Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/c885e7-4d6f-4b45-9e4a-b16d219b3592/1/Od9un52XqI25-RK-Oxi3mTgNoXI.roa
File:                     Od9un52XqI25-RK-Oxi3mTgNoXI.roa (raw, json)
Hash identifier:          eJ9i8PZfc4Qg8pLnPJUKtEbR0A7hjlRE02a6r2JpLF4=
Subject key identifier:   39:DF:6E:9F:9D:97:A8:8D:B9:F9:12:BE:3B:18:B7:99:38:0D:A1:72
Certificate issuer:       /CN=054409a1d8b072f7db024528b9720339bdbbb106
Certificate serial:       018CC94E53CFB586AE926228A2D52F8FD466
Authority key identifier: 05:44:09:A1:D8:B0:72:F7:DB:02:45:28:B9:72:03:39:BD:BB:B1:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUQJodiwcvfbAkUouXIDOb27sQY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/c885e7-4d6f-4b45-9e4a-b16d219b3592/1/Od9un52XqI25-RK-Oxi3mTgNoXI.roa
Signing time:             Tue 02 Jan 2024 08:33:22 +0000
ROA not before:           Tue 02 Jan 2024 08:33:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3212
IP address blocks:        91.212.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/c885e7-4d6f-4b45-9e4a-b16d219b3592/1/BUQJodiwcvfbAkUouXIDOb27sQY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/c885e7-4d6f-4b45-9e4a-b16d219b3592/1/BUQJodiwcvfbAkUouXIDOb27sQY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUQJodiwcvfbAkUouXIDOb27sQY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 08:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:53:cf:b5:86:ae:92:62:28:a2:d5:2f:8f:d4:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=054409a1d8b072f7db024528b9720339bdbbb106
        Validity
            Not Before: Jan  2 08:33:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39df6e9f9d97a88db9f912be3b18b799380da172
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:e5:00:b5:52:89:57:a8:4e:a1:14:ba:c7:5f:
                    91:eb:9d:58:a2:7a:97:3a:93:4d:d8:ba:06:01:5d:
                    52:13:23:76:24:33:f8:c6:3f:ab:38:23:f1:8c:d7:
                    47:46:1d:42:8e:7e:06:06:37:bb:97:97:28:bf:26:
                    e5:12:a5:07:d6:5b:ef:74:fa:b3:3e:52:88:17:53:
                    35:4a:9d:92:05:f7:20:53:e5:54:ab:6b:6d:da:78:
                    6b:07:26:92:09:29:47:05:ec:77:a9:6f:cc:85:24:
                    d7:89:e5:e2:0b:d3:fc:ba:52:5f:27:e8:59:ae:74:
                    5b:ca:14:39:d4:1d:d5:13:01:da:c0:df:02:b1:39:
                    e1:bd:28:f4:1b:b7:46:71:ac:77:47:b2:16:be:62:
                    89:a4:54:25:86:33:2c:a3:f5:ea:ad:da:8e:3c:dc:
                    36:8c:43:77:50:7e:40:a3:78:ae:4b:f8:1d:76:e0:
                    58:b9:b0:8a:fd:58:ec:7d:dd:df:e6:04:57:b2:6c:
                    61:57:b3:fa:51:90:80:a6:11:ee:b5:70:3e:18:f1:
                    19:1d:86:eb:aa:48:59:21:46:77:60:06:b2:25:c1:
                    fb:19:20:94:a5:ae:17:c3:04:d2:41:a9:4c:b0:52:
                    cd:36:19:4e:3e:3a:d4:25:d5:71:f9:9d:9f:de:79:
                    02:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:DF:6E:9F:9D:97:A8:8D:B9:F9:12:BE:3B:18:B7:99:38:0D:A1:72
            X509v3 Authority Key Identifier:
                keyid:05:44:09:A1:D8:B0:72:F7:DB:02:45:28:B9:72:03:39:BD:BB:B1:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUQJodiwcvfbAkUouXIDOb27sQY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/c885e7-4d6f-4b45-9e4a-b16d219b3592/1/Od9un52XqI25-RK-Oxi3mTgNoXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/c885e7-4d6f-4b45-9e4a-b16d219b3592/1/BUQJodiwcvfbAkUouXIDOb27sQY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:28:bc:7a:79:b3:fd:c6:bc:ba:43:d7:b9:4e:5c:52:3a:b9:
         12:4d:f8:d8:3d:85:77:3c:1e:00:df:af:df:33:19:2b:8d:fb:
         f1:6a:71:92:b4:d8:d8:bc:7b:1e:1b:40:74:15:62:6e:71:ac:
         7d:71:a4:42:4f:43:dd:ab:49:0a:79:91:3b:b5:de:e1:28:65:
         8a:ea:1c:0f:89:63:33:92:70:61:04:f6:a9:39:c3:a6:3d:7c:
         7f:03:7b:fe:58:58:d9:13:63:d4:b5:6f:6d:9f:15:01:00:17:
         08:45:73:f3:84:0f:c7:94:dd:aa:9c:47:d1:c6:ef:02:5e:61:
         ae:ab:63:e0:12:a8:27:b8:1e:27:db:da:1a:d3:2a:3d:81:dd:
         99:d1:ea:90:08:3d:d4:c6:c2:d2:8b:c8:cb:6c:31:d0:e6:41:
         b2:65:e7:fc:30:d2:aa:c1:d0:27:16:be:ff:ab:00:bd:5f:3a:
         22:d5:21:72:87:41:a6:a1:fa:27:3b:ea:93:a8:71:50:33:88:
         19:c6:f7:a5:42:d6:6d:2c:83:8f:84:8e:b0:40:a1:63:c5:58:
         53:49:43:85:79:c6:0c:84:f5:e6:a2:a9:1e:46:59:21:58:9f:
         12:10:dc:95:f9:f3:34:7c:df:41:10:5c:67:0a:41:55:f8:8e:
         5a:ef:e2:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTlPPtYaukmIootUvj9RmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDQwOWExZDhiMDcyZjdkYjAyNDUyOGI5NzIwMzM5YmRi
YmIxMDYwHhcNMjQwMTAyMDgzMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWRmNmU5ZjlkOTdhODhkYjlmOTEyYmUzYjE4Yjc5OTM4MGRhMTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOUAtVKJV6hOoRS6x1+R651YonqX
OpNN2LoGAV1SEyN2JDP4xj+rOCPxjNdHRh1Cjn4GBje7l5covyblEqUH1lvvdPqz
PlKIF1M1Sp2SBfcgU+VUq2tt2nhrByaSCSlHBex3qW/MhSTXieXiC9P8ulJfJ+hZ
rnRbyhQ51B3VEwHawN8CsTnhvSj0G7dGcax3R7IWvmKJpFQlhjMso/XqrdqOPNw2
jEN3UH5Ao3iuS/gdduBYubCK/Vjsfd3f5gRXsmxhV7P6UZCAphHutXA+GPEZHYbr
qkhZIUZ3YAayJcH7GSCUpa4XwwTSQalMsFLNNhlOPjrUJdVx+Z2f3nkC/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDnfbp+dl6iNufkSvjsYt5k4DaFyMB8GA1UdIwQY
MBaAFAVECaHYsHL32wJFKLlyAzm9u7EGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVRSm9kaXdjdmZiQWtVb3VYSURPYjI3c1FZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9jODg1ZTctNGQ2Zi00YjQ1LTllNGEt
YjE2ZDIxOWIzNTkyLzEvT2Q5dW41MlhxSTI1LVJLLU94aTNtVGdOb1hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9jODg1ZTctNGQ2Zi00YjQ1LTllNGEtYjE2ZDIxOWIzNTky
LzEvQlVRSm9kaXdjdmZiQWtVb3VYSURPYjI3c1FZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9T7MA0G
CSqGSIb3DQEBCwUAA4IBAQA7KLx6ebP9xry6Q9e5TlxSOrkSTfjYPYV3PB4A36/f
MxkrjfvxanGStNjYvHseG0B0FWJucax9caRCT0Pdq0kKeZE7td7hKGWK6hwPiWMz
knBhBPapOcOmPXx/A3v+WFjZE2PUtW9tnxUBABcIRXPzhA/HlN2qnEfRxu8CXmGu
q2PgEqgnuB4n29oa0yo9gd2Z0eqQCD3UxsLSi8jLbDHQ5kGyZef8MNKqwdAnFr7/
qwC9Xzoi1SFyh0GmofonO+qTqHFQM4gZxvelQtZtLIOPhI6wQKFjxVhTSUOFecYM
hPXmoqkeRlkhWJ8SENyV+fM0fN9BEFxnCkFV+I5a7+LO
-----END CERTIFICATE-----