Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/bcdcca-f06b-40cf-8e21-2145220994ce/1/PN0itIylp2digoBbgo-ys2K55SM.roa
File:                     PN0itIylp2digoBbgo-ys2K55SM.roa (raw, json)
Hash identifier:          30855XuE8sz1bJF+ug6KbPMv6uM+fD82yEr1JfN0nYs=
Subject key identifier:   3C:DD:22:B4:8C:A5:A7:67:62:82:80:5B:82:8F:B2:B3:62:B9:E5:23
Certificate issuer:       /CN=a3ca7b1c13a7d7b31231412b8fb6947a1747db9d
Certificate serial:       0192C50205B21351A6CB056B197652A5A74C
Authority key identifier: A3:CA:7B:1C:13:A7:D7:B3:12:31:41:2B:8F:B6:94:7A:17:47:DB:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o8p7HBOn17MSMUErj7aUehdH250.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/bcdcca-f06b-40cf-8e21-2145220994ce/1/PN0itIylp2digoBbgo-ys2K55SM.roa
Signing time:             Fri 25 Oct 2024 18:48:16 +0000
ROA not before:           Fri 25 Oct 2024 18:48:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48601
IP address blocks:        91.197.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/bcdcca-f06b-40cf-8e21-2145220994ce/1/o8p7HBOn17MSMUErj7aUehdH250.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/bcdcca-f06b-40cf-8e21-2145220994ce/1/o8p7HBOn17MSMUErj7aUehdH250.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o8p7HBOn17MSMUErj7aUehdH250.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:c5:02:05:b2:13:51:a6:cb:05:6b:19:76:52:a5:a7:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3ca7b1c13a7d7b31231412b8fb6947a1747db9d
        Validity
            Not Before: Oct 25 18:48:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3cdd22b48ca5a7676282805b828fb2b362b9e523
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:dc:1a:cc:8b:24:1b:d8:79:fb:dd:39:76:a1:
                    0a:b8:c1:bf:ce:cd:bc:65:1e:70:cb:e3:6b:61:5c:
                    58:27:69:8a:bf:33:51:ba:65:0c:83:36:6d:2d:db:
                    03:9f:0b:1f:9b:f8:5f:1f:1e:06:99:fc:95:b8:83:
                    a0:7c:e9:c3:04:aa:3c:45:e1:3a:37:89:a9:eb:03:
                    fa:92:05:bc:03:85:88:7a:e0:81:78:9d:bf:49:00:
                    21:81:5e:8d:27:18:00:c0:2e:fe:07:31:2b:78:f8:
                    d9:a6:d6:b2:e2:c9:60:42:2c:5c:fd:b4:3e:76:3b:
                    86:98:8c:a3:0c:a5:d1:2b:78:80:d9:26:40:6f:f8:
                    44:9d:0b:d1:de:49:01:b6:eb:c7:57:81:17:e6:65:
                    c4:6e:5d:04:57:40:78:9e:1a:0c:b4:08:4d:93:6e:
                    fc:9f:ca:65:f2:7a:5a:d0:7a:08:cf:c3:66:f4:09:
                    2b:f4:21:c8:d4:29:45:40:74:f6:2c:89:ab:6c:d5:
                    16:05:c3:e4:43:26:0e:cc:52:29:e7:b8:fb:37:eb:
                    38:bb:d9:50:f4:cb:2b:b1:59:bb:83:f9:fd:37:d3:
                    ef:b3:50:ea:ff:1e:a4:8c:c4:73:e4:a8:e1:4c:5d:
                    7c:f0:4c:99:44:10:09:a1:b2:61:b1:ef:ce:f1:03:
                    49:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:DD:22:B4:8C:A5:A7:67:62:82:80:5B:82:8F:B2:B3:62:B9:E5:23
            X509v3 Authority Key Identifier:
                keyid:A3:CA:7B:1C:13:A7:D7:B3:12:31:41:2B:8F:B6:94:7A:17:47:DB:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o8p7HBOn17MSMUErj7aUehdH250.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/bcdcca-f06b-40cf-8e21-2145220994ce/1/PN0itIylp2digoBbgo-ys2K55SM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/bcdcca-f06b-40cf-8e21-2145220994ce/1/o8p7HBOn17MSMUErj7aUehdH250.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:50:d6:7d:a0:1b:0e:84:49:75:45:3b:72:d3:d5:b3:d4:03:
         59:a4:b7:93:53:07:24:26:e8:c1:23:4c:b4:9c:43:74:3b:82:
         59:2a:98:0a:5e:f6:49:f2:f0:e6:e8:36:3a:41:c1:d1:c7:c8:
         1a:23:e8:43:8e:2c:ac:12:f5:78:b7:6e:8b:ff:c2:a4:31:bf:
         ae:3a:96:4d:88:71:5b:d3:4e:5b:ae:8b:e0:9d:a2:d2:61:e2:
         fe:57:25:46:5b:9c:6f:3b:4e:f8:2d:2f:4b:be:06:aa:52:45:
         be:6a:af:cf:a4:75:df:93:17:e2:82:8e:6e:ef:d0:7d:18:ed:
         b2:a9:78:b5:6d:7f:41:2d:bb:2c:19:94:1a:3a:9c:33:d1:80:
         6d:7c:eb:24:61:1f:d8:cd:23:da:6e:dd:f2:6a:50:ec:c1:41:
         75:02:88:69:75:9e:98:e7:4b:8b:b6:66:1c:fa:85:45:47:2b:
         79:a7:67:6c:6a:2c:a9:d8:8b:8d:0f:e2:1d:f9:e1:d2:73:c7:
         0f:c8:0a:7d:0c:e1:5f:df:d3:78:36:aa:a6:d5:bb:35:40:38:
         1f:a8:4e:23:60:8e:50:38:6a:47:75:a2:ff:84:cf:98:2a:a9:
         85:1d:5c:d9:0c:2a:ab:61:32:a2:fe:65:a4:29:31:6d:d9:04:
         d6:ec:2f:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLFAgWyE1GmywVrGXZSpadMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzY2E3YjFjMTNhN2Q3YjMxMjMxNDEyYjhmYjY5NDdhMTc0
N2RiOWQwHhcNMjQxMDI1MTg0ODE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2RkMjJiNDhjYTVhNzY3NjI4MjgwNWI4MjhmYjJiMzYyYjllNTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNwazIskG9h5+905dqEKuMG/zs28
ZR5wy+NrYVxYJ2mKvzNRumUMgzZtLdsDnwsfm/hfHx4GmfyVuIOgfOnDBKo8ReE6
N4mp6wP6kgW8A4WIeuCBeJ2/SQAhgV6NJxgAwC7+BzErePjZptay4slgQixc/bQ+
djuGmIyjDKXRK3iA2SZAb/hEnQvR3kkBtuvHV4EX5mXEbl0EV0B4nhoMtAhNk278
n8pl8npa0HoIz8Nm9Akr9CHI1ClFQHT2LImrbNUWBcPkQyYOzFIp57j7N+s4u9lQ
9MsrsVm7g/n9N9Pvs1Dq/x6kjMRz5KjhTF188EyZRBAJobJhse/O8QNJ4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDzdIrSMpadnYoKAW4KPsrNiueUjMB8GA1UdIwQY
MBaAFKPKexwTp9ezEjFBK4+2lHoXR9udMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzhwN0hCT24xN01TTVVFcmo3YVVlaGRIMjUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9iY2RjY2EtZjA2Yi00MGNmLThlMjEt
MjE0NTIyMDk5NGNlLzEvUE4waXRJeWxwMmRpZ29CYmdvLXlzMks1NVNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9iY2RjY2EtZjA2Yi00MGNmLThlMjEtMjE0NTIyMDk5NGNl
LzEvbzhwN0hCT24xN01TTVVFcmo3YVVlaGRIMjUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8XyMA0G
CSqGSIb3DQEBCwUAA4IBAQABUNZ9oBsOhEl1RTty09Wz1ANZpLeTUwckJujBI0y0
nEN0O4JZKpgKXvZJ8vDm6DY6QcHRx8gaI+hDjiysEvV4t26L/8KkMb+uOpZNiHFb
005brovgnaLSYeL+VyVGW5xvO074LS9LvgaqUkW+aq/PpHXfkxfigo5u79B9GO2y
qXi1bX9BLbssGZQaOpwz0YBtfOskYR/YzSPabt3yalDswUF1AohpdZ6Y50uLtmYc
+oVFRyt5p2dsaiyp2IuND+Id+eHSc8cPyAp9DOFf39N4Nqqm1bs1QDgfqE4jYI5Q
OGpHdaL/hM+YKqmFHVzZDCqrYTKi/mWkKTFt2QTW7C8o
-----END CERTIFICATE-----