Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/0d4aff-42db-427d-ad5e-c637b0dcdc8e/1/N9qcHPlXTkCMGqtTFOubU0Xp8j0.roa
File:                     N9qcHPlXTkCMGqtTFOubU0Xp8j0.roa (raw, json)
Hash identifier:          fNsczq3ZgVMC4rixHV+8oKyYG7xNs9jElM0ZLCQUsx0=
Subject key identifier:   37:DA:9C:1C:F9:57:4E:40:8C:1A:AB:53:14:EB:9B:53:45:E9:F2:3D
Certificate issuer:       /CN=175124a17b87215f79205cd1486f61839cf9e6f8
Certificate serial:       018CC4252AA8D4EED529823CA7AD4EB1655D
Authority key identifier: 17:51:24:A1:7B:87:21:5F:79:20:5C:D1:48:6F:61:83:9C:F9:E6:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F1EkoXuHIV95IFzRSG9hg5z55vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/0d4aff-42db-427d-ad5e-c637b0dcdc8e/1/N9qcHPlXTkCMGqtTFOubU0Xp8j0.roa
Signing time:             Mon 01 Jan 2024 08:30:19 +0000
ROA not before:           Mon 01 Jan 2024 08:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51932
IP address blocks:        91.221.140.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/0d4aff-42db-427d-ad5e-c637b0dcdc8e/1/F1EkoXuHIV95IFzRSG9hg5z55vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/0d4aff-42db-427d-ad5e-c637b0dcdc8e/1/F1EkoXuHIV95IFzRSG9hg5z55vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F1EkoXuHIV95IFzRSG9hg5z55vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:2a:a8:d4:ee:d5:29:82:3c:a7:ad:4e:b1:65:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=175124a17b87215f79205cd1486f61839cf9e6f8
        Validity
            Not Before: Jan  1 08:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37da9c1cf9574e408c1aab5314eb9b5345e9f23d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:89:49:bf:24:fa:84:aa:a3:d4:41:af:5b:ef:
                    82:8c:0f:93:da:09:9e:19:54:33:6b:07:23:68:33:
                    ae:d5:f4:96:ed:1f:fb:e2:71:16:2f:08:33:f9:5c:
                    ca:a0:85:c5:83:16:79:f7:6d:7a:36:91:62:20:8c:
                    e8:2e:14:a3:07:24:04:d8:8b:b5:10:9f:3f:5f:c3:
                    45:51:01:62:1d:a7:41:b9:b2:1c:61:12:42:0c:e3:
                    5a:af:5b:26:90:9d:44:0c:67:ac:9a:4b:ad:af:ee:
                    58:ac:5d:27:12:d7:ee:b6:28:cd:80:cf:3c:70:3c:
                    f0:76:6c:5e:8f:cf:8c:5e:36:6b:e4:6e:ab:5f:d5:
                    94:7f:98:2f:70:99:f6:96:94:fb:a5:53:06:cd:60:
                    8f:5d:99:84:01:6d:32:e2:db:09:26:3b:70:d6:71:
                    4e:7e:73:24:e1:b3:58:29:8c:4a:31:19:24:fe:f4:
                    dd:6a:22:c6:ff:10:a4:08:bf:71:e9:42:5c:7c:1f:
                    50:cf:af:cc:de:16:71:31:0c:fa:f5:a0:3d:0d:03:
                    df:0f:f4:a8:3a:d1:b0:b1:6d:35:c4:62:9f:eb:54:
                    9f:35:dc:d1:42:e6:66:99:61:8b:f7:76:69:e3:e2:
                    56:d8:34:8b:b4:00:79:f9:c1:5b:dd:82:c3:77:35:
                    db:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:DA:9C:1C:F9:57:4E:40:8C:1A:AB:53:14:EB:9B:53:45:E9:F2:3D
            X509v3 Authority Key Identifier:
                keyid:17:51:24:A1:7B:87:21:5F:79:20:5C:D1:48:6F:61:83:9C:F9:E6:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F1EkoXuHIV95IFzRSG9hg5z55vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/0d4aff-42db-427d-ad5e-c637b0dcdc8e/1/N9qcHPlXTkCMGqtTFOubU0Xp8j0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/0d4aff-42db-427d-ad5e-c637b0dcdc8e/1/F1EkoXuHIV95IFzRSG9hg5z55vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         07:c6:4a:e2:08:e6:50:0a:99:d0:31:9e:cb:d7:26:5b:8e:a6:
         97:dc:fd:78:4c:16:f7:4e:c1:5c:8a:e2:67:3f:9f:7a:6f:fa:
         82:99:18:80:fd:c6:10:0f:21:fe:e8:df:4a:9d:59:dd:06:50:
         04:38:43:9e:83:36:54:6f:bf:3c:e4:d7:3a:3f:88:f3:82:ef:
         80:5f:c2:2c:d7:90:b8:5f:88:06:03:81:a8:38:e6:5f:04:36:
         61:0c:8e:9f:f1:31:fe:02:de:3c:e7:7f:68:d6:7a:ef:01:9a:
         4e:ba:0e:65:2a:f4:e6:57:e1:7e:b9:c0:5a:2f:16:d5:2b:16:
         f4:bc:0c:7d:20:09:3c:af:c4:42:99:bc:3e:50:03:68:21:82:
         74:71:0c:73:78:fd:48:a7:97:25:41:c9:6d:26:c3:42:c7:87:
         50:3b:a1:d7:6b:22:70:bd:8d:f5:c5:17:61:28:f0:c4:bb:80:
         c5:1e:80:8e:6d:bd:f3:45:d8:95:da:00:db:3a:36:ec:0e:33:
         55:1f:56:4b:c3:77:2a:a0:08:4b:d6:d3:a7:65:b8:1f:af:73:
         6f:57:ec:3b:cb:e5:fe:9d:92:e0:a3:92:0c:53:4d:4c:76:9b:
         02:9d:8d:05:88:93:5f:33:b3:f3:8a:f2:3a:d5:e6:59:c7:23:
         ac:db:46:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJSqo1O7VKYI8p61OsWVdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NTEyNGExN2I4NzIxNWY3OTIwNWNkMTQ4NmY2MTgzOWNm
OWU2ZjgwHhcNMjQwMTAxMDgzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2RhOWMxY2Y5NTc0ZTQwOGMxYWFiNTMxNGViOWI1MzQ1ZTlmMjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg4lJvyT6hKqj1EGvW++CjA+T2gme
GVQzawcjaDOu1fSW7R/74nEWLwgz+VzKoIXFgxZ59216NpFiIIzoLhSjByQE2Iu1
EJ8/X8NFUQFiHadBubIcYRJCDONar1smkJ1EDGesmkutr+5YrF0nEtfutijNgM88
cDzwdmxej8+MXjZr5G6rX9WUf5gvcJn2lpT7pVMGzWCPXZmEAW0y4tsJJjtw1nFO
fnMk4bNYKYxKMRkk/vTdaiLG/xCkCL9x6UJcfB9Qz6/M3hZxMQz69aA9DQPfD/So
OtGwsW01xGKf61SfNdzRQuZmmWGL93Zp4+JW2DSLtAB5+cFb3YLDdzXbtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDfanBz5V05AjBqrUxTrm1NF6fI9MB8GA1UdIwQY
MBaAFBdRJKF7hyFfeSBc0UhvYYOc+eb4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjFFa29YdUhJVjk1SUZ6UlNHOWhnNXo1NXZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi8wZDRhZmYtNDJkYi00MjdkLWFkNWUt
YzYzN2IwZGNkYzhlLzEvTjlxY0hQbFhUa0NNR3F0VEZPdWJVMFhwOGowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi8wZDRhZmYtNDJkYi00MjdkLWFkNWUtYzYzN2IwZGNkYzhl
LzEvRjFFa29YdUhJVjk1SUZ6UlNHOWhnNXo1NXZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW92MMA0G
CSqGSIb3DQEBCwUAA4IBAQAHxkriCOZQCpnQMZ7L1yZbjqaX3P14TBb3TsFciuJn
P596b/qCmRiA/cYQDyH+6N9KnVndBlAEOEOegzZUb7885Nc6P4jzgu+AX8Is15C4
X4gGA4GoOOZfBDZhDI6f8TH+At48539o1nrvAZpOug5lKvTmV+F+ucBaLxbVKxb0
vAx9IAk8r8RCmbw+UANoIYJ0cQxzeP1Ip5clQcltJsNCx4dQO6HXayJwvY31xRdh
KPDEu4DFHoCObb3zRdiV2gDbOjbsDjNVH1ZLw3cqoAhL1tOnZbgfr3NvV+w7y+X+
nZLgo5IMU01MdpsCnY0FiJNfM7PzivI61eZZxyOs20ZC
-----END CERTIFICATE-----