Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/1491bf-84ad-48a3-a619-577da12e3648/1/9flLcmlhEqT9lrkmfyvcqwcZaPE.roa
File:                     9flLcmlhEqT9lrkmfyvcqwcZaPE.roa (raw, json)
Hash identifier:          s8DMn0SNfjEZl7A0rydWGLHujZ1siiQiNSjrpdgAWxo=
Subject key identifier:   F5:F9:4B:72:69:61:12:A4:FD:96:B9:26:7F:2B:DC:AB:07:19:68:F1
Certificate issuer:       /CN=8277d8f39e3f8fb6638f7083ab9f16c047d0d364
Certificate serial:       019426D9C322327F6B8408B4C7C170C7E0E5
Authority key identifier: 82:77:D8:F3:9E:3F:8F:B6:63:8F:70:83:AB:9F:16:C0:47:D0:D3:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gnfY854_j7Zjj3CDq58WwEfQ02Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/1491bf-84ad-48a3-a619-577da12e3648/1/9flLcmlhEqT9lrkmfyvcqwcZaPE.roa
Signing time:             Thu 02 Jan 2025 11:49:52 +0000
ROA not before:           Thu 02 Jan 2025 11:49:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201879
IP address blocks:        91.199.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/1491bf-84ad-48a3-a619-577da12e3648/1/gnfY854_j7Zjj3CDq58WwEfQ02Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/1491bf-84ad-48a3-a619-577da12e3648/1/gnfY854_j7Zjj3CDq58WwEfQ02Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gnfY854_j7Zjj3CDq58WwEfQ02Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:c3:22:32:7f:6b:84:08:b4:c7:c1:70:c7:e0:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8277d8f39e3f8fb6638f7083ab9f16c047d0d364
        Validity
            Not Before: Jan  2 11:49:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f5f94b72696112a4fd96b9267f2bdcab071968f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:81:65:ac:37:c2:21:96:00:49:ca:d4:10:e7:
                    c3:89:af:0b:c9:cb:08:05:2c:c4:3c:36:f5:ab:6d:
                    94:44:b1:e8:b7:62:28:d4:01:ea:94:12:4c:3e:37:
                    d4:f6:36:bf:58:84:1a:cf:01:37:40:de:f4:e9:95:
                    bc:fa:19:e3:c9:a4:ee:87:85:67:b6:77:f5:4e:09:
                    84:4c:fd:3e:81:66:38:ec:bf:9f:e6:86:1f:b4:72:
                    03:54:a5:d5:e6:96:7c:fe:69:f2:73:50:17:a2:a8:
                    16:ba:83:6b:24:38:6c:4e:49:f0:37:9a:17:c2:a8:
                    0e:e9:16:b1:4f:95:a1:f8:c9:df:3b:b5:f2:e3:24:
                    ab:90:24:79:3c:16:64:02:29:0f:82:ee:97:30:80:
                    6b:8d:fa:14:69:30:51:a8:29:e6:1e:40:f0:00:9e:
                    fe:8a:e2:d7:c5:35:a4:a5:51:7f:a1:f9:01:91:a4:
                    48:08:83:9b:b1:a1:2e:dc:69:75:e0:73:a8:2b:d3:
                    3b:9e:fd:3a:17:f8:d7:fa:17:00:f7:0d:bd:16:15:
                    e3:c8:30:f9:60:53:03:61:9d:e4:4b:2a:a0:d4:f5:
                    2e:6e:4c:9f:10:8c:60:79:8c:f6:45:c2:2b:6a:60:
                    4f:74:ce:30:ab:66:9a:2a:8d:77:f4:94:72:59:ca:
                    a2:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:F9:4B:72:69:61:12:A4:FD:96:B9:26:7F:2B:DC:AB:07:19:68:F1
            X509v3 Authority Key Identifier:
                keyid:82:77:D8:F3:9E:3F:8F:B6:63:8F:70:83:AB:9F:16:C0:47:D0:D3:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gnfY854_j7Zjj3CDq58WwEfQ02Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/1491bf-84ad-48a3-a619-577da12e3648/1/9flLcmlhEqT9lrkmfyvcqwcZaPE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/1491bf-84ad-48a3-a619-577da12e3648/1/gnfY854_j7Zjj3CDq58WwEfQ02Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:53:9e:34:8e:8f:ea:44:4b:29:2c:27:bf:3b:29:9f:a6:4c:
         24:ca:29:f5:d5:33:2f:8e:0e:b1:c5:34:35:d4:65:89:69:59:
         5d:10:25:8f:16:0d:85:90:e5:3d:10:4f:c5:eb:ec:89:ec:29:
         b4:0e:c4:68:da:bd:88:a5:aa:72:09:b5:34:17:da:f6:c7:e4:
         43:1f:9e:df:dd:e4:2e:5c:f3:d2:54:af:5a:54:cd:52:f0:df:
         f1:4b:31:3d:b4:84:2b:42:5e:cf:4f:ec:36:de:d7:30:15:b1:
         c9:c0:22:93:61:a9:89:1d:e8:49:d7:35:de:50:e6:d7:fd:92:
         69:4e:66:79:99:60:5d:62:d2:c6:d1:00:92:e9:6a:67:30:65:
         e8:ca:01:f6:61:15:96:56:5f:8e:86:2a:0c:1f:da:26:02:71:
         d0:ce:13:4f:c1:e8:04:ab:3d:b7:20:a0:c1:97:6c:60:31:2c:
         35:95:e1:4c:58:b8:f2:50:0e:98:28:f2:96:e9:86:76:35:75:
         7c:c8:c8:7b:05:29:87:b4:2e:1f:39:88:8f:c5:78:81:5e:00:
         26:37:9e:97:2d:a9:33:2d:14:5a:ee:42:72:ba:39:7f:c4:58:
         72:51:28:d2:0a:d2:81:a3:4d:ed:07:23:c3:0a:07:02:e5:3b:
         95:59:da:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2cMiMn9rhAi0x8Fwx+DlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNzdkOGYzOWUzZjhmYjY2MzhmNzA4M2FiOWYxNmMwNDdk
MGQzNjQwHhcNMjUwMTAyMTE0OTUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWY5NGI3MjY5NjExMmE0ZmQ5NmI5MjY3ZjJiZGNhYjA3MTk2OGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo4FlrDfCIZYAScrUEOfDia8LycsI
BSzEPDb1q22URLHot2Io1AHqlBJMPjfU9ja/WIQazwE3QN706ZW8+hnjyaTuh4Vn
tnf1TgmETP0+gWY47L+f5oYftHIDVKXV5pZ8/mnyc1AXoqgWuoNrJDhsTknwN5oX
wqgO6RaxT5Wh+MnfO7Xy4ySrkCR5PBZkAikPgu6XMIBrjfoUaTBRqCnmHkDwAJ7+
iuLXxTWkpVF/ofkBkaRICIObsaEu3Gl14HOoK9M7nv06F/jX+hcA9w29FhXjyDD5
YFMDYZ3kSyqg1PUubkyfEIxgeYz2RcIramBPdM4wq2aaKo139JRyWcqioQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPX5S3JpYRKk/Za5Jn8r3KsHGWjxMB8GA1UdIwQY
MBaAFIJ32POeP4+2Y49wg6ufFsBH0NNkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ25mWTg1NF9qN1pqajNDRHE1OFd3RWZRMDJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8xNDkxYmYtODRhZC00OGEzLWE2MTkt
NTc3ZGExMmUzNjQ4LzEvOWZsTGNtbGhFcVQ5bHJrbWZ5dmNxd2NaYVBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8xNDkxYmYtODRhZC00OGEzLWE2MTktNTc3ZGExMmUzNjQ4
LzEvZ25mWTg1NF9qN1pqajNDRHE1OFd3RWZRMDJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8d0MA0G
CSqGSIb3DQEBCwUAA4IBAQBmU540jo/qREspLCe/Oymfpkwkyin11TMvjg6xxTQ1
1GWJaVldECWPFg2FkOU9EE/F6+yJ7Cm0DsRo2r2IpapyCbU0F9r2x+RDH57f3eQu
XPPSVK9aVM1S8N/xSzE9tIQrQl7PT+w23tcwFbHJwCKTYamJHehJ1zXeUObX/ZJp
TmZ5mWBdYtLG0QCS6WpnMGXoygH2YRWWVl+OhioMH9omAnHQzhNPwegEqz23IKDB
l2xgMSw1leFMWLjyUA6YKPKW6YZ2NXV8yMh7BSmHtC4fOYiPxXiBXgAmN56XLakz
LRRa7kJyujl/xFhyUSjSCtKBo03tByPDCgcC5TuVWdp5
-----END CERTIFICATE-----