Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/cjjyYzQNNVM-to4Qce9ghuOKDWk.roa
File:                     cjjyYzQNNVM-to4Qce9ghuOKDWk.roa (raw, json)
Hash identifier:          so0DzPRJFzkW+r2EJDJUwoLS/0Fl3JkoobTZGTkK8TM=
Subject key identifier:   72:38:F2:63:34:0D:35:53:3E:B6:8E:10:71:EF:60:86:E3:8A:0D:69
Certificate issuer:       /CN=8b37183341a2ab6df3c59ec827ed71200b5a6244
Certificate serial:       01936910D140B5D961B40072640AD324BD4F
Authority key identifier: 8B:37:18:33:41:A2:AB:6D:F3:C5:9E:C8:27:ED:71:20:0B:5A:62:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/cjjyYzQNNVM-to4Qce9ghuOKDWk.roa
Signing time:             Tue 26 Nov 2024 15:22:10 +0000
ROA not before:           Tue 26 Nov 2024 15:22:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     967
IP address blocks:        91.217.160.0/24 maxlen: 24
                          2a06:5040:2000::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 09:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:69:10:d1:40:b5:d9:61:b4:00:72:64:0a:d3:24:bd:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b37183341a2ab6df3c59ec827ed71200b5a6244
        Validity
            Not Before: Nov 26 15:22:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7238f263340d35533eb68e1071ef6086e38a0d69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:fd:75:a9:32:79:d4:5f:50:34:8d:72:eb:8d:
                    11:ba:23:19:0e:c4:8e:6c:1a:54:05:05:f6:c7:bd:
                    38:ba:9d:ea:4c:4d:94:b2:b0:75:c7:be:29:dc:da:
                    6c:0d:8f:50:29:7e:db:52:f0:f9:89:66:f7:27:43:
                    34:f3:d1:4d:8f:95:a2:61:41:11:08:eb:2f:71:10:
                    10:3a:66:1f:92:f0:9d:2b:72:5c:5d:a4:fa:18:86:
                    5d:f2:6b:79:8f:d4:46:10:41:4f:76:53:70:b4:24:
                    9d:10:7e:28:e5:9a:7d:8d:a1:4b:e4:68:b1:10:bb:
                    67:6d:e1:b3:bd:01:4f:8d:ef:4e:00:e9:12:58:7a:
                    79:a9:ad:6e:4e:ef:79:19:65:16:a3:52:80:59:09:
                    4c:03:6f:ba:be:4f:c4:d3:bb:81:51:9b:c7:c4:a4:
                    02:64:a1:54:2a:3b:2f:7c:7d:d6:f9:1c:7f:c2:fd:
                    98:99:c8:ff:53:e7:32:f3:21:ab:d5:33:fc:ea:0d:
                    bb:eb:76:0b:c8:a9:ee:68:0a:4b:c9:65:ef:95:3d:
                    ae:18:e5:69:91:01:ce:8e:1c:16:fb:a1:35:aa:a2:
                    45:68:7a:7d:4c:04:95:bb:6a:9c:89:5e:e0:16:1b:
                    91:75:d0:0d:91:99:14:01:b0:03:56:51:47:b7:db:
                    e7:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:38:F2:63:34:0D:35:53:3E:B6:8E:10:71:EF:60:86:E3:8A:0D:69
            X509v3 Authority Key Identifier:
                keyid:8B:37:18:33:41:A2:AB:6D:F3:C5:9E:C8:27:ED:71:20:0B:5A:62:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/cjjyYzQNNVM-to4Qce9ghuOKDWk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.160.0/24
                IPv6:
                  2a06:5040:2000::/36

    Signature Algorithm: sha256WithRSAEncryption
         12:04:43:cb:6b:2d:d5:e4:23:f4:5c:28:85:f0:59:2f:e6:e8:
         27:3a:59:f8:fa:af:c0:79:5e:57:40:29:d4:90:09:a7:fb:94:
         4c:88:c8:6d:d7:57:f5:65:87:69:6e:fe:24:a5:23:76:68:ca:
         58:47:1f:75:4f:d2:32:a1:17:ae:79:18:00:73:8d:47:f3:07:
         fd:c2:7a:c7:58:4e:63:78:b9:fd:e1:5b:c3:95:d1:b1:cd:e0:
         8a:27:7d:ae:7a:29:49:48:0d:99:32:83:3a:e1:ba:79:92:03:
         92:74:d4:85:66:81:9f:68:7d:75:82:0a:e8:e0:c8:6b:1e:2c:
         7d:4a:67:d2:ce:bc:45:c1:13:a7:42:66:ef:34:71:e8:5e:b5:
         fa:d0:b1:a7:10:61:9d:29:a6:1e:ff:05:f6:ae:2c:6b:ee:e4:
         1f:78:eb:26:6a:11:7d:10:4d:0f:73:e4:39:d0:a0:63:4a:f2:
         3c:2e:86:3f:6b:1d:8c:b8:73:46:13:46:4e:3b:97:6c:07:f6:
         b8:25:98:7c:13:f8:36:2c:d2:82:55:bb:4b:98:cd:9e:23:e9:
         8c:f5:44:c5:73:47:37:63:5b:cc:a3:f8:d4:6a:f4:4b:09:0e:
         c8:fa:04:f9:11:e3:71:bc:a9:4a:e0:5e:80:75:55:b8:40:92:
         e3:96:8c:05
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZNpENFAtdlhtAByZArTJL1PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiMzcxODMzNDFhMmFiNmRmM2M1OWVjODI3ZWQ3MTIwMGI1
YTYyNDQwHhcNMjQxMTI2MTUyMjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjM4ZjI2MzM0MGQzNTUzM2ViNjhlMTA3MWVmNjA4NmUzOGEwZDY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlP11qTJ51F9QNI1y640RuiMZDsSO
bBpUBQX2x704up3qTE2UsrB1x74p3NpsDY9QKX7bUvD5iWb3J0M089FNj5WiYUER
COsvcRAQOmYfkvCdK3JcXaT6GIZd8mt5j9RGEEFPdlNwtCSdEH4o5Zp9jaFL5Gix
ELtnbeGzvQFPje9OAOkSWHp5qa1uTu95GWUWo1KAWQlMA2+6vk/E07uBUZvHxKQC
ZKFUKjsvfH3W+Rx/wv2Ymcj/U+cy8yGr1TP86g2763YLyKnuaApLyWXvlT2uGOVp
kQHOjhwW+6E1qqJFaHp9TASVu2qciV7gFhuRddANkZkUAbADVlFHt9vniQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFHI48mM0DTVTPraOEHHvYIbjig1pMB8GA1UdIwQY
MBaAFIs3GDNBoqtt88WeyCftcSALWmJEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXpjWU0wR2lxMjN6eFo3SUotMXhJQXRhWWtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8xYzc4ZTMtNjdkNi00ZTkwLWFlYjUt
MDg1MmNiMzUzMjkzLzEvY2pqeVl6UU5OVk0tdG80UWNlOWdodU9LRFdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8xYzc4ZTMtNjdkNi00ZTkwLWFlYjUtMDg1MmNiMzUzMjkz
LzEvaXpjWU0wR2lxMjN6eFo3SUotMXhJQXRhWWtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAW9mgMA4E
AgACMAgDBgQqBlBAIDANBgkqhkiG9w0BAQsFAAOCAQEAEgRDy2st1eQj9FwohfBZ
L+boJzpZ+PqvwHleV0Ap1JAJp/uUTIjIbddX9WWHaW7+JKUjdmjKWEcfdU/SMqEX
rnkYAHONR/MH/cJ6x1hOY3i5/eFbw5XRsc3giid9rnopSUgNmTKDOuG6eZIDknTU
hWaBn2h9dYIK6ODIax4sfUpn0s68RcETp0Jm7zRx6F61+tCxpxBhnSmmHv8F9q4s
a+7kH3jrJmoRfRBND3PkOdCgY0ryPC6GP2sdjLhzRhNGTjuXbAf2uCWYfBP4NizS
glW7S5jNniPpjPVExXNHN2NbzKP41Gr0SwkOyPoE+RHjcbypSuBegHVVuECS45aM
BQ==
-----END CERTIFICATE-----