Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/9183d4-0779-49c4-96f7-8202a467d753/1/Vij9kWTTMdVr0KoR9iCmyiP1xZU.roa
File:                     Vij9kWTTMdVr0KoR9iCmyiP1xZU.roa (raw, json)
Hash identifier:          rcjHhBt0ZSx11oiGkYVO9itg34bAhG/5unoT9d3Y9g4=
Subject key identifier:   56:28:FD:91:64:D3:31:D5:6B:D0:AA:11:F6:20:A6:CA:23:F5:C5:95
Certificate issuer:       /CN=de9461c211bf3551c5507c930b4204c6ec43b322
Certificate serial:       0194FE8DF0D08BCD4040D88DCFCB6086032A
Authority key identifier: DE:94:61:C2:11:BF:35:51:C5:50:7C:93:0B:42:04:C6:EC:43:B3:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3pRhwhG_NVHFUHyTC0IExuxDsyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/9183d4-0779-49c4-96f7-8202a467d753/1/Vij9kWTTMdVr0KoR9iCmyiP1xZU.roa
Signing time:             Thu 13 Feb 2025 09:05:02 +0000
ROA not before:           Thu 13 Feb 2025 09:05:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59117
IP address blocks:        91.193.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/9183d4-0779-49c4-96f7-8202a467d753/1/3pRhwhG_NVHFUHyTC0IExuxDsyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/9183d4-0779-49c4-96f7-8202a467d753/1/3pRhwhG_NVHFUHyTC0IExuxDsyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3pRhwhG_NVHFUHyTC0IExuxDsyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:fe:8d:f0:d0:8b:cd:40:40:d8:8d:cf:cb:60:86:03:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de9461c211bf3551c5507c930b4204c6ec43b322
        Validity
            Not Before: Feb 13 09:05:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5628fd9164d331d56bd0aa11f620a6ca23f5c595
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:9a:e3:89:02:d6:7a:5c:0f:bc:a3:8c:ae:98:
                    a9:36:8c:bc:e4:75:5f:5b:04:34:bd:03:25:3a:74:
                    00:23:e0:82:3f:35:5c:f6:17:5a:e7:df:47:13:2a:
                    9a:cd:5e:24:e2:1b:60:56:4b:27:01:d4:53:06:80:
                    24:4a:15:2d:2e:91:f2:9a:2b:e5:6c:3c:6a:b9:36:
                    34:09:b6:34:89:bf:22:6d:c1:fb:63:a5:78:5c:1c:
                    7a:42:59:8a:38:d2:fe:48:a6:d6:f2:4c:a0:6a:1b:
                    35:dd:67:58:a7:f2:10:10:b4:fd:89:a2:39:54:7e:
                    f4:45:5c:f1:e5:44:60:61:cd:36:f0:b7:4d:dc:f6:
                    92:72:42:83:b0:5c:3f:ad:29:13:e9:f1:d3:d1:65:
                    02:a6:51:4f:76:84:73:8d:bd:d9:87:bd:dc:8b:bb:
                    14:aa:41:70:a4:46:74:de:52:31:38:03:c2:13:17:
                    f8:59:0c:32:37:2c:17:84:42:b3:cf:67:6f:30:c7:
                    fa:4a:cb:4c:6d:f1:d0:7b:b9:62:cb:f3:11:ba:1f:
                    e5:d3:d8:cb:3c:5c:e8:40:7d:46:c5:a0:35:0c:04:
                    3a:70:92:de:83:29:52:40:63:b9:ea:35:26:13:13:
                    a2:43:6c:df:03:ad:97:ba:83:f8:4c:e1:ee:42:f1:
                    d6:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:28:FD:91:64:D3:31:D5:6B:D0:AA:11:F6:20:A6:CA:23:F5:C5:95
            X509v3 Authority Key Identifier:
                keyid:DE:94:61:C2:11:BF:35:51:C5:50:7C:93:0B:42:04:C6:EC:43:B3:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3pRhwhG_NVHFUHyTC0IExuxDsyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/9183d4-0779-49c4-96f7-8202a467d753/1/Vij9kWTTMdVr0KoR9iCmyiP1xZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/9183d4-0779-49c4-96f7-8202a467d753/1/3pRhwhG_NVHFUHyTC0IExuxDsyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.193.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:a4:f9:c8:60:0e:63:27:75:7e:b5:5b:68:fd:9c:ae:c6:7b:
         f3:11:75:6d:f2:c2:da:a9:f9:73:8c:a2:30:55:03:39:c0:0c:
         fc:09:57:59:aa:34:ea:8d:fb:43:89:08:45:e3:66:56:c7:d3:
         65:27:c2:e7:b9:44:2f:c4:19:51:07:66:59:55:26:9a:f9:46:
         eb:44:75:41:64:aa:c4:fb:07:ea:c3:32:45:bf:ae:7a:ad:7b:
         7f:1c:7c:24:40:f1:9b:f2:b1:6f:70:3b:bb:65:84:25:55:b4:
         33:ed:a9:d6:55:a9:a0:d4:5d:60:9f:b2:ae:cf:14:e4:fa:2f:
         66:e4:61:fe:09:a1:e5:10:5b:c4:8f:21:92:51:fa:dd:0e:3e:
         ef:6b:b2:aa:e7:a8:82:9e:bf:d9:ca:02:4f:d3:62:41:85:d0:
         d2:ef:75:ce:b9:77:30:76:da:c9:d8:de:18:31:84:61:0f:4c:
         22:8f:b6:94:ad:e0:72:fe:77:aa:06:c0:52:a3:91:6e:2f:7f:
         43:55:91:56:3a:0d:cf:da:d4:a0:6f:5d:e2:c6:6b:67:23:7a:
         d4:50:d2:b8:94:c8:c6:4b:7a:e0:f5:32:57:c6:3d:14:4f:03:
         71:e9:a2:c6:59:f4:04:32:06:7f:35:49:b8:bc:1c:48:19:55:
         bc:6e:0c:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZT+jfDQi81AQNiNz8tghgMqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlOTQ2MWMyMTFiZjM1NTFjNTUwN2M5MzBiNDIwNGM2ZWM0
M2IzMjIwHhcNMjUwMjEzMDkwNTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjI4ZmQ5MTY0ZDMzMWQ1NmJkMGFhMTFmNjIwYTZjYTIzZjVjNTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp5rjiQLWelwPvKOMrpipNoy85HVf
WwQ0vQMlOnQAI+CCPzVc9hda599HEyqazV4k4htgVksnAdRTBoAkShUtLpHymivl
bDxquTY0CbY0ib8ibcH7Y6V4XBx6QlmKONL+SKbW8kygahs13WdYp/IQELT9iaI5
VH70RVzx5URgYc028LdN3PaSckKDsFw/rSkT6fHT0WUCplFPdoRzjb3Zh73ci7sU
qkFwpEZ03lIxOAPCExf4WQwyNywXhEKzz2dvMMf6SstMbfHQe7liy/MRuh/l09jL
PFzoQH1GxaA1DAQ6cJLegylSQGO56jUmExOiQ2zfA62XuoP4TOHuQvHWAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFYo/ZFk0zHVa9CqEfYgpsoj9cWVMB8GA1UdIwQY
MBaAFN6UYcIRvzVRxVB8kwtCBMbsQ7MiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3BSaHdoR19OVkhGVUh5VEMwSUV4dXhEc3lJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy85MTgzZDQtMDc3OS00OWM0LTk2Zjct
ODIwMmE0NjdkNzUzLzEvVmlqOWtXVFRNZFZyMEtvUjlpQ215aVAxeFpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy85MTgzZDQtMDc3OS00OWM0LTk2ZjctODIwMmE0NjdkNzUz
LzEvM3BSaHdoR19OVkhGVUh5VEMwSUV4dXhEc3lJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8E7MA0G
CSqGSIb3DQEBCwUAA4IBAQBRpPnIYA5jJ3V+tVto/ZyuxnvzEXVt8sLaqflzjKIw
VQM5wAz8CVdZqjTqjftDiQhF42ZWx9NlJ8LnuUQvxBlRB2ZZVSaa+UbrRHVBZKrE
+wfqwzJFv656rXt/HHwkQPGb8rFvcDu7ZYQlVbQz7anWVamg1F1gn7KuzxTk+i9m
5GH+CaHlEFvEjyGSUfrdDj7va7Kq56iCnr/ZygJP02JBhdDS73XOuXcwdtrJ2N4Y
MYRhD0wij7aUreBy/neqBsBSo5FuL39DVZFWOg3P2tSgb13ixmtnI3rUUNK4lMjG
S3rg9TJXxj0UTwNx6aLGWfQEMgZ/NUm4vBxIGVW8bgzk
-----END CERTIFICATE-----