Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/775190-cb94-4063-8c1a-ad147d915791/1/ob104eCQJ_C_ID7VnPR1GOcDcA8.roa
File:                     ob104eCQJ_C_ID7VnPR1GOcDcA8.roa (raw, json)
Hash identifier:          0O8ntyVniHu4kxwME5VY5LDqj4fbOYlq5O01qeomItA=
Subject key identifier:   A1:BD:74:E1:E0:90:27:F0:BF:20:3E:D5:9C:F4:75:18:E7:03:70:0F
Certificate issuer:       /CN=4f8477e569d1d7d60f0469a7cc8a7f4746039bb7
Certificate serial:       01941F8C809D673B9FD544DB429E37F1F496
Authority key identifier: 4F:84:77:E5:69:D1:D7:D6:0F:04:69:A7:CC:8A:7F:47:46:03:9B:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T4R35WnR19YPBGmnzIp_R0YDm7c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/775190-cb94-4063-8c1a-ad147d915791/1/ob104eCQJ_C_ID7VnPR1GOcDcA8.roa
Signing time:             Wed 01 Jan 2025 01:48:09 +0000
ROA not before:           Wed 01 Jan 2025 01:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9121
IP address blocks:        91.220.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/775190-cb94-4063-8c1a-ad147d915791/1/T4R35WnR19YPBGmnzIp_R0YDm7c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/775190-cb94-4063-8c1a-ad147d915791/1/T4R35WnR19YPBGmnzIp_R0YDm7c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T4R35WnR19YPBGmnzIp_R0YDm7c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 14:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:80:9d:67:3b:9f:d5:44:db:42:9e:37:f1:f4:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f8477e569d1d7d60f0469a7cc8a7f4746039bb7
        Validity
            Not Before: Jan  1 01:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a1bd74e1e09027f0bf203ed59cf47518e703700f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:d3:ff:83:ea:12:d3:11:54:d0:e0:ad:18:18:
                    d5:71:36:7d:e7:72:77:b0:e4:94:53:00:66:8e:9a:
                    76:1d:6f:ce:2b:81:85:50:b3:5f:b6:00:64:6e:22:
                    92:fd:27:8d:15:d0:bf:e4:57:f7:e0:da:8f:d7:65:
                    08:55:cb:3f:62:01:c9:d3:cc:e2:65:b4:80:81:08:
                    ec:17:68:08:e6:11:bb:f0:a2:61:b8:40:51:ea:df:
                    ae:e6:4c:da:dd:58:c4:e2:fb:8e:33:b7:e3:ca:dd:
                    70:28:b8:a3:40:76:f4:b4:0f:07:09:05:16:9e:d8:
                    f0:f5:5e:14:42:be:bc:3f:34:08:34:ae:85:f0:ba:
                    22:40:0c:47:1e:d1:7a:89:03:ac:ca:53:c2:b5:16:
                    cd:a0:bd:f2:2a:10:84:70:38:d6:b3:20:c0:b9:95:
                    bb:e4:e7:7e:af:96:cf:94:db:32:a3:0d:ea:e3:6b:
                    b0:fd:28:c0:22:cc:d9:a5:fc:7a:65:3d:63:c4:9c:
                    32:61:b4:1e:fa:9a:65:24:d8:22:23:e6:4f:5b:56:
                    82:f3:47:d7:df:ea:20:d7:9d:52:49:eb:ae:cc:dd:
                    ae:34:8d:bd:24:47:7c:d9:91:e6:2a:74:1b:68:0a:
                    04:c9:72:b4:35:d7:b7:28:66:d9:ce:ed:99:60:68:
                    e1:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:BD:74:E1:E0:90:27:F0:BF:20:3E:D5:9C:F4:75:18:E7:03:70:0F
            X509v3 Authority Key Identifier:
                keyid:4F:84:77:E5:69:D1:D7:D6:0F:04:69:A7:CC:8A:7F:47:46:03:9B:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T4R35WnR19YPBGmnzIp_R0YDm7c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/775190-cb94-4063-8c1a-ad147d915791/1/ob104eCQJ_C_ID7VnPR1GOcDcA8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/775190-cb94-4063-8c1a-ad147d915791/1/T4R35WnR19YPBGmnzIp_R0YDm7c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:51:3c:ae:b3:15:d3:68:a8:71:02:cc:1e:4f:8e:f6:a7:81:
         62:45:a9:cd:2e:cd:1c:9d:42:56:13:35:60:e9:a6:f4:9b:e8:
         a5:36:9c:5f:25:6b:e0:04:d1:b0:67:84:56:1d:46:93:11:19:
         4f:09:14:16:b0:23:fc:66:d6:78:1f:4e:ca:c4:d6:04:af:e3:
         7a:17:95:99:d6:77:f7:4e:9d:53:9a:06:05:c0:da:82:e3:ef:
         e6:88:8f:76:7c:ae:c0:60:59:aa:2a:a3:7a:a0:4b:fd:2d:1c:
         78:fa:e2:cf:1f:ea:c2:26:09:cc:ec:c9:3a:f2:60:36:8a:4d:
         58:ef:03:1d:06:c9:3a:a1:d9:36:15:31:9e:22:cd:29:0a:e0:
         f3:e3:5b:cc:fc:52:39:11:c4:b5:ac:6f:5c:2f:3e:74:f2:38:
         69:55:0e:fb:ea:51:9f:55:e5:aa:9b:04:22:20:56:8e:7c:52:
         ac:80:a1:23:9d:e7:20:7b:f7:8d:ec:28:30:9a:2c:a6:3d:27:
         d3:55:a4:9c:13:a3:c5:ee:77:3b:49:85:da:b6:71:13:df:89:
         29:ce:b9:e4:b0:d1:24:5e:6c:68:11:c0:cc:a2:55:72:17:06:
         50:28:d9:4d:72:6d:af:42:73:fb:1b:da:e7:da:03:4a:cc:21:
         5c:b3:5a:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjICdZzuf1UTbQp438fSWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmODQ3N2U1NjlkMWQ3ZDYwZjA0NjlhN2NjOGE3ZjQ3NDYw
MzliYjcwHhcNMjUwMTAxMDE0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWJkNzRlMWUwOTAyN2YwYmYyMDNlZDU5Y2Y0NzUxOGU3MDM3MDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuNP/g+oS0xFU0OCtGBjVcTZ953J3
sOSUUwBmjpp2HW/OK4GFULNftgBkbiKS/SeNFdC/5Ff34NqP12UIVcs/YgHJ08zi
ZbSAgQjsF2gI5hG78KJhuEBR6t+u5kza3VjE4vuOM7fjyt1wKLijQHb0tA8HCQUW
ntjw9V4UQr68PzQINK6F8LoiQAxHHtF6iQOsylPCtRbNoL3yKhCEcDjWsyDAuZW7
5Od+r5bPlNsyow3q42uw/SjAIszZpfx6ZT1jxJwyYbQe+pplJNgiI+ZPW1aC80fX
3+og151SSeuuzN2uNI29JEd82ZHmKnQbaAoEyXK0Nde3KGbZzu2ZYGjhKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKG9dOHgkCfwvyA+1Zz0dRjnA3APMB8GA1UdIwQY
MBaAFE+Ed+Vp0dfWDwRpp8yKf0dGA5u3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDRSMzVXblIxOVlQQkdtbnpJcF9SMFlEbTdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC83NzUxOTAtY2I5NC00MDYzLThjMWEt
YWQxNDdkOTE1NzkxLzEvb2IxMDRlQ1FKX0NfSUQ3Vm5QUjFHT2NEY0E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC83NzUxOTAtY2I5NC00MDYzLThjMWEtYWQxNDdkOTE1Nzkx
LzEvVDRSMzVXblIxOVlQQkdtbnpJcF9SMFlEbTdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9wyMA0G
CSqGSIb3DQEBCwUAA4IBAQAkUTyusxXTaKhxAsweT472p4FiRanNLs0cnUJWEzVg
6ab0m+ilNpxfJWvgBNGwZ4RWHUaTERlPCRQWsCP8ZtZ4H07KxNYEr+N6F5WZ1nf3
Tp1TmgYFwNqC4+/miI92fK7AYFmqKqN6oEv9LRx4+uLPH+rCJgnM7Mk68mA2ik1Y
7wMdBsk6odk2FTGeIs0pCuDz41vM/FI5EcS1rG9cLz508jhpVQ776lGfVeWqmwQi
IFaOfFKsgKEjnecge/eN7CgwmiymPSfTVaScE6PF7nc7SYXatnET34kpzrnksNEk
XmxoEcDMolVyFwZQKNlNcm2vQnP7G9rn2gNKzCFcs1qX
-----END CERTIFICATE-----