppm5FpUjbzTrIf+2aJMo6W4exuS53i9lEPDrd557ZXxhq1Z
tdPXJkoWVXvgaVZvDadEcPW8yCnhfClavlhKYPxyIwAft0zfi9zhyRAxvntpYcPg
ffdyZHFKXR8A7ddQ1Juhadr//XR/z9ueOqZ638Tyspbg1rK6+aVGmOUS08Rv0v9s
iQLYs86uXRzGrbRq/8jC44gh1oZqU4xNFxIK5PramxN4L2tfkBtcjaUdaRnVIi9o
X9Iunc53yiaZsehxsVSSoHadYvzwPohQ0qwgG7rmwSg8I8G0XGR7L6G96QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMn1yUE9x0/ERpnIsmyuxo4TCyhKMB8GA1UdIwQY
MBaAFK1cLnTG1GzHPJikwWCHqKOzpvdZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclZ3dWRNYlViTWM4bUtUQllJZW9vN09tOTFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC81ZGEzNzUtOTlhOS00MzI5LTlkMjkt
Y2VjODkzMWNlNjMxLzEveWZYSlFUM0hUOFJHbWNpeWJLN0dqaE1MS0VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC81ZGEzNzUtOTlhOS00MzI5LTlkMjktY2VjODkzMWNlNjMx
LzEvclZ3dWRNYlViTWM4bUtUQllJZW9vN09tOTFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVsgAwQA
LVsiMA0GCSqGSIb3DQEBCwUAA4IBAQA9vx43bBBtymRMoim0iHoWHveBoe3GATJg
dfm3zyIOqvRCyqGMMig4iinQtlXEiB8mXINNr/q0Nz/jqQpC0Mwrtd6m5ro2fvPw
Lf5vMOrmmYhKN+XDQWwjlQ8RNoHJeTeMa0/779PM2H+2aJKA0geiGkt1trsM8T0C
/Gn1cRsLkzalGlpO9VE/x4y3sRoykzj/PKztP9tieR/v1WZtN88KtjKq+tT04Rw3
KOg8FUA7BXCojAxkyWXJx7zE/WGO00NAFjQpNiBkKdJTU+WjVELp0+uKjbjfjB/e
bi9TdTWBe+gZnYDlsCX3MaM4y6PnFhKlG+NFJY1GPaYn5vB57zo9
-----END CERTIFICATE-----