Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/9ad508-bfc1-4b8a-bafc-cd024788ed3c/1/NhoZHiHGg4f-sN-IR9L83FfPqzU.roa
File:                     NhoZHiHGg4f-sN-IR9L83FfPqzU.roa (raw, json)
Hash identifier:          jUtffwq7VSd6qnhGP6ByGcOdRJBJfPG43+WLImrfmDg=
Subject key identifier:   36:1A:19:1E:21:C6:83:87:FE:B0:DF:88:47:D2:FC:DC:57:CF:AB:35
Certificate issuer:       /CN=de0b59fb68151e21dc99d62faf03589be41fbea2
Certificate serial:       018CC2DB6532C0C91B46FFB89BAFB944444D
Authority key identifier: DE:0B:59:FB:68:15:1E:21:DC:99:D6:2F:AF:03:58:9B:E4:1F:BE:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3gtZ-2gVHiHcmdYvrwNYm-QfvqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/9ad508-bfc1-4b8a-bafc-cd024788ed3c/1/NhoZHiHGg4f-sN-IR9L83FfPqzU.roa
Signing time:             Mon 01 Jan 2024 02:30:07 +0000
ROA not before:           Mon 01 Jan 2024 02:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15404
IP address blocks:        91.212.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/9ad508-bfc1-4b8a-bafc-cd024788ed3c/1/3gtZ-2gVHiHcmdYvrwNYm-QfvqI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/9ad508-bfc1-4b8a-bafc-cd024788ed3c/1/3gtZ-2gVHiHcmdYvrwNYm-QfvqI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3gtZ-2gVHiHcmdYvrwNYm-QfvqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 01:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:65:32:c0:c9:1b:46:ff:b8:9b:af:b9:44:44:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de0b59fb68151e21dc99d62faf03589be41fbea2
        Validity
            Not Before: Jan  1 02:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=361a191e21c68387feb0df8847d2fcdc57cfab35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:5f:21:e8:22:76:76:65:4d:10:2d:d1:02:13:
                    40:dd:62:e4:1d:fa:37:05:09:a0:55:5b:db:2b:17:
                    ac:16:09:4e:3d:00:a1:3d:55:9c:60:69:f1:dc:91:
                    4f:a4:90:3a:16:f2:3a:57:78:f1:c0:55:72:6c:8b:
                    91:64:43:a4:2d:0b:0c:1c:24:aa:d9:a9:1c:e8:79:
                    87:f5:7c:a8:e0:4c:7a:64:b7:31:4d:cb:4a:fb:84:
                    7a:34:a6:4c:32:76:3d:d8:f8:f6:6a:37:22:c6:b2:
                    47:eb:11:b6:c0:03:7a:9a:65:c9:c4:7d:e3:ef:17:
                    14:56:19:90:9b:c0:fc:84:a0:b0:e6:ee:67:61:9f:
                    0b:07:ef:cb:32:1f:fa:fa:5d:c2:d6:30:9e:ff:ea:
                    90:1e:28:90:e5:ce:95:be:50:5c:00:4e:ae:83:25:
                    b7:1b:3c:5b:e1:94:bd:e5:c7:34:96:3d:96:c1:7f:
                    8b:9f:67:96:77:68:3f:ca:63:73:57:52:85:2b:19:
                    fd:c8:e5:be:e2:ae:43:80:24:f8:e2:79:4c:36:bd:
                    1f:06:2c:32:7e:e5:9f:c9:08:49:92:9b:0e:32:42:
                    79:e8:e2:56:11:fa:96:95:40:9c:31:66:29:aa:b9:
                    61:8e:92:b6:50:d1:66:da:ff:14:3b:bc:dc:c7:5b:
                    6f:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:1A:19:1E:21:C6:83:87:FE:B0:DF:88:47:D2:FC:DC:57:CF:AB:35
            X509v3 Authority Key Identifier:
                keyid:DE:0B:59:FB:68:15:1E:21:DC:99:D6:2F:AF:03:58:9B:E4:1F:BE:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3gtZ-2gVHiHcmdYvrwNYm-QfvqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/9ad508-bfc1-4b8a-bafc-cd024788ed3c/1/NhoZHiHGg4f-sN-IR9L83FfPqzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/9ad508-bfc1-4b8a-bafc-cd024788ed3c/1/3gtZ-2gVHiHcmdYvrwNYm-QfvqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:5e:84:6b:33:b7:00:25:b5:a3:59:4b:59:e3:83:6a:d8:1c:
         f9:bf:2d:a7:2b:e4:32:d6:c6:7a:7d:08:2a:3d:11:0c:20:67:
         bd:c1:40:7a:62:e6:9b:d8:9c:39:cf:f7:17:b4:3d:36:63:5c:
         67:57:4c:17:9d:dc:89:fd:42:72:e7:a2:b4:81:8b:f2:e5:2f:
         a8:ad:f6:94:60:63:bb:ae:a4:7e:ec:55:14:71:a7:3b:2f:04:
         39:2c:7b:e0:38:b8:8e:1e:2f:cc:d8:30:f0:62:71:8a:82:ab:
         a6:fe:de:1a:a5:57:90:89:a3:ea:bc:c1:f4:da:38:06:89:7d:
         6f:5a:a0:e7:22:94:84:9e:27:9a:d9:d8:ad:3e:b2:d3:d2:ff:
         1e:e3:f0:b9:a8:fa:ea:ce:37:89:f6:dc:26:cc:57:c1:aa:c3:
         e1:08:c0:82:1f:6c:83:70:f2:44:56:cc:b2:8f:c7:8b:a8:72:
         d9:bb:63:c8:df:d5:e8:29:09:5b:5a:85:2b:c0:bc:85:96:75:
         de:d1:80:cc:4e:d5:1f:8c:21:b2:30:86:ab:e5:e6:e4:4c:27:
         43:ba:47:c9:74:be:1b:4e:de:0e:3b:80:c0:6c:da:88:1c:82:
         e1:97:ce:c8:52:af:1d:f2:59:b3:7e:42:2f:92:56:f2:5b:6a:
         66:f7:67:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC22UywMkbRv+4m6+5RERNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlMGI1OWZiNjgxNTFlMjFkYzk5ZDYyZmFmMDM1ODliZTQx
ZmJlYTIwHhcNMjQwMTAxMDIzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjFhMTkxZTIxYzY4Mzg3ZmViMGRmODg0N2QyZmNkYzU3Y2ZhYjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvF8h6CJ2dmVNEC3RAhNA3WLkHfo3
BQmgVVvbKxesFglOPQChPVWcYGnx3JFPpJA6FvI6V3jxwFVybIuRZEOkLQsMHCSq
2akc6HmH9Xyo4Ex6ZLcxTctK+4R6NKZMMnY92Pj2ajcixrJH6xG2wAN6mmXJxH3j
7xcUVhmQm8D8hKCw5u5nYZ8LB+/LMh/6+l3C1jCe/+qQHiiQ5c6VvlBcAE6ugyW3
Gzxb4ZS95cc0lj2WwX+Ln2eWd2g/ymNzV1KFKxn9yOW+4q5DgCT44nlMNr0fBiwy
fuWfyQhJkpsOMkJ56OJWEfqWlUCcMWYpqrlhjpK2UNFm2v8UO7zcx1tvzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDYaGR4hxoOH/rDfiEfS/NxXz6s1MB8GA1UdIwQY
MBaAFN4LWftoFR4h3JnWL68DWJvkH76iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2d0Wi0yZ1ZIaUhjbWRZdnJ3TlltLVFmdnFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi85YWQ1MDgtYmZjMS00YjhhLWJhZmMt
Y2QwMjQ3ODhlZDNjLzEvTmhvWkhpSEdnNGYtc04tSVI5TDgzRmZQcXpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi85YWQ1MDgtYmZjMS00YjhhLWJhZmMtY2QwMjQ3ODhlZDNj
LzEvM2d0Wi0yZ1ZIaUhjbWRZdnJ3TlltLVFmdnFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9T1MA0G
CSqGSIb3DQEBCwUAA4IBAQANXoRrM7cAJbWjWUtZ44Nq2Bz5vy2nK+Qy1sZ6fQgq
PREMIGe9wUB6Yuab2Jw5z/cXtD02Y1xnV0wXndyJ/UJy56K0gYvy5S+orfaUYGO7
rqR+7FUUcac7LwQ5LHvgOLiOHi/M2DDwYnGKgqum/t4apVeQiaPqvMH02jgGiX1v
WqDnIpSEniea2ditPrLT0v8e4/C5qPrqzjeJ9twmzFfBqsPhCMCCH2yDcPJEVsyy
j8eLqHLZu2PI39XoKQlbWoUrwLyFlnXe0YDMTtUfjCGyMIar5ebkTCdDukfJdL4b
Tt4OO4DAbNqIHILhl87IUq8d8lmzfkIvklbyW2pm92dL
-----END CERTIFICATE-----