Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/393218-46e5-468b-b58b-7f3352234e21/1/cGGNHHL2taAbcfw5rMUB84kQw_k.roa
File:                     cGGNHHL2taAbcfw5rMUB84kQw_k.roa (raw, json)
Hash identifier:          J56YjCbrct/bNrc5fidg1pLfrEEsu9MaAGzXOMhbxY8=
Subject key identifier:   70:61:8D:1C:72:F6:B5:A0:1B:71:FC:39:AC:C5:01:F3:89:10:C3:F9
Certificate issuer:       /CN=a49d2e50b7738aed0acc1a0ec2fee30080255838
Certificate serial:       019424B3761A85A13AE0A8CB54D10BC08845
Authority key identifier: A4:9D:2E:50:B7:73:8A:ED:0A:CC:1A:0E:C2:FE:E3:00:80:25:58:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pJ0uULdziu0KzBoOwv7jAIAlWDg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/393218-46e5-468b-b58b-7f3352234e21/1/cGGNHHL2taAbcfw5rMUB84kQw_k.roa
Signing time:             Thu 02 Jan 2025 01:48:48 +0000
ROA not before:           Thu 02 Jan 2025 01:48:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2856
IP address blocks:        91.230.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/393218-46e5-468b-b58b-7f3352234e21/1/pJ0uULdziu0KzBoOwv7jAIAlWDg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/393218-46e5-468b-b58b-7f3352234e21/1/pJ0uULdziu0KzBoOwv7jAIAlWDg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pJ0uULdziu0KzBoOwv7jAIAlWDg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:76:1a:85:a1:3a:e0:a8:cb:54:d1:0b:c0:88:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a49d2e50b7738aed0acc1a0ec2fee30080255838
        Validity
            Not Before: Jan  2 01:48:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=70618d1c72f6b5a01b71fc39acc501f38910c3f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:9b:0d:8f:df:d8:f7:1c:47:b6:34:43:51:a8:
                    5e:60:68:13:d4:cc:d6:b9:44:6a:98:65:af:91:07:
                    08:6d:df:51:e3:68:ed:96:4c:c7:f7:cc:a4:10:2a:
                    a1:ce:a9:58:35:39:66:ed:a1:bc:d1:81:b7:b8:f5:
                    9d:4b:4b:0a:0e:fd:6d:db:dd:e9:60:d0:04:b0:3d:
                    4f:c1:cd:1d:23:2c:76:b4:8c:0c:46:de:76:26:cd:
                    9d:5e:16:4a:da:47:d2:45:57:3f:ec:9f:d0:a5:45:
                    36:46:22:db:5e:ab:97:68:99:4a:7a:da:6a:dc:ff:
                    7f:00:e1:af:51:7b:6d:5f:84:05:ba:e5:50:43:ae:
                    58:b6:de:5f:5f:d6:ab:ff:b1:2f:16:30:45:32:d1:
                    3f:61:59:8b:28:c7:fb:bf:78:4e:f9:55:a2:78:1e:
                    06:0a:b1:84:fd:80:09:82:f7:d4:b1:d6:38:da:08:
                    eb:34:a8:f8:ea:a0:ef:91:17:81:60:ee:a5:f4:b9:
                    df:2b:3f:69:fa:1a:c8:24:dc:ed:fd:07:2b:e1:36:
                    34:57:72:71:24:ec:09:1f:04:19:b0:a0:02:ae:96:
                    26:02:b4:05:42:ab:bc:3d:ce:27:37:4b:d3:52:0b:
                    20:7a:8b:ec:0f:60:b5:f7:71:78:79:47:3d:18:c6:
                    49:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:61:8D:1C:72:F6:B5:A0:1B:71:FC:39:AC:C5:01:F3:89:10:C3:F9
            X509v3 Authority Key Identifier:
                keyid:A4:9D:2E:50:B7:73:8A:ED:0A:CC:1A:0E:C2:FE:E3:00:80:25:58:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pJ0uULdziu0KzBoOwv7jAIAlWDg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/393218-46e5-468b-b58b-7f3352234e21/1/cGGNHHL2taAbcfw5rMUB84kQw_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/393218-46e5-468b-b58b-7f3352234e21/1/pJ0uULdziu0KzBoOwv7jAIAlWDg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.230.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:89:18:45:e6:cd:af:98:46:79:db:4a:29:bf:e0:ff:91:92:
         f0:d8:9b:c0:ad:a3:96:b5:1e:e9:3f:d9:76:29:3d:98:77:d9:
         7f:98:a3:31:ff:5e:32:ff:38:91:a0:48:dc:50:bd:a9:b3:8b:
         59:8b:e6:16:53:52:da:a4:b7:c6:2e:91:fe:ba:07:39:32:95:
         f7:e3:d7:ad:12:09:b7:14:85:da:6e:6b:51:d9:95:39:94:f8:
         55:e3:b4:30:3a:25:c6:c5:50:4f:01:ca:10:24:bf:5c:a0:6c:
         97:8b:79:b6:40:d8:91:47:37:08:a5:6a:27:af:1f:bb:ad:79:
         6a:7c:6f:6c:4a:90:ad:e9:ab:73:52:26:25:09:e1:42:72:37:
         05:67:c9:8d:bf:6d:92:69:76:32:73:0c:06:36:b0:e7:51:b5:
         c6:3c:db:8e:fc:3b:da:20:ef:b4:cb:5a:b5:93:34:8c:b4:88:
         e8:d8:94:28:2d:14:61:14:b2:4f:ab:b7:df:cf:e2:8c:a6:d6:
         c9:82:55:65:dd:9a:55:68:fa:d8:0c:52:69:73:2a:ee:eb:94:
         8d:55:c1:f1:6a:4e:b7:c5:15:7c:90:f3:0e:32:46:82:5b:f8:
         89:e7:32:93:90:6c:af:42:74:14:45:93:b1:97:71:ad:dd:73:
         78:cf:5a:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks3YahaE64KjLVNELwIhFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0OWQyZTUwYjc3MzhhZWQwYWNjMWEwZWMyZmVlMzAwODAy
NTU4MzgwHhcNMjUwMTAyMDE0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDYxOGQxYzcyZjZiNWEwMWI3MWZjMzlhY2M1MDFmMzg5MTBjM2Y5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5sNj9/Y9xxHtjRDUaheYGgT1MzW
uURqmGWvkQcIbd9R42jtlkzH98ykECqhzqlYNTlm7aG80YG3uPWdS0sKDv1t293p
YNAEsD1Pwc0dIyx2tIwMRt52Js2dXhZK2kfSRVc/7J/QpUU2RiLbXquXaJlKetpq
3P9/AOGvUXttX4QFuuVQQ65Ytt5fX9ar/7EvFjBFMtE/YVmLKMf7v3hO+VWieB4G
CrGE/YAJgvfUsdY42gjrNKj46qDvkReBYO6l9LnfKz9p+hrIJNzt/Qcr4TY0V3Jx
JOwJHwQZsKACrpYmArQFQqu8Pc4nN0vTUgsgeovsD2C193F4eUc9GMZJ3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHBhjRxy9rWgG3H8OazFAfOJEMP5MB8GA1UdIwQY
MBaAFKSdLlC3c4rtCswaDsL+4wCAJVg4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEowdVVMZHppdTBLekJvT3d2N2pBSUFsV0RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8zOTMyMTgtNDZlNS00NjhiLWI1OGIt
N2YzMzUyMjM0ZTIxLzEvY0dHTkhITDJ0YUFiY2Z3NXJNVUI4NGtRd19rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8zOTMyMTgtNDZlNS00NjhiLWI1OGItN2YzMzUyMjM0ZTIx
LzEvcEowdVVMZHppdTBLekJvT3d2N2pBSUFsV0RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+YoMA0G
CSqGSIb3DQEBCwUAA4IBAQBxiRhF5s2vmEZ520opv+D/kZLw2JvAraOWtR7pP9l2
KT2Yd9l/mKMx/14y/ziRoEjcUL2ps4tZi+YWU1LapLfGLpH+ugc5MpX349etEgm3
FIXabmtR2ZU5lPhV47QwOiXGxVBPAcoQJL9coGyXi3m2QNiRRzcIpWonrx+7rXlq
fG9sSpCt6atzUiYlCeFCcjcFZ8mNv22SaXYycwwGNrDnUbXGPNuO/DvaIO+0y1q1
kzSMtIjo2JQoLRRhFLJPq7ffz+KMptbJglVl3ZpVaPrYDFJpcyru65SNVcHxak63
xRV8kPMOMkaCW/iJ5zKTkGyvQnQURZOxl3Gt3XN4z1pu
-----END CERTIFICATE-----