Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/f0b285-d038-4de6-9374-c472e62ebea8/1/gjoyy0FPdmf2zrdNnLaoUXfqkA8.roa
File:                     gjoyy0FPdmf2zrdNnLaoUXfqkA8.roa (raw, json)
Hash identifier:          RTgHJsDHudCpwL05o4vGq9BVppolqh2KaIXjwJZDWfA=
Subject key identifier:   82:3A:32:CB:41:4F:76:67:F6:CE:B7:4D:9C:B6:A8:51:77:EA:90:0F
Certificate issuer:       /CN=4dd6e779a6c0f0b09216622380467dce2d11a318
Certificate serial:       0194258F24E5CADFB456FB1B6C89AF11C491
Authority key identifier: 4D:D6:E7:79:A6:C0:F0:B0:92:16:62:23:80:46:7D:CE:2D:11:A3:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdbneabA8LCSFmIjgEZ9zi0Roxg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/f0b285-d038-4de6-9374-c472e62ebea8/1/gjoyy0FPdmf2zrdNnLaoUXfqkA8.roa
Signing time:             Thu 02 Jan 2025 05:48:45 +0000
ROA not before:           Thu 02 Jan 2025 05:48:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8758
IP address blocks:        91.229.102.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/f0b285-d038-4de6-9374-c472e62ebea8/1/TdbneabA8LCSFmIjgEZ9zi0Roxg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/f0b285-d038-4de6-9374-c472e62ebea8/1/TdbneabA8LCSFmIjgEZ9zi0Roxg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TdbneabA8LCSFmIjgEZ9zi0Roxg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 05:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:24:e5:ca:df:b4:56:fb:1b:6c:89:af:11:c4:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd6e779a6c0f0b09216622380467dce2d11a318
        Validity
            Not Before: Jan  2 05:48:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=823a32cb414f7667f6ceb74d9cb6a85177ea900f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:c4:ef:eb:53:9a:15:b7:6a:a9:92:e6:2a:49:
                    09:a5:d1:ee:ab:25:1b:78:f5:20:8a:8d:3f:f5:e9:
                    e7:6f:05:90:66:95:7a:f8:fc:18:73:7e:0f:d9:49:
                    af:df:0a:ca:32:50:9b:21:a7:f0:9b:c4:af:c2:57:
                    8d:9c:50:2b:18:7c:c7:87:31:1e:35:71:fe:92:93:
                    6a:06:50:51:7f:1e:9d:fc:ed:01:97:27:3a:6e:30:
                    ce:b6:0d:4f:d6:8f:12:63:f3:b7:25:8c:bf:fd:6f:
                    c7:11:82:9e:b5:0a:2d:e1:d8:1e:ca:12:2e:ce:00:
                    0f:f7:8b:78:99:f8:0a:dd:4f:1f:50:91:48:7f:a2:
                    c7:c5:dd:10:a4:db:e3:a9:f6:94:e7:d6:cb:fb:82:
                    32:46:a4:d8:78:b7:58:a9:83:38:82:27:44:4d:8c:
                    96:ea:69:9a:bf:6f:ee:72:a8:d6:f1:7a:d7:80:14:
                    1b:c9:ae:ad:21:0f:f3:fc:c0:dd:b7:e5:2b:ad:46:
                    51:bb:88:e1:56:ab:91:d2:93:25:a8:35:ea:3a:8e:
                    f9:46:84:77:b5:c2:62:3d:41:17:c3:af:dd:07:0c:
                    8c:c6:c0:69:b9:4e:45:c9:72:9f:f0:08:d9:2d:7e:
                    be:20:b4:85:57:08:51:fd:68:5b:0b:db:1a:58:5a:
                    86:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:3A:32:CB:41:4F:76:67:F6:CE:B7:4D:9C:B6:A8:51:77:EA:90:0F
            X509v3 Authority Key Identifier:
                keyid:4D:D6:E7:79:A6:C0:F0:B0:92:16:62:23:80:46:7D:CE:2D:11:A3:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdbneabA8LCSFmIjgEZ9zi0Roxg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f0b285-d038-4de6-9374-c472e62ebea8/1/gjoyy0FPdmf2zrdNnLaoUXfqkA8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f0b285-d038-4de6-9374-c472e62ebea8/1/TdbneabA8LCSFmIjgEZ9zi0Roxg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.102.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7f:bd:34:4b:5b:be:b0:88:cd:08:d9:3f:7f:9d:bb:c0:6e:cc:
         f3:2b:a8:2e:a8:6e:63:c4:e9:ad:46:f5:d6:d2:51:de:74:50:
         89:1b:c3:80:a9:53:ed:90:ed:83:91:2d:31:a8:2f:4c:c5:91:
         2e:a6:4e:2f:ad:bb:03:cd:e7:ae:f4:33:fa:bf:5d:ce:fb:5b:
         95:51:07:26:e7:b4:6a:26:3c:9f:a8:99:e0:57:a8:50:d2:13:
         28:be:9d:da:bd:37:76:36:2b:24:e0:89:60:66:fb:0d:48:ad:
         9d:31:09:93:60:b8:87:96:4b:b7:c1:ed:e2:56:3d:7c:8a:97:
         ee:42:67:be:7d:92:47:2d:ec:ac:d1:38:07:19:8c:64:8f:c3:
         8e:01:6b:e7:42:68:9e:38:f3:90:85:22:85:71:66:a1:7e:d3:
         d4:b8:9a:bb:21:bc:7b:42:95:63:96:c9:d3:ad:3e:6a:d2:66:
         d7:47:9c:9d:d3:7c:fa:34:18:13:c2:67:6d:96:23:f5:25:e2:
         1a:31:76:82:e3:3d:8e:e9:a5:01:ac:12:a8:66:77:8a:e4:f2:
         71:b5:ad:b6:51:3e:4b:7b:e2:1e:ae:43:35:f3:e6:f9:45:db:
         ff:92:03:f2:e8:70:ab:13:93:45:39:0d:15:17:87:f8:ee:2d:
         2c:53:da:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljyTlyt+0VvsbbImvEcSRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDZlNzc5YTZjMGYwYjA5MjE2NjIyMzgwNDY3ZGNlMmQx
MWEzMTgwHhcNMjUwMTAyMDU0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjNhMzJjYjQxNGY3NjY3ZjZjZWI3NGQ5Y2I2YTg1MTc3ZWE5MDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwcTv61OaFbdqqZLmKkkJpdHuqyUb
ePUgio0/9ennbwWQZpV6+PwYc34P2Umv3wrKMlCbIafwm8SvwleNnFArGHzHhzEe
NXH+kpNqBlBRfx6d/O0Blyc6bjDOtg1P1o8SY/O3JYy//W/HEYKetQot4dgeyhIu
zgAP94t4mfgK3U8fUJFIf6LHxd0QpNvjqfaU59bL+4IyRqTYeLdYqYM4gidETYyW
6mmav2/ucqjW8XrXgBQbya6tIQ/z/MDdt+UrrUZRu4jhVquR0pMlqDXqOo75RoR3
tcJiPUEXw6/dBwyMxsBpuU5FyXKf8AjZLX6+ILSFVwhR/WhbC9saWFqGDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFII6MstBT3Zn9s63TZy2qFF36pAPMB8GA1UdIwQY
MBaAFE3W53mmwPCwkhZiI4BGfc4tEaMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRibmVhYkE4TENTRm1JamdFWjl6aTBSb3hnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9mMGIyODUtZDAzOC00ZGU2LTkzNzQt
YzQ3MmU2MmViZWE4LzEvZ2pveXkwRlBkbWYyenJkTm5MYW9VWGZxa0E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9mMGIyODUtZDAzOC00ZGU2LTkzNzQtYzQ3MmU2MmViZWE4
LzEvVGRibmVhYkE4TENTRm1JamdFWjl6aTBSb3hnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+VmMA0G
CSqGSIb3DQEBCwUAA4IBAQB/vTRLW76wiM0I2T9/nbvAbszzK6guqG5jxOmtRvXW
0lHedFCJG8OAqVPtkO2DkS0xqC9MxZEupk4vrbsDzeeu9DP6v13O+1uVUQcm57Rq
JjyfqJngV6hQ0hMovp3avTd2Nisk4IlgZvsNSK2dMQmTYLiHlku3we3iVj18ipfu
Qme+fZJHLeys0TgHGYxkj8OOAWvnQmieOPOQhSKFcWahftPUuJq7Ibx7QpVjlsnT
rT5q0mbXR5yd03z6NBgTwmdtliP1JeIaMXaC4z2O6aUBrBKoZneK5PJxta22UT5L
e+IerkM18+b5Rdv/kgPy6HCrE5NFOQ0VF4f47i0sU9ok
-----END CERTIFICATE-----