Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/9sLFWdRNnPWeZy7t30GGUlOx8Xo.roa
File:                     9sLFWdRNnPWeZy7t30GGUlOx8Xo.roa (raw, json)
Hash identifier:          LF4IELQGRLCqZGptijd0sELoKJwNxv50d6o/8LYG/ak=
Subject key identifier:   F6:C2:C5:59:D4:4D:9C:F5:9E:67:2E:ED:DF:41:86:52:53:B1:F1:7A
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       0192C37943AB6FF5C6598A40A81395C75DD8
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/9sLFWdRNnPWeZy7t30GGUlOx8Xo.roa
Signing time:             Fri 25 Oct 2024 11:39:17 +0000
ROA not before:           Fri 25 Oct 2024 11:39:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208751
IP address blocks:        91.210.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:c3:79:43:ab:6f:f5:c6:59:8a:40:a8:13:95:c7:5d:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Oct 25 11:39:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6c2c559d44d9cf59e672eeddf41865253b1f17a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:47:f1:1d:63:da:37:5c:82:28:c3:4e:b9:5f:
                    cb:71:32:93:4e:08:35:1e:8f:79:10:5e:19:bc:09:
                    2f:f0:a5:3a:45:e1:5e:94:99:0d:5e:ce:44:c1:47:
                    a4:f7:1e:5d:af:9c:3b:d4:c8:6c:2e:08:70:91:2a:
                    62:b5:23:b9:47:f7:8b:2d:66:5e:61:02:c8:c9:58:
                    1b:56:73:9c:d7:fe:91:56:e4:63:5f:e0:06:a4:c4:
                    31:8d:6e:83:0a:46:26:55:87:5b:00:d3:3a:dc:22:
                    b8:97:1d:5a:61:c8:72:92:25:d0:de:fc:d0:7e:a3:
                    fe:3b:73:ed:83:4a:4a:fb:0e:91:c1:68:f9:2f:6c:
                    3a:16:4d:d4:13:10:da:4b:c3:5e:0a:27:b3:63:82:
                    99:74:5a:d6:c5:10:f7:a7:69:58:05:bf:5f:f6:49:
                    c6:7a:e8:4c:b3:8b:91:60:c0:85:6c:b7:7f:56:41:
                    77:fb:28:75:8d:1e:5b:a8:bd:46:82:4b:c6:16:d2:
                    09:18:df:0d:7f:c1:28:87:f6:fc:76:c1:bb:c9:2b:
                    c7:15:85:ee:de:cd:02:b1:2f:3d:1d:64:f1:f0:d2:
                    d6:82:e6:5a:2d:5f:4c:83:fb:76:4e:74:ab:3a:d6:
                    54:98:4e:f6:41:cc:41:33:70:df:af:bf:cf:07:22:
                    b3:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:C2:C5:59:D4:4D:9C:F5:9E:67:2E:ED:DF:41:86:52:53:B1:F1:7A
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/9sLFWdRNnPWeZy7t30GGUlOx8Xo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.210.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:16:5f:9b:d4:23:3a:93:ad:12:8a:2d:cb:2b:4e:da:3d:4f:
         36:25:99:b1:f1:1d:60:a2:70:ee:ba:69:6d:45:97:37:0e:0e:
         6f:c7:5e:e0:09:02:5f:6c:aa:b6:b3:9f:e2:a6:a2:d9:03:fa:
         fd:ab:14:ec:d6:ce:a5:f6:a6:2a:1f:8d:ed:61:8b:80:65:ea:
         d5:eb:d8:85:4d:19:6a:94:2e:a4:3d:05:c9:2e:7e:e0:9a:33:
         83:2c:36:f5:75:9b:a1:e7:58:8f:82:c3:f8:e8:00:d7:fb:d0:
         9c:82:5b:38:65:44:98:f8:a2:c6:21:80:04:55:77:29:e8:83:
         d0:b8:ae:ab:9e:83:2a:49:af:d7:9a:8b:06:89:4d:a3:f5:6a:
         1e:2a:8b:e3:bb:72:44:d1:56:3f:6a:16:44:0e:98:93:78:e1:
         8b:01:eb:eb:2d:ee:56:d0:db:1a:a0:52:47:fa:6a:4b:95:50:
         99:80:ef:39:67:57:fd:be:9f:69:64:d2:75:49:8a:94:42:79:
         15:d8:e2:04:9f:e5:89:79:8b:85:c7:dd:cb:a3:f4:37:75:11:
         a9:99:6c:c5:08:4d:85:da:c6:e0:40:e1:6b:1a:23:df:4a:4a:
         e8:df:e4:8c:c6:53:e1:c1:3f:86:af:3c:1e:33:6b:4d:99:f8:
         c0:c6:a8:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLDeUOrb/XGWYpAqBOVx13YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjQxMDI1MTEzOTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmMyYzU1OWQ0NGQ5Y2Y1OWU2NzJlZWRkZjQxODY1MjUzYjFmMTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1UfxHWPaN1yCKMNOuV/LcTKTTgg1
Ho95EF4ZvAkv8KU6ReFelJkNXs5EwUek9x5dr5w71MhsLghwkSpitSO5R/eLLWZe
YQLIyVgbVnOc1/6RVuRjX+AGpMQxjW6DCkYmVYdbANM63CK4lx1aYchykiXQ3vzQ
fqP+O3Ptg0pK+w6RwWj5L2w6Fk3UExDaS8NeCiezY4KZdFrWxRD3p2lYBb9f9knG
euhMs4uRYMCFbLd/VkF3+yh1jR5bqL1GgkvGFtIJGN8Nf8Eoh/b8dsG7ySvHFYXu
3s0CsS89HWTx8NLWguZaLV9Mg/t2TnSrOtZUmE72QcxBM3Dfr7/PByKzuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPbCxVnUTZz1nmcu7d9BhlJTsfF6MB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvOXNMRldkUk5uUFdlWnk3dDMwR0dVbE94OFhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9KQMA0G
CSqGSIb3DQEBCwUAA4IBAQA1Fl+b1CM6k60Sii3LK07aPU82JZmx8R1gonDuumlt
RZc3Dg5vx17gCQJfbKq2s5/ipqLZA/r9qxTs1s6l9qYqH43tYYuAZerV69iFTRlq
lC6kPQXJLn7gmjODLDb1dZuh51iPgsP46ADX+9Ccgls4ZUSY+KLGIYAEVXcp6IPQ
uK6rnoMqSa/XmosGiU2j9WoeKovju3JE0VY/ahZEDpiTeOGLAevrLe5W0NsaoFJH
+mpLlVCZgO85Z1f9vp9pZNJ1SYqUQnkV2OIEn+WJeYuFx93Lo/Q3dRGpmWzFCE2F
2sbgQOFrGiPfSkro3+SMxlPhwT+GrzweM2tNmfjAxqjH
-----END CERTIFICATE-----