Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/GrQqPmlzs0u00qpkFjPCA1ig4XM.roa
File:                     GrQqPmlzs0u00qpkFjPCA1ig4XM.roa (raw, json)
Hash identifier:          S0/eXXYeX/VMfJ8nOtMZ3MpGPGNlWuqT2tvymmRbjSY=
Subject key identifier:   1A:B4:2A:3E:69:73:B3:4B:B4:D2:AA:64:16:33:C2:03:58:A0:E1:73
Certificate issuer:       /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial:       019232EA4DF646EF482494CDE740C00B8E8F
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/GrQqPmlzs0u00qpkFjPCA1ig4XM.roa
Signing time:             Fri 27 Sep 2024 09:57:49 +0000
ROA not before:           Fri 27 Sep 2024 09:57:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201909
IP address blocks:        91.223.117.0/24 maxlen: 24
                          91.233.201.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:32:ea:4d:f6:46:ef:48:24:94:cd:e7:40:c0:0b:8e:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
        Validity
            Not Before: Sep 27 09:57:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1ab42a3e6973b34bb4d2aa641633c20358a0e173
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:28:17:42:02:8d:6e:ca:5d:23:a5:12:5d:86:
                    b4:2a:ef:44:65:3e:60:b7:03:75:63:12:41:60:44:
                    1a:a2:55:22:9b:78:31:35:6a:c3:ee:ab:c4:62:1c:
                    b8:cb:9f:8d:ee:46:c5:e1:1c:de:46:b4:62:a3:4b:
                    4a:48:4a:60:bd:40:cf:b6:97:a8:77:ff:5d:53:1f:
                    c3:d8:b6:c5:47:3c:33:17:58:85:78:e1:a4:99:86:
                    f4:bf:5e:5d:02:e7:85:f5:ee:df:49:cf:5d:90:7e:
                    42:77:81:af:62:69:81:64:7a:ea:0f:09:db:46:2a:
                    34:ea:d5:0d:ce:aa:bf:f2:65:3c:64:75:ee:17:59:
                    48:01:d0:1e:18:7b:b9:d8:cf:41:cd:11:96:04:8f:
                    6f:36:2f:1f:ea:b4:bc:f8:30:c1:54:7d:75:6a:8c:
                    cf:75:c0:99:f6:35:8e:60:2c:fb:f3:10:a5:27:55:
                    ee:c2:ef:1d:d3:2f:68:0e:05:09:65:9a:f0:8d:0b:
                    96:93:7c:52:98:0c:23:ac:93:99:9b:be:23:3c:c6:
                    6d:41:04:e6:6e:c0:7b:f3:d7:d6:35:9b:d9:64:12:
                    76:4d:97:7d:ab:02:cc:66:38:8d:4e:19:43:a1:d3:
                    16:16:84:57:00:1d:b3:bf:ea:4b:73:9a:f6:e8:05:
                    50:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:B4:2A:3E:69:73:B3:4B:B4:D2:AA:64:16:33:C2:03:58:A0:E1:73
            X509v3 Authority Key Identifier:
                keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/GrQqPmlzs0u00qpkFjPCA1ig4XM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.117.0/24
                  91.233.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:30:ff:c1:10:90:67:1a:92:63:78:64:07:9c:bc:0a:17:77:
         81:f3:ad:6f:39:16:b6:1d:0b:36:ad:61:9b:e0:0c:a2:e1:56:
         df:b1:76:ba:8f:27:7d:13:23:96:a5:b3:34:56:f4:77:46:53:
         9e:90:bd:02:28:b2:a4:bf:b0:f2:de:9a:86:97:2e:4e:eb:5f:
         91:74:4d:c6:0d:50:b2:b7:23:c6:c3:8e:f7:7b:14:58:df:dc:
         b5:6f:36:f1:40:e9:cb:68:6a:86:df:1f:e1:0b:9a:f1:cb:dc:
         cf:0b:3e:a0:e9:7d:e9:c0:ec:a9:35:79:75:3d:85:87:eb:b2:
         e3:2f:a3:94:06:28:09:9c:1d:d4:cf:a6:ee:cd:79:72:ba:0b:
         ef:be:54:f7:27:f4:2b:c3:90:a6:0d:95:f7:81:72:69:b4:16:
         ca:b8:0b:ac:50:87:e4:91:f3:a3:5c:c8:f1:f1:54:1e:ea:e3:
         0a:c5:8b:45:60:4a:91:3e:08:4d:63:03:83:b0:15:28:8b:5f:
         19:ef:18:17:cf:ef:3e:9e:0b:83:98:98:1b:b1:14:99:51:86:
         6c:22:e1:2e:32:14:c4:97:a1:69:e1:b2:7c:6b:b1:26:17:2f:
         9c:81:9c:6f:1b:5e:16:6f:bc:ec:12:4c:e3:ad:7f:3d:54:93:
         1e:3a:d1:38
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZIy6k32Ru9IJJTN50DAC46PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjQwOTI3MDk1NzQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWI0MmEzZTY5NzNiMzRiYjRkMmFhNjQxNjMzYzIwMzU4YTBlMTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwCgXQgKNbspdI6USXYa0Ku9EZT5g
twN1YxJBYEQaolUim3gxNWrD7qvEYhy4y5+N7kbF4RzeRrRio0tKSEpgvUDPtpeo
d/9dUx/D2LbFRzwzF1iFeOGkmYb0v15dAueF9e7fSc9dkH5Cd4GvYmmBZHrqDwnb
Rio06tUNzqq/8mU8ZHXuF1lIAdAeGHu52M9BzRGWBI9vNi8f6rS8+DDBVH11aozP
dcCZ9jWOYCz78xClJ1Xuwu8d0y9oDgUJZZrwjQuWk3xSmAwjrJOZm74jPMZtQQTm
bsB789fWNZvZZBJ2TZd9qwLMZjiNThlDodMWFoRXAB2zv+pLc5r26AVQcwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBq0Kj5pc7NLtNKqZBYzwgNYoOFzMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvR3JRcVBtbHpzMHUwMHFwa0ZqUENBMWlnNFhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW991AwQA
W+nJMA0GCSqGSIb3DQEBCwUAA4IBAQA9MP/BEJBnGpJjeGQHnLwKF3eB861vORa2
HQs2rWGb4Ayi4VbfsXa6jyd9EyOWpbM0VvR3RlOekL0CKLKkv7Dy3pqGly5O61+R
dE3GDVCytyPGw473exRY39y1bzbxQOnLaGqG3x/hC5rxy9zPCz6g6X3pwOypNXl1
PYWH67LjL6OUBigJnB3Uz6buzXlyugvvvlT3J/Qrw5CmDZX3gXJptBbKuAusUIfk
kfOjXMjx8VQe6uMKxYtFYEqRPghNYwODsBUoi18Z7xgXz+8+nguDmJgbsRSZUYZs
IuEuMhTEl6Fp4bJ8a7EmFy+cgZxvG14Wb7zsEkzjrX89VJMeOtE4
-----END CERTIFICATE-----