Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/09e2f7-e650-4f38-a745-c396200fe0bf/1/JDbsNRiv_WMTlViBQXQ3g59gK5M.roa
File:                     JDbsNRiv_WMTlViBQXQ3g59gK5M.roa (raw, json)
Hash identifier:          5BHapuXzcbpJhpfOa/evo44J0f0F6BTnvXfMcpPhdEU=
Subject key identifier:   24:36:EC:35:18:AF:FD:63:13:95:58:81:41:74:37:83:9F:60:2B:93
Certificate issuer:       /CN=94aa418ae770bda8ef0516b1d1c633a67e91f38b
Certificate serial:       01942369F249B0266EFF5C42F8FA00F4A9C3
Authority key identifier: 94:AA:41:8A:E7:70:BD:A8:EF:05:16:B1:D1:C6:33:A6:7E:91:F3:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lKpBiudwvajvBRax0cYzpn6R84s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/09e2f7-e650-4f38-a745-c396200fe0bf/1/JDbsNRiv_WMTlViBQXQ3g59gK5M.roa
Signing time:             Wed 01 Jan 2025 19:48:53 +0000
ROA not before:           Wed 01 Jan 2025 19:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49248
IP address blocks:        91.212.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/09e2f7-e650-4f38-a745-c396200fe0bf/1/lKpBiudwvajvBRax0cYzpn6R84s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/09e2f7-e650-4f38-a745-c396200fe0bf/1/lKpBiudwvajvBRax0cYzpn6R84s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lKpBiudwvajvBRax0cYzpn6R84s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:f2:49:b0:26:6e:ff:5c:42:f8:fa:00:f4:a9:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94aa418ae770bda8ef0516b1d1c633a67e91f38b
        Validity
            Not Before: Jan  1 19:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2436ec3518affd6313955881417437839f602b93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:36:46:03:2d:06:68:ff:8e:21:f3:14:31:73:
                    c4:78:8f:f9:2d:90:47:ff:8b:58:8a:9d:b8:75:1b:
                    d4:e3:ca:ce:6a:81:26:44:3c:2d:35:bb:5e:f6:dc:
                    32:c5:0b:bb:cd:e2:07:bf:8e:87:e9:29:59:5b:54:
                    73:bd:e7:39:96:c1:93:46:1a:c0:e7:ee:ed:5f:d9:
                    30:04:17:a1:c7:b7:3a:b7:24:bb:ca:a3:b2:e7:09:
                    1b:af:e2:e0:81:b6:e4:8a:ee:cb:14:2a:01:f0:b6:
                    1b:37:a8:2e:41:b3:89:43:fa:56:30:5d:56:fd:f5:
                    ac:d9:32:1d:89:2d:ee:50:09:60:15:92:91:9f:6c:
                    a7:70:41:3b:8e:a2:00:f2:a6:04:4a:06:1b:41:9c:
                    51:6f:ca:a9:2e:8b:e1:52:89:41:d5:05:e3:bd:1a:
                    5b:ac:50:a2:32:1f:7c:30:b9:a8:6b:d7:f9:65:ae:
                    bd:ee:64:fc:f8:da:56:8f:d7:e5:3e:11:a0:56:09:
                    1b:93:f2:fc:c9:2e:f9:76:93:36:d4:c6:ab:6a:38:
                    0d:01:6c:cf:90:7d:19:9e:0a:84:ce:ae:d1:b6:b6:
                    d7:60:43:3c:06:0d:44:1c:52:82:7a:1d:be:f7:65:
                    0e:ac:f7:40:4a:f5:99:81:38:11:4f:6e:e0:68:ef:
                    ad:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:36:EC:35:18:AF:FD:63:13:95:58:81:41:74:37:83:9F:60:2B:93
            X509v3 Authority Key Identifier:
                keyid:94:AA:41:8A:E7:70:BD:A8:EF:05:16:B1:D1:C6:33:A6:7E:91:F3:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lKpBiudwvajvBRax0cYzpn6R84s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/09e2f7-e650-4f38-a745-c396200fe0bf/1/JDbsNRiv_WMTlViBQXQ3g59gK5M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/09e2f7-e650-4f38-a745-c396200fe0bf/1/lKpBiudwvajvBRax0cYzpn6R84s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:de:cc:70:b1:3d:da:ff:2d:17:4f:7e:56:95:4b:e6:bf:a4:
         84:8e:99:d2:19:be:a5:ef:ee:b8:55:b6:47:28:24:f0:0a:37:
         da:b3:1d:33:f0:55:93:f3:fe:4d:37:38:bf:14:8f:88:7c:51:
         d7:5e:53:8d:34:d2:f1:7a:80:45:af:5c:e2:31:3d:3e:e0:6f:
         58:b1:15:60:fe:88:e4:ae:d6:b9:9b:06:4c:8b:1d:c5:f7:bf:
         1c:1b:c6:3b:6d:36:49:b0:f1:78:d4:33:ea:ac:52:a1:83:71:
         c7:fd:93:e5:ca:ed:ab:08:7b:87:41:2d:d8:71:1f:15:a2:87:
         fe:c2:cc:dd:a2:9f:9a:52:ec:4f:57:15:42:99:73:ba:35:21:
         2f:58:7d:47:40:3e:7d:d3:3f:7f:bb:2e:60:99:28:74:5e:0e:
         3d:6e:04:08:2d:d5:13:85:90:91:a3:c8:75:6c:26:43:9a:25:
         f1:26:70:bf:b8:80:12:e5:f8:b8:2e:f6:60:96:bf:10:82:34:
         3a:8a:53:89:8a:5a:e6:92:01:57:d3:aa:44:54:05:29:97:46:
         d9:01:ee:51:94:63:60:a4:1c:37:bf:1f:db:c2:36:e1:06:31:
         ff:ca:16:f1:5f:50:3a:12:ad:0a:34:9d:2c:40:b1:82:60:b7:
         ec:39:b0:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjafJJsCZu/1xC+PoA9KnDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0YWE0MThhZTc3MGJkYThlZjA1MTZiMWQxYzYzM2E2N2U5
MWYzOGIwHhcNMjUwMTAxMTk0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDM2ZWMzNTE4YWZmZDYzMTM5NTU4ODE0MTc0Mzc4MzlmNjAyYjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAojZGAy0GaP+OIfMUMXPEeI/5LZBH
/4tYip24dRvU48rOaoEmRDwtNbte9twyxQu7zeIHv46H6SlZW1Rzvec5lsGTRhrA
5+7tX9kwBBehx7c6tyS7yqOy5wkbr+Lggbbkiu7LFCoB8LYbN6guQbOJQ/pWMF1W
/fWs2TIdiS3uUAlgFZKRn2yncEE7jqIA8qYESgYbQZxRb8qpLovhUolB1QXjvRpb
rFCiMh98MLmoa9f5Za697mT8+NpWj9flPhGgVgkbk/L8yS75dpM21MarajgNAWzP
kH0ZngqEzq7RtrbXYEM8Bg1EHFKCeh2+92UOrPdASvWZgTgRT27gaO+toQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCQ27DUYr/1jE5VYgUF0N4OfYCuTMB8GA1UdIwQY
MBaAFJSqQYrncL2o7wUWsdHGM6Z+kfOLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEtwQml1ZHd2YWp2QlJheDBjWXpwbjZSODRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy8wOWUyZjctZTY1MC00ZjM4LWE3NDUt
YzM5NjIwMGZlMGJmLzEvSkRic05SaXZfV01UbFZpQlFYUTNnNTlnSzVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy8wOWUyZjctZTY1MC00ZjM4LWE3NDUtYzM5NjIwMGZlMGJm
LzEvbEtwQml1ZHd2YWp2QlJheDBjWXpwbjZSODRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9RmMA0G
CSqGSIb3DQEBCwUAA4IBAQBw3sxwsT3a/y0XT35WlUvmv6SEjpnSGb6l7+64VbZH
KCTwCjfasx0z8FWT8/5NNzi/FI+IfFHXXlONNNLxeoBFr1ziMT0+4G9YsRVg/ojk
rta5mwZMix3F978cG8Y7bTZJsPF41DPqrFKhg3HH/ZPlyu2rCHuHQS3YcR8Voof+
wszdop+aUuxPVxVCmXO6NSEvWH1HQD590z9/uy5gmSh0Xg49bgQILdUThZCRo8h1
bCZDmiXxJnC/uIAS5fi4LvZglr8QgjQ6ilOJilrmkgFX06pEVAUpl0bZAe5RlGNg
pBw3vx/bwjbhBjH/yhbxX1A6Eq0KNJ0sQLGCYLfsObCT
-----END CERTIFICATE-----