Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/cc7843-d136-4ffb-8b99-836c312ac8c2/1/nIJY-in6mpaOCRR7RlpI-sTi86I.roa
File:                     nIJY-in6mpaOCRR7RlpI-sTi86I.roa (raw, json)
Hash identifier:          53Qd/Zg46jbn82l2ifyyoSY69dl83RzZs4IHwmQj558=
Subject key identifier:   9C:82:58:FA:29:FA:9A:96:8E:09:14:7B:46:5A:48:FA:C4:E2:F3:A2
Certificate issuer:       /CN=9ba94bc14937bb0b3632374355a446724104a981
Certificate serial:       01930B5FB3BFD8ACF6C1DFEBA3CFF63E1769
Authority key identifier: 9B:A9:4B:C1:49:37:BB:0B:36:32:37:43:55:A4:46:72:41:04:A9:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m6lLwUk3uws2MjdDVaRGckEEqYE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/cc7843-d136-4ffb-8b99-836c312ac8c2/1/nIJY-in6mpaOCRR7RlpI-sTi86I.roa
Signing time:             Fri 08 Nov 2024 10:44:01 +0000
ROA not before:           Fri 08 Nov 2024 10:44:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214280
IP address blocks:        91.196.32.0/24 maxlen: 24
                          91.196.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/cc7843-d136-4ffb-8b99-836c312ac8c2/1/m6lLwUk3uws2MjdDVaRGckEEqYE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/cc7843-d136-4ffb-8b99-836c312ac8c2/1/m6lLwUk3uws2MjdDVaRGckEEqYE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m6lLwUk3uws2MjdDVaRGckEEqYE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:0b:5f:b3:bf:d8:ac:f6:c1:df:eb:a3:cf:f6:3e:17:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ba94bc14937bb0b3632374355a446724104a981
        Validity
            Not Before: Nov  8 10:44:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c8258fa29fa9a968e09147b465a48fac4e2f3a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:e1:36:57:dd:2a:e2:79:81:08:3f:b7:ce:f1:
                    a5:54:bb:fc:79:f7:55:74:46:12:75:25:68:e5:87:
                    65:84:34:d1:51:63:0d:a2:07:83:3a:a3:fc:af:20:
                    b4:11:42:f0:1e:a4:14:0b:dc:27:80:02:4b:6e:bd:
                    d1:9c:b1:39:8a:a0:96:e8:8d:a5:fd:17:3d:27:07:
                    5c:20:4b:aa:7d:54:c9:9a:31:a0:23:0c:b8:ca:54:
                    bd:3b:fc:fb:56:72:d2:34:99:11:67:82:f4:2d:0e:
                    f8:96:84:b5:2d:87:19:64:fd:99:89:e4:07:a2:f5:
                    c4:93:8b:92:9c:3a:4a:e8:ca:28:a5:3c:a2:0d:e0:
                    84:6b:1f:79:61:61:73:e8:28:f8:d3:35:51:12:01:
                    0d:7c:6a:aa:dd:33:df:28:8c:1f:d5:1d:b1:5f:4a:
                    5c:ee:f6:be:e5:ce:21:17:95:f4:42:63:3a:99:78:
                    38:b6:6d:a6:d1:80:4c:74:81:37:aa:26:7b:18:38:
                    09:81:f7:2a:ce:f5:5e:0c:cd:5f:66:ef:ad:86:fe:
                    5f:b2:72:e0:35:8e:e2:e6:9c:92:a1:16:06:4e:54:
                    97:0c:ea:4d:17:18:da:13:f8:f6:24:06:52:39:b2:
                    1c:69:18:a4:96:ad:b4:b5:4c:ea:a7:1f:e6:a8:e2:
                    ae:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:82:58:FA:29:FA:9A:96:8E:09:14:7B:46:5A:48:FA:C4:E2:F3:A2
            X509v3 Authority Key Identifier:
                keyid:9B:A9:4B:C1:49:37:BB:0B:36:32:37:43:55:A4:46:72:41:04:A9:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m6lLwUk3uws2MjdDVaRGckEEqYE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/cc7843-d136-4ffb-8b99-836c312ac8c2/1/nIJY-in6mpaOCRR7RlpI-sTi86I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/cc7843-d136-4ffb-8b99-836c312ac8c2/1/m6lLwUk3uws2MjdDVaRGckEEqYE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.196.32.0/23

    Signature Algorithm: sha256WithRSAEncryption
         08:28:05:36:14:c8:1a:c0:bc:a5:81:2e:c2:b7:91:7e:11:90:
         94:8d:88:bb:b7:b1:1c:d7:a0:90:c0:e8:85:a5:45:62:a8:c0:
         9e:6b:80:3d:82:26:35:4e:25:0d:35:9e:72:cf:d7:41:1c:86:
         8c:d9:37:a1:8e:a3:a0:26:3d:39:31:c4:6e:a8:99:08:26:03:
         fa:64:8a:a6:ab:21:05:96:48:4b:00:36:ef:68:6f:c2:c4:42:
         a7:4e:4c:5e:e4:0e:98:a6:1a:82:67:38:f6:a5:be:86:93:71:
         71:90:32:c1:75:84:db:44:19:fb:f2:9e:c4:6b:5e:6b:36:5d:
         01:41:ef:6d:ca:b0:dc:41:34:76:17:53:8b:af:05:57:7d:64:
         01:41:69:38:0c:6d:38:6d:fc:b3:49:62:dd:ef:81:6a:b8:af:
         fa:ac:91:6c:9f:6e:88:af:a7:f3:2f:b6:d6:4a:ef:5a:e7:fd:
         c5:b0:af:b9:b5:19:c7:1f:7f:71:15:7c:68:84:7e:0f:8b:b6:
         67:1c:e6:81:0a:4a:aa:1a:b9:26:5a:a4:0f:55:41:6d:12:1d:
         4d:57:74:0f:a2:4b:67:c9:9f:42:56:42:11:09:a9:4e:3e:ac:
         24:7d:31:85:79:7f:9f:8c:c0:a0:cd:eb:3d:00:c9:46:93:1b:
         df:48:2a:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMLX7O/2Kz2wd/ro8/2PhdpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliYTk0YmMxNDkzN2JiMGIzNjMyMzc0MzU1YTQ0NjcyNDEw
NGE5ODEwHhcNMjQxMTA4MTA0NDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzgyNThmYTI5ZmE5YTk2OGUwOTE0N2I0NjVhNDhmYWM0ZTJmM2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvuE2V90q4nmBCD+3zvGlVLv8efdV
dEYSdSVo5YdlhDTRUWMNogeDOqP8ryC0EULwHqQUC9wngAJLbr3RnLE5iqCW6I2l
/Rc9JwdcIEuqfVTJmjGgIwy4ylS9O/z7VnLSNJkRZ4L0LQ74loS1LYcZZP2ZieQH
ovXEk4uSnDpK6MoopTyiDeCEax95YWFz6Cj40zVREgENfGqq3TPfKIwf1R2xX0pc
7va+5c4hF5X0QmM6mXg4tm2m0YBMdIE3qiZ7GDgJgfcqzvVeDM1fZu+thv5fsnLg
NY7i5pySoRYGTlSXDOpNFxjaE/j2JAZSObIcaRiklq20tUzqpx/mqOKumQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJyCWPop+pqWjgkUe0ZaSPrE4vOiMB8GA1UdIwQY
MBaAFJupS8FJN7sLNjI3Q1WkRnJBBKmBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTZsTHdVazN1d3MyTWpkRFZhUkdja0VFcVlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS9jYzc4NDMtZDEzNi00ZmZiLThiOTkt
ODM2YzMxMmFjOGMyLzEvbklKWS1pbjZtcGFPQ1JSN1JscEktc1RpODZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS9jYzc4NDMtZDEzNi00ZmZiLThiOTktODM2YzMxMmFjOGMy
LzEvbTZsTHdVazN1d3MyTWpkRFZhUkdja0VFcVlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8QgMA0G
CSqGSIb3DQEBCwUAA4IBAQAIKAU2FMgawLylgS7Ct5F+EZCUjYi7t7Ec16CQwOiF
pUViqMCea4A9giY1TiUNNZ5yz9dBHIaM2TehjqOgJj05McRuqJkIJgP6ZIqmqyEF
lkhLADbvaG/CxEKnTkxe5A6YphqCZzj2pb6Gk3FxkDLBdYTbRBn78p7Ea15rNl0B
Qe9tyrDcQTR2F1OLrwVXfWQBQWk4DG04bfyzSWLd74FquK/6rJFsn26Ir6fzL7bW
Su9a5/3FsK+5tRnHH39xFXxohH4Pi7ZnHOaBCkqqGrkmWqQPVUFtEh1NV3QPoktn
yZ9CVkIRCalOPqwkfTGFeX+fjMCgzes9AMlGkxvfSCrS
-----END CERTIFICATE-----