Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/feaa1b-b7c1-4b48-9594-baf24dd5839f/1/cgU91-2jCbIMrlLDU1VfLxH8ca8.roa
File:                     cgU91-2jCbIMrlLDU1VfLxH8ca8.roa (raw, json)
Hash identifier:          6RG1Jo5P4z2OasBr3H8U+Qi2XKdtT3dF0gTq9ZeeTws=
Subject key identifier:   72:05:3D:D7:ED:A3:09:B2:0C:AE:52:C3:53:55:5F:2F:11:FC:71:AF
Certificate issuer:       /CN=331ed3d7ba511ca6002d845b3c0aa8111a3559cf
Certificate serial:       018CC56E839229599B01EFFF145B8004DE99
Authority key identifier: 33:1E:D3:D7:BA:51:1C:A6:00:2D:84:5B:3C:0A:A8:11:1A:35:59:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mx7T17pRHKYALYRbPAqoERo1Wc8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/feaa1b-b7c1-4b48-9594-baf24dd5839f/1/cgU91-2jCbIMrlLDU1VfLxH8ca8.roa
Signing time:             Mon 01 Jan 2024 14:30:03 +0000
ROA not before:           Mon 01 Jan 2024 14:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209242
IP address blocks:        91.195.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/feaa1b-b7c1-4b48-9594-baf24dd5839f/1/Mx7T17pRHKYALYRbPAqoERo1Wc8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/feaa1b-b7c1-4b48-9594-baf24dd5839f/1/Mx7T17pRHKYALYRbPAqoERo1Wc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mx7T17pRHKYALYRbPAqoERo1Wc8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 08:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:83:92:29:59:9b:01:ef:ff:14:5b:80:04:de:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=331ed3d7ba511ca6002d845b3c0aa8111a3559cf
        Validity
            Not Before: Jan  1 14:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72053dd7eda309b20cae52c353555f2f11fc71af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:5d:81:92:d6:c5:12:3e:15:e3:7c:23:19:aa:
                    5f:e6:ed:56:69:2b:2a:c6:7e:3d:94:9a:08:3b:86:
                    8b:7c:20:9e:02:d0:d9:93:84:10:fe:5c:d5:3d:2e:
                    84:86:01:fc:76:e2:eb:4f:1e:11:4d:03:d3:9d:0f:
                    79:be:e9:d7:2b:a5:c1:1a:32:35:fb:05:ff:14:c0:
                    6c:ae:e2:73:d9:cf:bb:f6:ec:15:74:9e:2f:fa:ae:
                    24:13:c8:64:55:59:59:3f:09:4e:2f:b1:92:4d:83:
                    3d:7b:c7:f6:03:25:8c:66:bd:59:df:3b:5a:a4:69:
                    09:0a:fb:90:8c:9b:59:36:53:f6:bb:49:72:b6:f4:
                    73:ad:10:ec:51:b0:ca:af:b3:62:37:1a:12:70:e5:
                    0a:f0:6d:91:7b:5c:39:bf:fa:1a:01:1d:61:be:0c:
                    f8:c5:e5:cd:a0:99:29:ac:a0:d5:2b:e2:e4:31:4a:
                    8a:3c:35:a8:e6:05:c8:2b:cb:82:55:76:8c:4a:85:
                    4b:2f:4f:c2:45:84:6c:4f:e1:62:9f:cb:65:3b:ac:
                    46:66:00:36:66:24:b5:2e:7e:b5:b8:f4:2d:eb:40:
                    43:c4:a0:49:41:ae:26:13:9c:7f:98:0c:bb:be:ea:
                    6b:65:b9:71:f5:bf:26:de:e3:36:80:17:8d:72:13:
                    21:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:05:3D:D7:ED:A3:09:B2:0C:AE:52:C3:53:55:5F:2F:11:FC:71:AF
            X509v3 Authority Key Identifier:
                keyid:33:1E:D3:D7:BA:51:1C:A6:00:2D:84:5B:3C:0A:A8:11:1A:35:59:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mx7T17pRHKYALYRbPAqoERo1Wc8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/feaa1b-b7c1-4b48-9594-baf24dd5839f/1/cgU91-2jCbIMrlLDU1VfLxH8ca8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/feaa1b-b7c1-4b48-9594-baf24dd5839f/1/Mx7T17pRHKYALYRbPAqoERo1Wc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.195.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:6e:96:b9:31:77:21:b9:6e:26:cb:b1:48:65:51:f8:1d:f7:
         dc:97:d5:80:81:42:94:bb:1e:1a:43:01:b5:bd:33:de:0b:87:
         e1:c7:cf:08:c0:44:b5:ca:77:9f:c3:42:01:cc:2c:d8:35:81:
         11:0e:71:81:88:b3:98:6e:04:80:b0:79:60:b1:e8:8d:27:a1:
         0b:c0:c9:5e:8e:c9:5a:eb:d5:d9:e9:e0:15:43:09:1c:c5:4b:
         8d:07:2a:9a:2f:47:ec:bf:e5:ff:9f:ae:3a:77:1b:a7:96:b5:
         8f:ef:16:39:1c:33:fd:c3:d8:2c:b7:21:40:db:fe:1b:9e:7e:
         3c:72:9f:c4:c3:1c:3c:8c:57:17:82:af:40:42:ed:50:49:d7:
         22:87:aa:80:65:08:2a:2f:d3:49:75:7a:f9:c5:88:d3:d3:49:
         d2:7c:00:bf:f1:c3:20:21:b8:b0:59:78:f7:88:75:23:9c:00:
         81:a7:0e:74:30:ae:ab:74:4a:34:c6:81:fe:b9:f3:84:85:1a:
         79:f1:66:8e:c0:68:92:64:52:af:44:67:9c:b3:7f:99:1c:e8:
         56:e6:23:ff:d0:18:ed:3a:7e:2d:eb:65:92:bd:c1:6e:01:4e:
         9e:16:2e:56:3c:50:ca:c1:b3:8b:23:05:59:0f:45:b3:5c:72:
         28:32:18:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFboOSKVmbAe//FFuABN6ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMWVkM2Q3YmE1MTFjYTYwMDJkODQ1YjNjMGFhODExMWEz
NTU5Y2YwHhcNMjQwMTAxMTQzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjA1M2RkN2VkYTMwOWIyMGNhZTUyYzM1MzU1NWYyZjExZmM3MWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhl2BktbFEj4V43wjGapf5u1WaSsq
xn49lJoIO4aLfCCeAtDZk4QQ/lzVPS6EhgH8duLrTx4RTQPTnQ95vunXK6XBGjI1
+wX/FMBsruJz2c+79uwVdJ4v+q4kE8hkVVlZPwlOL7GSTYM9e8f2AyWMZr1Z3zta
pGkJCvuQjJtZNlP2u0lytvRzrRDsUbDKr7NiNxoScOUK8G2Re1w5v/oaAR1hvgz4
xeXNoJkprKDVK+LkMUqKPDWo5gXIK8uCVXaMSoVLL0/CRYRsT+Fin8tlO6xGZgA2
ZiS1Ln61uPQt60BDxKBJQa4mE5x/mAy7vuprZblx9b8m3uM2gBeNchMhLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHIFPdftowmyDK5Sw1NVXy8R/HGvMB8GA1UdIwQY
MBaAFDMe09e6URymAC2EWzwKqBEaNVnPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXg3VDE3cFJIS1lBTFlSYlBBcW9FUm8xV2M4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9mZWFhMWItYjdjMS00YjQ4LTk1OTQt
YmFmMjRkZDU4MzlmLzEvY2dVOTEtMmpDYklNcmxMRFUxVmZMeEg4Y2E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9mZWFhMWItYjdjMS00YjQ4LTk1OTQtYmFmMjRkZDU4Mzlm
LzEvTXg3VDE3cFJIS1lBTFlSYlBBcW9FUm8xV2M4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8NuMA0G
CSqGSIb3DQEBCwUAA4IBAQCdbpa5MXchuW4my7FIZVH4Hffcl9WAgUKUux4aQwG1
vTPeC4fhx88IwES1ynefw0IBzCzYNYERDnGBiLOYbgSAsHlgseiNJ6ELwMlejsla
69XZ6eAVQwkcxUuNByqaL0fsv+X/n646dxunlrWP7xY5HDP9w9gstyFA2/4bnn48
cp/Ewxw8jFcXgq9AQu1QSdcih6qAZQgqL9NJdXr5xYjT00nSfAC/8cMgIbiwWXj3
iHUjnACBpw50MK6rdEo0xoH+ufOEhRp58WaOwGiSZFKvRGecs3+ZHOhW5iP/0Bjt
On4t62WSvcFuAU6eFi5WPFDKwbOLIwVZD0WzXHIoMhjw
-----END CERTIFICATE-----