Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/638bc3-e945-400a-af79-0b6f002d1978/1/K09nrG0KqTizFLHUaMNyxM0z2ro.roa
File:                     K09nrG0KqTizFLHUaMNyxM0z2ro.roa (raw, json)
Hash identifier:          cExkaCJNm1PmYW065hiBGP/O4kugBu6fZ2Nczp2MsYg=
Subject key identifier:   2B:4F:67:AC:6D:0A:A9:38:B3:14:B1:D4:68:C3:72:C4:CD:33:DA:BA
Certificate issuer:       /CN=474d474f94694a8104f5e413ab2b9c09559b79f0
Certificate serial:       01942C0AC7793230E842B49E6868677ABB88
Authority key identifier: 47:4D:47:4F:94:69:4A:81:04:F5:E4:13:AB:2B:9C:09:55:9B:79:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R01HT5RpSoEE9eQTqyucCVWbefA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/638bc3-e945-400a-af79-0b6f002d1978/1/K09nrG0KqTizFLHUaMNyxM0z2ro.roa
Signing time:             Fri 03 Jan 2025 12:01:31 +0000
ROA not before:           Fri 03 Jan 2025 12:01:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49556
IP address blocks:        91.234.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/638bc3-e945-400a-af79-0b6f002d1978/1/R01HT5RpSoEE9eQTqyucCVWbefA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/638bc3-e945-400a-af79-0b6f002d1978/1/R01HT5RpSoEE9eQTqyucCVWbefA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R01HT5RpSoEE9eQTqyucCVWbefA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 09:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:2c:0a:c7:79:32:30:e8:42:b4:9e:68:68:67:7a:bb:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=474d474f94694a8104f5e413ab2b9c09559b79f0
        Validity
            Not Before: Jan  3 12:01:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2b4f67ac6d0aa938b314b1d468c372c4cd33daba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:e6:23:0f:ea:8e:e2:e2:03:34:d7:fa:51:bb:
                    ba:55:4a:e5:12:d8:36:0c:85:f5:08:0b:94:8b:71:
                    f3:07:6c:17:0c:f8:68:03:13:17:10:6c:42:88:79:
                    0d:24:d2:02:eb:fc:f7:f1:09:8a:30:23:37:fa:44:
                    83:ba:87:91:92:f3:28:09:12:83:8a:89:19:e0:48:
                    05:41:c0:a5:ce:77:c5:14:eb:48:47:37:dc:6c:0a:
                    06:c3:ea:c8:0c:16:8d:f4:f9:26:80:d8:cf:d9:8b:
                    26:9f:e3:03:d0:64:75:4e:39:7d:33:c1:09:a5:b0:
                    77:b9:20:2f:d5:9c:f3:0d:49:7a:ec:14:38:27:52:
                    0e:c7:cf:38:2d:b8:87:f2:e9:44:d4:87:e9:36:4d:
                    79:4b:91:bc:cc:79:06:1b:a5:6b:43:cc:a6:95:82:
                    32:69:ce:93:45:70:c1:5d:94:87:1d:a4:38:0c:84:
                    56:64:80:f5:1b:89:b4:08:0d:00:a5:81:50:48:7b:
                    8e:86:08:80:2e:32:cc:9d:52:b6:69:9b:68:52:9c:
                    f9:20:1b:f7:65:78:24:7d:24:fb:9f:7b:97:ec:36:
                    06:fc:b2:18:5d:20:bd:a1:6b:9e:91:d6:3e:6f:66:
                    cc:6d:88:ba:a0:a0:2b:3f:a3:8c:01:d2:d2:74:4e:
                    77:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:4F:67:AC:6D:0A:A9:38:B3:14:B1:D4:68:C3:72:C4:CD:33:DA:BA
            X509v3 Authority Key Identifier:
                keyid:47:4D:47:4F:94:69:4A:81:04:F5:E4:13:AB:2B:9C:09:55:9B:79:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R01HT5RpSoEE9eQTqyucCVWbefA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/638bc3-e945-400a-af79-0b6f002d1978/1/K09nrG0KqTizFLHUaMNyxM0z2ro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/638bc3-e945-400a-af79-0b6f002d1978/1/R01HT5RpSoEE9eQTqyucCVWbefA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:27:3e:68:ff:9f:de:1c:c1:d6:6f:01:bb:5d:eb:bc:ea:ea:
         39:3b:6a:fb:f6:90:37:2d:77:6e:b0:d0:da:cb:f5:96:b9:38:
         ba:ef:de:c2:f2:f7:2d:56:85:e5:2a:8c:f9:93:ef:57:95:89:
         20:c3:2b:a8:93:a1:32:2c:49:df:d1:41:e3:2f:1c:b5:fe:59:
         b0:e4:29:20:95:1a:66:bd:09:aa:6b:7f:94:12:0d:65:8a:d3:
         07:8e:e1:1a:6c:22:a7:d7:04:9c:59:d8:04:33:2f:39:ec:1d:
         c2:2a:33:37:6b:ee:9b:28:07:8f:38:db:f8:41:b0:23:bd:3b:
         01:d3:16:3a:b2:4e:c8:af:b7:40:2c:ee:8c:af:27:6d:5a:39:
         ed:c6:8e:72:74:90:87:44:9e:6a:ce:4e:fb:f5:61:b7:9c:53:
         48:46:6c:dc:01:7d:12:64:17:9c:98:0f:b0:b6:50:9e:1b:54:
         00:13:03:9c:7e:f6:91:0e:9a:ce:d3:58:7e:eb:4e:60:a9:d1:
         9c:bf:cc:45:33:05:e6:c7:d7:e3:83:37:5d:ee:dc:05:85:a2:
         d0:02:72:7b:79:c5:b0:2e:7d:87:34:46:7e:18:05:dc:81:40:
         fb:13:c5:89:4f:fa:45:d2:3c:5d:bb:41:52:99:5a:6d:4d:b7:
         c1:ec:4e:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQsCsd5MjDoQrSeaGhneruIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3NGQ0NzRmOTQ2OTRhODEwNGY1ZTQxM2FiMmI5YzA5NTU5
Yjc5ZjAwHhcNMjUwMTAzMTIwMTMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjRmNjdhYzZkMGFhOTM4YjMxNGIxZDQ2OGMzNzJjNGNkMzNkYWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0uYjD+qO4uIDNNf6Ubu6VUrlEtg2
DIX1CAuUi3HzB2wXDPhoAxMXEGxCiHkNJNIC6/z38QmKMCM3+kSDuoeRkvMoCRKD
iokZ4EgFQcClznfFFOtIRzfcbAoGw+rIDBaN9PkmgNjP2Ysmn+MD0GR1Tjl9M8EJ
pbB3uSAv1ZzzDUl67BQ4J1IOx884LbiH8ulE1IfpNk15S5G8zHkGG6VrQ8ymlYIy
ac6TRXDBXZSHHaQ4DIRWZID1G4m0CA0ApYFQSHuOhgiALjLMnVK2aZtoUpz5IBv3
ZXgkfST7n3uX7DYG/LIYXSC9oWuekdY+b2bMbYi6oKArP6OMAdLSdE53/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCtPZ6xtCqk4sxSx1GjDcsTNM9q6MB8GA1UdIwQY
MBaAFEdNR0+UaUqBBPXkE6srnAlVm3nwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjAxSFQ1UnBTb0VFOWVRVHF5dWNDVldiZWZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny82MzhiYzMtZTk0NS00MDBhLWFmNzkt
MGI2ZjAwMmQxOTc4LzEvSzA5bnJHMEtxVGl6RkxIVWFNTnl4TTB6MnJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny82MzhiYzMtZTk0NS00MDBhLWFmNzktMGI2ZjAwMmQxOTc4
LzEvUjAxSFQ1UnBTb0VFOWVRVHF5dWNDVldiZWZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+omMA0G
CSqGSIb3DQEBCwUAA4IBAQBIJz5o/5/eHMHWbwG7Xeu86uo5O2r79pA3LXdusNDa
y/WWuTi6797C8vctVoXlKoz5k+9XlYkgwyuok6EyLEnf0UHjLxy1/lmw5CkglRpm
vQmqa3+UEg1litMHjuEabCKn1wScWdgEMy857B3CKjM3a+6bKAePONv4QbAjvTsB
0xY6sk7Ir7dALO6MrydtWjntxo5ydJCHRJ5qzk779WG3nFNIRmzcAX0SZBecmA+w
tlCeG1QAEwOcfvaRDprO01h+605gqdGcv8xFMwXmx9fjgzdd7twFhaLQAnJ7ecWw
Ln2HNEZ+GAXcgUD7E8WJT/pF0jxdu0FSmVptTbfB7E4H
-----END CERTIFICATE-----