Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/269363-b35f-422c-b076-93f486b8b961/1/Nznyy9xshgCweLUD1_bugCiQoXo.roa
File:                     Nznyy9xshgCweLUD1_bugCiQoXo.roa (raw, json)
Hash identifier:          gXQcEF6exSelIBpq7F1GMZVPqcnvH6gLtsL5J/YdGqk=
Subject key identifier:   37:39:F2:CB:DC:6C:86:00:B0:78:B5:03:D7:F6:EE:80:28:90:A1:7A
Certificate issuer:       /CN=9a918d7d180f36e76512a41611a0b28a8b40c52e
Certificate serial:       018CC94CD33288C502B9FB406F819E49E7E2
Authority key identifier: 9A:91:8D:7D:18:0F:36:E7:65:12:A4:16:11:A0:B2:8A:8B:40:C5:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mpGNfRgPNudlEqQWEaCyiotAxS4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/269363-b35f-422c-b076-93f486b8b961/1/Nznyy9xshgCweLUD1_bugCiQoXo.roa
Signing time:             Tue 02 Jan 2024 08:31:44 +0000
ROA not before:           Tue 02 Jan 2024 08:31:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197416
IP address blocks:        91.220.156.0/24 maxlen: 24
                          2001:67c:22a8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/269363-b35f-422c-b076-93f486b8b961/1/mpGNfRgPNudlEqQWEaCyiotAxS4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/269363-b35f-422c-b076-93f486b8b961/1/mpGNfRgPNudlEqQWEaCyiotAxS4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mpGNfRgPNudlEqQWEaCyiotAxS4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:d3:32:88:c5:02:b9:fb:40:6f:81:9e:49:e7:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a918d7d180f36e76512a41611a0b28a8b40c52e
        Validity
            Not Before: Jan  2 08:31:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3739f2cbdc6c8600b078b503d7f6ee802890a17a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:8a:f2:1c:b2:f9:6b:ad:09:51:b9:fc:cb:6d:
                    9e:01:0e:0d:40:0e:ca:8e:fb:6d:d7:b8:a0:c6:21:
                    dd:99:13:e6:77:6e:49:80:aa:58:73:1c:16:c7:cc:
                    a1:b7:73:0a:d0:3a:b8:62:16:4f:df:91:a2:01:0f:
                    ae:3f:84:5f:51:d2:7a:aa:0d:d7:24:33:4c:a4:75:
                    68:c3:0a:c4:0e:76:68:d8:9f:b2:8c:ed:34:c7:c1:
                    e9:37:cc:90:e0:c6:f1:e6:3f:d4:c8:b1:7a:1c:2d:
                    54:ab:85:7e:75:3b:37:59:c4:3d:fa:c2:f6:89:56:
                    9d:e0:ca:4c:a7:cc:22:96:27:ab:ce:f8:e0:4a:d5:
                    86:08:c9:ca:63:a4:94:fe:2f:3b:4e:3f:e3:4a:32:
                    a9:5f:d8:4a:e3:8a:0b:2c:e8:70:23:99:ab:88:e5:
                    54:31:7a:0e:66:7e:45:43:04:50:c0:e6:8a:85:f3:
                    46:03:23:e0:09:9d:90:26:17:94:96:ea:73:28:c4:
                    a5:08:14:58:a9:21:98:2e:62:3d:3c:49:3f:66:20:
                    9b:b2:13:3f:dc:3a:52:c1:ba:60:77:b9:65:d6:06:
                    f8:b2:08:9d:c4:29:96:fc:e1:f2:32:ca:99:7d:3e:
                    e0:60:bf:00:11:73:b3:f9:aa:d9:02:4e:5b:9d:1f:
                    a4:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:39:F2:CB:DC:6C:86:00:B0:78:B5:03:D7:F6:EE:80:28:90:A1:7A
            X509v3 Authority Key Identifier:
                keyid:9A:91:8D:7D:18:0F:36:E7:65:12:A4:16:11:A0:B2:8A:8B:40:C5:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mpGNfRgPNudlEqQWEaCyiotAxS4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/269363-b35f-422c-b076-93f486b8b961/1/Nznyy9xshgCweLUD1_bugCiQoXo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/269363-b35f-422c-b076-93f486b8b961/1/mpGNfRgPNudlEqQWEaCyiotAxS4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.156.0/24
                IPv6:
                  2001:67c:22a8::/48

    Signature Algorithm: sha256WithRSAEncryption
         44:77:57:6e:b4:42:5b:8f:f1:de:d9:93:7b:d8:71:83:e3:71:
         0b:95:ce:2e:4d:3e:d1:1d:5e:05:b9:71:ef:d4:0f:3e:a2:10:
         c3:0f:48:d9:11:e0:a0:7b:41:86:61:e6:1b:3d:fe:2c:6b:f7:
         27:8e:74:47:b5:7e:97:19:e9:37:6d:06:e9:b9:48:58:0b:8b:
         c7:9f:1b:4a:fc:56:4f:98:41:57:71:39:da:8d:59:40:65:d6:
         4b:2e:5e:cf:bc:df:b0:a2:38:2f:ca:fc:bc:f5:c3:83:43:e6:
         77:18:ec:90:bf:3d:5f:8b:68:07:fb:3b:e3:bf:0f:73:a9:8e:
         2d:ae:06:b9:0a:34:5c:97:61:f9:a5:ae:5d:4f:db:df:c1:43:
         5c:77:c0:14:51:64:8d:a5:d2:12:69:39:59:7c:0d:28:12:8d:
         6b:6a:84:b1:26:d4:df:a2:b9:c5:0c:f0:fb:f5:94:ac:bb:50:
         ff:c5:73:58:f7:c0:cc:f6:ab:eb:f3:be:17:ce:fa:61:cb:26:
         61:e1:6c:1c:97:5d:a8:52:ef:23:d4:54:1e:81:30:27:3f:63:
         4a:d0:c8:37:34:f9:fc:e8:54:b4:de:34:12:4d:4e:85:31:d6:
         30:bf:81:c5:2b:ec:73:3a:c8:a5:2e:6e:04:fc:29:00:02:b1:
         85:9f:fc:5d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJTNMyiMUCuftAb4GeSefiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhOTE4ZDdkMTgwZjM2ZTc2NTEyYTQxNjExYTBiMjhhOGI0
MGM1MmUwHhcNMjQwMTAyMDgzMTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzM5ZjJjYmRjNmM4NjAwYjA3OGI1MDNkN2Y2ZWU4MDI4OTBhMTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsIryHLL5a60JUbn8y22eAQ4NQA7K
jvtt17igxiHdmRPmd25JgKpYcxwWx8yht3MK0Dq4YhZP35GiAQ+uP4RfUdJ6qg3X
JDNMpHVowwrEDnZo2J+yjO00x8HpN8yQ4Mbx5j/UyLF6HC1Uq4V+dTs3WcQ9+sL2
iVad4MpMp8wilierzvjgStWGCMnKY6SU/i87Tj/jSjKpX9hK44oLLOhwI5mriOVU
MXoOZn5FQwRQwOaKhfNGAyPgCZ2QJheUlupzKMSlCBRYqSGYLmI9PEk/ZiCbshM/
3DpSwbpgd7ll1gb4sgidxCmW/OHyMsqZfT7gYL8AEXOz+arZAk5bnR+kIQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDc58svcbIYAsHi1A9f27oAokKF6MB8GA1UdIwQY
MBaAFJqRjX0YDzbnZRKkFhGgsoqLQMUuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXBHTmZSZ1BOdWRsRXFRV0VhQ3lpb3RBeFM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS8yNjkzNjMtYjM1Zi00MjJjLWIwNzYt
OTNmNDg2YjhiOTYxLzEvTnpueXk5eHNoZ0N3ZUxVRDFfYnVnQ2lRb1hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS8yNjkzNjMtYjM1Zi00MjJjLWIwNzYtOTNmNDg2YjhiOTYx
LzEvbXBHTmZSZ1BOdWRsRXFRV0VhQ3lpb3RBeFM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW9ycMA8E
AgACMAkDBwAgAQZ8IqgwDQYJKoZIhvcNAQELBQADggEBAER3V260QluP8d7Zk3vY
cYPjcQuVzi5NPtEdXgW5ce/UDz6iEMMPSNkR4KB7QYZh5hs9/ixr9yeOdEe1fpcZ
6TdtBum5SFgLi8efG0r8Vk+YQVdxOdqNWUBl1ksuXs+837CiOC/K/Lz1w4ND5ncY
7JC/PV+LaAf7O+O/D3Opji2uBrkKNFyXYfmlrl1P29/BQ1x3wBRRZI2l0hJpOVl8
DSgSjWtqhLEm1N+iucUM8Pv1lKy7UP/Fc1j3wMz2q+vzvhfO+mHLJmHhbByXXahS
7yPUVB6BMCc/Y0rQyDc0+fzoVLTeNBJNToUx1jC/gcUr7HM6yKUubgT8KQACsYWf
/F0=
-----END CERTIFICATE-----