Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/411877-b51a-464a-ad9e-104b14f5b0f8/1/jnu9mPgopzA31RWkYxNmWkz3kyg.roa
File:                     jnu9mPgopzA31RWkYxNmWkz3kyg.roa (raw, json)
Hash identifier:          cra9mYolkxUmIpM2wu5PjhAJgTEYoxZ+ixlWu91VIrU=
Subject key identifier:   8E:7B:BD:98:F8:28:A7:30:37:D5:15:A4:63:13:66:5A:4C:F7:93:28
Certificate issuer:       /CN=3d65564a8954d6ae952f8a1f7af6c1cfba78094a
Certificate serial:       019421444A096B92241280D1C8A1A1378C72
Authority key identifier: 3D:65:56:4A:89:54:D6:AE:95:2F:8A:1F:7A:F6:C1:CF:BA:78:09:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PWVWSolU1q6VL4ofevbBz7p4CUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/411877-b51a-464a-ad9e-104b14f5b0f8/1/jnu9mPgopzA31RWkYxNmWkz3kyg.roa
Signing time:             Wed 01 Jan 2025 09:48:31 +0000
ROA not before:           Wed 01 Jan 2025 09:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6696
IP address blocks:        91.216.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/411877-b51a-464a-ad9e-104b14f5b0f8/1/PWVWSolU1q6VL4ofevbBz7p4CUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/411877-b51a-464a-ad9e-104b14f5b0f8/1/PWVWSolU1q6VL4ofevbBz7p4CUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PWVWSolU1q6VL4ofevbBz7p4CUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:4a:09:6b:92:24:12:80:d1:c8:a1:a1:37:8c:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d65564a8954d6ae952f8a1f7af6c1cfba78094a
        Validity
            Not Before: Jan  1 09:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8e7bbd98f828a73037d515a46313665a4cf79328
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:fe:87:6f:ef:1f:07:bb:eb:b0:c3:0c:59:62:
                    9d:0c:55:d1:2f:ff:f8:b2:4f:18:26:12:64:87:e5:
                    b7:a4:c9:09:1e:67:a9:df:3f:5f:b0:6c:1f:3a:13:
                    ee:50:91:e4:34:24:84:4b:7f:80:85:0f:90:15:7e:
                    52:e8:71:ca:de:eb:91:e6:94:67:5d:b0:e9:91:59:
                    26:c5:8a:f0:d7:3e:3d:f9:d8:fd:89:21:6d:84:84:
                    ce:2e:89:1c:93:f4:c6:e5:52:12:b5:0c:98:46:3b:
                    9c:f5:81:0f:b5:49:8d:f3:b4:e7:e3:5e:7e:66:78:
                    c2:f8:07:18:ad:33:55:16:0b:cc:ff:64:8f:0b:fb:
                    75:9a:f5:e3:2c:67:27:82:81:95:70:7f:46:0b:dd:
                    35:cf:54:f2:34:ac:0c:91:df:ba:e7:ea:70:04:36:
                    7d:36:ab:5d:d2:42:61:c1:e8:14:42:10:f1:f1:4f:
                    67:47:40:82:ba:c0:c9:68:9a:75:44:07:6a:3a:70:
                    a2:fe:dd:e2:ff:75:e0:17:5e:1c:a5:da:96:ae:12:
                    dd:73:89:43:1d:d6:42:5f:93:9e:8d:8a:f4:a6:f6:
                    70:bd:13:94:58:ca:ab:52:76:cb:2a:a1:70:12:36:
                    38:05:a5:1d:23:9f:6f:5a:1c:b9:e9:30:ce:11:0c:
                    c5:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:7B:BD:98:F8:28:A7:30:37:D5:15:A4:63:13:66:5A:4C:F7:93:28
            X509v3 Authority Key Identifier:
                keyid:3D:65:56:4A:89:54:D6:AE:95:2F:8A:1F:7A:F6:C1:CF:BA:78:09:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PWVWSolU1q6VL4ofevbBz7p4CUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/411877-b51a-464a-ad9e-104b14f5b0f8/1/jnu9mPgopzA31RWkYxNmWkz3kyg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/411877-b51a-464a-ad9e-104b14f5b0f8/1/PWVWSolU1q6VL4ofevbBz7p4CUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:d7:0b:e3:87:9e:d8:d4:bf:65:8f:1c:68:cc:c4:46:7b:47:
         7a:0c:a4:1d:47:4c:3c:d4:f6:fa:97:95:77:81:72:9f:2a:aa:
         32:b9:b0:43:57:5c:c7:b4:cd:3c:25:72:11:5f:97:35:46:04:
         54:59:9b:3b:f4:bb:b4:36:3e:ba:d7:bc:f8:3f:a5:ba:cb:6c:
         fa:f6:ac:b7:7e:9b:40:3c:b1:98:87:9c:fc:2d:ce:f0:ff:77:
         15:23:95:c3:74:03:8b:7b:47:4b:75:22:02:9e:65:4e:d7:b6:
         fb:ac:88:b5:97:66:d9:7e:79:f1:8e:42:53:72:d7:c5:13:ac:
         4a:8e:a6:61:bb:23:d9:e9:b0:c8:22:6c:8e:3d:c1:c6:40:1f:
         b0:2b:98:dc:de:72:0f:30:11:bb:89:b5:2b:b8:06:cb:64:bc:
         5e:9d:ab:18:bf:a2:23:f1:06:6b:29:11:c9:af:8c:9d:91:f5:
         e9:6c:d9:7c:3e:d7:24:65:d7:e3:12:82:85:58:4b:ea:03:a4:
         cf:34:7d:a7:51:ab:07:48:df:60:bc:9d:d1:2d:6b:bf:73:c0:
         6e:27:dd:3f:d1:b3:3d:d0:da:b8:6e:08:db:ec:ba:e5:f1:8f:
         6b:7a:f6:41:ac:37:83:f0:5c:0f:8e:58:da:65:b2:e7:59:e1:
         0c:87:34:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhREoJa5IkEoDRyKGhN4xyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkNjU1NjRhODk1NGQ2YWU5NTJmOGExZjdhZjZjMWNmYmE3
ODA5NGEwHhcNMjUwMTAxMDk0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTdiYmQ5OGY4MjhhNzMwMzdkNTE1YTQ2MzEzNjY1YTRjZjc5MzI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvP6Hb+8fB7vrsMMMWWKdDFXRL//4
sk8YJhJkh+W3pMkJHmep3z9fsGwfOhPuUJHkNCSES3+AhQ+QFX5S6HHK3uuR5pRn
XbDpkVkmxYrw1z49+dj9iSFthITOLokck/TG5VIStQyYRjuc9YEPtUmN87Tn415+
ZnjC+AcYrTNVFgvM/2SPC/t1mvXjLGcngoGVcH9GC901z1TyNKwMkd+65+pwBDZ9
Nqtd0kJhwegUQhDx8U9nR0CCusDJaJp1RAdqOnCi/t3i/3XgF14cpdqWrhLdc4lD
HdZCX5OejYr0pvZwvROUWMqrUnbLKqFwEjY4BaUdI59vWhy56TDOEQzFdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI57vZj4KKcwN9UVpGMTZlpM95MoMB8GA1UdIwQY
MBaAFD1lVkqJVNaulS+KH3r2wc+6eAlKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFdWV1NvbFUxcTZWTDRvZmV2YkJ6N3A0Q1VvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC80MTE4NzctYjUxYS00NjRhLWFkOWUt
MTA0YjE0ZjViMGY4LzEvam51OW1QZ29wekEzMVJXa1l4Tm1Xa3oza3lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC80MTE4NzctYjUxYS00NjRhLWFkOWUtMTA0YjE0ZjViMGY4
LzEvUFdWV1NvbFUxcTZWTDRvZmV2YkJ6N3A0Q1VvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9iRMA0G
CSqGSIb3DQEBCwUAA4IBAQCX1wvjh57Y1L9ljxxozMRGe0d6DKQdR0w81Pb6l5V3
gXKfKqoyubBDV1zHtM08JXIRX5c1RgRUWZs79Lu0Nj6617z4P6W6y2z69qy3fptA
PLGYh5z8Lc7w/3cVI5XDdAOLe0dLdSICnmVO17b7rIi1l2bZfnnxjkJTctfFE6xK
jqZhuyPZ6bDIImyOPcHGQB+wK5jc3nIPMBG7ibUruAbLZLxenasYv6Ij8QZrKRHJ
r4ydkfXpbNl8PtckZdfjEoKFWEvqA6TPNH2nUasHSN9gvJ3RLWu/c8BuJ90/0bM9
0Nq4bgjb7Lrl8Y9revZBrDeD8FwPjljaZbLnWeEMhzSs
-----END CERTIFICATE-----