Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/3dj151CcfZIGnXqypDirRFcMjno.roa
File:                     3dj151CcfZIGnXqypDirRFcMjno.roa (raw, json)
Hash identifier:          tW1399GGGUxEr17kQDRErTZDHN0xCzhOjSTbK/hqo2I=
Subject key identifier:   DD:D8:F5:E7:50:9C:7D:92:06:9D:7A:B2:A4:38:AB:44:57:0C:8E:7A
Certificate issuer:       /CN=8b37183341a2ab6df3c59ec827ed71200b5a6244
Certificate serial:       01936910D0EF60A6C752099C50C86F877102
Authority key identifier: 8B:37:18:33:41:A2:AB:6D:F3:C5:9E:C8:27:ED:71:20:0B:5A:62:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/3dj151CcfZIGnXqypDirRFcMjno.roa
Signing time:             Tue 26 Nov 2024 15:22:09 +0000
ROA not before:           Tue 26 Nov 2024 15:22:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     932
IP address blocks:        91.217.162.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 09:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:69:10:d0:ef:60:a6:c7:52:09:9c:50:c8:6f:87:71:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b37183341a2ab6df3c59ec827ed71200b5a6244
        Validity
            Not Before: Nov 26 15:22:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ddd8f5e7509c7d92069d7ab2a438ab44570c8e7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:c8:06:36:08:b5:5a:61:98:38:29:a9:4e:bf:
                    e0:a3:63:7e:1f:59:38:8b:05:ef:fe:f3:2f:af:83:
                    a8:1f:34:7e:11:ab:7d:10:8a:45:18:3a:94:a4:27:
                    54:11:a9:58:49:29:d5:ff:a2:be:41:9c:eb:88:f7:
                    36:97:30:b4:e0:60:79:6d:7d:23:7a:f4:09:6b:ba:
                    4e:65:f6:d1:45:4c:14:1d:db:75:5c:56:5d:5d:22:
                    03:a8:52:86:6f:a1:66:4a:f9:51:69:2f:4b:b4:4b:
                    d0:30:a0:17:2f:f7:29:4b:5f:b8:dd:46:b3:49:fd:
                    7c:1f:de:51:00:7e:f7:62:ea:bb:15:8d:80:c6:ea:
                    f3:b4:ff:7a:d5:07:c5:07:48:4d:65:cf:0b:94:3e:
                    95:9e:3e:4c:a1:e5:dc:2c:72:46:a9:1b:51:38:52:
                    f1:25:a5:8a:24:2c:66:1c:a2:63:90:9f:a7:02:29:
                    a3:d6:d0:a9:e9:81:3a:97:b0:05:a3:20:3c:35:d9:
                    58:e0:2b:cb:e4:5b:02:58:e7:06:2c:be:83:f6:9e:
                    0a:d6:48:64:1a:66:fc:95:9d:5a:7e:41:ff:9b:4b:
                    21:ff:10:1b:8a:19:71:57:18:c4:25:0a:f0:94:1f:
                    3e:b9:d0:18:e6:24:21:43:d5:4f:d2:d2:fc:db:9f:
                    39:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:D8:F5:E7:50:9C:7D:92:06:9D:7A:B2:A4:38:AB:44:57:0C:8E:7A
            X509v3 Authority Key Identifier:
                keyid:8B:37:18:33:41:A2:AB:6D:F3:C5:9E:C8:27:ED:71:20:0B:5A:62:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/3dj151CcfZIGnXqypDirRFcMjno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:01:a2:5a:97:f3:6d:04:6e:4f:fe:1f:7d:8e:f7:10:97:dd:
         4e:01:37:ae:b9:4c:b1:98:2d:44:90:34:59:26:98:82:02:5e:
         bd:bb:09:74:72:42:c7:85:b4:e5:19:ca:83:9e:42:d5:d2:33:
         21:96:02:c8:f4:f6:cf:02:c7:52:b5:4e:60:57:7b:1a:a0:61:
         7e:a1:ca:db:b6:c9:bd:78:af:54:86:7d:5f:5a:ab:7b:79:87:
         ec:38:47:9b:72:98:14:8b:c5:c1:6e:ac:f2:57:26:11:b3:2d:
         c8:72:f1:e5:4a:44:35:82:3e:bd:7d:15:82:45:59:c2:cc:a0:
         96:b2:4b:a7:17:21:ed:36:97:ea:e1:33:29:55:2d:86:d9:d4:
         6b:2e:b8:ba:90:33:38:24:b0:6f:f5:32:ef:b0:25:42:f4:66:
         b1:f6:45:ec:c8:a3:37:91:b7:fb:24:c0:49:d3:c2:f3:ec:af:
         79:d4:c4:d0:48:83:90:e4:25:63:a2:1e:20:13:61:df:97:01:
         ec:97:a2:6c:38:a2:82:1f:c7:bf:56:bc:a8:14:a6:a2:43:d3:
         c0:54:d6:28:f7:1b:60:06:4f:6e:62:3b:d9:94:43:34:8a:f0:
         62:07:04:64:fd:d8:44:ac:5c:43:e4:b2:f2:97:b0:2b:13:a3:
         7d:21:c2:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNpENDvYKbHUgmcUMhvh3ECMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiMzcxODMzNDFhMmFiNmRmM2M1OWVjODI3ZWQ3MTIwMGI1
YTYyNDQwHhcNMjQxMTI2MTUyMjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGQ4ZjVlNzUwOWM3ZDkyMDY5ZDdhYjJhNDM4YWI0NDU3MGM4ZTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuMgGNgi1WmGYOCmpTr/go2N+H1k4
iwXv/vMvr4OoHzR+Eat9EIpFGDqUpCdUEalYSSnV/6K+QZzriPc2lzC04GB5bX0j
evQJa7pOZfbRRUwUHdt1XFZdXSIDqFKGb6FmSvlRaS9LtEvQMKAXL/cpS1+43Uaz
Sf18H95RAH73Yuq7FY2AxurztP961QfFB0hNZc8LlD6Vnj5MoeXcLHJGqRtROFLx
JaWKJCxmHKJjkJ+nAimj1tCp6YE6l7AFoyA8NdlY4CvL5FsCWOcGLL6D9p4K1khk
Gmb8lZ1afkH/m0sh/xAbihlxVxjEJQrwlB8+udAY5iQhQ9VP0tL82585vQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN3Y9edQnH2SBp16sqQ4q0RXDI56MB8GA1UdIwQY
MBaAFIs3GDNBoqtt88WeyCftcSALWmJEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXpjWU0wR2lxMjN6eFo3SUotMXhJQXRhWWtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8xYzc4ZTMtNjdkNi00ZTkwLWFlYjUt
MDg1MmNiMzUzMjkzLzEvM2RqMTUxQ2NmWklHblhxeXBEaXJSRmNNam5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8xYzc4ZTMtNjdkNi00ZTkwLWFlYjUtMDg1MmNiMzUzMjkz
LzEvaXpjWU0wR2lxMjN6eFo3SUotMXhJQXRhWWtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9miMA0G
CSqGSIb3DQEBCwUAA4IBAQCOAaJal/NtBG5P/h99jvcQl91OATeuuUyxmC1EkDRZ
JpiCAl69uwl0ckLHhbTlGcqDnkLV0jMhlgLI9PbPAsdStU5gV3saoGF+ocrbtsm9
eK9Uhn1fWqt7eYfsOEebcpgUi8XBbqzyVyYRsy3IcvHlSkQ1gj69fRWCRVnCzKCW
skunFyHtNpfq4TMpVS2G2dRrLri6kDM4JLBv9TLvsCVC9Gax9kXsyKM3kbf7JMBJ
08Lz7K951MTQSIOQ5CVjoh4gE2HflwHsl6JsOKKCH8e/VryoFKaiQ9PAVNYo9xtg
Bk9uYjvZlEM0ivBiBwRk/dhErFxD5LLyl7ArE6N9IcLQ
-----END CERTIFICATE-----