Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/c01f90-d0fa-4976-b1c0-d1ff75a7a35c/1/zPgrfXzNu5g3ga4u9iJp6lBHehI.roa
File:                     zPgrfXzNu5g3ga4u9iJp6lBHehI.roa (raw, json)
Hash identifier:          I893Qc6rnj5gmLwCvoILXvSPP2Gpj/JUINtpeEn9KXs=
Subject key identifier:   CC:F8:2B:7D:7C:CD:BB:98:37:81:AE:2E:F6:22:69:EA:50:47:7A:12
Certificate issuer:       /CN=a0dc6cd3334e02690322373c3b506e4184faec7f
Certificate serial:       01903CCB89D9EF78A2B93BAAF499D7824981
Authority key identifier: A0:DC:6C:D3:33:4E:02:69:03:22:37:3C:3B:50:6E:41:84:FA:EC:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oNxs0zNOAmkDIjc8O1BuQYT67H8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/c01f90-d0fa-4976-b1c0-d1ff75a7a35c/1/zPgrfXzNu5g3ga4u9iJp6lBHehI.roa
Signing time:             Fri 21 Jun 2024 21:54:50 +0000
ROA not before:           Fri 21 Jun 2024 21:54:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49556
IP address blocks:        91.212.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/c01f90-d0fa-4976-b1c0-d1ff75a7a35c/1/oNxs0zNOAmkDIjc8O1BuQYT67H8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/c01f90-d0fa-4976-b1c0-d1ff75a7a35c/1/oNxs0zNOAmkDIjc8O1BuQYT67H8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oNxs0zNOAmkDIjc8O1BuQYT67H8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:3c:cb:89:d9:ef:78:a2:b9:3b:aa:f4:99:d7:82:49:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0dc6cd3334e02690322373c3b506e4184faec7f
        Validity
            Not Before: Jun 21 21:54:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ccf82b7d7ccdbb983781ae2ef62269ea50477a12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:9d:21:49:15:75:ad:94:b5:e7:23:96:4e:79:
                    61:3e:9c:6f:23:ca:cb:6a:94:3b:d2:9a:a1:f9:c3:
                    1b:aa:db:e4:d6:77:6e:54:10:e2:b1:c0:bd:b8:d7:
                    45:9a:b7:b9:1e:1c:10:b5:72:02:72:d5:35:31:b0:
                    54:37:d7:70:b5:fa:9b:5a:b7:ae:2f:37:c7:06:4b:
                    08:5d:ec:1f:a8:ef:c4:e5:22:2e:7c:0e:7b:06:d2:
                    73:82:17:3c:6c:23:a0:45:e2:82:7e:20:58:f9:1f:
                    88:0a:aa:78:26:cd:55:63:75:00:17:90:d5:b6:7a:
                    b2:23:f3:ae:10:99:d8:16:47:eb:1e:10:a4:99:51:
                    9a:f3:69:24:95:ec:23:0a:49:94:5a:1c:48:51:3e:
                    b1:91:f4:f4:5b:43:05:3e:9a:37:04:a9:a9:be:d7:
                    b8:a3:42:88:ae:4c:b0:74:bc:cf:b4:4c:f3:60:f1:
                    70:b9:db:00:6b:4c:63:6c:f5:6c:d4:3d:da:f3:24:
                    71:1d:69:8a:df:53:48:98:f0:8b:7a:20:1e:86:64:
                    29:df:f7:52:a3:24:73:ae:a9:38:b0:64:4c:27:e5:
                    4e:e4:0f:ed:ff:81:1c:24:9a:48:0f:95:89:17:df:
                    25:a6:4a:ce:15:73:8d:9f:12:02:44:d3:4b:ec:5b:
                    87:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:F8:2B:7D:7C:CD:BB:98:37:81:AE:2E:F6:22:69:EA:50:47:7A:12
            X509v3 Authority Key Identifier:
                keyid:A0:DC:6C:D3:33:4E:02:69:03:22:37:3C:3B:50:6E:41:84:FA:EC:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oNxs0zNOAmkDIjc8O1BuQYT67H8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/c01f90-d0fa-4976-b1c0-d1ff75a7a35c/1/zPgrfXzNu5g3ga4u9iJp6lBHehI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/c01f90-d0fa-4976-b1c0-d1ff75a7a35c/1/oNxs0zNOAmkDIjc8O1BuQYT67H8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:2d:9c:0b:4e:55:40:21:78:08:8f:0f:f0:f6:f7:65:be:e0:
         8e:c7:d7:a7:7e:d8:d2:00:f6:04:6f:e5:23:90:ec:55:76:38:
         bc:ea:4d:0a:7f:1f:d9:aa:43:94:ed:a1:9a:0f:e2:2c:fc:b9:
         fe:cb:00:96:27:67:a7:78:18:42:9d:4d:d8:0d:47:cc:2c:b1:
         b6:9d:80:00:38:0b:f4:ee:00:21:94:cb:18:8a:6e:55:a5:4a:
         7f:05:8b:f4:06:16:4f:c0:7e:4c:8e:2a:34:86:41:24:b4:80:
         d6:18:07:f5:b9:69:7a:76:96:7b:4e:15:51:a8:6f:36:07:e0:
         5e:dd:07:f5:bb:02:a9:b1:0d:b2:a3:f6:06:03:4a:71:a0:46:
         2b:ab:cb:d8:8c:8a:3d:2d:6f:a4:9e:4e:d1:13:54:82:b9:ac:
         f9:92:4e:e7:ca:99:d6:58:fd:00:e3:c4:8e:08:51:1f:13:0d:
         7e:01:b9:83:1f:10:36:95:44:22:70:9d:cc:77:61:16:38:7b:
         c8:15:ec:24:da:22:51:a3:5f:0e:ef:21:8e:22:c8:58:6d:6d:
         06:26:fb:72:fe:4d:97:1b:27:26:39:76:16:39:7e:ea:d0:62:
         de:97:ea:2c:f2:ee:f4:5c:0f:d5:94:a8:fb:ba:76:15:ac:c1:
         e1:a0:95:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZA8y4nZ73iiuTuq9JnXgkmBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZGM2Y2QzMzM0ZTAyNjkwMzIyMzczYzNiNTA2ZTQxODRm
YWVjN2YwHhcNMjQwNjIxMjE1NDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2Y4MmI3ZDdjY2RiYjk4Mzc4MWFlMmVmNjIyNjllYTUwNDc3YTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZ0hSRV1rZS15yOWTnlhPpxvI8rL
apQ70pqh+cMbqtvk1nduVBDiscC9uNdFmre5HhwQtXICctU1MbBUN9dwtfqbWreu
LzfHBksIXewfqO/E5SIufA57BtJzghc8bCOgReKCfiBY+R+ICqp4Js1VY3UAF5DV
tnqyI/OuEJnYFkfrHhCkmVGa82kklewjCkmUWhxIUT6xkfT0W0MFPpo3BKmpvte4
o0KIrkywdLzPtEzzYPFwudsAa0xjbPVs1D3a8yRxHWmK31NImPCLeiAehmQp3/dS
oyRzrqk4sGRMJ+VO5A/t/4EcJJpID5WJF98lpkrOFXONnxICRNNL7FuHKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMz4K318zbuYN4GuLvYiaepQR3oSMB8GA1UdIwQY
MBaAFKDcbNMzTgJpAyI3PDtQbkGE+ux/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb054czB6Tk9BbWtESWpjOE8xQnVRWVQ2N0g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9jMDFmOTAtZDBmYS00OTc2LWIxYzAt
ZDFmZjc1YTdhMzVjLzEvelBncmZYek51NWczZ2E0dTlpSnA2bEJIZWhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9jMDFmOTAtZDBmYS00OTc2LWIxYzAtZDFmZjc1YTdhMzVj
LzEvb054czB6Tk9BbWtESWpjOE8xQnVRWVQ2N0g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9ToMA0G
CSqGSIb3DQEBCwUAA4IBAQBKLZwLTlVAIXgIjw/w9vdlvuCOx9enftjSAPYEb+Uj
kOxVdji86k0Kfx/ZqkOU7aGaD+Is/Ln+ywCWJ2eneBhCnU3YDUfMLLG2nYAAOAv0
7gAhlMsYim5VpUp/BYv0BhZPwH5Mjio0hkEktIDWGAf1uWl6dpZ7ThVRqG82B+Be
3Qf1uwKpsQ2yo/YGA0pxoEYrq8vYjIo9LW+knk7RE1SCuaz5kk7nypnWWP0A48SO
CFEfEw1+AbmDHxA2lUQicJ3Md2EWOHvIFewk2iJRo18O7yGOIshYbW0GJvty/k2X
GycmOXYWOX7q0GLel+os8u70XA/VlKj7unYVrMHhoJUq
-----END CERTIFICATE-----