Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/351113-ed85-42b2-b64f-9ea64862a9ab/1/s9aryt5k6Su7DV6LcTInlHGn1jY.roa
File:                     s9aryt5k6Su7DV6LcTInlHGn1jY.roa (raw, json)
Hash identifier:          1IbCxnrzPzghGWZoFO01f9dmKnDs6cdq9xjYj/RLFNo=
Subject key identifier:   B3:D6:AB:CA:DE:64:E9:2B:BB:0D:5E:8B:71:32:27:94:71:A7:D6:36
Certificate issuer:       /CN=94dec641051b026b95c8459150ca47ddaec89668
Certificate serial:       018CCA9A0DC973173245D82B40EBB980E8BB
Authority key identifier: 94:DE:C6:41:05:1B:02:6B:95:C8:45:91:50:CA:47:DD:AE:C8:96:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lN7GQQUbAmuVyEWRUMpH3a7Ilmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/351113-ed85-42b2-b64f-9ea64862a9ab/1/s9aryt5k6Su7DV6LcTInlHGn1jY.roa
Signing time:             Tue 02 Jan 2024 14:35:42 +0000
ROA not before:           Tue 02 Jan 2024 14:35:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60708
IP address blocks:        91.228.39.0/24 maxlen: 24
                          2a01:7640:400::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/351113-ed85-42b2-b64f-9ea64862a9ab/1/lN7GQQUbAmuVyEWRUMpH3a7Ilmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/351113-ed85-42b2-b64f-9ea64862a9ab/1/lN7GQQUbAmuVyEWRUMpH3a7Ilmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lN7GQQUbAmuVyEWRUMpH3a7Ilmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:9a:0d:c9:73:17:32:45:d8:2b:40:eb:b9:80:e8:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94dec641051b026b95c8459150ca47ddaec89668
        Validity
            Not Before: Jan  2 14:35:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3d6abcade64e92bbb0d5e8b7132279471a7d636
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:46:82:06:e2:50:5f:e9:90:52:90:70:6e:54:
                    a4:1a:a6:20:0f:e4:e1:61:3d:d6:45:47:48:f9:46:
                    ae:7a:35:c9:db:17:4f:58:09:a5:bc:3a:4b:f4:31:
                    aa:d6:b0:db:07:2f:c5:29:13:02:00:47:74:ff:27:
                    01:c8:e8:20:c6:58:28:c8:e5:93:ff:2f:ac:b2:e0:
                    bc:bd:dc:b3:ca:0c:a2:f5:16:a2:02:e9:21:21:5f:
                    e8:51:ed:63:64:94:49:66:24:ee:27:d2:4e:f6:8c:
                    51:15:9f:62:93:b3:da:c8:e9:b6:2c:9e:68:67:14:
                    c6:08:c0:b0:d6:ce:27:8b:d5:3f:6e:02:ec:6d:70:
                    08:b6:6f:d5:c1:54:25:3b:37:42:0e:b4:5d:15:ad:
                    06:50:30:fb:26:7d:a8:34:d1:f4:99:2e:c0:a6:65:
                    bd:42:65:2e:01:43:3e:19:8a:80:ed:06:7d:d1:04:
                    08:ed:80:0e:34:fa:25:82:75:2e:cc:c1:93:f7:a4:
                    60:f9:cf:b5:dd:4e:73:94:31:7e:2e:ac:a8:3d:a4:
                    e0:60:22:f0:b3:9c:79:dd:2a:48:98:32:24:dc:1f:
                    51:d3:48:31:b5:de:b8:39:52:41:69:f6:6c:90:ad:
                    b2:c6:47:29:77:08:e5:4e:31:40:c5:c4:19:41:48:
                    b8:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:D6:AB:CA:DE:64:E9:2B:BB:0D:5E:8B:71:32:27:94:71:A7:D6:36
            X509v3 Authority Key Identifier:
                keyid:94:DE:C6:41:05:1B:02:6B:95:C8:45:91:50:CA:47:DD:AE:C8:96:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lN7GQQUbAmuVyEWRUMpH3a7Ilmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/351113-ed85-42b2-b64f-9ea64862a9ab/1/s9aryt5k6Su7DV6LcTInlHGn1jY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/351113-ed85-42b2-b64f-9ea64862a9ab/1/lN7GQQUbAmuVyEWRUMpH3a7Ilmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.39.0/24
                IPv6:
                  2a01:7640:400::/48

    Signature Algorithm: sha256WithRSAEncryption
         80:02:6a:73:49:84:40:2e:8b:cb:e2:64:aa:0b:9d:a5:a1:b1:
         85:06:44:73:38:b4:9f:88:a5:63:cb:ae:27:8c:53:2e:2e:91:
         d1:dd:a9:18:04:7c:c0:64:02:21:d7:2b:28:29:be:84:d3:4e:
         1e:04:98:bd:6e:f5:e1:9a:65:09:1f:b8:9c:fc:17:38:bf:86:
         77:ae:2c:85:67:43:1f:e8:29:ea:3b:f8:10:15:8a:11:c3:70:
         ad:72:76:d6:b1:e8:c9:e3:eb:df:5d:8d:26:b3:67:f2:eb:ee:
         8e:67:79:3a:66:4c:4c:ad:95:c2:32:93:c6:72:c9:95:39:d9:
         e2:5e:d9:80:92:c5:06:0c:40:ce:64:52:a5:bc:22:e0:84:62:
         7b:92:0d:32:7d:ac:d3:8b:a3:6e:47:18:93:36:51:99:e9:61:
         61:64:0b:d9:91:8f:18:fe:d8:77:1e:65:f4:b4:25:7e:d1:4d:
         95:20:49:f1:ad:b1:82:ef:35:4b:c0:7e:ec:d1:a4:51:45:59:
         d6:f0:fe:9f:58:79:f0:90:dc:69:7a:d0:51:4b:a4:16:e4:ff:
         2a:bb:7a:3d:22:b5:5c:07:29:9b:53:61:ba:79:fb:f8:da:80:
         e8:c9:4b:e3:3f:b9:e4:87:7e:55:a1:1d:c3:01:2d:d7:dd:fc:
         5b:bd:c0:43
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKmg3JcxcyRdgrQOu5gOi7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0ZGVjNjQxMDUxYjAyNmI5NWM4NDU5MTUwY2E0N2RkYWVj
ODk2NjgwHhcNMjQwMTAyMTQzNTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2Q2YWJjYWRlNjRlOTJiYmIwZDVlOGI3MTMyMjc5NDcxYTdkNjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0aCBuJQX+mQUpBwblSkGqYgD+Th
YT3WRUdI+UauejXJ2xdPWAmlvDpL9DGq1rDbBy/FKRMCAEd0/ycByOggxlgoyOWT
/y+ssuC8vdyzygyi9RaiAukhIV/oUe1jZJRJZiTuJ9JO9oxRFZ9ik7PayOm2LJ5o
ZxTGCMCw1s4ni9U/bgLsbXAItm/VwVQlOzdCDrRdFa0GUDD7Jn2oNNH0mS7ApmW9
QmUuAUM+GYqA7QZ90QQI7YAONPolgnUuzMGT96Rg+c+13U5zlDF+LqyoPaTgYCLw
s5x53SpImDIk3B9R00gxtd64OVJBafZskK2yxkcpdwjlTjFAxcQZQUi43QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLPWq8reZOkruw1ei3EyJ5Rxp9Y2MB8GA1UdIwQY
MBaAFJTexkEFGwJrlchFkVDKR92uyJZoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbE43R1FRVWJBbXVWeUVXUlVNcEgzYTdJbG1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi8zNTExMTMtZWQ4NS00MmIyLWI2NGYt
OWVhNjQ4NjJhOWFiLzEvczlhcnl0NWs2U3U3RFY2TGNUSW5sSEduMWpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi8zNTExMTMtZWQ4NS00MmIyLWI2NGYtOWVhNjQ4NjJhOWFi
LzEvbE43R1FRVWJBbXVWeUVXUlVNcEgzYTdJbG1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW+QnMA8E
AgACMAkDBwAqAXZABAAwDQYJKoZIhvcNAQELBQADggEBAIACanNJhEAui8viZKoL
naWhsYUGRHM4tJ+IpWPLrieMUy4ukdHdqRgEfMBkAiHXKygpvoTTTh4EmL1u9eGa
ZQkfuJz8Fzi/hneuLIVnQx/oKeo7+BAVihHDcK1ydtax6Mnj699djSazZ/Lr7o5n
eTpmTEytlcIyk8ZyyZU52eJe2YCSxQYMQM5kUqW8IuCEYnuSDTJ9rNOLo25HGJM2
UZnpYWFkC9mRjxj+2HceZfS0JX7RTZUgSfGtsYLvNUvAfuzRpFFFWdbw/p9YefCQ
3Gl60FFLpBbk/yq7ej0itVwHKZtTYbp5+/jagOjJS+M/ueSHflWhHcMBLdfd/Fu9
wEM=
-----END CERTIFICATE-----