Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/dv9nN-TA3dgXlQMgVOupidrX4go.roa
File:                     dv9nN-TA3dgXlQMgVOupidrX4go.roa (raw, json)
Hash identifier:          +V0L780yp/D7z4w3+FtlcVoZt336Skgf4DcHqPtAUys=
Subject key identifier:   76:FF:67:37:E4:C0:DD:D8:17:95:03:20:54:EB:A9:89:DA:D7:E2:0A
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       019246A36F08FE26A2E22F211A0F8BA4E839
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/dv9nN-TA3dgXlQMgVOupidrX4go.roa
Signing time:             Tue 01 Oct 2024 05:52:48 +0000
ROA not before:           Tue 01 Oct 2024 05:52:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61135
IP address blocks:        91.93.155.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 08:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:46:a3:6f:08:fe:26:a2:e2:2f:21:1a:0f:8b:a4:e8:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Oct  1 05:52:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76ff6737e4c0ddd81795032054eba989dad7e20a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:d3:97:62:6d:ae:6b:38:19:f9:0e:f4:96:0c:
                    19:c0:86:04:51:fa:3f:98:6a:da:35:1e:1f:33:89:
                    c0:db:fa:37:24:ec:f9:fc:f9:2a:9b:a5:a6:50:3a:
                    ca:c1:88:f9:70:4a:63:3d:bc:a3:4e:c7:cb:69:9f:
                    89:22:2d:02:0b:3b:1c:f1:d4:24:0c:c0:f7:ad:b9:
                    06:e7:3d:77:99:29:cb:03:00:5c:b3:b0:48:ce:92:
                    9e:6d:b8:b1:bc:bd:5e:9b:60:fd:38:dc:6c:e6:aa:
                    3a:61:e2:44:32:52:c4:ce:f7:ed:b5:6b:31:c3:39:
                    27:a2:77:3b:ed:69:d4:3f:8b:c7:40:43:7a:a2:73:
                    9e:64:b6:05:47:20:ba:d0:2c:33:74:d4:ea:e0:cd:
                    b9:06:01:0b:83:1a:1a:09:8d:0d:b8:62:81:39:e7:
                    ed:87:0c:a7:95:d3:31:b5:55:23:ac:15:52:32:b8:
                    f9:37:30:9c:28:86:fd:56:e6:af:85:81:aa:9b:78:
                    ba:50:58:4e:ff:6b:d4:c3:69:bf:7f:49:60:b6:12:
                    dc:d2:6b:a9:ef:a8:a0:84:f0:53:5e:99:9f:59:91:
                    88:f3:63:91:11:f0:40:de:ad:62:cf:96:ee:ec:34:
                    5a:e6:05:23:e2:df:4e:f3:72:64:b3:35:1d:e5:91:
                    b9:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:FF:67:37:E4:C0:DD:D8:17:95:03:20:54:EB:A9:89:DA:D7:E2:0A
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/dv9nN-TA3dgXlQMgVOupidrX4go.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.93.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:d0:e8:96:3d:4e:71:a1:15:0a:76:42:4b:52:76:4e:eb:74:
         53:41:ec:d4:e7:09:fd:d5:a3:05:62:fe:68:65:01:a8:cb:e6:
         5e:77:37:e6:67:65:ad:8c:9a:1a:43:4f:fe:f8:09:98:0c:32:
         5a:9e:58:c0:31:e9:e2:80:ef:69:3e:30:8b:76:ea:9c:8a:fd:
         05:0f:79:d1:44:52:48:ac:78:cb:fa:09:14:cd:6f:4d:e0:71:
         89:e6:16:56:98:dc:cf:1a:98:ae:a4:44:91:b2:d9:8e:34:d0:
         05:49:28:bb:8a:07:12:22:ad:d2:45:8e:90:47:b0:75:9d:3a:
         6a:bc:cc:e0:d0:29:25:38:da:e2:1c:be:fa:8c:1a:7f:84:77:
         b4:cf:61:93:88:b0:c4:ef:ec:88:14:43:a2:08:6b:4a:6c:1b:
         0c:6a:15:09:7e:04:b3:18:fa:82:8c:92:d9:8d:d4:ab:a5:18:
         81:1c:b4:64:b7:2a:47:4c:cc:17:8b:41:e0:8b:62:aa:f6:72:
         96:79:6e:a8:2a:79:98:81:f4:4b:ac:d6:46:e7:f3:29:34:91:
         b1:5b:ee:f5:ee:93:1c:5b:63:1d:d3:d2:43:31:e0:bf:19:50:
         bd:6c:04:30:7a:43:fb:c9:89:b1:91:ea:52:34:94:64:a1:54:
         3a:56:e3:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJGo28I/iai4i8hGg+LpOg5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjQxMDAxMDU1MjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmZmNjczN2U0YzBkZGQ4MTc5NTAzMjA1NGViYTk4OWRhZDdlMjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn9OXYm2uazgZ+Q70lgwZwIYEUfo/
mGraNR4fM4nA2/o3JOz5/Pkqm6WmUDrKwYj5cEpjPbyjTsfLaZ+JIi0CCzsc8dQk
DMD3rbkG5z13mSnLAwBcs7BIzpKebbixvL1em2D9ONxs5qo6YeJEMlLEzvfttWsx
wzknonc77WnUP4vHQEN6onOeZLYFRyC60CwzdNTq4M25BgELgxoaCY0NuGKBOeft
hwynldMxtVUjrBVSMrj5NzCcKIb9VuavhYGqm3i6UFhO/2vUw2m/f0lgthLc0mup
76ighPBTXpmfWZGI82OREfBA3q1iz5bu7DRa5gUj4t9O83JkszUd5ZG5SQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHb/ZzfkwN3YF5UDIFTrqYna1+IKMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvZHY5bk4tVEEzZGdYbFFNZ1ZPdXBpZHJYNGdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW12bMA0G
CSqGSIb3DQEBCwUAA4IBAQA10OiWPU5xoRUKdkJLUnZO63RTQezU5wn91aMFYv5o
ZQGoy+ZedzfmZ2WtjJoaQ0/++AmYDDJanljAMenigO9pPjCLduqciv0FD3nRRFJI
rHjL+gkUzW9N4HGJ5hZWmNzPGpiupESRstmONNAFSSi7igcSIq3SRY6QR7B1nTpq
vMzg0CklONriHL76jBp/hHe0z2GTiLDE7+yIFEOiCGtKbBsMahUJfgSzGPqCjJLZ
jdSrpRiBHLRktypHTMwXi0Hgi2Kq9nKWeW6oKnmYgfRLrNZG5/MpNJGxW+717pMc
W2Md09JDMeC/GVC9bAQwekP7yYmxkepSNJRkoVQ6VuO9
-----END CERTIFICATE-----