Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/j7SwKUDozV9eRZtyWsYdGV05fvA.roa
File:                     j7SwKUDozV9eRZtyWsYdGV05fvA.roa (raw, json)
Hash identifier:          uPxd50CDn/sS3ZC0BcBHPTsoRoY4F3yBh/g2OyRVlTs=
Subject key identifier:   8F:B4:B0:29:40:E8:CD:5F:5E:45:9B:72:5A:C6:1D:19:5D:39:7E:F0
Certificate issuer:       /CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
Certificate serial:       01941FFA16C4C0616832E76661809AB8C0A4
Authority key identifier: 2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/j7SwKUDozV9eRZtyWsYdGV05fvA.roa
Signing time:             Wed 01 Jan 2025 03:47:50 +0000
ROA not before:           Wed 01 Jan 2025 03:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29582
IP address blocks:        91.92.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:16:c4:c0:61:68:32:e7:66:61:80:9a:b8:c0:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
        Validity
            Not Before: Jan  1 03:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8fb4b02940e8cd5f5e459b725ac61d195d397ef0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:f6:62:86:2d:c9:c3:8d:71:ec:7b:9e:11:c3:
                    bf:6a:9c:b2:0e:0b:80:28:75:bd:e1:75:9e:4d:dc:
                    06:b0:26:44:90:a5:c7:bb:ce:48:7f:29:38:46:f3:
                    4e:4c:97:c0:2f:49:b2:82:61:b3:af:21:73:15:70:
                    12:75:55:ae:46:43:79:97:f2:ac:1b:3b:b6:5a:13:
                    43:3b:fa:40:ee:18:3b:4a:a8:f2:16:c0:51:14:c1:
                    99:c3:7e:4f:4c:ee:14:d1:b9:e1:43:af:15:21:44:
                    1f:3b:a9:ac:70:bf:fa:c6:0b:44:21:d6:0b:18:83:
                    94:9f:11:62:65:40:6f:d3:e8:62:35:63:df:af:de:
                    e1:ea:f9:86:65:07:37:c9:7a:72:00:af:14:37:eb:
                    fc:24:dc:26:8e:d7:91:ff:17:f2:e9:c2:9b:0b:c0:
                    3d:bc:69:64:02:0c:ae:f3:bc:4d:93:5a:5e:73:4b:
                    6b:f6:34:22:fa:24:c3:39:e1:55:e3:34:50:fb:da:
                    1f:a9:35:bf:79:8e:b2:55:20:2a:ea:ab:3d:de:22:
                    48:1a:fd:87:48:d5:45:4f:95:03:04:87:e8:83:ae:
                    c9:1f:96:d8:c7:4c:49:41:7d:13:53:63:84:98:3f:
                    8b:ea:66:54:bc:53:6f:c1:ef:d0:04:cd:5d:80:1a:
                    98:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:B4:B0:29:40:E8:CD:5F:5E:45:9B:72:5A:C6:1D:19:5D:39:7E:F0
            X509v3 Authority Key Identifier:
                keyid:2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/j7SwKUDozV9eRZtyWsYdGV05fvA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.92.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:9e:4f:60:4d:1f:8f:49:da:55:22:91:04:f6:b5:64:38:8c:
         33:86:22:43:16:db:85:f0:4f:5b:f6:b7:4c:a5:c3:d2:53:97:
         1b:e4:e9:57:a6:58:71:35:99:86:b6:d3:31:c2:25:b7:c3:29:
         a9:24:30:ef:8c:6a:a4:bc:14:e6:4d:98:75:7e:5e:73:10:c8:
         50:0d:70:f7:c4:1c:fe:5a:a8:4c:65:79:4e:b2:a1:d3:a0:0b:
         0c:53:e8:1c:b2:ee:2f:9e:a5:ce:c4:9a:17:66:d7:77:df:e0:
         d8:22:0c:51:79:55:cc:e3:a9:96:e4:f3:86:fb:cb:eb:cf:38:
         76:45:75:88:66:73:47:32:c5:25:56:1b:d9:8c:d3:73:a0:17:
         40:35:c2:30:8a:94:b0:5d:33:d4:2c:cb:e2:f0:d3:40:6a:7a:
         35:1e:3a:38:d9:b0:f4:4f:da:2a:f6:98:11:6a:73:89:80:65:
         90:4a:fe:9a:87:0d:b1:1f:35:87:70:46:f8:3a:80:5b:76:8d:
         21:5d:2d:b2:bb:19:32:ee:3c:f5:c9:c7:e9:9c:35:bf:fc:42:
         eb:16:65:e6:26:cb:46:d7:93:c7:30:be:5c:2d:5a:a8:eb:a8:
         6b:2a:0b:29:3b:fb:c0:64:63:dd:03:bd:15:ec:90:0f:c1:55:
         6d:95:f1:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+hbEwGFoMudmYYCauMCkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMWNhYTY5MzU4ZjhjOThmN2E3MTlmMjU5N2Q1ZGFkZGJk
MDAxOGMwHhcNMjUwMTAxMDM0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmI0YjAyOTQwZThjZDVmNWU0NTliNzI1YWM2MWQxOTVkMzk3ZWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsfZihi3Jw41x7HueEcO/apyyDguA
KHW94XWeTdwGsCZEkKXHu85Ifyk4RvNOTJfAL0mygmGzryFzFXASdVWuRkN5l/Ks
Gzu2WhNDO/pA7hg7SqjyFsBRFMGZw35PTO4U0bnhQ68VIUQfO6mscL/6xgtEIdYL
GIOUnxFiZUBv0+hiNWPfr97h6vmGZQc3yXpyAK8UN+v8JNwmjteR/xfy6cKbC8A9
vGlkAgyu87xNk1pec0tr9jQi+iTDOeFV4zRQ+9ofqTW/eY6yVSAq6qs93iJIGv2H
SNVFT5UDBIfog67JH5bYx0xJQX0TU2OEmD+L6mZUvFNvwe/QBM1dgBqYlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI+0sClA6M1fXkWbclrGHRldOX7wMB8GA1UdIwQY
MBaAFC0cqmk1j4yY96cZ8ll9Xa3b0AGMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2Yjct
MjliMDg1ZGQyM2FkLzEvajdTd0tVRG96VjllUlp0eVdzWWRHVjA1ZnZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2YjctMjliMDg1ZGQyM2Fk
LzEvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW1wwMA0G
CSqGSIb3DQEBCwUAA4IBAQASnk9gTR+PSdpVIpEE9rVkOIwzhiJDFtuF8E9b9rdM
pcPSU5cb5OlXplhxNZmGttMxwiW3wympJDDvjGqkvBTmTZh1fl5zEMhQDXD3xBz+
WqhMZXlOsqHToAsMU+gcsu4vnqXOxJoXZtd33+DYIgxReVXM46mW5POG+8vrzzh2
RXWIZnNHMsUlVhvZjNNzoBdANcIwipSwXTPULMvi8NNAano1Hjo42bD0T9oq9pgR
anOJgGWQSv6ahw2xHzWHcEb4OoBbdo0hXS2yuxky7jz1ycfpnDW//ELrFmXmJstG
15PHML5cLVqo66hrKgspO/vAZGPdA70V7JAPwVVtlfGs
-----END CERTIFICATE-----