Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/848fd6-eb80-4e1e-8378-3e46ce35d4e7/1/kZ06kIsAJai0c1J_xh0xwSZlYdk.roa
File:                     kZ06kIsAJai0c1J_xh0xwSZlYdk.roa (raw, json)
Hash identifier:          OwnM9Qo4M7A+tqX0HJsesXYJdmxLYDZvDE4eNyQGkm8=
Subject key identifier:   91:9D:3A:90:8B:00:25:A8:B4:73:52:7F:C6:1D:31:C1:26:65:61:D9
Certificate issuer:       /CN=0d0dbf9eb836085c19d93f5254221c33948e85e3
Certificate serial:       018CC72595631DBA5908C33BF9ED63FB854E
Authority key identifier: 0D:0D:BF:9E:B8:36:08:5C:19:D9:3F:52:54:22:1C:33:94:8E:85:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQ2_nrg2CFwZ2T9SVCIcM5SOheM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/848fd6-eb80-4e1e-8378-3e46ce35d4e7/1/kZ06kIsAJai0c1J_xh0xwSZlYdk.roa
Signing time:             Mon 01 Jan 2024 22:29:38 +0000
ROA not before:           Mon 01 Jan 2024 22:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51817
IP address blocks:        91.220.100.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/848fd6-eb80-4e1e-8378-3e46ce35d4e7/1/DQ2_nrg2CFwZ2T9SVCIcM5SOheM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/848fd6-eb80-4e1e-8378-3e46ce35d4e7/1/DQ2_nrg2CFwZ2T9SVCIcM5SOheM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQ2_nrg2CFwZ2T9SVCIcM5SOheM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:95:63:1d:ba:59:08:c3:3b:f9:ed:63:fb:85:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d0dbf9eb836085c19d93f5254221c33948e85e3
        Validity
            Not Before: Jan  1 22:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=919d3a908b0025a8b473527fc61d31c1266561d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:28:30:f4:e5:d1:fb:ae:54:66:a9:01:39:7e:
                    88:d7:93:e7:cd:13:42:b0:9f:4e:a6:8e:dc:8e:de:
                    1a:5b:89:23:a8:06:e2:77:d1:47:77:ac:b5:31:54:
                    36:6a:46:46:33:66:c6:2f:a1:fc:dc:d2:20:6f:f1:
                    21:0f:67:aa:15:ce:d9:ec:3f:a7:62:dd:6a:59:a4:
                    33:7d:fc:44:25:37:05:ea:97:ac:87:05:71:e8:4e:
                    9d:2b:31:a8:37:3b:ae:91:03:a2:00:93:58:e9:36:
                    b5:04:96:28:a7:93:e5:28:c0:1a:a4:fb:84:80:d5:
                    21:2d:e5:38:9c:f1:5f:a0:87:4f:04:30:3a:7c:fe:
                    60:cb:7f:20:ae:22:01:bf:8e:2d:53:02:04:76:29:
                    e7:77:4b:de:a4:2c:ab:99:35:a2:ca:ad:5e:75:c7:
                    71:6e:be:2c:ab:d9:13:2e:0e:d8:12:2a:ad:fd:62:
                    15:35:1e:79:22:a9:e9:39:0a:f7:09:65:50:ec:40:
                    79:6a:aa:3f:3a:9e:44:82:29:c4:b5:e1:c3:45:ea:
                    74:f8:e9:f7:fd:15:48:6d:33:2e:bc:ac:5a:bf:37:
                    3d:4b:36:55:88:7d:a3:f0:33:10:ef:8e:d7:05:28:
                    d0:ed:cb:a3:e7:1b:39:31:0d:99:e0:ea:14:b7:78:
                    cc:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:9D:3A:90:8B:00:25:A8:B4:73:52:7F:C6:1D:31:C1:26:65:61:D9
            X509v3 Authority Key Identifier:
                keyid:0D:0D:BF:9E:B8:36:08:5C:19:D9:3F:52:54:22:1C:33:94:8E:85:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQ2_nrg2CFwZ2T9SVCIcM5SOheM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/848fd6-eb80-4e1e-8378-3e46ce35d4e7/1/kZ06kIsAJai0c1J_xh0xwSZlYdk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/848fd6-eb80-4e1e-8378-3e46ce35d4e7/1/DQ2_nrg2CFwZ2T9SVCIcM5SOheM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:97:2c:3f:ef:e2:18:cc:94:28:cb:b4:f0:50:6b:80:ec:70:
         a0:cc:d5:74:3c:19:5b:88:14:65:4a:cb:35:ff:1c:e3:63:13:
         bd:8e:a7:34:48:22:99:db:99:0c:98:4a:1e:80:aa:96:ca:18:
         81:34:0d:e2:6a:de:dc:21:3c:0b:77:a7:47:81:9b:5d:41:25:
         86:2d:88:52:15:00:63:f0:4e:8c:8b:21:48:ba:ed:d3:31:9c:
         67:1d:bc:d2:7c:71:7e:aa:8a:38:b1:e9:69:dd:11:79:b0:79:
         d8:c3:08:d3:d1:42:2e:36:51:2f:6d:2f:39:e0:94:88:14:ea:
         84:4b:3e:9e:ce:41:83:da:a3:d3:8c:d4:c1:d3:f8:ad:f9:2d:
         18:c9:e2:b5:c3:ac:2f:58:91:71:60:e2:76:e0:b8:b9:25:6e:
         92:64:05:ad:50:4d:3b:ff:af:c5:4d:88:07:17:55:d9:6c:01:
         3c:cd:ae:c6:3b:14:d9:d1:bf:df:8f:a8:ed:2b:42:82:d9:56:
         a6:08:bc:fc:9e:3b:b3:80:db:a5:42:69:17:72:e4:7e:f1:c8:
         dd:7a:95:d8:15:94:b5:66:f8:92:e9:0f:23:a6:36:2c:e3:6d:
         7a:b2:92:09:42:47:8b:96:28:9a:2e:42:70:48:5e:be:b0:22:
         ef:48:27:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJZVjHbpZCMM7+e1j+4VOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMGRiZjllYjgzNjA4NWMxOWQ5M2Y1MjU0MjIxYzMzOTQ4
ZTg1ZTMwHhcNMjQwMTAxMjIyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTlkM2E5MDhiMDAyNWE4YjQ3MzUyN2ZjNjFkMzFjMTI2NjU2MWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlygw9OXR+65UZqkBOX6I15PnzRNC
sJ9Opo7cjt4aW4kjqAbid9FHd6y1MVQ2akZGM2bGL6H83NIgb/EhD2eqFc7Z7D+n
Yt1qWaQzffxEJTcF6peshwVx6E6dKzGoNzuukQOiAJNY6Ta1BJYop5PlKMAapPuE
gNUhLeU4nPFfoIdPBDA6fP5gy38griIBv44tUwIEdinnd0vepCyrmTWiyq1edcdx
br4sq9kTLg7YEiqt/WIVNR55IqnpOQr3CWVQ7EB5aqo/Op5EginEteHDRep0+On3
/RVIbTMuvKxavzc9SzZViH2j8DMQ747XBSjQ7cuj5xs5MQ2Z4OoUt3jMIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJGdOpCLACWotHNSf8YdMcEmZWHZMB8GA1UdIwQY
MBaAFA0Nv564NghcGdk/UlQiHDOUjoXjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFEyX25yZzJDRndaMlQ5U1ZDSWNNNVNPaGVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS84NDhmZDYtZWI4MC00ZTFlLTgzNzgt
M2U0NmNlMzVkNGU3LzEva1owNmtJc0FKYWkwYzFKX3hoMHh3U1psWWRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS84NDhmZDYtZWI4MC00ZTFlLTgzNzgtM2U0NmNlMzVkNGU3
LzEvRFEyX25yZzJDRndaMlQ5U1ZDSWNNNVNPaGVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9xkMA0G
CSqGSIb3DQEBCwUAA4IBAQBhlyw/7+IYzJQoy7TwUGuA7HCgzNV0PBlbiBRlSss1
/xzjYxO9jqc0SCKZ25kMmEoegKqWyhiBNA3iat7cITwLd6dHgZtdQSWGLYhSFQBj
8E6MiyFIuu3TMZxnHbzSfHF+qoo4selp3RF5sHnYwwjT0UIuNlEvbS854JSIFOqE
Sz6ezkGD2qPTjNTB0/it+S0YyeK1w6wvWJFxYOJ24Li5JW6SZAWtUE07/6/FTYgH
F1XZbAE8za7GOxTZ0b/fj6jtK0KC2VamCLz8njuzgNulQmkXcuR+8cjdepXYFZS1
ZviS6Q8jpjYs4216spIJQkeLliiaLkJwSF6+sCLvSCeL
-----END CERTIFICATE-----