Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/ca8d98-e7a4-4bdc-8c90-b29606d51f9d/1/WTmdMFPzU41Yj6CYfdDHa3cKmOo.roa
File:                     WTmdMFPzU41Yj6CYfdDHa3cKmOo.roa (raw, json)
Hash identifier:          ZRrWNdq+lRZfywzlRdTcVIMqLndtMkQtQ6MhxjI8HvM=
Subject key identifier:   59:39:9D:30:53:F3:53:8D:58:8F:A0:98:7D:D0:C7:6B:77:0A:98:EA
Certificate issuer:       /CN=9e2d7d5b82c8378ba2153943ce9482ce4cd4951b
Certificate serial:       019420686977870B0DF31F60363C4093A943
Authority key identifier: 9E:2D:7D:5B:82:C8:37:8B:A2:15:39:43:CE:94:82:CE:4C:D4:95:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ni19W4LIN4uiFTlDzpSCzkzUlRs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/ca8d98-e7a4-4bdc-8c90-b29606d51f9d/1/WTmdMFPzU41Yj6CYfdDHa3cKmOo.roa
Signing time:             Wed 01 Jan 2025 05:48:21 +0000
ROA not before:           Wed 01 Jan 2025 05:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213149
IP address blocks:        91.205.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/ca8d98-e7a4-4bdc-8c90-b29606d51f9d/1/ni19W4LIN4uiFTlDzpSCzkzUlRs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/ca8d98-e7a4-4bdc-8c90-b29606d51f9d/1/ni19W4LIN4uiFTlDzpSCzkzUlRs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ni19W4LIN4uiFTlDzpSCzkzUlRs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 09:37:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:69:77:87:0b:0d:f3:1f:60:36:3c:40:93:a9:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e2d7d5b82c8378ba2153943ce9482ce4cd4951b
        Validity
            Not Before: Jan  1 05:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=59399d3053f3538d588fa0987dd0c76b770a98ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:1e:06:31:f2:a9:ad:e2:70:d5:51:6d:09:f2:
                    e0:22:a3:77:23:52:fb:b6:5e:ea:fb:64:98:76:87:
                    f7:38:fc:20:30:4b:f0:0b:42:4e:9c:ef:85:a6:97:
                    5b:86:f8:80:1e:1e:bd:dd:32:d8:11:95:45:22:9c:
                    09:f3:9f:67:0b:dd:01:b8:c1:29:c2:00:8e:ec:3d:
                    fb:a6:06:86:8a:e0:ed:4c:0c:e7:ed:c5:f3:dc:96:
                    22:f7:56:0b:16:c0:e3:2f:3f:f8:e6:9a:e3:12:c5:
                    6d:b3:29:84:d9:a0:c6:e3:42:0c:79:bb:c1:a3:09:
                    0a:cc:69:ae:82:a7:a8:79:ca:35:07:a0:40:ff:9b:
                    39:0f:46:43:55:7f:e9:66:b5:da:d2:9d:d2:a3:dd:
                    d2:4f:a1:d8:4d:68:58:f0:e1:37:e9:50:4e:df:e6:
                    15:7c:cb:0e:30:4f:e4:52:b0:e9:46:be:68:de:bc:
                    28:ff:aa:41:ca:0b:6e:43:8b:33:06:78:e1:16:ac:
                    8f:cc:f9:67:4b:fa:0c:11:3c:cf:5e:87:db:f8:8f:
                    c2:35:d9:36:9e:a0:63:b9:1b:da:12:32:25:6e:c3:
                    51:23:ae:9b:c1:22:1b:10:77:f9:2d:27:a7:f2:36:
                    fc:7f:de:66:fe:fa:34:73:40:d8:ae:05:ca:75:8f:
                    d7:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:39:9D:30:53:F3:53:8D:58:8F:A0:98:7D:D0:C7:6B:77:0A:98:EA
            X509v3 Authority Key Identifier:
                keyid:9E:2D:7D:5B:82:C8:37:8B:A2:15:39:43:CE:94:82:CE:4C:D4:95:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ni19W4LIN4uiFTlDzpSCzkzUlRs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/ca8d98-e7a4-4bdc-8c90-b29606d51f9d/1/WTmdMFPzU41Yj6CYfdDHa3cKmOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/ca8d98-e7a4-4bdc-8c90-b29606d51f9d/1/ni19W4LIN4uiFTlDzpSCzkzUlRs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.205.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:51:a3:46:c3:e5:bc:5d:01:c5:25:1d:a7:ea:ba:13:c1:a3:
         3a:f6:d2:e6:8d:b7:7c:c3:8a:b1:40:9b:a1:b3:cc:0d:a2:98:
         96:38:f4:78:74:22:e3:32:ca:d9:bd:3d:dc:62:64:8b:2e:b2:
         a4:f6:bc:2b:b9:4a:df:f2:2c:b4:ca:d1:9f:6f:4d:cf:87:7c:
         a7:1b:41:f8:64:dd:bc:8f:e5:37:c9:dd:56:91:8a:be:02:ce:
         4c:f1:42:10:28:3a:0a:cb:83:1d:a3:34:43:ac:1f:42:01:69:
         f4:db:18:8f:44:21:a9:26:13:7b:52:92:f1:69:24:c4:dc:65:
         94:bc:ee:ef:fa:80:19:6e:ca:ab:aa:df:f4:07:4f:ce:33:fc:
         61:96:c7:8b:56:e1:91:b8:d6:ac:e8:f1:02:a9:c6:92:3a:3d:
         65:0e:61:4f:47:a0:1d:ac:86:c2:e8:98:14:e3:85:19:b5:e9:
         54:69:29:e3:61:7a:52:fd:e7:5a:5d:7a:6e:09:af:51:34:d8:
         e9:1f:da:66:93:b3:c5:91:c5:58:4d:b9:9e:a0:4b:ed:fd:a1:
         a7:75:2c:f8:ce:4e:15:ad:6e:77:48:c5:08:67:a7:5e:cd:89:
         2f:0a:9d:66:34:10:35:97:78:ae:7b:c8:17:c2:0e:94:e9:ed:
         08:20:2c:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaGl3hwsN8x9gNjxAk6lDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllMmQ3ZDViODJjODM3OGJhMjE1Mzk0M2NlOTQ4MmNlNGNk
NDk1MWIwHhcNMjUwMTAxMDU0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTM5OWQzMDUzZjM1MzhkNTg4ZmEwOTg3ZGQwYzc2Yjc3MGE5OGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh4GMfKpreJw1VFtCfLgIqN3I1L7
tl7q+2SYdof3OPwgMEvwC0JOnO+FppdbhviAHh693TLYEZVFIpwJ859nC90BuMEp
wgCO7D37pgaGiuDtTAzn7cXz3JYi91YLFsDjLz/45prjEsVtsymE2aDG40IMebvB
owkKzGmugqeoeco1B6BA/5s5D0ZDVX/pZrXa0p3So93ST6HYTWhY8OE36VBO3+YV
fMsOME/kUrDpRr5o3rwo/6pBygtuQ4szBnjhFqyPzPlnS/oMETzPXofb+I/CNdk2
nqBjuRvaEjIlbsNRI66bwSIbEHf5LSen8jb8f95m/vo0c0DYrgXKdY/XdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFk5nTBT81ONWI+gmH3Qx2t3CpjqMB8GA1UdIwQY
MBaAFJ4tfVuCyDeLohU5Q86Ugs5M1JUbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmkxOVc0TElONHVpRlRsRHpwU0N6a3pVbFJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9jYThkOTgtZTdhNC00YmRjLThjOTAt
YjI5NjA2ZDUxZjlkLzEvV1RtZE1GUHpVNDFZajZDWWZkREhhM2NLbU9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9jYThkOTgtZTdhNC00YmRjLThjOTAtYjI5NjA2ZDUxZjlk
LzEvbmkxOVc0TElONHVpRlRsRHpwU0N6a3pVbFJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW83lMA0G
CSqGSIb3DQEBCwUAA4IBAQBzUaNGw+W8XQHFJR2n6roTwaM69tLmjbd8w4qxQJuh
s8wNopiWOPR4dCLjMsrZvT3cYmSLLrKk9rwruUrf8iy0ytGfb03Ph3ynG0H4ZN28
j+U3yd1WkYq+As5M8UIQKDoKy4MdozRDrB9CAWn02xiPRCGpJhN7UpLxaSTE3GWU
vO7v+oAZbsqrqt/0B0/OM/xhlseLVuGRuNas6PECqcaSOj1lDmFPR6AdrIbC6JgU
44UZtelUaSnjYXpS/edaXXpuCa9RNNjpH9pmk7PFkcVYTbmeoEvt/aGndSz4zk4V
rW53SMUIZ6dezYkvCp1mNBA1l3iue8gXwg6U6e0IICxY
-----END CERTIFICATE-----