Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/DNYZJL9oauPxhK6x5p-s4sKRuqY.roa
File:                     DNYZJL9oauPxhK6x5p-s4sKRuqY.roa (raw, json)
Hash identifier:          2Ul22ZawuU6E2JFVlvderKKgir4TDPB9Dz4G+4a8yqQ=
Subject key identifier:   0C:D6:19:24:BF:68:6A:E3:F1:84:AE:B1:E6:9F:AC:E2:C2:91:BA:A6
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC5011D5B62962F3BB379504D4E6E39B0
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/DNYZJL9oauPxhK6x5p-s4sKRuqY.roa
Signing time:             Mon 01 Jan 2024 12:30:33 +0000
ROA not before:           Mon 01 Jan 2024 12:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     149782
IP address blocks:        45.91.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:1d:5b:62:96:2f:3b:b3:79:50:4d:4e:6e:39:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0cd61924bf686ae3f184aeb1e69face2c291baa6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:f5:9d:d5:b2:f5:c2:b8:23:1e:12:c0:0a:4c:
                    20:7e:22:eb:5a:4f:73:ad:e2:72:17:de:69:f6:a5:
                    82:8e:1d:d2:f4:a8:66:5d:81:ea:62:25:1c:5f:a7:
                    58:da:b9:78:3f:1d:c4:64:4c:57:7b:28:7d:8e:15:
                    c7:d4:98:b7:5b:43:f6:05:aa:28:43:83:4c:c0:6c:
                    0b:61:7e:8e:75:e0:3d:71:c5:8d:7e:34:34:74:96:
                    83:99:16:cf:d2:a1:f1:ea:19:7f:36:5d:13:f3:cb:
                    0d:ba:3b:c0:47:5f:4e:fd:e8:27:ec:ea:5c:a8:6a:
                    e7:9f:0f:4f:bd:01:44:61:73:65:c5:3e:ec:a0:05:
                    be:b5:5e:a0:d6:38:3e:80:d2:8d:4a:bc:b9:5a:48:
                    7a:31:ab:14:5f:65:30:c9:4e:9a:26:5f:70:74:b7:
                    8f:ac:74:d6:55:6b:c9:d0:30:9e:0c:59:00:5f:4b:
                    0e:86:7e:bd:39:1c:97:d4:42:8a:42:fa:97:52:cb:
                    45:db:e3:d7:df:8a:5d:20:0e:eb:79:e6:e4:50:00:
                    08:53:fb:2f:df:fa:81:0a:be:68:1d:13:97:27:b0:
                    d7:12:2c:9a:d3:41:e5:f8:ba:ea:d3:22:4c:c3:8a:
                    8f:28:ed:0d:45:52:e1:ef:5e:38:4e:66:95:08:66:
                    d2:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:D6:19:24:BF:68:6A:E3:F1:84:AE:B1:E6:9F:AC:E2:C2:91:BA:A6
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/DNYZJL9oauPxhK6x5p-s4sKRuqY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:52:d0:f0:82:05:7e:20:12:fd:01:13:de:ca:d7:70:14:c4:
         ee:2e:d4:b4:b4:8a:58:62:22:65:ec:49:73:4f:95:fc:a1:2d:
         7c:e0:ef:f0:72:96:a6:7e:cf:8d:20:ba:46:59:15:25:25:9b:
         43:aa:82:9f:67:f5:e2:6b:fe:77:30:e9:6c:29:26:66:f3:56:
         f7:89:2f:dc:ad:ee:26:00:3f:13:8a:29:6d:7b:f1:7d:97:42:
         34:87:b6:2c:cb:f0:dd:c2:36:25:60:90:80:5a:d3:2e:99:88:
         24:eb:d4:59:78:f9:a0:6c:78:4f:c5:fd:28:5b:23:db:2a:e7:
         07:19:c3:8c:14:bf:7f:84:c0:c7:17:9c:29:75:c2:c5:59:96:
         af:a6:1a:24:7c:f4:d6:ef:16:58:48:d4:d8:cf:b8:9e:69:7a:
         3c:ab:3a:88:8f:86:2a:7d:47:f6:b3:48:a2:70:2d:bd:f3:4c:
         fd:a8:da:a3:c2:88:6e:c1:e4:10:62:2e:83:1c:1c:a1:dc:d9:
         d4:46:98:42:d1:2b:5f:ee:08:cc:74:ba:91:de:c9:0c:1f:1a:
         89:bc:22:62:da:23:5c:99:1d:82:e0:8b:a2:83:da:5a:92:55:
         3e:3e:c3:37:7f:80:54:39:08:c9:a8:07:de:78:38:47:31:ea:
         d2:c6:8a:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAR1bYpYvO7N5UE1ObjmwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2Q2MTkyNGJmNjg2YWUzZjE4NGFlYjFlNjlmYWNlMmMyOTFiYWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkfWd1bL1wrgjHhLACkwgfiLrWk9z
reJyF95p9qWCjh3S9KhmXYHqYiUcX6dY2rl4Px3EZExXeyh9jhXH1Ji3W0P2Baoo
Q4NMwGwLYX6OdeA9ccWNfjQ0dJaDmRbP0qHx6hl/Nl0T88sNujvAR19O/egn7Opc
qGrnnw9PvQFEYXNlxT7soAW+tV6g1jg+gNKNSry5Wkh6MasUX2UwyU6aJl9wdLeP
rHTWVWvJ0DCeDFkAX0sOhn69ORyX1EKKQvqXUstF2+PX34pdIA7reebkUAAIU/sv
3/qBCr5oHROXJ7DXEiya00Hl+Lrq0yJMw4qPKO0NRVLh7144TmaVCGbSXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAzWGSS/aGrj8YSuseafrOLCkbqmMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvRE5ZWkpMOW9hdVB4aEs2eDVwLXM0c0tSdXFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVszMA0G
CSqGSIb3DQEBCwUAA4IBAQBSUtDwggV+IBL9ARPeytdwFMTuLtS0tIpYYiJl7Elz
T5X8oS184O/wcpamfs+NILpGWRUlJZtDqoKfZ/Xia/53MOlsKSZm81b3iS/cre4m
AD8Tiilte/F9l0I0h7Ysy/DdwjYlYJCAWtMumYgk69RZePmgbHhPxf0oWyPbKucH
GcOMFL9/hMDHF5wpdcLFWZavphokfPTW7xZYSNTYz7ieaXo8qzqIj4YqfUf2s0ii
cC2980z9qNqjwohuweQQYi6DHByh3NnURphC0Stf7gjMdLqR3skMHxqJvCJi2iNc
mR2C4Iuig9paklU+PsM3f4BUOQjJqAfeeDhHMerSxopz
-----END CERTIFICATE-----