Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/71f0c3-27df-46b8-895a-36583c165dc9/1/nitfhwT5zdpxb50hXlk4jgWzdQE.roa
File:                     nitfhwT5zdpxb50hXlk4jgWzdQE.roa (raw, json)
Hash identifier:          Cnmglk4tBEqztiio9IkWbUek+XEbAwr0Bjp+MAHYUSs=
Subject key identifier:   9E:2B:5F:87:04:F9:CD:DA:71:6F:9D:21:5E:59:38:8E:05:B3:75:01
Certificate issuer:       /CN=0e280e5bf0970c733cc34bc1be7926759ac31ded
Certificate serial:       01942369113D65A1C2AD0B23ACAFA9285694
Authority key identifier: 0E:28:0E:5B:F0:97:0C:73:3C:C3:4B:C1:BE:79:26:75:9A:C3:1D:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DigOW_CXDHM8w0vBvnkmdZrDHe0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/71f0c3-27df-46b8-895a-36583c165dc9/1/nitfhwT5zdpxb50hXlk4jgWzdQE.roa
Signing time:             Wed 01 Jan 2025 19:47:55 +0000
ROA not before:           Wed 01 Jan 2025 19:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197916
IP address blocks:        91.228.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/71f0c3-27df-46b8-895a-36583c165dc9/1/DigOW_CXDHM8w0vBvnkmdZrDHe0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/71f0c3-27df-46b8-895a-36583c165dc9/1/DigOW_CXDHM8w0vBvnkmdZrDHe0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DigOW_CXDHM8w0vBvnkmdZrDHe0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:11:3d:65:a1:c2:ad:0b:23:ac:af:a9:28:56:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e280e5bf0970c733cc34bc1be7926759ac31ded
        Validity
            Not Before: Jan  1 19:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9e2b5f8704f9cdda716f9d215e59388e05b37501
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:40:fc:0a:cb:d6:d8:9f:54:1e:6b:24:3b:88:
                    54:45:d2:7d:bf:b2:90:b6:a9:a7:c5:c1:08:47:8b:
                    74:ca:f2:e8:da:e0:e7:e2:fb:aa:1e:d8:55:6b:b7:
                    d1:7a:e4:29:99:80:24:33:3a:e1:e1:ee:d6:bd:6c:
                    05:15:20:b9:15:4c:83:6d:6d:fc:bc:98:ea:21:cb:
                    01:d8:25:95:5d:cf:a6:05:9a:43:97:d6:bd:7d:90:
                    0d:e0:4f:5c:00:c5:9f:97:83:53:0b:56:b5:27:3f:
                    9f:c8:da:28:54:f3:e8:75:be:25:1d:5e:8c:e4:82:
                    f4:ec:8c:50:2d:dd:83:73:56:6d:8f:4d:5a:27:5b:
                    c3:4a:2c:cc:a8:dd:ba:26:79:75:8f:39:bc:39:ed:
                    4d:04:e7:1e:92:8e:71:7b:c8:85:33:48:a6:7e:35:
                    fd:d6:a4:12:8b:cf:8c:f6:6e:b8:a8:04:a4:eb:1a:
                    9e:39:f4:91:fc:07:29:30:14:cc:66:95:ab:68:5d:
                    d3:61:af:95:ef:a5:05:8d:d7:96:e0:33:b7:de:a8:
                    69:50:52:53:82:5b:a9:91:5d:72:cf:61:61:9d:b0:
                    d5:5b:c3:50:3f:1d:e0:c7:14:31:81:d7:ae:cc:f5:
                    a1:59:b7:77:76:04:13:d2:93:15:4f:a0:69:ce:46:
                    d6:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:2B:5F:87:04:F9:CD:DA:71:6F:9D:21:5E:59:38:8E:05:B3:75:01
            X509v3 Authority Key Identifier:
                keyid:0E:28:0E:5B:F0:97:0C:73:3C:C3:4B:C1:BE:79:26:75:9A:C3:1D:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DigOW_CXDHM8w0vBvnkmdZrDHe0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/71f0c3-27df-46b8-895a-36583c165dc9/1/nitfhwT5zdpxb50hXlk4jgWzdQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/71f0c3-27df-46b8-895a-36583c165dc9/1/DigOW_CXDHM8w0vBvnkmdZrDHe0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:a5:1f:63:fb:72:f1:ba:42:c4:50:c0:ca:f7:46:25:23:fd:
         99:97:f6:58:9c:2e:23:8f:5a:29:ca:b3:e6:36:ba:63:f4:ed:
         54:26:f9:1f:c2:28:50:02:e8:4e:5c:80:bb:56:ae:87:74:85:
         8d:1a:0e:31:af:9a:c1:d0:0d:e3:c4:d9:d0:20:64:c3:19:3a:
         a5:aa:65:f6:a4:9d:ed:1c:2a:e6:66:5d:bf:35:3f:01:45:27:
         de:22:41:8d:8c:62:a8:4f:04:d3:95:e4:7c:df:11:2a:a7:fb:
         93:9f:be:1b:81:d1:56:d0:8d:22:1a:fa:45:4d:9e:bf:d0:c4:
         9c:9e:08:f7:ba:ce:51:86:69:e7:13:af:8c:df:c3:1b:6b:64:
         d2:e2:b6:18:0f:03:28:71:34:0b:36:10:f9:df:17:58:1b:30:
         5f:e8:2a:db:f3:62:4c:34:06:1c:d4:07:07:44:77:74:c7:e5:
         e5:62:fe:16:0f:ea:76:b4:11:b2:8b:35:ef:1d:c5:bd:ff:25:
         ad:2c:a8:01:9f:75:05:69:71:6a:af:1d:9f:96:c9:f8:42:36:
         89:d9:57:30:a4:67:84:ee:11:58:ee:a6:dd:e0:b3:d5:27:7b:
         a6:5c:7e:eb:cd:d0:7c:a9:7a:51:f7:d2:eb:99:95:08:ca:4b:
         64:d6:74:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaRE9ZaHCrQsjrK+pKFaUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMjgwZTViZjA5NzBjNzMzY2MzNGJjMWJlNzkyNjc1OWFj
MzFkZWQwHhcNMjUwMTAxMTk0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTJiNWY4NzA0ZjljZGRhNzE2ZjlkMjE1ZTU5Mzg4ZTA1YjM3NTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArkD8CsvW2J9UHmskO4hURdJ9v7KQ
tqmnxcEIR4t0yvLo2uDn4vuqHthVa7fReuQpmYAkMzrh4e7WvWwFFSC5FUyDbW38
vJjqIcsB2CWVXc+mBZpDl9a9fZAN4E9cAMWfl4NTC1a1Jz+fyNooVPPodb4lHV6M
5IL07IxQLd2Dc1Ztj01aJ1vDSizMqN26Jnl1jzm8Oe1NBOceko5xe8iFM0imfjX9
1qQSi8+M9m64qASk6xqeOfSR/AcpMBTMZpWraF3TYa+V76UFjdeW4DO33qhpUFJT
glupkV1yz2FhnbDVW8NQPx3gxxQxgdeuzPWhWbd3dgQT0pMVT6BpzkbWJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ4rX4cE+c3acW+dIV5ZOI4Fs3UBMB8GA1UdIwQY
MBaAFA4oDlvwlwxzPMNLwb55JnWawx3tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGlnT1dfQ1hESE04dzB2QnZua21kWnJESGUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni83MWYwYzMtMjdkZi00NmI4LTg5NWEt
MzY1ODNjMTY1ZGM5LzEvbml0Zmh3VDV6ZHB4YjUwaFhsazRqZ1d6ZFFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni83MWYwYzMtMjdkZi00NmI4LTg5NWEtMzY1ODNjMTY1ZGM5
LzEvRGlnT1dfQ1hESE04dzB2QnZua21kWnJESGUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+SpMA0G
CSqGSIb3DQEBCwUAA4IBAQBlpR9j+3LxukLEUMDK90YlI/2Zl/ZYnC4jj1opyrPm
Nrpj9O1UJvkfwihQAuhOXIC7Vq6HdIWNGg4xr5rB0A3jxNnQIGTDGTqlqmX2pJ3t
HCrmZl2/NT8BRSfeIkGNjGKoTwTTleR83xEqp/uTn74bgdFW0I0iGvpFTZ6/0MSc
ngj3us5RhmnnE6+M38Mba2TS4rYYDwMocTQLNhD53xdYGzBf6Crb82JMNAYc1AcH
RHd0x+XlYv4WD+p2tBGyizXvHcW9/yWtLKgBn3UFaXFqrx2flsn4QjaJ2VcwpGeE
7hFY7qbd4LPVJ3umXH7rzdB8qXpR99LrmZUIyktk1nRu
-----END CERTIFICATE-----