Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/60de46-5974-4c45-be36-8dcdb998fd5a/1/ohWjIsmRuz8h-nFGpKlb4u_Mju4.roa
File:                     ohWjIsmRuz8h-nFGpKlb4u_Mju4.roa (raw, json)
Hash identifier:          uKR3zcUhmSN9koeXtLVMyWmdnvpwlGsXHnogoj2S4A8=
Subject key identifier:   A2:15:A3:22:C9:91:BB:3F:21:FA:71:46:A4:A9:5B:E2:EF:CC:8E:EE
Certificate issuer:       /CN=3722b2f090a967e0bcacd19f39ad2a887263b524
Certificate serial:       0192B86236DF1B85105730331721B97E63C9
Authority key identifier: 37:22:B2:F0:90:A9:67:E0:BC:AC:D1:9F:39:AD:2A:88:72:63:B5:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NyKy8JCpZ-C8rNGfOa0qiHJjtSQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/60de46-5974-4c45-be36-8dcdb998fd5a/1/ohWjIsmRuz8h-nFGpKlb4u_Mju4.roa
Signing time:             Wed 23 Oct 2024 07:58:17 +0000
ROA not before:           Wed 23 Oct 2024 07:58:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49139
IP address blocks:        91.212.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/60de46-5974-4c45-be36-8dcdb998fd5a/1/NyKy8JCpZ-C8rNGfOa0qiHJjtSQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/60de46-5974-4c45-be36-8dcdb998fd5a/1/NyKy8JCpZ-C8rNGfOa0qiHJjtSQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NyKy8JCpZ-C8rNGfOa0qiHJjtSQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b8:62:36:df:1b:85:10:57:30:33:17:21:b9:7e:63:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3722b2f090a967e0bcacd19f39ad2a887263b524
        Validity
            Not Before: Oct 23 07:58:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a215a322c991bb3f21fa7146a4a95be2efcc8eee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:66:b4:48:1f:36:c8:58:74:f4:d0:0e:63:5b:
                    79:10:72:69:19:47:06:9b:f2:f0:bd:2d:83:96:4a:
                    9e:f2:6d:46:94:63:8b:f5:cd:7a:93:7f:86:87:61:
                    19:f5:ab:bf:96:23:5c:73:45:3c:57:fd:2f:de:1a:
                    cb:56:2d:a4:da:4f:e4:bf:dd:fd:54:f5:27:a0:26:
                    57:7b:07:9d:63:d6:59:ad:2d:1d:8e:60:1c:70:b8:
                    34:e8:ba:05:58:53:a0:40:03:2d:ab:ae:d2:a4:a8:
                    21:3c:de:85:b9:1c:8d:93:2f:d5:e8:76:49:f3:c1:
                    0a:99:de:e1:c1:7a:f0:c0:b1:c3:ab:90:54:b4:c7:
                    45:36:81:9d:32:f5:d9:ea:31:f0:28:6d:3c:47:e5:
                    0e:eb:44:6b:ec:8d:e1:37:52:dd:4c:cb:a0:fc:3c:
                    89:88:19:56:14:a6:cc:35:52:c3:0b:39:28:9a:ba:
                    44:54:f2:27:96:f2:3f:9e:54:4c:69:e2:81:a9:fb:
                    e3:4b:b2:d3:9e:5c:c6:9f:bd:f7:d1:c1:36:e8:7e:
                    86:ae:9e:cf:a9:d6:6d:5e:86:33:10:d8:46:0c:05:
                    de:3f:97:4b:63:77:eb:89:61:92:9a:9a:dd:70:d6:
                    2a:dc:94:e6:b5:05:c7:88:78:57:d6:6f:6c:27:9f:
                    d3:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:15:A3:22:C9:91:BB:3F:21:FA:71:46:A4:A9:5B:E2:EF:CC:8E:EE
            X509v3 Authority Key Identifier:
                keyid:37:22:B2:F0:90:A9:67:E0:BC:AC:D1:9F:39:AD:2A:88:72:63:B5:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NyKy8JCpZ-C8rNGfOa0qiHJjtSQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/60de46-5974-4c45-be36-8dcdb998fd5a/1/ohWjIsmRuz8h-nFGpKlb4u_Mju4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/60de46-5974-4c45-be36-8dcdb998fd5a/1/NyKy8JCpZ-C8rNGfOa0qiHJjtSQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:60:89:84:6c:4b:d7:a3:c3:f9:c1:5a:88:f5:03:6f:0c:4a:
         e7:ab:db:bb:e3:a1:e4:86:10:89:6b:3b:6d:46:d1:02:50:c8:
         c0:50:ba:80:6f:33:59:66:5a:5d:d8:b4:8d:e3:e3:bc:47:a0:
         ef:59:2d:06:b1:d3:50:38:39:ef:5a:cc:0a:7a:fa:49:dc:71:
         6e:d2:69:a3:8e:7f:66:4e:42:5a:4f:06:67:96:d4:c3:c2:75:
         85:71:2b:3d:1f:4d:98:37:05:d2:1f:a2:de:b1:92:ec:16:cf:
         8f:0c:b2:f8:c8:ef:f6:ba:bf:43:48:f0:be:7a:bc:ea:d3:8e:
         6c:86:78:ca:17:fa:11:5a:e8:8c:50:cc:be:09:5c:fb:a1:d0:
         90:31:cf:d6:d3:9e:0d:48:5d:2a:f2:bf:2e:ac:a1:25:26:b7:
         5b:e1:81:b3:4b:54:bb:93:28:e9:08:f7:8a:36:34:18:22:fc:
         d3:b4:93:b4:58:c7:33:83:24:05:b5:8d:97:46:0e:30:e3:f5:
         c7:8e:36:9f:e8:c0:15:6e:68:71:e2:16:38:a1:13:53:e7:47:
         27:21:4d:00:8a:c2:eb:2d:f6:f8:0c:13:18:20:50:6e:2b:ad:
         48:63:75:6d:a5:6e:7c:27:d5:7a:ab:95:91:b5:68:61:10:ac:
         38:14:1d:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZK4YjbfG4UQVzAzFyG5fmPJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MjJiMmYwOTBhOTY3ZTBiY2FjZDE5ZjM5YWQyYTg4NzI2
M2I1MjQwHhcNMjQxMDIzMDc1ODE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjE1YTMyMmM5OTFiYjNmMjFmYTcxNDZhNGE5NWJlMmVmY2M4ZWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjWa0SB82yFh09NAOY1t5EHJpGUcG
m/LwvS2Dlkqe8m1GlGOL9c16k3+Gh2EZ9au/liNcc0U8V/0v3hrLVi2k2k/kv939
VPUnoCZXewedY9ZZrS0djmAccLg06LoFWFOgQAMtq67SpKghPN6FuRyNky/V6HZJ
88EKmd7hwXrwwLHDq5BUtMdFNoGdMvXZ6jHwKG08R+UO60Rr7I3hN1LdTMug/DyJ
iBlWFKbMNVLDCzkomrpEVPInlvI/nlRMaeKBqfvjS7LTnlzGn7330cE26H6Grp7P
qdZtXoYzENhGDAXeP5dLY3friWGSmprdcNYq3JTmtQXHiHhX1m9sJ5/TiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKIVoyLJkbs/IfpxRqSpW+LvzI7uMB8GA1UdIwQY
MBaAFDcisvCQqWfgvKzRnzmtKohyY7UkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnlLeThKQ3BaLUM4ck5HZk9hMHFpSEpqdFNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82MGRlNDYtNTk3NC00YzQ1LWJlMzYt
OGRjZGI5OThmZDVhLzEvb2hXaklzbVJ1ejhoLW5GR3BLbGI0dV9NanU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82MGRlNDYtNTk3NC00YzQ1LWJlMzYtOGRjZGI5OThmZDVh
LzEvTnlLeThKQ3BaLUM4ck5HZk9hMHFpSEpqdFNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9SaMA0G
CSqGSIb3DQEBCwUAA4IBAQAzYImEbEvXo8P5wVqI9QNvDErnq9u746HkhhCJaztt
RtECUMjAULqAbzNZZlpd2LSN4+O8R6DvWS0GsdNQODnvWswKevpJ3HFu0mmjjn9m
TkJaTwZnltTDwnWFcSs9H02YNwXSH6LesZLsFs+PDLL4yO/2ur9DSPC+erzq045s
hnjKF/oRWuiMUMy+CVz7odCQMc/W054NSF0q8r8urKElJrdb4YGzS1S7kyjpCPeK
NjQYIvzTtJO0WMczgyQFtY2XRg4w4/XHjjaf6MAVbmhx4hY4oRNT50cnIU0AisLr
Lfb4DBMYIFBuK61IY3VtpW58J9V6q5WRtWhhEKw4FB33
-----END CERTIFICATE-----