Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/njjBP2KSG5_-KIXdb6f_VzKvDq4.roa
File:                     njjBP2KSG5_-KIXdb6f_VzKvDq4.roa (raw, json)
Hash identifier:          w2ptwtJB46Q3C2WNQ8DzQBsnz51MLraEPcdWZxYTkdQ=
Subject key identifier:   9E:38:C1:3F:62:92:1B:9F:FE:28:85:DD:6F:A7:FF:57:32:AF:0E:AE
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019422202D69631070FF273D6C75164FA582
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/njjBP2KSG5_-KIXdb6f_VzKvDq4.roa
Signing time:             Wed 01 Jan 2025 13:48:41 +0000
ROA not before:           Wed 01 Jan 2025 13:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198352
IP address blocks:        91.190.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:2d:69:63:10:70:ff:27:3d:6c:75:16:4f:a5:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9e38c13f62921b9ffe2885dd6fa7ff5732af0eae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:3a:c5:f5:b6:5e:ef:b3:a1:a7:2d:f5:a8:9f:
                    18:36:43:86:3b:54:b9:c1:07:58:d0:bc:62:d0:87:
                    e5:d6:35:af:4f:2b:e4:1e:51:b8:d5:76:ce:bf:28:
                    c1:fa:5c:e4:94:02:a3:2b:d0:0b:a6:bf:6a:ca:29:
                    2c:77:89:a6:e6:5b:95:0e:4f:91:8d:05:6d:29:c5:
                    f1:90:d7:4a:4c:fe:75:02:c0:16:10:92:fd:09:1d:
                    cb:3e:c7:1c:3c:d1:83:f9:3d:c6:cc:54:19:77:df:
                    ba:3f:a1:26:8a:9e:f8:96:50:2f:34:06:bf:eb:96:
                    3e:ba:d1:e9:5d:00:b1:90:51:e2:31:3e:a1:e0:c4:
                    2a:65:73:31:47:ee:79:6b:b4:7e:5e:5f:98:fe:29:
                    ba:66:81:10:e4:80:77:39:24:e8:c6:34:48:f3:e1:
                    98:84:a8:68:49:4e:58:98:36:03:89:fb:ff:0a:ec:
                    e3:44:4c:ba:e9:78:83:a6:aa:df:f5:de:e1:a4:80:
                    6b:8c:e3:5e:19:6e:86:f7:48:a3:a9:16:af:73:cf:
                    34:bc:4c:30:c8:1e:01:3a:ac:9b:61:40:8b:5e:f5:
                    0e:c2:11:f1:e7:e9:5c:aa:d5:bd:12:47:67:e1:f2:
                    22:66:cc:aa:b6:df:37:c9:ae:6c:a4:63:1f:19:c8:
                    dc:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:38:C1:3F:62:92:1B:9F:FE:28:85:DD:6F:A7:FF:57:32:AF:0E:AE
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/njjBP2KSG5_-KIXdb6f_VzKvDq4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.190.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:f5:18:4d:b0:20:04:ee:a6:d0:d8:d4:29:3b:c6:74:47:2a:
         10:d7:c3:10:0d:37:87:29:b4:5a:a6:fc:0d:5e:24:67:52:5b:
         a3:56:b6:24:bb:b1:1d:4b:0b:28:99:73:76:6c:8f:5b:f8:22:
         23:d5:45:b2:92:03:4f:6c:9f:1e:b5:69:97:12:c1:59:28:4e:
         4f:9b:34:3e:75:7b:c0:95:06:f0:8c:33:b2:40:03:ed:d8:89:
         cb:ca:40:a1:18:c8:ec:28:25:b9:ee:bc:50:6b:e5:6b:03:de:
         c7:e2:db:43:c4:d4:b8:69:51:91:63:d9:9f:9f:9f:66:35:b1:
         6e:8f:20:bd:81:4a:bc:31:d6:c8:66:2e:77:da:8a:84:89:ed:
         71:7f:3d:c7:70:5a:f9:7c:d6:37:cd:61:40:43:ec:88:34:43:
         d2:56:8c:2a:6e:fb:cd:6d:3c:bc:b5:41:b1:a3:f9:01:3e:04:
         e4:ae:85:1c:9f:c3:ff:bf:70:06:7c:60:8a:3b:95:13:cf:17:
         b8:ea:e5:05:e5:d0:d0:85:51:28:4a:62:c0:08:fe:ee:69:c5:
         0a:d0:da:7a:3e:03:2c:28:0b:16:d6:0f:75:39:be:fc:f3:65:
         6e:d5:82:70:fb:60:ab:1a:11:62:de:7b:03:21:b7:3a:d4:5e:
         90:dc:5d:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIC1pYxBw/yc9bHUWT6WCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTM4YzEzZjYyOTIxYjlmZmUyODg1ZGQ2ZmE3ZmY1NzMyYWYwZWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDrF9bZe77Ohpy31qJ8YNkOGO1S5
wQdY0Lxi0Ifl1jWvTyvkHlG41XbOvyjB+lzklAKjK9ALpr9qyiksd4mm5luVDk+R
jQVtKcXxkNdKTP51AsAWEJL9CR3LPsccPNGD+T3GzFQZd9+6P6Emip74llAvNAa/
65Y+utHpXQCxkFHiMT6h4MQqZXMxR+55a7R+Xl+Y/im6ZoEQ5IB3OSToxjRI8+GY
hKhoSU5YmDYDifv/CuzjREy66XiDpqrf9d7hpIBrjONeGW6G90ijqRavc880vEww
yB4BOqybYUCLXvUOwhHx5+lcqtW9Ekdn4fIiZsyqtt83ya5spGMfGcjcpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ44wT9ikhuf/iiF3W+n/1cyrw6uMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvbmpqQlAyS1NHNV8tS0lYZGI2Zl9Wekt2RHE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW75iMA0G
CSqGSIb3DQEBCwUAA4IBAQAK9RhNsCAE7qbQ2NQpO8Z0RyoQ18MQDTeHKbRapvwN
XiRnUlujVrYku7EdSwsomXN2bI9b+CIj1UWykgNPbJ8etWmXEsFZKE5PmzQ+dXvA
lQbwjDOyQAPt2InLykChGMjsKCW57rxQa+VrA97H4ttDxNS4aVGRY9mfn59mNbFu
jyC9gUq8MdbIZi532oqEie1xfz3HcFr5fNY3zWFAQ+yINEPSVowqbvvNbTy8tUGx
o/kBPgTkroUcn8P/v3AGfGCKO5UTzxe46uUF5dDQhVEoSmLACP7uacUK0Np6PgMs
KAsW1g91Ob7882Vu1YJw+2CrGhFi3nsDIbc61F6Q3F3g
-----END CERTIFICATE-----