Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/5346ec-450a-4fe2-be64-e4cc045ab9ff/1/E9a2cPt81Zg3KoC7MdcSs6nGf4k.roa
File:                     E9a2cPt81Zg3KoC7MdcSs6nGf4k.roa (raw, json)
Hash identifier:          Jr1tFkjqLCVhZB/pm48eGERjpHI2JMSx1tltUlospy4=
Subject key identifier:   13:D6:B6:70:FB:7C:D5:98:37:2A:80:BB:31:D7:12:B3:A9:C6:7F:89
Certificate issuer:       /CN=7c2ca9b9a9a19322799774e7a179f4aa72cc3741
Certificate serial:       018CC49366BF67365EED805082EBF6E259C1
Authority key identifier: 7C:2C:A9:B9:A9:A1:93:22:79:97:74:E7:A1:79:F4:AA:72:CC:37:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fCypuamhkyJ5l3TnoXn0qnLMN0E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/5346ec-450a-4fe2-be64-e4cc045ab9ff/1/E9a2cPt81Zg3KoC7MdcSs6nGf4k.roa
Signing time:             Mon 01 Jan 2024 10:30:43 +0000
ROA not before:           Mon 01 Jan 2024 10:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49525
IP address blocks:        91.212.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/5346ec-450a-4fe2-be64-e4cc045ab9ff/1/fCypuamhkyJ5l3TnoXn0qnLMN0E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/5346ec-450a-4fe2-be64-e4cc045ab9ff/1/fCypuamhkyJ5l3TnoXn0qnLMN0E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fCypuamhkyJ5l3TnoXn0qnLMN0E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:66:bf:67:36:5e:ed:80:50:82:eb:f6:e2:59:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c2ca9b9a9a19322799774e7a179f4aa72cc3741
        Validity
            Not Before: Jan  1 10:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=13d6b670fb7cd598372a80bb31d712b3a9c67f89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:43:74:72:4e:d7:86:88:d3:95:3e:ce:12:94:
                    01:e3:05:f7:16:86:1e:d2:e6:d5:9e:48:fc:e8:a0:
                    b6:fd:69:b2:2c:e5:9d:52:f7:2d:ed:5d:51:35:66:
                    3a:9c:24:5d:5f:3b:38:42:81:8c:0d:eb:d7:de:0c:
                    bf:6d:0a:28:a5:46:28:65:a9:a9:e6:18:0a:bb:c2:
                    36:38:a7:56:3b:9b:16:97:f7:f1:e9:88:51:49:5e:
                    26:12:06:6a:8a:b3:aa:2e:78:0d:ff:5f:30:92:ce:
                    b8:1c:16:d4:24:a7:04:7f:78:da:ae:8f:dd:6d:04:
                    80:42:a6:91:8c:11:79:41:b4:bc:f2:61:c9:f7:48:
                    6a:d9:a1:d1:f1:c5:25:8e:79:48:98:a3:41:0b:03:
                    db:da:b4:d1:4b:d2:45:06:c8:00:3b:20:b6:76:13:
                    45:9a:4c:af:11:f9:93:b3:a1:6d:cf:1a:01:78:49:
                    bf:7d:e0:8b:3a:d6:e7:3d:f2:e3:16:23:a2:b5:f5:
                    be:55:38:d2:2f:64:ae:86:82:6a:84:bb:79:54:f9:
                    a3:c8:8e:3b:ed:9d:77:56:3d:77:03:27:e1:14:42:
                    eb:de:62:89:8e:c0:0e:66:9e:ff:ec:5a:52:1c:04:
                    eb:e4:a8:53:55:0d:26:89:89:fe:f3:d5:1f:37:40:
                    ec:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:D6:B6:70:FB:7C:D5:98:37:2A:80:BB:31:D7:12:B3:A9:C6:7F:89
            X509v3 Authority Key Identifier:
                keyid:7C:2C:A9:B9:A9:A1:93:22:79:97:74:E7:A1:79:F4:AA:72:CC:37:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fCypuamhkyJ5l3TnoXn0qnLMN0E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/5346ec-450a-4fe2-be64-e4cc045ab9ff/1/E9a2cPt81Zg3KoC7MdcSs6nGf4k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/5346ec-450a-4fe2-be64-e4cc045ab9ff/1/fCypuamhkyJ5l3TnoXn0qnLMN0E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:ab:85:99:5f:c8:7b:50:54:5d:d2:4f:6e:00:37:9e:04:ed:
         9f:73:c7:dc:6b:5e:ed:48:77:9e:06:81:34:0a:45:65:4f:a7:
         a2:8a:16:49:36:2b:0f:8a:58:d9:78:d4:d2:26:81:3a:3c:c5:
         33:03:f1:cb:43:fa:cf:8e:a6:ee:fb:9d:d9:95:28:2a:96:cb:
         31:57:bd:c3:00:94:b7:c7:14:95:72:b9:25:93:fb:61:c5:fb:
         8f:9a:d7:17:9e:6e:19:1b:91:7b:30:c3:24:00:34:4a:b7:fa:
         fa:2a:1a:7e:b2:d5:28:43:9e:52:0c:96:e6:e0:a0:e8:a9:8b:
         ff:6c:32:be:72:f4:aa:32:cd:e0:94:d0:66:74:94:5a:4e:cf:
         6f:02:52:a7:47:70:2b:a4:3d:4c:92:16:1b:33:c1:6d:ac:f1:
         70:17:b1:1c:f9:5f:ef:ae:7e:7a:b9:fe:2b:1a:48:75:7b:60:
         03:6f:2f:03:dd:76:53:4a:bc:93:1b:70:83:85:a1:b8:b0:74:
         2d:47:96:11:f0:b5:0f:0c:7a:a5:06:b2:30:70:3e:b6:b0:5e:
         e5:6f:df:bf:08:5d:fd:3a:6c:a6:5a:45:25:4e:a4:f6:d4:f1:
         98:c2:42:d6:8f:d0:8b:19:8f:5a:3b:c6:01:ba:b8:5c:df:75:
         d7:67:bc:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk2a/ZzZe7YBQguv24lnBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjMmNhOWI5YTlhMTkzMjI3OTk3NzRlN2ExNzlmNGFhNzJj
YzM3NDEwHhcNMjQwMTAxMTAzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2Q2YjY3MGZiN2NkNTk4MzcyYTgwYmIzMWQ3MTJiM2E5YzY3Zjg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmkN0ck7XhojTlT7OEpQB4wX3FoYe
0ubVnkj86KC2/WmyLOWdUvct7V1RNWY6nCRdXzs4QoGMDevX3gy/bQoopUYoZamp
5hgKu8I2OKdWO5sWl/fx6YhRSV4mEgZqirOqLngN/18wks64HBbUJKcEf3jaro/d
bQSAQqaRjBF5QbS88mHJ90hq2aHR8cUljnlImKNBCwPb2rTRS9JFBsgAOyC2dhNF
mkyvEfmTs6FtzxoBeEm/feCLOtbnPfLjFiOitfW+VTjSL2SuhoJqhLt5VPmjyI47
7Z13Vj13AyfhFELr3mKJjsAOZp7/7FpSHATr5KhTVQ0miYn+89UfN0Ds3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBPWtnD7fNWYNyqAuzHXErOpxn+JMB8GA1UdIwQY
MBaAFHwsqbmpoZMieZd056F59KpyzDdBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkN5cHVhbWhreUo1bDNUbm9YbjBxbkxNTjBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS81MzQ2ZWMtNDUwYS00ZmUyLWJlNjQt
ZTRjYzA0NWFiOWZmLzEvRTlhMmNQdDgxWmczS29DN01kY1NzNm5HZjRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS81MzQ2ZWMtNDUwYS00ZmUyLWJlNjQtZTRjYzA0NWFiOWZm
LzEvZkN5cHVhbWhreUo1bDNUbm9YbjBxbkxNTjBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9TqMA0G
CSqGSIb3DQEBCwUAA4IBAQAaq4WZX8h7UFRd0k9uADeeBO2fc8fca17tSHeeBoE0
CkVlT6eiihZJNisPiljZeNTSJoE6PMUzA/HLQ/rPjqbu+53ZlSgqlssxV73DAJS3
xxSVcrklk/thxfuPmtcXnm4ZG5F7MMMkADRKt/r6Khp+stUoQ55SDJbm4KDoqYv/
bDK+cvSqMs3glNBmdJRaTs9vAlKnR3ArpD1MkhYbM8FtrPFwF7Ec+V/vrn56uf4r
Gkh1e2ADby8D3XZTSryTG3CDhaG4sHQtR5YR8LUPDHqlBrIwcD62sF7lb9+/CF39
OmymWkUlTqT21PGYwkLWj9CLGY9aO8YBurhc33XXZ7x7
-----END CERTIFICATE-----