Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/sfdG8RhRd9gI3fUavxac4_LYaH0.roa
File:                     sfdG8RhRd9gI3fUavxac4_LYaH0.roa (raw, json)
Hash identifier:          QJznNOPadrpHjx3g+fatbWOWcmX/wcnaY3dBh+YulEE=
Subject key identifier:   B1:F7:46:F1:18:51:77:D8:08:DD:F5:1A:BF:16:9C:E3:F2:D8:68:7D
Certificate issuer:       /CN=d3c35bc9b7f8550be3e467c54a9d3a66e2443bd4
Certificate serial:       0192E9930E452F2DBEFB8128B8A9EFCBE109
Authority key identifier: D3:C3:5B:C9:B7:F8:55:0B:E3:E4:67:C5:4A:9D:3A:66:E2:44:3B:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/08Nbybf4VQvj5GfFSp06ZuJEO9Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/sfdG8RhRd9gI3fUavxac4_LYaH0.roa
Signing time:             Fri 01 Nov 2024 21:13:01 +0000
ROA not before:           Fri 01 Nov 2024 21:13:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     135402
IP address blocks:        91.246.55.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/08Nbybf4VQvj5GfFSp06ZuJEO9Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/08Nbybf4VQvj5GfFSp06ZuJEO9Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/08Nbybf4VQvj5GfFSp06ZuJEO9Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e9:93:0e:45:2f:2d:be:fb:81:28:b8:a9:ef:cb:e1:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3c35bc9b7f8550be3e467c54a9d3a66e2443bd4
        Validity
            Not Before: Nov  1 21:13:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1f746f1185177d808ddf51abf169ce3f2d8687d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:71:1a:9f:2b:ad:41:54:47:62:fe:a8:db:87:
                    89:42:57:1f:58:6f:7b:15:e0:f1:be:f2:e5:06:de:
                    f4:15:99:1c:ef:23:e3:81:9c:ab:b2:55:ce:44:f9:
                    2a:f0:d3:ac:14:1d:42:82:2b:7d:7d:f8:9a:d6:a3:
                    24:23:ab:06:26:1a:40:02:88:bb:fb:b7:c3:27:e1:
                    ea:8f:0e:d0:09:1b:f3:eb:1e:80:da:51:91:46:31:
                    12:03:64:d3:36:35:59:a7:49:20:a4:fc:88:8f:44:
                    71:aa:0b:09:a5:97:8e:1a:37:ae:97:15:d4:5e:00:
                    67:00:61:2d:a8:57:97:16:3d:f0:7d:35:1c:0e:20:
                    65:b9:5c:17:46:a4:d6:04:43:10:a3:a4:a7:64:b2:
                    b9:9a:ac:ef:6d:ce:49:55:f0:fd:93:58:7e:05:46:
                    1b:a8:7f:df:21:4b:36:5e:cb:06:97:a9:3d:6e:95:
                    54:f8:cf:fd:ed:09:1c:f1:41:2a:04:70:da:2a:39:
                    37:29:c5:81:07:1c:27:92:c2:b4:ee:e7:40:dc:69:
                    f8:df:c2:b6:5f:e1:e0:1f:7d:e5:5c:bc:d3:58:48:
                    10:db:d3:f8:b2:63:25:b5:a3:55:a4:59:a1:b9:8f:
                    96:15:39:44:f7:6b:42:ef:32:97:9f:47:9b:95:61:
                    aa:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:F7:46:F1:18:51:77:D8:08:DD:F5:1A:BF:16:9C:E3:F2:D8:68:7D
            X509v3 Authority Key Identifier:
                keyid:D3:C3:5B:C9:B7:F8:55:0B:E3:E4:67:C5:4A:9D:3A:66:E2:44:3B:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/08Nbybf4VQvj5GfFSp06ZuJEO9Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/sfdG8RhRd9gI3fUavxac4_LYaH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/08Nbybf4VQvj5GfFSp06ZuJEO9Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.246.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:d9:61:fa:61:f7:01:ef:f7:19:bd:6d:4a:ac:1c:45:5a:7d:
         dd:1d:cd:85:e8:1f:16:fb:91:87:2f:1b:e6:2f:50:fe:93:78:
         5f:9c:cc:8d:67:dc:bf:cc:41:10:60:1a:4a:94:63:e7:0d:6a:
         89:3c:97:1e:3d:58:ad:d4:ab:15:c0:fa:bd:87:ab:32:95:9d:
         b5:e3:79:cd:c9:95:90:d9:bc:96:d7:94:f5:13:96:ed:19:2c:
         24:1f:7d:eb:cc:10:d8:65:fe:82:5c:f9:99:34:59:30:49:44:
         93:35:7e:85:40:5e:aa:ce:15:4e:11:81:b8:3f:c5:8c:85:63:
         77:99:88:4f:ef:a8:5f:41:34:98:e5:33:5e:70:60:66:e1:d9:
         1e:b3:5c:9b:24:ef:e2:3a:28:2e:91:f6:c7:73:12:b6:71:10:
         68:78:f7:6a:c6:01:fe:84:a6:c1:e0:36:0b:a2:00:c8:01:f9:
         4a:fd:60:e7:a4:9c:af:aa:f2:ff:1a:29:2d:40:7e:67:42:34:
         4b:14:d6:06:31:aa:35:bc:95:a1:91:c1:fe:5b:b9:d3:76:e8:
         e3:6f:8d:34:7a:33:10:ea:34:7b:b9:5b:40:c7:ec:e1:71:70:
         7d:2c:67:d5:cb:40:6e:c1:ca:a3:b4:a9:45:6f:44:ce:0d:e9:
         0a:d9:d4:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLpkw5FLy2++4EouKnvy+EJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYzM1YmM5YjdmODU1MGJlM2U0NjdjNTRhOWQzYTY2ZTI0
NDNiZDQwHhcNMjQxMTAxMjExMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWY3NDZmMTE4NTE3N2Q4MDhkZGY1MWFiZjE2OWNlM2YyZDg2ODdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmnEanyutQVRHYv6o24eJQlcfWG97
FeDxvvLlBt70FZkc7yPjgZyrslXORPkq8NOsFB1Cgit9ffia1qMkI6sGJhpAAoi7
+7fDJ+Hqjw7QCRvz6x6A2lGRRjESA2TTNjVZp0kgpPyIj0RxqgsJpZeOGjeulxXU
XgBnAGEtqFeXFj3wfTUcDiBluVwXRqTWBEMQo6SnZLK5mqzvbc5JVfD9k1h+BUYb
qH/fIUs2XssGl6k9bpVU+M/97Qkc8UEqBHDaKjk3KcWBBxwnksK07udA3Gn438K2
X+HgH33lXLzTWEgQ29P4smMltaNVpFmhuY+WFTlE92tC7zKXn0eblWGqqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLH3RvEYUXfYCN31Gr8WnOPy2Gh9MB8GA1UdIwQY
MBaAFNPDW8m3+FUL4+RnxUqdOmbiRDvUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDhOYnliZjRWUXZqNUdmRlNwMDZadUpFTzlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy84YmE4YmItYzFjMC00ZDM1LTkwYTct
Y2RhNWMzNzY2ZjAzLzEvc2ZkRzhSaFJkOWdJM2ZVYXZ4YWM0X0xZYUgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy84YmE4YmItYzFjMC00ZDM1LTkwYTctY2RhNWMzNzY2ZjAz
LzEvMDhOYnliZjRWUXZqNUdmRlNwMDZadUpFTzlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/Y3MA0G
CSqGSIb3DQEBCwUAA4IBAQA42WH6YfcB7/cZvW1KrBxFWn3dHc2F6B8W+5GHLxvm
L1D+k3hfnMyNZ9y/zEEQYBpKlGPnDWqJPJcePVit1KsVwPq9h6sylZ2143nNyZWQ
2byW15T1E5btGSwkH33rzBDYZf6CXPmZNFkwSUSTNX6FQF6qzhVOEYG4P8WMhWN3
mYhP76hfQTSY5TNecGBm4dkes1ybJO/iOigukfbHcxK2cRBoePdqxgH+hKbB4DYL
ogDIAflK/WDnpJyvqvL/GiktQH5nQjRLFNYGMao1vJWhkcH+W7nTdujjb400ejMQ
6jR7uVtAx+zhcXB9LGfVy0BuwcqjtKlFb0TODekK2dSJ
-----END CERTIFICATE-----