Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/6fe110-2b31-4fed-a56b-5ad5d29d72dd/1/j-sy2l9EHktQdLQ1UzSC6KVZHLE.roa
File:                     j-sy2l9EHktQdLQ1UzSC6KVZHLE.roa (raw, json)
Hash identifier:          gb6ClP/TiYPCyus1lIoMNdCvP2VdAosplGBjLyov9w0=
Subject key identifier:   8F:EB:32:DA:5F:44:1E:4B:50:74:B4:35:53:34:82:E8:A5:59:1C:B1
Certificate issuer:       /CN=9cf45e00ae164e67aa1354857237d09adf27c952
Certificate serial:       018FCA0C8098EE85E436D8B866C829572C8F
Authority key identifier: 9C:F4:5E:00:AE:16:4E:67:AA:13:54:85:72:37:D0:9A:DF:27:C9:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nPReAK4WTmeqE1SFcjfQmt8nyVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/6fe110-2b31-4fed-a56b-5ad5d29d72dd/1/j-sy2l9EHktQdLQ1UzSC6KVZHLE.roa
Signing time:             Thu 30 May 2024 15:09:27 +0000
ROA not before:           Thu 30 May 2024 15:09:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48069
IP address blocks:        91.208.209.0/24 maxlen: 24
                          2001:67c:19a8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/6fe110-2b31-4fed-a56b-5ad5d29d72dd/1/nPReAK4WTmeqE1SFcjfQmt8nyVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/6fe110-2b31-4fed-a56b-5ad5d29d72dd/1/nPReAK4WTmeqE1SFcjfQmt8nyVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nPReAK4WTmeqE1SFcjfQmt8nyVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ca:0c:80:98:ee:85:e4:36:d8:b8:66:c8:29:57:2c:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cf45e00ae164e67aa1354857237d09adf27c952
        Validity
            Not Before: May 30 15:09:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8feb32da5f441e4b5074b435533482e8a5591cb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:36:52:3d:d0:a0:6b:55:59:13:3f:ff:3d:94:
                    83:3e:5e:85:cc:cb:73:96:fd:ef:22:67:80:7e:f0:
                    0f:26:d7:9a:ca:d2:dc:46:12:9b:71:01:ab:43:ef:
                    8a:43:7b:67:89:0a:1b:7e:2d:2c:0c:ab:6d:2a:12:
                    7b:1b:97:dd:d3:8a:69:7d:80:77:3d:1b:e4:c1:c0:
                    c2:48:81:a3:51:bb:c5:bc:02:78:cb:fb:56:20:71:
                    66:a3:4e:40:67:11:a6:1b:e7:7b:22:98:ae:a3:b6:
                    a4:8c:66:ce:93:19:42:eb:4f:bf:fd:24:3f:8a:b8:
                    00:1e:a0:82:42:93:f9:90:f9:5a:c0:a9:95:ff:0a:
                    00:8e:8e:80:a8:61:41:50:01:e3:90:aa:45:e4:02:
                    76:db:bf:1a:6a:00:67:e9:9f:87:0b:9b:d4:e4:86:
                    c6:cf:7a:fd:f0:40:a0:9c:c4:7d:75:d7:84:6c:6e:
                    b2:44:f0:60:04:ca:71:3b:3c:17:8d:4c:dc:51:aa:
                    d4:3c:6d:1c:5f:80:99:a9:91:08:fb:86:bf:14:9d:
                    ec:1e:b2:0a:ea:46:0b:96:c0:ce:ae:d6:0a:b1:67:
                    c2:92:1a:96:c4:b4:b9:11:a8:34:bd:63:69:4f:52:
                    be:9f:d6:98:e3:2d:9a:68:3b:65:d6:b0:6d:cc:63:
                    9b:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:EB:32:DA:5F:44:1E:4B:50:74:B4:35:53:34:82:E8:A5:59:1C:B1
            X509v3 Authority Key Identifier:
                keyid:9C:F4:5E:00:AE:16:4E:67:AA:13:54:85:72:37:D0:9A:DF:27:C9:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nPReAK4WTmeqE1SFcjfQmt8nyVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/6fe110-2b31-4fed-a56b-5ad5d29d72dd/1/j-sy2l9EHktQdLQ1UzSC6KVZHLE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/6fe110-2b31-4fed-a56b-5ad5d29d72dd/1/nPReAK4WTmeqE1SFcjfQmt8nyVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.209.0/24
                IPv6:
                  2001:67c:19a8::/48

    Signature Algorithm: sha256WithRSAEncryption
         b2:fd:17:fa:ff:8e:6a:75:87:db:7f:a9:c3:cd:1e:dc:02:c5:
         82:07:d0:ba:7b:38:d0:a6:99:76:eb:bc:fc:57:1a:70:9c:6e:
         65:3b:5b:63:5d:1d:19:ea:aa:39:11:64:4b:a6:8b:44:67:6a:
         14:3b:65:f8:d6:33:f2:23:b9:88:4a:1e:ea:c7:83:a4:8b:63:
         57:53:ba:19:d1:ee:8d:31:d0:21:9d:2f:42:c3:63:9f:8d:39:
         5c:a0:4a:53:7d:60:bc:76:cf:b6:14:10:96:65:77:3c:6b:fd:
         38:d5:4d:31:e3:a2:8f:4b:22:f3:e1:a5:5c:c1:0e:8e:62:a8:
         92:fd:e2:97:55:0a:95:5d:e6:e5:2f:54:ba:ef:cb:db:4c:f3:
         c2:c5:7b:8b:d7:fd:d5:4d:33:e7:d6:69:f3:62:ba:a6:ea:8c:
         60:91:00:ee:58:0e:ce:60:41:ef:86:96:c3:2e:21:2b:ca:7e:
         a3:14:f2:a7:91:01:16:98:0b:de:2d:41:5e:c6:40:36:28:f6:
         65:a1:da:dd:d3:4a:52:a2:63:68:21:65:86:34:27:61:50:34:
         28:ad:e1:30:77:3e:a7:b5:5b:7d:44:45:e1:28:6e:8e:51:a9:
         fa:3f:ff:75:7b:c9:42:61:88:dc:f9:01:0c:d5:08:9f:35:50:
         0f:56:16:e3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY/KDICY7oXkNti4ZsgpVyyPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljZjQ1ZTAwYWUxNjRlNjdhYTEzNTQ4NTcyMzdkMDlhZGYy
N2M5NTIwHhcNMjQwNTMwMTUwOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmViMzJkYTVmNDQxZTRiNTA3NGI0MzU1MzM0ODJlOGE1NTkxY2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmTZSPdCga1VZEz//PZSDPl6FzMtz
lv3vImeAfvAPJteaytLcRhKbcQGrQ++KQ3tniQobfi0sDKttKhJ7G5fd04ppfYB3
PRvkwcDCSIGjUbvFvAJ4y/tWIHFmo05AZxGmG+d7Ipiuo7akjGbOkxlC60+//SQ/
irgAHqCCQpP5kPlawKmV/woAjo6AqGFBUAHjkKpF5AJ2278aagBn6Z+HC5vU5IbG
z3r98ECgnMR9ddeEbG6yRPBgBMpxOzwXjUzcUarUPG0cX4CZqZEI+4a/FJ3sHrIK
6kYLlsDOrtYKsWfCkhqWxLS5Eag0vWNpT1K+n9aY4y2aaDtl1rBtzGObaQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFI/rMtpfRB5LUHS0NVM0guilWRyxMB8GA1UdIwQY
MBaAFJz0XgCuFk5nqhNUhXI30JrfJ8lSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblBSZUFLNFdUbWVxRTFTRmNqZlFtdDhueVZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC82ZmUxMTAtMmIzMS00ZmVkLWE1NmIt
NWFkNWQyOWQ3MmRkLzEvai1zeTJsOUVIa3RRZExRMVV6U0M2S1ZaSExFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC82ZmUxMTAtMmIzMS00ZmVkLWE1NmItNWFkNWQyOWQ3MmRk
LzEvblBSZUFLNFdUbWVxRTFTRmNqZlFtdDhueVZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW9DRMA8E
AgACMAkDBwAgAQZ8GagwDQYJKoZIhvcNAQELBQADggEBALL9F/r/jmp1h9t/qcPN
HtwCxYIH0Lp7ONCmmXbrvPxXGnCcbmU7W2NdHRnqqjkRZEumi0RnahQ7ZfjWM/Ij
uYhKHurHg6SLY1dTuhnR7o0x0CGdL0LDY5+NOVygSlN9YLx2z7YUEJZldzxr/TjV
TTHjoo9LIvPhpVzBDo5iqJL94pdVCpVd5uUvVLrvy9tM88LFe4vX/dVNM+fWafNi
uqbqjGCRAO5YDs5gQe+GlsMuISvKfqMU8qeRARaYC94tQV7GQDYo9mWh2t3TSlKi
Y2ghZYY0J2FQNCit4TB3Pqe1W31EReEobo5Rqfo//3V7yUJhiNz5AQzVCJ81UA9W
FuM=
-----END CERTIFICATE-----