Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/23db5c-1a10-44c6-9d77-bb5caac2e903/1/D2nw1_2qf995zLvCdwxUYSxQSLo.roa
File:                     D2nw1_2qf995zLvCdwxUYSxQSLo.roa (raw, json)
Hash identifier:          Kx6Dq+5Cr1BNfviHBO9hc/Vb6TdBGSEobT/137JMJ1E=
Subject key identifier:   0F:69:F0:D7:FD:AA:7F:DF:79:CC:BB:C2:77:0C:54:61:2C:50:48:BA
Certificate issuer:       /CN=8dc69c6bbe89e7c0479b617744a4424f66674944
Certificate serial:       019107CE3A6AE873F1190ECDC45706805DEE
Authority key identifier: 8D:C6:9C:6B:BE:89:E7:C0:47:9B:61:77:44:A4:42:4F:66:67:49:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jcaca76J58BHm2F3RKRCT2ZnSUQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/23db5c-1a10-44c6-9d77-bb5caac2e903/1/D2nw1_2qf995zLvCdwxUYSxQSLo.roa
Signing time:             Wed 31 Jul 2024 08:00:41 +0000
ROA not before:           Wed 31 Jul 2024 08:00:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43824
IP address blocks:        91.92.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/23db5c-1a10-44c6-9d77-bb5caac2e903/1/jcaca76J58BHm2F3RKRCT2ZnSUQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/23db5c-1a10-44c6-9d77-bb5caac2e903/1/jcaca76J58BHm2F3RKRCT2ZnSUQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jcaca76J58BHm2F3RKRCT2ZnSUQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:07:ce:3a:6a:e8:73:f1:19:0e:cd:c4:57:06:80:5d:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8dc69c6bbe89e7c0479b617744a4424f66674944
        Validity
            Not Before: Jul 31 08:00:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f69f0d7fdaa7fdf79ccbbc2770c54612c5048ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:e0:78:cd:c3:71:b8:e3:2e:d4:04:92:b5:db:
                    32:5e:70:5f:d4:95:31:fe:f3:cf:fb:c9:2b:6b:57:
                    b4:b3:6a:36:0e:d2:de:72:34:0a:96:86:ee:04:28:
                    d9:7f:7c:ae:1e:7c:f8:52:c7:bb:93:87:ff:09:4b:
                    2a:fd:7d:e7:2b:52:93:04:4e:07:6f:8a:b0:b8:67:
                    cf:51:ef:8d:74:81:fa:65:a6:25:d4:de:57:70:ec:
                    26:72:8a:3e:fd:98:ac:95:8d:7b:7a:0b:16:0f:cb:
                    dc:31:a6:91:bf:5d:18:4c:67:b0:5d:c2:22:3e:c7:
                    9e:78:73:4f:ea:c0:24:8b:b0:8c:dc:8b:29:20:84:
                    e6:08:1b:b7:2a:44:64:8b:3f:e8:27:8c:b3:73:c3:
                    36:ed:06:89:d5:e6:47:12:61:0f:cf:04:99:d4:b4:
                    b9:fa:12:3e:09:53:d7:22:12:9e:67:00:e0:08:26:
                    7d:69:8e:f0:e3:34:09:a6:75:7c:e9:83:28:5e:b2:
                    6c:e6:6a:62:6c:bf:48:1f:69:d5:64:9d:be:60:21:
                    c3:d8:d7:35:b7:75:cc:c3:2a:2e:a5:9d:6a:86:58:
                    21:6f:26:76:78:57:c0:63:88:6c:1b:35:66:16:ab:
                    51:03:a8:a8:41:cd:ed:bd:67:37:45:82:54:ca:23:
                    64:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:69:F0:D7:FD:AA:7F:DF:79:CC:BB:C2:77:0C:54:61:2C:50:48:BA
            X509v3 Authority Key Identifier:
                keyid:8D:C6:9C:6B:BE:89:E7:C0:47:9B:61:77:44:A4:42:4F:66:67:49:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jcaca76J58BHm2F3RKRCT2ZnSUQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/23db5c-1a10-44c6-9d77-bb5caac2e903/1/D2nw1_2qf995zLvCdwxUYSxQSLo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/23db5c-1a10-44c6-9d77-bb5caac2e903/1/jcaca76J58BHm2F3RKRCT2ZnSUQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.92.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:2f:db:d8:d6:e6:7f:a4:3b:70:f4:5d:1a:65:13:3e:e1:a0:
         23:99:2b:e2:b3:dd:62:44:a4:d2:28:c0:b6:f2:95:90:17:79:
         04:d4:28:c8:79:01:8a:8a:be:76:06:68:da:ab:55:6c:45:6b:
         9a:4e:fa:29:29:37:8d:8b:34:f0:fc:56:d2:65:c1:a7:e4:ec:
         6f:b6:5e:f3:ff:88:5f:c8:02:a1:14:39:dc:03:0e:47:6c:5a:
         7e:33:d7:ab:b1:70:e2:b0:c3:36:e6:df:a6:62:64:e6:8a:aa:
         15:a8:ab:58:f6:82:a0:c3:14:23:32:0d:98:f2:c8:4b:23:ae:
         a9:f2:6a:0f:c5:e6:c8:6c:5b:bd:c7:4d:23:f0:c2:c2:7c:b2:
         25:54:da:39:2b:49:8c:a9:a0:78:49:dd:04:9c:86:7a:33:9b:
         0a:78:75:e1:a7:f5:96:90:35:4d:c4:7c:76:7e:43:a2:5c:29:
         90:23:50:94:4c:d3:53:1d:ce:70:58:53:88:78:68:0c:f1:b7:
         f7:61:90:39:a4:6e:16:c0:61:5e:c3:f4:e5:1b:4a:14:99:24:
         56:90:e7:18:8d:8d:59:a2:00:03:b6:29:34:88:cd:5d:76:24:
         8a:a1:00:ff:b0:6a:27:96:61:7b:ed:15:3b:b3:22:6b:50:7c:
         fe:11:87:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEHzjpq6HPxGQ7NxFcGgF3uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYzY5YzZiYmU4OWU3YzA0NzliNjE3NzQ0YTQ0MjRmNjY2
NzQ5NDQwHhcNMjQwNzMxMDgwMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjY5ZjBkN2ZkYWE3ZmRmNzljY2JiYzI3NzBjNTQ2MTJjNTA0OGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+B4zcNxuOMu1ASStdsyXnBf1JUx
/vPP+8kra1e0s2o2DtLecjQKlobuBCjZf3yuHnz4Use7k4f/CUsq/X3nK1KTBE4H
b4qwuGfPUe+NdIH6ZaYl1N5XcOwmcoo+/ZislY17egsWD8vcMaaRv10YTGewXcIi
PseeeHNP6sAki7CM3IspIITmCBu3KkRkiz/oJ4yzc8M27QaJ1eZHEmEPzwSZ1LS5
+hI+CVPXIhKeZwDgCCZ9aY7w4zQJpnV86YMoXrJs5mpibL9IH2nVZJ2+YCHD2Nc1
t3XMwyoupZ1qhlghbyZ2eFfAY4hsGzVmFqtRA6ioQc3tvWc3RYJUyiNkewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA9p8Nf9qn/fecy7wncMVGEsUEi6MB8GA1UdIwQY
MBaAFI3GnGu+iefAR5thd0SkQk9mZ0lEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamNhY2E3Nko1OEJIbTJGM1JLUkNUMlpuU1VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8yM2RiNWMtMWExMC00NGM2LTlkNzct
YmI1Y2FhYzJlOTAzLzEvRDJudzFfMnFmOTk1ekx2Q2R3eFVZU3hRU0xvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8yM2RiNWMtMWExMC00NGM2LTlkNzctYmI1Y2FhYzJlOTAz
LzEvamNhY2E3Nko1OEJIbTJGM1JLUkNUMlpuU1VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW1xzMA0G
CSqGSIb3DQEBCwUAA4IBAQBLL9vY1uZ/pDtw9F0aZRM+4aAjmSvis91iRKTSKMC2
8pWQF3kE1CjIeQGKir52Bmjaq1VsRWuaTvopKTeNizTw/FbSZcGn5Oxvtl7z/4hf
yAKhFDncAw5HbFp+M9ersXDisMM25t+mYmTmiqoVqKtY9oKgwxQjMg2Y8shLI66p
8moPxebIbFu9x00j8MLCfLIlVNo5K0mMqaB4Sd0EnIZ6M5sKeHXhp/WWkDVNxHx2
fkOiXCmQI1CUTNNTHc5wWFOIeGgM8bf3YZA5pG4WwGFew/TlG0oUmSRWkOcYjY1Z
ogADtik0iM1ddiSKoQD/sGonlmF77RU7syJrUHz+EYcg
-----END CERTIFICATE-----