Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/b60fb5-2fda-4def-96f9-e2b9f6dbe000/1/9NycQPdTm5XeExM7oltoXriVp4c.roa
File:                     9NycQPdTm5XeExM7oltoXriVp4c.roa (raw, json)
Hash identifier:          eEjg509sB6jnagqka3dB/WCRDU6dLl4FG+uTkZ1Z5rc=
Subject key identifier:   F4:DC:9C:40:F7:53:9B:95:DE:13:13:3B:A2:5B:68:5E:B8:95:A7:87
Certificate issuer:       /CN=535b1cd5ee5eb03dfbf6d425d6979e8d535015bc
Certificate serial:       0192B389ABF549ED2B76BAC9188E53509691
Authority key identifier: 53:5B:1C:D5:EE:5E:B0:3D:FB:F6:D4:25:D6:97:9E:8D:53:50:15:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U1sc1e5esD379tQl1peejVNQFbw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/b60fb5-2fda-4def-96f9-e2b9f6dbe000/1/9NycQPdTm5XeExM7oltoXriVp4c.roa
Signing time:             Tue 22 Oct 2024 09:23:16 +0000
ROA not before:           Tue 22 Oct 2024 09:23:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2116
IP address blocks:        91.232.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/b60fb5-2fda-4def-96f9-e2b9f6dbe000/1/U1sc1e5esD379tQl1peejVNQFbw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/b60fb5-2fda-4def-96f9-e2b9f6dbe000/1/U1sc1e5esD379tQl1peejVNQFbw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U1sc1e5esD379tQl1peejVNQFbw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b3:89:ab:f5:49:ed:2b:76:ba:c9:18:8e:53:50:96:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=535b1cd5ee5eb03dfbf6d425d6979e8d535015bc
        Validity
            Not Before: Oct 22 09:23:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4dc9c40f7539b95de13133ba25b685eb895a787
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:ca:48:94:c0:c1:f8:15:7f:9c:bc:d6:6e:d8:
                    9d:08:32:38:d3:8f:8a:88:c2:0c:37:3b:a2:01:f1:
                    1b:3d:02:1b:60:63:e1:35:40:34:d8:48:7f:00:d1:
                    fe:5b:6c:d2:1f:ae:31:38:48:ba:69:94:7f:1f:b2:
                    e0:d4:f0:2b:3b:da:a8:51:cf:27:f1:50:d0:12:08:
                    d5:cc:7b:30:ad:4d:5e:98:dd:de:85:ff:32:f8:bd:
                    87:cc:7c:7d:f3:d2:7e:0d:55:bd:1f:0a:0a:e8:fe:
                    6f:0a:e0:cd:fd:a1:38:b3:ac:47:91:59:68:87:16:
                    40:34:b4:c3:b2:6b:80:89:13:87:4b:c2:f9:6f:41:
                    34:37:76:c5:ea:3f:d5:18:7c:71:6a:56:55:be:ad:
                    e8:55:45:7f:af:17:19:ae:16:c5:c1:09:c7:17:14:
                    af:1e:87:46:ba:05:89:bf:94:a4:b1:d3:76:61:ad:
                    6f:39:7c:4d:ab:20:c7:98:7f:45:1d:7b:5a:a5:e7:
                    f0:8d:d2:27:7b:1b:57:14:e0:a4:df:31:0d:62:83:
                    a9:b2:4a:b9:84:d8:78:01:0b:12:72:64:7b:6c:cb:
                    62:3c:47:3f:fc:ce:c8:e9:97:c3:b9:66:36:9c:5e:
                    d1:79:fe:4b:58:27:32:6c:96:5e:56:1a:81:67:f6:
                    6d:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:DC:9C:40:F7:53:9B:95:DE:13:13:3B:A2:5B:68:5E:B8:95:A7:87
            X509v3 Authority Key Identifier:
                keyid:53:5B:1C:D5:EE:5E:B0:3D:FB:F6:D4:25:D6:97:9E:8D:53:50:15:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U1sc1e5esD379tQl1peejVNQFbw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/b60fb5-2fda-4def-96f9-e2b9f6dbe000/1/9NycQPdTm5XeExM7oltoXriVp4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/b60fb5-2fda-4def-96f9-e2b9f6dbe000/1/U1sc1e5esD379tQl1peejVNQFbw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.232.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:41:c2:81:5b:89:7d:64:34:d8:27:8f:88:51:94:4b:cd:a5:
         f9:8b:a4:92:91:5a:f5:59:cd:2b:60:4d:e9:72:33:ba:c9:49:
         12:3f:ac:2a:21:e7:b4:ad:4f:10:fe:3d:07:04:4d:00:6a:41:
         44:ab:74:d8:f7:32:24:c9:d3:3e:af:35:0b:6b:2b:42:63:38:
         4f:c7:84:d2:e6:a9:0b:63:35:94:e3:f3:41:d2:c1:99:32:41:
         98:d4:ae:4b:c8:41:65:f7:0f:1c:0d:c0:c3:e9:43:6a:9e:38:
         77:66:05:bc:ed:63:5d:b2:ec:12:ae:fb:57:46:dc:0d:95:77:
         71:f1:a0:ff:54:53:d8:95:42:bb:61:5a:e6:a4:a6:d5:7e:ef:
         96:20:79:f1:13:4a:33:9a:43:88:69:db:10:fc:29:a1:eb:86:
         ca:5d:96:c5:0e:d2:30:d3:be:01:b6:b2:6e:4a:f5:a2:72:6e:
         e2:ff:e8:9d:ef:71:2f:63:30:47:16:67:85:d4:96:ab:30:6a:
         d9:1e:35:33:45:0b:a5:e1:83:09:d8:b5:9c:37:60:84:67:9b:
         37:39:82:28:ff:41:b0:bf:cb:9a:9d:d0:53:96:6e:41:f2:7b:
         e1:27:14:13:ec:f8:95:17:7c:79:98:3a:52:2d:e0:78:e9:57:
         43:14:05:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKziav1Se0rdrrJGI5TUJaRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzNWIxY2Q1ZWU1ZWIwM2RmYmY2ZDQyNWQ2OTc5ZThkNTM1
MDE1YmMwHhcNMjQxMDIyMDkyMzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGRjOWM0MGY3NTM5Yjk1ZGUxMzEzM2JhMjViNjg1ZWI4OTVhNzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl8pIlMDB+BV/nLzWbtidCDI404+K
iMIMNzuiAfEbPQIbYGPhNUA02Eh/ANH+W2zSH64xOEi6aZR/H7Lg1PArO9qoUc8n
8VDQEgjVzHswrU1emN3ehf8y+L2HzHx989J+DVW9HwoK6P5vCuDN/aE4s6xHkVlo
hxZANLTDsmuAiROHS8L5b0E0N3bF6j/VGHxxalZVvq3oVUV/rxcZrhbFwQnHFxSv
HodGugWJv5SksdN2Ya1vOXxNqyDHmH9FHXtapefwjdInextXFOCk3zENYoOpskq5
hNh4AQsScmR7bMtiPEc//M7I6ZfDuWY2nF7Ref5LWCcybJZeVhqBZ/ZtSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPTcnED3U5uV3hMTO6JbaF64laeHMB8GA1UdIwQY
MBaAFFNbHNXuXrA9+/bUJdaXno1TUBW8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTFzYzFlNWVzRDM3OXRRbDFwZWVqVk5RRmJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9iNjBmYjUtMmZkYS00ZGVmLTk2Zjkt
ZTJiOWY2ZGJlMDAwLzEvOU55Y1FQZFRtNVhlRXhNN29sdG9YcmlWcDRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9iNjBmYjUtMmZkYS00ZGVmLTk2ZjktZTJiOWY2ZGJlMDAw
LzEvVTFzYzFlNWVzRDM3OXRRbDFwZWVqVk5RRmJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+hTMA0G
CSqGSIb3DQEBCwUAA4IBAQCCQcKBW4l9ZDTYJ4+IUZRLzaX5i6SSkVr1Wc0rYE3p
cjO6yUkSP6wqIee0rU8Q/j0HBE0AakFEq3TY9zIkydM+rzULaytCYzhPx4TS5qkL
YzWU4/NB0sGZMkGY1K5LyEFl9w8cDcDD6UNqnjh3ZgW87WNdsuwSrvtXRtwNlXdx
8aD/VFPYlUK7YVrmpKbVfu+WIHnxE0ozmkOIadsQ/Cmh64bKXZbFDtIw074BtrJu
SvWicm7i/+id73EvYzBHFmeF1JarMGrZHjUzRQul4YMJ2LWcN2CEZ5s3OYIo/0Gw
v8uandBTlm5B8nvhJxQT7PiVF3x5mDpSLeB46VdDFAVc
-----END CERTIFICATE-----