Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/v9WDebORle7sLicg4zlEJofUdx8.roa
File:                     v9WDebORle7sLicg4zlEJofUdx8.roa (raw, json)
Hash identifier:          8FGwgBKLdMfxYsHim50ZsJBJ6u03VcnGpUytJOLhDfM=
Subject key identifier:   BF:D5:83:79:B3:91:95:EE:EC:2E:27:20:E3:39:44:26:87:D4:77:1F
Certificate issuer:       /CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Certificate serial:       018DF4B50A8473E174F02B7684E6C74716D2
Authority key identifier: FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/v9WDebORle7sLicg4zlEJofUdx8.roa
Signing time:             Thu 29 Feb 2024 11:52:01 +0000
ROA not before:           Thu 29 Feb 2024 11:52:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58061
IP address blocks:        45.91.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f4:b5:0a:84:73:e1:74:f0:2b:76:84:e6:c7:47:16:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
        Validity
            Not Before: Feb 29 11:52:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bfd58379b39195eeec2e2720e339442687d4771f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:6c:0c:32:67:76:81:89:7b:d8:ea:f4:27:bc:
                    50:c5:81:41:ad:a1:30:af:f6:e1:82:25:f0:8d:ea:
                    ba:ea:80:54:23:95:68:f4:23:6b:56:6c:5a:33:49:
                    4a:d8:20:5c:fe:cc:f7:bb:57:e4:73:77:c0:5a:3e:
                    06:7c:1b:f1:f5:40:5c:ba:60:ff:8b:2f:d1:5f:56:
                    b0:59:45:df:39:64:b3:79:cd:99:a6:ee:99:3d:9b:
                    ed:9c:32:0e:0f:e5:be:74:ab:e1:c6:79:a5:72:f5:
                    5f:e7:63:d3:18:d2:f5:c0:2c:d4:95:e2:0d:9a:9e:
                    e0:3b:1a:cc:f6:6e:e6:80:c7:cd:40:02:9e:78:cb:
                    38:1e:db:2e:08:d5:56:03:32:d2:57:08:09:ec:68:
                    e8:4d:d0:dd:04:e1:bf:39:44:3c:9f:0b:89:3f:11:
                    da:1a:32:2b:e0:53:16:89:44:28:ca:fe:e9:eb:0a:
                    69:ec:1c:21:e3:3d:8a:aa:6f:57:7e:1f:56:ad:8b:
                    5f:a6:58:b9:f0:e0:c9:a1:73:f2:c0:24:4a:dd:52:
                    5c:c4:09:45:2e:fb:c6:d5:c7:0d:31:2a:45:b9:4e:
                    08:e3:2a:2d:5a:aa:50:57:93:1b:d5:4d:c8:cb:1d:
                    03:66:1b:23:c8:ff:55:bd:93:9d:52:98:7d:21:1c:
                    c5:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:D5:83:79:B3:91:95:EE:EC:2E:27:20:E3:39:44:26:87:D4:77:1F
            X509v3 Authority Key Identifier:
                keyid:FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/v9WDebORle7sLicg4zlEJofUdx8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:38:7e:fd:4d:bc:17:a7:fc:38:89:5d:e7:01:df:69:1f:8c:
         5d:a7:11:b4:37:4f:52:43:e1:98:dc:aa:db:4e:29:17:b2:e2:
         a4:d4:71:ca:ed:85:98:5e:5a:ab:52:a7:61:63:71:28:48:36:
         3c:4e:22:a2:62:aa:61:62:48:90:a7:3e:aa:7d:05:0e:0e:ae:
         9a:22:1e:9d:5c:f4:89:2b:a4:9b:1e:d2:da:e8:14:f1:66:5c:
         25:77:ae:27:2e:2f:ef:ff:9d:ea:b0:a0:f8:8c:2a:b5:cc:83:
         98:e5:fb:f7:bc:0c:39:c5:17:fc:a6:52:60:42:0b:e4:8f:98:
         2b:0c:aa:d4:83:be:30:48:de:42:2e:25:f5:86:ca:4b:b2:fb:
         7f:3a:14:91:6c:6d:09:9b:e2:4b:2f:3d:93:6d:9a:f1:9c:f4:
         bb:11:95:eb:4c:5a:fc:5a:7f:01:47:79:33:ad:35:56:ff:32:
         84:f7:ea:da:a9:a9:93:52:15:7d:56:fd:a2:4a:91:50:be:e6:
         a4:33:46:9e:d7:c4:53:45:60:b9:87:43:57:cb:11:35:b8:a8:
         0d:78:b9:96:e9:14:8e:4f:b2:2d:20:68:87:bb:4f:2e:78:0b:
         ee:89:93:e3:8b:83:ad:39:68:fc:2e:4f:b7:a2:1f:8c:b0:82:
         cb:50:5f:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY30tQqEc+F08Ct2hObHRxbSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIzMDlhNjgxNDY3OGFkNzJlM2YzMWE0ZmUwMjcyZjQw
YmQ5ODYwHhcNMjQwMjI5MTE1MjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmQ1ODM3OWIzOTE5NWVlZWMyZTI3MjBlMzM5NDQyNjg3ZDQ3NzFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3GwMMmd2gYl72Or0J7xQxYFBraEw
r/bhgiXwjeq66oBUI5Vo9CNrVmxaM0lK2CBc/sz3u1fkc3fAWj4GfBvx9UBcumD/
iy/RX1awWUXfOWSzec2Zpu6ZPZvtnDIOD+W+dKvhxnmlcvVf52PTGNL1wCzUleIN
mp7gOxrM9m7mgMfNQAKeeMs4HtsuCNVWAzLSVwgJ7GjoTdDdBOG/OUQ8nwuJPxHa
GjIr4FMWiUQoyv7p6wpp7Bwh4z2Kqm9Xfh9WrYtfpli58ODJoXPywCRK3VJcxAlF
LvvG1ccNMSpFuU4I4yotWqpQV5Mb1U3Iyx0DZhsjyP9VvZOdUph9IRzFTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL/Vg3mzkZXu7C4nIOM5RCaH1HcfMB8GA1UdIwQY
MBaAFP+CMJpoFGeK1y4/MaT+AnL0C9mGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTkt
ZjUyNTgxNjQwMmJkLzEvdjlXRGViT1JsZTdzTGljZzR6bEVKb2ZVZHg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTktZjUyNTgxNjQwMmJk
LzEvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVsEMA0G
CSqGSIb3DQEBCwUAA4IBAQBuOH79TbwXp/w4iV3nAd9pH4xdpxG0N09SQ+GY3Krb
TikXsuKk1HHK7YWYXlqrUqdhY3EoSDY8TiKiYqphYkiQpz6qfQUODq6aIh6dXPSJ
K6SbHtLa6BTxZlwld64nLi/v/53qsKD4jCq1zIOY5fv3vAw5xRf8plJgQgvkj5gr
DKrUg74wSN5CLiX1hspLsvt/OhSRbG0Jm+JLLz2TbZrxnPS7EZXrTFr8Wn8BR3kz
rTVW/zKE9+raqamTUhV9Vv2iSpFQvuakM0ae18RTRWC5h0NXyxE1uKgNeLmW6RSO
T7ItIGiHu08ueAvuiZPji4OtOWj8Lk+3oh+MsILLUF+9
-----END CERTIFICATE-----