Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/59d987-fa5d-406f-9c6a-1d6076e0e290/1/R9RvWbhDm0SQa4wbE9QSWeXh3Vk.roa
File:                     R9RvWbhDm0SQa4wbE9QSWeXh3Vk.roa (raw, json)
Hash identifier:          ErtYPmRmXoAaumaJ3Qu1+zPb7HB9aNdfUQEtd+bYSjU=
Subject key identifier:   47:D4:6F:59:B8:43:9B:44:90:6B:8C:1B:13:D4:12:59:E5:E1:DD:59
Certificate issuer:       /CN=335d831afcc9d74ccf3ee40a0eb68f99085b98dd
Certificate serial:       019421B1910BE36A0BB9570004B6970637C6
Authority key identifier: 33:5D:83:1A:FC:C9:D7:4C:CF:3E:E4:0A:0E:B6:8F:99:08:5B:98:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M12DGvzJ10zPPuQKDraPmQhbmN0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/59d987-fa5d-406f-9c6a-1d6076e0e290/1/R9RvWbhDm0SQa4wbE9QSWeXh3Vk.roa
Signing time:             Wed 01 Jan 2025 11:47:52 +0000
ROA not before:           Wed 01 Jan 2025 11:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212665
IP address blocks:        91.196.6.0/24 maxlen: 24
                          2a12:64c0::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/59d987-fa5d-406f-9c6a-1d6076e0e290/1/M12DGvzJ10zPPuQKDraPmQhbmN0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/59d987-fa5d-406f-9c6a-1d6076e0e290/1/M12DGvzJ10zPPuQKDraPmQhbmN0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M12DGvzJ10zPPuQKDraPmQhbmN0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:91:0b:e3:6a:0b:b9:57:00:04:b6:97:06:37:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=335d831afcc9d74ccf3ee40a0eb68f99085b98dd
        Validity
            Not Before: Jan  1 11:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=47d46f59b8439b44906b8c1b13d41259e5e1dd59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:4b:f2:b6:c9:10:7c:57:77:99:dc:5f:f5:cb:
                    0d:c5:e3:62:47:c9:8c:91:68:a3:4c:b4:63:5f:e4:
                    29:80:28:b1:50:aa:c7:94:18:04:ae:9b:ca:c9:c4:
                    1d:67:b6:e4:6b:68:27:3e:6d:60:24:60:61:de:74:
                    23:79:bb:dc:28:ac:5a:19:c3:7d:3a:5e:e3:93:f2:
                    ed:34:57:37:54:8d:b3:37:55:5b:ed:40:e2:f1:d2:
                    34:f2:68:4a:f4:74:f1:d1:dc:43:5b:07:d8:6f:98:
                    e8:d7:18:3b:60:a1:67:34:74:b2:01:73:f4:0b:45:
                    ca:af:d3:dc:87:9e:53:28:09:aa:ab:66:a5:02:c1:
                    c7:02:1c:ca:13:7f:da:16:b1:e0:c2:30:cd:c4:f3:
                    e4:84:b6:b8:d4:9f:cc:60:42:13:b6:4d:d7:9a:55:
                    24:06:50:b8:70:da:70:f8:af:c3:61:7c:f5:c7:bd:
                    92:5a:fe:75:cb:10:b5:fc:16:aa:69:70:21:52:32:
                    ad:1a:f0:a1:64:4f:c5:ec:db:8b:c0:ab:86:10:41:
                    e0:98:94:97:b0:78:94:c5:74:69:7a:e4:5b:8c:9a:
                    15:70:7f:e4:fe:33:fb:4c:22:aa:fb:be:a4:e7:48:
                    ca:b7:39:6c:6e:0a:85:fe:a0:89:75:c6:d8:ac:7c:
                    bb:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:D4:6F:59:B8:43:9B:44:90:6B:8C:1B:13:D4:12:59:E5:E1:DD:59
            X509v3 Authority Key Identifier:
                keyid:33:5D:83:1A:FC:C9:D7:4C:CF:3E:E4:0A:0E:B6:8F:99:08:5B:98:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M12DGvzJ10zPPuQKDraPmQhbmN0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/59d987-fa5d-406f-9c6a-1d6076e0e290/1/R9RvWbhDm0SQa4wbE9QSWeXh3Vk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/59d987-fa5d-406f-9c6a-1d6076e0e290/1/M12DGvzJ10zPPuQKDraPmQhbmN0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.196.6.0/24
                IPv6:
                  2a12:64c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         3e:95:a5:9f:48:84:5d:02:fb:db:c3:76:16:1b:2a:48:3d:95:
         79:78:3f:7e:be:2e:2b:86:e4:5e:f4:d8:4c:f4:da:b8:ac:d0:
         18:52:5d:eb:7c:b6:39:b4:e7:7f:77:8c:fe:9d:c6:65:ef:ee:
         4c:1d:7d:d1:bf:1d:1f:b1:ab:19:15:3e:8a:79:6c:72:84:e0:
         89:ac:e5:b7:c5:74:02:29:16:3a:c3:f1:dc:e5:4b:fe:dd:c4:
         30:32:e3:9f:5a:90:70:0d:a0:56:63:47:66:df:42:af:1b:ab:
         23:c4:8f:71:67:0c:49:80:47:58:57:8e:f6:8c:e4:5c:2d:60:
         1d:86:25:c4:df:a4:09:17:f7:27:79:89:57:24:fb:7f:8b:8a:
         64:74:60:cf:6b:de:3b:85:de:55:fd:fb:3b:e3:b1:2d:f6:99:
         02:47:05:6f:be:ed:d6:c7:67:27:aa:90:d4:b1:40:32:a9:e7:
         3b:49:12:10:93:bb:da:e4:e6:aa:9f:7b:0d:5c:34:0d:bd:b8:
         24:73:65:1d:08:e6:d3:79:7b:6b:28:82:ef:20:8f:cd:75:b9:
         21:ca:0f:d3:2f:4c:5c:21:46:5f:83:f7:f8:5b:c9:50:3e:ed:
         43:8d:1f:76:91:86:d4:5d:48:f8:a9:f7:32:2a:01:9e:94:53:
         25:34:51:a2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhsZEL42oLuVcABLaXBjfGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzNWQ4MzFhZmNjOWQ3NGNjZjNlZTQwYTBlYjY4Zjk5MDg1
Yjk4ZGQwHhcNMjUwMTAxMTE0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2Q0NmY1OWI4NDM5YjQ0OTA2YjhjMWIxM2Q0MTI1OWU1ZTFkZDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0vytskQfFd3mdxf9csNxeNiR8mM
kWijTLRjX+QpgCixUKrHlBgErpvKycQdZ7bka2gnPm1gJGBh3nQjebvcKKxaGcN9
Ol7jk/LtNFc3VI2zN1Vb7UDi8dI08mhK9HTx0dxDWwfYb5jo1xg7YKFnNHSyAXP0
C0XKr9Pch55TKAmqq2alAsHHAhzKE3/aFrHgwjDNxPPkhLa41J/MYEITtk3XmlUk
BlC4cNpw+K/DYXz1x72SWv51yxC1/BaqaXAhUjKtGvChZE/F7NuLwKuGEEHgmJSX
sHiUxXRpeuRbjJoVcH/k/jP7TCKq+76k50jKtzlsbgqF/qCJdcbYrHy7CwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEfUb1m4Q5tEkGuMGxPUElnl4d1ZMB8GA1UdIwQY
MBaAFDNdgxr8yddMzz7kCg62j5kIW5jdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTEyREd2ekoxMHpQUHVRS0RyYVBtUWhibU4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC81OWQ5ODctZmE1ZC00MDZmLTljNmEt
MWQ2MDc2ZTBlMjkwLzEvUjlSdldiaERtMFNRYTR3YkU5UVNXZVhoM1ZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC81OWQ5ODctZmE1ZC00MDZmLTljNmEtMWQ2MDc2ZTBlMjkw
LzEvTTEyREd2ekoxMHpQUHVRS0RyYVBtUWhibU4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW8QGMA0E
AgACMAcDBQMqEmTAMA0GCSqGSIb3DQEBCwUAA4IBAQA+laWfSIRdAvvbw3YWGypI
PZV5eD9+vi4rhuRe9NhM9Nq4rNAYUl3rfLY5tOd/d4z+ncZl7+5MHX3Rvx0fsasZ
FT6KeWxyhOCJrOW3xXQCKRY6w/Hc5Uv+3cQwMuOfWpBwDaBWY0dm30KvG6sjxI9x
ZwxJgEdYV472jORcLWAdhiXE36QJF/cneYlXJPt/i4pkdGDPa947hd5V/fs747Et
9pkCRwVvvu3Wx2cnqpDUsUAyqec7SRIQk7va5Oaqn3sNXDQNvbgkc2UdCObTeXtr
KILvII/Ndbkhyg/TL0xcIUZfg/f4W8lQPu1DjR92kYbUXUj4qfcyKgGelFMlNFGi
-----END CERTIFICATE-----