Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/9ad77a-729d-4727-9aaa-f57bdcc73b16/1/W9LIimzmvADZP7RqK5-CS9hx7F8.roa
File:                     W9LIimzmvADZP7RqK5-CS9hx7F8.roa (raw, json)
Hash identifier:          0bKnzD+/f66zg904NSAl0qUDPLAd/0RlfEWM3sOW+wk=
Subject key identifier:   5B:D2:C8:8A:6C:E6:BC:00:D9:3F:B4:6A:2B:9F:82:4B:D8:71:EC:5F
Certificate issuer:       /CN=4889c6799f76b4522f0991f6b9334fd6db541d5b
Certificate serial:       019421B182C1DCA108125871095FED8F4489
Authority key identifier: 48:89:C6:79:9F:76:B4:52:2F:09:91:F6:B9:33:4F:D6:DB:54:1D:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SInGeZ92tFIvCZH2uTNP1ttUHVs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/9ad77a-729d-4727-9aaa-f57bdcc73b16/1/W9LIimzmvADZP7RqK5-CS9hx7F8.roa
Signing time:             Wed 01 Jan 2025 11:47:49 +0000
ROA not before:           Wed 01 Jan 2025 11:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57302
IP address blocks:        91.216.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/9ad77a-729d-4727-9aaa-f57bdcc73b16/1/SInGeZ92tFIvCZH2uTNP1ttUHVs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/9ad77a-729d-4727-9aaa-f57bdcc73b16/1/SInGeZ92tFIvCZH2uTNP1ttUHVs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SInGeZ92tFIvCZH2uTNP1ttUHVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 23:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:82:c1:dc:a1:08:12:58:71:09:5f:ed:8f:44:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4889c6799f76b4522f0991f6b9334fd6db541d5b
        Validity
            Not Before: Jan  1 11:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5bd2c88a6ce6bc00d93fb46a2b9f824bd871ec5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:6d:2d:6e:41:03:45:30:94:84:b0:a4:ff:e3:
                    18:2d:d6:34:99:b3:4b:eb:63:90:95:fa:7d:af:6a:
                    59:67:f4:a6:e6:09:ab:54:bd:19:6b:8e:8d:90:9a:
                    7c:ea:a8:fe:03:80:b9:66:03:d8:ea:b8:2f:8b:3d:
                    4c:b4:be:01:70:2a:ed:e3:ea:c1:09:f4:d1:8e:a2:
                    d4:b7:89:ca:98:7a:13:85:a1:6e:17:fc:9f:0f:60:
                    a6:ad:25:7d:14:05:43:78:ec:29:19:ee:14:e6:a8:
                    a0:2d:00:3e:d9:50:20:10:0f:b9:9b:57:9e:04:5b:
                    f3:62:c2:35:f9:01:b2:59:29:85:07:7a:92:e0:7d:
                    6f:e3:02:7a:d0:ce:b5:cd:fc:6c:8b:98:ad:a4:fd:
                    a9:8e:5f:e5:09:d7:70:1a:fc:ce:b5:0b:b0:03:a8:
                    ad:93:1b:f8:e0:e3:90:80:12:92:2b:a1:5f:af:d1:
                    93:bd:6d:73:47:8f:83:83:2d:48:c4:ef:55:40:ec:
                    f8:d2:48:7b:ad:72:fe:03:45:3f:fc:59:52:35:0d:
                    ab:ae:19:9b:c2:36:c0:ac:22:8f:d8:7a:09:3d:ee:
                    85:cc:11:ef:f1:5f:7d:da:41:6c:60:75:5c:de:08:
                    b4:42:61:f4:e6:46:fd:2a:ca:cd:3f:31:62:64:c0:
                    50:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:D2:C8:8A:6C:E6:BC:00:D9:3F:B4:6A:2B:9F:82:4B:D8:71:EC:5F
            X509v3 Authority Key Identifier:
                keyid:48:89:C6:79:9F:76:B4:52:2F:09:91:F6:B9:33:4F:D6:DB:54:1D:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SInGeZ92tFIvCZH2uTNP1ttUHVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/9ad77a-729d-4727-9aaa-f57bdcc73b16/1/W9LIimzmvADZP7RqK5-CS9hx7F8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/9ad77a-729d-4727-9aaa-f57bdcc73b16/1/SInGeZ92tFIvCZH2uTNP1ttUHVs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:2c:e3:65:b6:35:01:4f:b3:cf:e7:dc:46:c3:51:5b:f9:df:
         4e:e9:fc:49:b9:01:39:d3:76:cf:93:d4:49:cb:a8:02:96:3f:
         76:e0:6d:2f:a3:d0:78:aa:d1:56:f6:a8:42:ca:72:5f:9e:13:
         0c:fb:f8:86:dd:31:f1:9e:04:06:c9:66:2a:66:7f:82:c8:78:
         37:f4:25:4f:c3:01:dd:12:63:3c:bd:cc:19:5c:85:9e:7e:e5:
         6c:4f:dd:4b:86:4e:ac:d6:b4:ba:46:a8:02:15:09:fb:ca:fc:
         82:5f:1c:f0:c9:e8:df:1a:4b:1d:20:1a:f3:78:a4:bf:59:29:
         e1:24:a9:0f:02:2a:6a:9f:6e:35:b7:a3:84:51:40:6b:14:54:
         bc:0f:3a:a6:34:cd:7f:62:f1:ec:bc:15:a1:d2:e6:33:88:07:
         ab:dd:a8:52:0d:4f:82:b1:83:07:ae:d4:d6:62:68:74:09:ab:
         3c:7d:16:a2:25:75:87:90:e5:80:9c:04:34:fd:5e:d1:05:fe:
         07:78:98:94:22:38:f6:bd:b5:8d:1a:a6:93:b7:db:8e:7b:ed:
         28:32:35:b3:0b:c5:e2:e0:fb:b7:18:08:5d:b1:68:a2:dd:d6:
         87:ba:5c:61:5a:75:14:c9:d1:11:e5:e5:26:ed:83:45:96:0d:
         ce:47:3b:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsYLB3KEIElhxCV/tj0SJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4ODljNjc5OWY3NmI0NTIyZjA5OTFmNmI5MzM0ZmQ2ZGI1
NDFkNWIwHhcNMjUwMTAxMTE0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmQyYzg4YTZjZTZiYzAwZDkzZmI0NmEyYjlmODI0YmQ4NzFlYzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk20tbkEDRTCUhLCk/+MYLdY0mbNL
62OQlfp9r2pZZ/Sm5gmrVL0Za46NkJp86qj+A4C5ZgPY6rgviz1MtL4BcCrt4+rB
CfTRjqLUt4nKmHoThaFuF/yfD2CmrSV9FAVDeOwpGe4U5qigLQA+2VAgEA+5m1ee
BFvzYsI1+QGyWSmFB3qS4H1v4wJ60M61zfxsi5itpP2pjl/lCddwGvzOtQuwA6it
kxv44OOQgBKSK6Ffr9GTvW1zR4+Dgy1IxO9VQOz40kh7rXL+A0U//FlSNQ2rrhmb
wjbArCKP2HoJPe6FzBHv8V992kFsYHVc3gi0QmH05kb9KsrNPzFiZMBQmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFvSyIps5rwA2T+0aiufgkvYcexfMB8GA1UdIwQY
MBaAFEiJxnmfdrRSLwmR9rkzT9bbVB1bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0luR2VaOTJ0Rkl2Q1pIMnVUTlAxdHRVSFZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi85YWQ3N2EtNzI5ZC00NzI3LTlhYWEt
ZjU3YmRjYzczYjE2LzEvVzlMSWltem12QURaUDdScUs1LUNTOWh4N0Y4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi85YWQ3N2EtNzI5ZC00NzI3LTlhYWEtZjU3YmRjYzczYjE2
LzEvU0luR2VaOTJ0Rkl2Q1pIMnVUTlAxdHRVSFZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9h8MA0G
CSqGSIb3DQEBCwUAA4IBAQAULONltjUBT7PP59xGw1Fb+d9O6fxJuQE503bPk9RJ
y6gClj924G0vo9B4qtFW9qhCynJfnhMM+/iG3THxngQGyWYqZn+CyHg39CVPwwHd
EmM8vcwZXIWefuVsT91Lhk6s1rS6RqgCFQn7yvyCXxzwyejfGksdIBrzeKS/WSnh
JKkPAipqn241t6OEUUBrFFS8DzqmNM1/YvHsvBWh0uYziAer3ahSDU+CsYMHrtTW
Ymh0Cas8fRaiJXWHkOWAnAQ0/V7RBf4HeJiUIjj2vbWNGqaTt9uOe+0oMjWzC8Xi
4Pu3GAhdsWii3daHulxhWnUUydER5eUm7YNFlg3ORzuH
-----END CERTIFICATE-----