Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/LIpJLbylGhFRNKd4Vb6i8k36YRg.roa
File:                     LIpJLbylGhFRNKd4Vb6i8k36YRg.roa (raw, json)
Hash identifier:          Uma+Nee5Et6Up+tXMeUjv4OVtrZCCxIFiku3HIhbB/4=
Subject key identifier:   2C:8A:49:2D:BC:A5:1A:11:51:34:A7:78:55:BE:A2:F2:4D:FA:61:18
Certificate issuer:       /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial:       01942521B85D9E1C0B3D06DB8FB735B9CB51
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/LIpJLbylGhFRNKd4Vb6i8k36YRg.roa
Signing time:             Thu 02 Jan 2025 03:49:14 +0000
ROA not before:           Thu 02 Jan 2025 03:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14445
IP address blocks:        91.208.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:b8:5d:9e:1c:0b:3d:06:db:8f:b7:35:b9:cb:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
        Validity
            Not Before: Jan  2 03:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2c8a492dbca51a115134a77855bea2f24dfa6118
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:b7:64:79:dd:14:33:fc:43:5e:e6:a0:e1:d1:
                    e2:3a:c6:9c:51:4d:3d:e2:95:74:01:80:92:6d:79:
                    64:94:ad:98:1e:3f:18:f4:66:e5:9f:fd:59:e6:55:
                    9d:3e:7f:9f:54:66:65:d4:9c:0c:9d:15:ad:8d:4e:
                    3c:b6:03:0f:18:e6:cf:43:a1:9b:fd:ae:a3:2d:85:
                    b6:fc:ed:2d:fb:ae:c5:1a:dc:06:67:1f:a5:76:c6:
                    fc:04:14:e3:c8:9a:34:4d:4d:f6:39:7a:49:05:e8:
                    d1:15:13:fa:66:49:d1:ce:ef:91:f6:7e:85:aa:2b:
                    d6:30:d8:8a:e4:eb:32:23:7e:04:5c:71:41:98:c1:
                    58:13:6c:91:0c:03:a2:4e:65:5f:92:10:05:8e:2e:
                    dd:af:aa:71:d9:f2:8c:0b:9f:30:93:6c:b8:d0:09:
                    64:6a:32:40:be:7a:96:3c:ff:0f:5c:20:68:62:19:
                    b6:aa:c7:ba:c0:0a:92:9d:7a:9c:70:5b:f0:21:fb:
                    2e:00:92:66:b9:2e:f4:08:3e:cf:aa:5b:f2:2c:c9:
                    e8:7f:df:37:aa:7a:6c:4c:5c:b9:02:0f:9a:8f:50:
                    23:cc:02:42:bf:b3:05:b5:65:a4:4c:5b:a4:df:75:
                    2c:30:6c:2b:03:08:5a:62:7f:1b:61:c8:18:10:e6:
                    00:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:8A:49:2D:BC:A5:1A:11:51:34:A7:78:55:BE:A2:F2:4D:FA:61:18
            X509v3 Authority Key Identifier:
                keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/LIpJLbylGhFRNKd4Vb6i8k36YRg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:c7:86:90:07:89:e2:7d:59:c4:10:ac:f6:ec:af:a3:87:af:
         fa:d5:1d:5f:99:af:5c:8a:e0:7e:ba:ea:8b:f7:6f:6d:28:9c:
         78:7e:67:52:fd:24:17:6b:0d:ad:0a:b9:21:cd:61:94:3a:5e:
         cd:b3:ab:a9:3b:da:f5:20:f5:82:68:1c:75:ff:b4:d1:80:22:
         67:83:02:04:89:51:67:1f:62:b6:a1:bc:32:18:d7:84:a9:93:
         18:b1:58:73:a6:50:b2:2a:ca:e0:13:42:5c:34:26:7a:85:ab:
         32:fd:15:1d:60:f0:73:50:9a:99:ed:23:fb:23:37:ae:a3:b6:
         be:e3:9f:96:c0:51:46:8a:57:46:56:ef:6c:46:1e:58:18:9b:
         da:d6:a4:ab:63:f1:a2:e1:51:35:17:4b:55:ee:48:ee:33:ed:
         be:97:da:54:36:77:10:f1:89:70:09:45:7e:37:a2:f7:a3:32:
         41:47:f6:83:bf:43:7d:92:8c:d2:ca:da:6f:c1:50:c5:49:7d:
         d1:3a:68:3d:68:ff:80:40:9e:0c:8a:7d:00:7a:70:6b:99:d4:
         7b:3c:72:03:d9:c2:cd:00:77:98:a7:b7:a9:ec:cd:2a:20:6f:
         55:64:a2:17:cd:f0:ac:6a:4c:98:23:b5:4c:3a:a9:21:ff:e9:
         5e:c3:05:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIbhdnhwLPQbbj7c1uctRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjUwMTAyMDM0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzhhNDkyZGJjYTUxYTExNTEzNGE3Nzg1NWJlYTJmMjRkZmE2MTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLdked0UM/xDXuag4dHiOsacUU09
4pV0AYCSbXlklK2YHj8Y9Gbln/1Z5lWdPn+fVGZl1JwMnRWtjU48tgMPGObPQ6Gb
/a6jLYW2/O0t+67FGtwGZx+ldsb8BBTjyJo0TU32OXpJBejRFRP6ZknRzu+R9n6F
qivWMNiK5OsyI34EXHFBmMFYE2yRDAOiTmVfkhAFji7dr6px2fKMC58wk2y40Alk
ajJAvnqWPP8PXCBoYhm2qse6wAqSnXqccFvwIfsuAJJmuS70CD7PqlvyLMnof983
qnpsTFy5Ag+aj1AjzAJCv7MFtWWkTFuk33UsMGwrAwhaYn8bYcgYEOYA3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCyKSS28pRoRUTSneFW+ovJN+mEYMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvTElwSkxieWxHaEZSTktkNFZiNmk4azM2WVJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9BtMA0G
CSqGSIb3DQEBCwUAA4IBAQCFx4aQB4nifVnEEKz27K+jh6/61R1fma9ciuB+uuqL
929tKJx4fmdS/SQXaw2tCrkhzWGUOl7Ns6upO9r1IPWCaBx1/7TRgCJngwIEiVFn
H2K2obwyGNeEqZMYsVhzplCyKsrgE0JcNCZ6hasy/RUdYPBzUJqZ7SP7Izeuo7a+
45+WwFFGildGVu9sRh5YGJva1qSrY/Gi4VE1F0tV7kjuM+2+l9pUNncQ8YlwCUV+
N6L3ozJBR/aDv0N9kozSytpvwVDFSX3ROmg9aP+AQJ4Min0AenBrmdR7PHID2cLN
AHeYp7ep7M0qIG9VZKIXzfCsakyYI7VMOqkh/+lewwXX
-----END CERTIFICATE-----