Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/775190-cb94-4063-8c1a-ad147d915791/1/9sTlJL6XI1F8_6pTnGvYUoHPjLc.roa
File:                     9sTlJL6XI1F8_6pTnGvYUoHPjLc.roa (raw, json)
Hash identifier:          p/q9OdpuOMeCTpoZABPBjgzLHhfpzMbQS5v48+zxKpQ=
Subject key identifier:   F6:C4:E5:24:BE:97:23:51:7C:FF:AA:53:9C:6B:D8:52:81:CF:8C:B7
Certificate issuer:       /CN=4f8477e569d1d7d60f0469a7cc8a7f4746039bb7
Certificate serial:       01941F8C80E6A29558D11C649D2645BBA146
Authority key identifier: 4F:84:77:E5:69:D1:D7:D6:0F:04:69:A7:CC:8A:7F:47:46:03:9B:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T4R35WnR19YPBGmnzIp_R0YDm7c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/775190-cb94-4063-8c1a-ad147d915791/1/9sTlJL6XI1F8_6pTnGvYUoHPjLc.roa
Signing time:             Wed 01 Jan 2025 01:48:09 +0000
ROA not before:           Wed 01 Jan 2025 01:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197386
IP address blocks:        91.220.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/775190-cb94-4063-8c1a-ad147d915791/1/T4R35WnR19YPBGmnzIp_R0YDm7c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/775190-cb94-4063-8c1a-ad147d915791/1/T4R35WnR19YPBGmnzIp_R0YDm7c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T4R35WnR19YPBGmnzIp_R0YDm7c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 19:02:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:80:e6:a2:95:58:d1:1c:64:9d:26:45:bb:a1:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f8477e569d1d7d60f0469a7cc8a7f4746039bb7
        Validity
            Not Before: Jan  1 01:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f6c4e524be9723517cffaa539c6bd85281cf8cb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ea:4f:78:38:a7:80:ef:d8:5d:11:38:a3:01:
                    69:2f:1e:8c:74:b7:e5:8f:f7:d4:f7:13:b3:a0:d8:
                    2f:a1:e9:f8:95:eb:17:8c:d7:83:ef:cf:9f:6b:bb:
                    6e:a3:90:85:09:ef:a4:be:e2:cc:ac:f6:cb:87:d4:
                    ce:f4:99:ca:9e:fa:37:76:6f:46:40:2f:12:8f:f3:
                    e4:5b:8a:4b:3c:cb:1f:b8:64:9d:71:bc:52:89:3e:
                    f8:3a:da:09:4c:8c:ae:15:d0:90:94:66:f5:9c:68:
                    41:f0:89:2e:ad:3d:e4:cf:c1:bf:1f:db:71:39:00:
                    e1:59:83:5a:d9:64:80:ed:15:cb:9f:10:f6:ec:83:
                    89:a2:59:e2:8d:e8:a7:ed:aa:8d:69:f7:cb:84:5a:
                    9d:00:ab:e0:1b:50:73:01:50:50:13:cf:af:3c:3e:
                    fb:f3:a6:e2:e4:8b:29:02:14:fe:7b:d0:58:fa:e1:
                    78:08:b2:7e:6b:63:a9:6e:b2:09:c0:40:fd:fc:d9:
                    72:28:ee:94:11:a1:47:71:d2:0c:31:d7:78:e3:af:
                    a5:ee:d5:d3:93:55:f3:49:7c:fe:99:e2:b8:e2:e4:
                    ae:64:5e:d6:1f:6c:52:b2:de:0d:2c:66:82:83:13:
                    7a:bc:22:13:a4:59:f1:eb:6b:75:bf:b7:43:98:bb:
                    a7:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:C4:E5:24:BE:97:23:51:7C:FF:AA:53:9C:6B:D8:52:81:CF:8C:B7
            X509v3 Authority Key Identifier:
                keyid:4F:84:77:E5:69:D1:D7:D6:0F:04:69:A7:CC:8A:7F:47:46:03:9B:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T4R35WnR19YPBGmnzIp_R0YDm7c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/775190-cb94-4063-8c1a-ad147d915791/1/9sTlJL6XI1F8_6pTnGvYUoHPjLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/775190-cb94-4063-8c1a-ad147d915791/1/T4R35WnR19YPBGmnzIp_R0YDm7c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:aa:72:d1:18:b3:33:c6:10:a7:4d:aa:f9:cc:89:e4:3c:b6:
         6f:33:00:3f:45:ad:87:1b:81:01:a9:ec:58:0b:f2:45:f9:61:
         80:f1:52:73:5c:22:34:27:16:bb:90:37:95:a7:e0:2f:66:b9:
         41:b7:c2:dc:94:36:2d:8d:9c:ef:c8:07:23:8f:bc:fb:80:d7:
         28:29:6e:94:66:fe:20:12:e5:ed:fe:a1:39:12:46:17:c3:20:
         55:b9:d9:84:d5:61:32:e5:85:09:9a:f4:8d:78:94:66:c0:2e:
         c7:c4:d0:05:79:b6:ce:de:bf:ae:d2:18:da:b7:fe:40:8d:06:
         26:87:a6:28:e7:ca:1f:e0:11:ec:09:b6:17:10:0a:eb:1e:ef:
         8c:fd:1b:4a:ae:01:e5:c4:00:43:77:ca:0f:4c:0d:0a:fd:3f:
         7b:c1:c1:b1:7a:04:43:7f:4c:5a:f7:79:dd:2e:99:85:6a:ed:
         63:41:6f:18:94:a7:2d:51:bb:69:50:55:e0:43:b9:ae:19:b4:
         24:07:b3:c4:db:19:60:13:66:c1:3f:05:e8:d8:c1:02:60:d4:
         f8:e5:74:b0:9e:9c:fa:08:9f:2d:0d:12:99:b3:48:91:0b:75:
         87:70:ab:5c:25:02:a0:72:b0:16:5c:7e:40:05:a7:bf:93:ad:
         a4:6c:d9:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjIDmopVY0RxknSZFu6FGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmODQ3N2U1NjlkMWQ3ZDYwZjA0NjlhN2NjOGE3ZjQ3NDYw
MzliYjcwHhcNMjUwMTAxMDE0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmM0ZTUyNGJlOTcyMzUxN2NmZmFhNTM5YzZiZDg1MjgxY2Y4Y2I3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+pPeDingO/YXRE4owFpLx6MdLfl
j/fU9xOzoNgvoen4lesXjNeD78+fa7tuo5CFCe+kvuLMrPbLh9TO9JnKnvo3dm9G
QC8Sj/PkW4pLPMsfuGSdcbxSiT74OtoJTIyuFdCQlGb1nGhB8IkurT3kz8G/H9tx
OQDhWYNa2WSA7RXLnxD27IOJolnijein7aqNaffLhFqdAKvgG1BzAVBQE8+vPD77
86bi5IspAhT+e9BY+uF4CLJ+a2OpbrIJwED9/NlyKO6UEaFHcdIMMdd446+l7tXT
k1XzSXz+meK44uSuZF7WH2xSst4NLGaCgxN6vCITpFnx62t1v7dDmLuntwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPbE5SS+lyNRfP+qU5xr2FKBz4y3MB8GA1UdIwQY
MBaAFE+Ed+Vp0dfWDwRpp8yKf0dGA5u3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDRSMzVXblIxOVlQQkdtbnpJcF9SMFlEbTdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC83NzUxOTAtY2I5NC00MDYzLThjMWEt
YWQxNDdkOTE1NzkxLzEvOXNUbEpMNlhJMUY4XzZwVG5HdllVb0hQakxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC83NzUxOTAtY2I5NC00MDYzLThjMWEtYWQxNDdkOTE1Nzkx
LzEvVDRSMzVXblIxOVlQQkdtbnpJcF9SMFlEbTdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9wyMA0G
CSqGSIb3DQEBCwUAA4IBAQBbqnLRGLMzxhCnTar5zInkPLZvMwA/Ra2HG4EBqexY
C/JF+WGA8VJzXCI0Jxa7kDeVp+AvZrlBt8LclDYtjZzvyAcjj7z7gNcoKW6UZv4g
EuXt/qE5EkYXwyBVudmE1WEy5YUJmvSNeJRmwC7HxNAFebbO3r+u0hjat/5AjQYm
h6Yo58of4BHsCbYXEArrHu+M/RtKrgHlxABDd8oPTA0K/T97wcGxegRDf0xa93nd
LpmFau1jQW8YlKctUbtpUFXgQ7muGbQkB7PE2xlgE2bBPwXo2MECYNT45XSwnpz6
CJ8tDRKZs0iRC3WHcKtcJQKgcrAWXH5ABae/k62kbNnc
-----END CERTIFICATE-----