Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/jk4X6JPtWVp1aG8p5Kwqrbr8Elk.roa
File:                     jk4X6JPtWVp1aG8p5Kwqrbr8Elk.roa (raw, json)
Hash identifier:          8s1rXWJTo+yGs8UOpSbHhnJf4g/d+GUFzfg+z/bQrx0=
Subject key identifier:   8E:4E:17:E8:93:ED:59:5A:75:68:6F:29:E4:AC:2A:AD:BA:FC:12:59
Certificate issuer:       /CN=6d088cef28e02af7d00f297816c55f8e3c43d535
Certificate serial:       01923ED12CC20C6B727C723944E034597E94
Authority key identifier: 6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/jk4X6JPtWVp1aG8p5Kwqrbr8Elk.roa
Signing time:             Sun 29 Sep 2024 17:25:48 +0000
ROA not before:           Sun 29 Sep 2024 17:25:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49418
IP address blocks:        91.209.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:3e:d1:2c:c2:0c:6b:72:7c:72:39:44:e0:34:59:7e:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d088cef28e02af7d00f297816c55f8e3c43d535
        Validity
            Not Before: Sep 29 17:25:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e4e17e893ed595a75686f29e4ac2aadbafc1259
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:e1:51:1c:b1:dd:81:67:63:83:1c:fb:6b:2f:
                    23:b9:c8:15:06:1e:04:0b:75:3e:a7:e2:86:ec:88:
                    84:33:50:e9:65:f7:3b:8f:8a:1f:dc:43:b9:49:5a:
                    58:ec:34:b0:6a:52:6e:52:c0:fc:9f:d2:7f:01:2d:
                    5e:79:48:b7:2f:d8:25:77:97:49:f8:f9:88:4d:68:
                    35:7e:91:51:b8:3a:db:ca:f9:2c:bc:42:78:89:6c:
                    4f:fb:be:e1:1f:51:0f:5d:61:11:50:17:f9:aa:e7:
                    19:e7:35:46:b8:b7:1c:6e:10:75:e6:40:4b:28:0d:
                    19:9a:f1:0b:8a:01:78:02:13:da:7a:57:8e:66:ad:
                    24:94:96:6e:71:56:2c:d6:8f:00:fa:8e:7c:1d:9a:
                    3c:08:55:b3:ab:7f:9b:fb:4c:6a:6d:92:fc:c1:2a:
                    80:cf:86:96:85:77:50:38:53:c4:4c:5e:6e:10:c9:
                    94:fc:eb:db:e8:f4:53:c1:e3:cc:a0:84:b6:65:06:
                    8e:3f:20:0b:21:43:87:a5:f7:02:82:8a:94:07:45:
                    c5:1c:d3:b6:de:42:f1:7e:49:f1:5a:c5:15:d4:1e:
                    c7:9c:06:6c:13:dc:82:1e:e1:f5:59:e1:d3:db:ef:
                    f0:1c:c0:ba:e4:32:ed:ea:15:3a:93:99:37:c4:42:
                    09:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:4E:17:E8:93:ED:59:5A:75:68:6F:29:E4:AC:2A:AD:BA:FC:12:59
            X509v3 Authority Key Identifier:
                keyid:6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/jk4X6JPtWVp1aG8p5Kwqrbr8Elk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:3c:95:5c:9c:28:16:4d:6e:f0:2c:d6:da:66:fe:19:ab:21:
         83:7d:82:11:4b:43:e4:d4:40:40:48:f3:57:db:eb:e3:1e:f8:
         eb:00:08:d4:06:34:22:c2:33:47:b7:1e:1a:13:d1:f4:27:61:
         55:43:5b:b1:fb:23:f1:f5:b7:38:51:fb:17:c0:7c:ed:ce:21:
         97:b6:3f:c2:40:34:ab:6c:63:ff:4a:e4:9e:58:1b:58:cb:63:
         66:30:02:cb:53:5e:fc:b0:c6:f4:21:30:24:06:61:4b:c2:43:
         b5:3b:ed:d9:cf:a9:94:32:e0:39:fe:61:92:ae:27:e8:a5:1c:
         fd:93:29:bc:c5:97:56:80:de:1c:20:4a:96:bc:ed:11:61:45:
         74:60:7a:77:2c:bf:1f:60:b1:16:27:2c:0b:1c:e2:4d:b5:f5:
         70:58:09:d0:0c:e7:18:d8:c1:4d:8b:fa:90:82:c8:a8:d0:63:
         92:ae:75:78:18:c7:ce:c1:6e:45:11:e7:5e:34:0e:22:aa:f9:
         af:11:a6:41:b7:3e:a1:5a:cf:49:3b:74:bb:e3:aa:b6:32:f2:
         aa:e7:a0:68:26:ee:0f:92:97:3b:33:7f:55:66:1d:32:ed:2d:
         ec:fb:d5:3e:06:ea:c7:2c:22:47:a4:9c:27:3f:b7:75:bd:9b:
         61:59:13:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZI+0SzCDGtyfHI5ROA0WX6UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMDg4Y2VmMjhlMDJhZjdkMDBmMjk3ODE2YzU1ZjhlM2M0
M2Q1MzUwHhcNMjQwOTI5MTcyNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTRlMTdlODkzZWQ1OTVhNzU2ODZmMjllNGFjMmFhZGJhZmMxMjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuuFRHLHdgWdjgxz7ay8jucgVBh4E
C3U+p+KG7IiEM1DpZfc7j4of3EO5SVpY7DSwalJuUsD8n9J/AS1eeUi3L9gld5dJ
+PmITWg1fpFRuDrbyvksvEJ4iWxP+77hH1EPXWERUBf5qucZ5zVGuLccbhB15kBL
KA0ZmvELigF4AhPaeleOZq0klJZucVYs1o8A+o58HZo8CFWzq3+b+0xqbZL8wSqA
z4aWhXdQOFPETF5uEMmU/Ovb6PRTwePMoIS2ZQaOPyALIUOHpfcCgoqUB0XFHNO2
3kLxfknxWsUV1B7HnAZsE9yCHuH1WeHT2+/wHMC65DLt6hU6k5k3xEIJqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI5OF+iT7VladWhvKeSsKq26/BJZMB8GA1UdIwQY
MBaAFG0IjO8o4Cr30A8peBbFX448Q9U1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYt
ZmVlOGVhZjczYjBkLzEvams0WDZKUHRXVnAxYUc4cDVLd3FyYnI4RWxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYtZmVlOGVhZjczYjBk
LzEvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9GHMA0G
CSqGSIb3DQEBCwUAA4IBAQAyPJVcnCgWTW7wLNbaZv4ZqyGDfYIRS0Pk1EBASPNX
2+vjHvjrAAjUBjQiwjNHtx4aE9H0J2FVQ1ux+yPx9bc4UfsXwHztziGXtj/CQDSr
bGP/SuSeWBtYy2NmMALLU178sMb0ITAkBmFLwkO1O+3Zz6mUMuA5/mGSrifopRz9
kym8xZdWgN4cIEqWvO0RYUV0YHp3LL8fYLEWJywLHOJNtfVwWAnQDOcY2MFNi/qQ
gsio0GOSrnV4GMfOwW5FEedeNA4iqvmvEaZBtz6hWs9JO3S746q2MvKq56BoJu4P
kpc7M39VZh0y7S3s+9U+BurHLCJHpJwnP7d1vZthWRPA
-----END CERTIFICATE-----