Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/0c9d80-43a5-453a-ad25-4ee92ee1e0cd/1/owHEbuwcnPA8b7n_osJ_bA6DdYE.roa
File:                     owHEbuwcnPA8b7n_osJ_bA6DdYE.roa (raw, json)
Hash identifier:          ByWvDjxglyeRTWYG7v/d7H2vwB/0dHvZTEoxbi/UuLM=
Subject key identifier:   A3:01:C4:6E:EC:1C:9C:F0:3C:6F:B9:FF:A2:C2:7F:6C:0E:83:75:81
Certificate issuer:       /CN=927105c9d1fb0690554971f464ca21f4a45c106a
Certificate serial:       018CC2DB2B4DD4F3D753597BA89A9FADE068
Authority key identifier: 92:71:05:C9:D1:FB:06:90:55:49:71:F4:64:CA:21:F4:A4:5C:10:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/knEFydH7BpBVSXH0ZMoh9KRcEGo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/0c9d80-43a5-453a-ad25-4ee92ee1e0cd/1/owHEbuwcnPA8b7n_osJ_bA6DdYE.roa
Signing time:             Mon 01 Jan 2024 02:29:52 +0000
ROA not before:           Mon 01 Jan 2024 02:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49123
IP address blocks:        91.212.143.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/0c9d80-43a5-453a-ad25-4ee92ee1e0cd/1/knEFydH7BpBVSXH0ZMoh9KRcEGo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/0c9d80-43a5-453a-ad25-4ee92ee1e0cd/1/knEFydH7BpBVSXH0ZMoh9KRcEGo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/knEFydH7BpBVSXH0ZMoh9KRcEGo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:2b:4d:d4:f3:d7:53:59:7b:a8:9a:9f:ad:e0:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=927105c9d1fb0690554971f464ca21f4a45c106a
        Validity
            Not Before: Jan  1 02:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a301c46eec1c9cf03c6fb9ffa2c27f6c0e837581
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:5b:49:57:1d:83:a5:fb:db:38:58:70:27:78:
                    a0:0b:d7:41:98:23:65:8c:d3:23:27:84:c2:f9:31:
                    24:77:87:dd:4f:5c:69:3c:d6:e3:1b:25:16:46:e3:
                    5a:00:40:44:b0:a9:4e:fb:55:8e:f4:1a:3c:49:9b:
                    16:e6:d5:c2:01:b8:d5:ae:03:bd:08:02:6e:94:d6:
                    9d:11:6c:4d:e3:0b:99:ee:e4:79:2b:f8:69:0a:2a:
                    5a:0f:e5:cf:fa:6e:0b:7a:aa:a7:9e:02:e2:81:84:
                    80:b6:81:fd:b3:ed:81:19:04:eb:9c:2e:60:be:b1:
                    68:74:82:b1:ae:07:5c:a1:f1:15:da:da:4c:34:6d:
                    2e:cd:94:65:9d:33:e8:86:1d:8d:6d:8c:d7:a5:87:
                    0f:9b:e7:77:c0:15:46:79:18:06:34:4a:ff:d8:54:
                    c9:94:a7:6a:ee:6f:46:b3:ea:4b:e5:e1:be:13:51:
                    b9:0b:4e:2f:7c:f4:83:b0:2e:98:c7:da:9f:a1:bc:
                    00:e0:3b:23:e3:b8:bf:1c:2b:e3:03:32:17:cd:ba:
                    1c:65:fc:bf:ad:a5:16:e8:c4:34:0c:7d:3d:73:c6:
                    10:72:c4:08:4c:1f:ad:c1:6b:43:b6:fd:c1:59:81:
                    8f:a1:b3:a4:5b:7f:ba:e8:00:16:94:93:b5:01:ff:
                    73:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:01:C4:6E:EC:1C:9C:F0:3C:6F:B9:FF:A2:C2:7F:6C:0E:83:75:81
            X509v3 Authority Key Identifier:
                keyid:92:71:05:C9:D1:FB:06:90:55:49:71:F4:64:CA:21:F4:A4:5C:10:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/knEFydH7BpBVSXH0ZMoh9KRcEGo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/0c9d80-43a5-453a-ad25-4ee92ee1e0cd/1/owHEbuwcnPA8b7n_osJ_bA6DdYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/0c9d80-43a5-453a-ad25-4ee92ee1e0cd/1/knEFydH7BpBVSXH0ZMoh9KRcEGo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:11:ef:f3:ea:91:7f:3b:a9:f7:77:d5:f9:ab:3b:8e:82:bf:
         56:e9:dd:25:02:19:a0:6b:2e:dd:1a:3f:1c:d0:0a:a0:d3:81:
         bb:b3:34:f2:0b:7d:5c:66:79:75:58:97:7b:c5:b4:7b:3b:af:
         13:36:6f:13:9c:57:96:a6:21:e2:8a:27:47:c8:0f:e2:c3:83:
         8c:63:b0:ed:97:e5:b6:00:13:4a:92:58:00:27:67:7b:2a:9c:
         cc:58:13:a4:f1:a7:2e:f8:71:0e:31:50:64:6d:e7:a1:08:3a:
         45:28:db:b9:84:7f:1e:42:eb:64:08:aa:22:bc:2b:66:c5:24:
         9a:ac:79:ed:d3:02:80:b0:1c:13:e8:8f:f3:4e:da:83:91:2d:
         e9:93:01:f8:9e:6d:f6:1e:2f:a8:ae:bb:b8:87:41:06:a6:5a:
         05:2e:67:10:ce:29:f3:79:8c:d0:f6:97:7e:13:8a:3e:99:5e:
         59:f6:7c:ad:a2:ab:67:a6:db:d7:f4:ec:9d:36:78:bc:54:1c:
         16:63:f9:72:31:65:55:d8:49:ec:4f:de:ec:ec:ef:f5:4f:61:
         1a:81:6b:6e:66:bd:fd:5c:1a:28:82:de:12:d9:82:6d:b0:77:
         c6:03:03:3f:9f:c8:38:3c:96:18:89:4b:47:bd:12:28:c5:ab:
         99:e1:0a:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2ytN1PPXU1l7qJqfreBoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyNzEwNWM5ZDFmYjA2OTA1NTQ5NzFmNDY0Y2EyMWY0YTQ1
YzEwNmEwHhcNMjQwMTAxMDIyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzAxYzQ2ZWVjMWM5Y2YwM2M2ZmI5ZmZhMmMyN2Y2YzBlODM3NTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlVtJVx2DpfvbOFhwJ3igC9dBmCNl
jNMjJ4TC+TEkd4fdT1xpPNbjGyUWRuNaAEBEsKlO+1WO9Bo8SZsW5tXCAbjVrgO9
CAJulNadEWxN4wuZ7uR5K/hpCipaD+XP+m4LeqqnngLigYSAtoH9s+2BGQTrnC5g
vrFodIKxrgdcofEV2tpMNG0uzZRlnTPohh2NbYzXpYcPm+d3wBVGeRgGNEr/2FTJ
lKdq7m9Gs+pL5eG+E1G5C04vfPSDsC6Yx9qfobwA4Dsj47i/HCvjAzIXzbocZfy/
raUW6MQ0DH09c8YQcsQITB+twWtDtv3BWYGPobOkW3+66AAWlJO1Af9zQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKMBxG7sHJzwPG+5/6LCf2wOg3WBMB8GA1UdIwQY
MBaAFJJxBcnR+waQVUlx9GTKIfSkXBBqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva25FRnlkSDdCcEJWU1hIMFpNb2g5S1JjRUdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi8wYzlkODAtNDNhNS00NTNhLWFkMjUt
NGVlOTJlZTFlMGNkLzEvb3dIRWJ1d2NuUEE4YjduX29zSl9iQTZEZFlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi8wYzlkODAtNDNhNS00NTNhLWFkMjUtNGVlOTJlZTFlMGNk
LzEva25FRnlkSDdCcEJWU1hIMFpNb2g5S1JjRUdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9SPMA0G
CSqGSIb3DQEBCwUAA4IBAQBlEe/z6pF/O6n3d9X5qzuOgr9W6d0lAhmgay7dGj8c
0Aqg04G7szTyC31cZnl1WJd7xbR7O68TNm8TnFeWpiHiiidHyA/iw4OMY7Dtl+W2
ABNKklgAJ2d7KpzMWBOk8acu+HEOMVBkbeehCDpFKNu5hH8eQutkCKoivCtmxSSa
rHnt0wKAsBwT6I/zTtqDkS3pkwH4nm32Hi+orru4h0EGploFLmcQzinzeYzQ9pd+
E4o+mV5Z9nytoqtnptvX9OydNni8VBwWY/lyMWVV2EnsT97s7O/1T2EagWtuZr39
XBoogt4S2YJtsHfGAwM/n8g4PJYYiUtHvRIoxauZ4Qqc
-----END CERTIFICATE-----