Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/9c73ff-6642-4b33-b564-a2381c36c054/1/C8VNDT0eLyU6a-BGSaat20kBt5Q.roa
File:                     C8VNDT0eLyU6a-BGSaat20kBt5Q.roa (raw, json)
Hash identifier:          GVJtrMJUvAX+z3Z9hhGqUx0RMXPQ0og215klHN94fVQ=
Subject key identifier:   0B:C5:4D:0D:3D:1E:2F:25:3A:6B:E0:46:49:A6:AD:DB:49:01:B7:94
Certificate issuer:       /CN=00cc4d5088db71e218777d976d0aadc498c46cfd
Certificate serial:       01941F8C8EBDF2D7078AA232D8CA33298C9B
Authority key identifier: 00:CC:4D:50:88:DB:71:E2:18:77:7D:97:6D:0A:AD:C4:98:C4:6C:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AMxNUIjbceIYd32XbQqtxJjEbP0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/9c73ff-6642-4b33-b564-a2381c36c054/1/C8VNDT0eLyU6a-BGSaat20kBt5Q.roa
Signing time:             Wed 01 Jan 2025 01:48:12 +0000
ROA not before:           Wed 01 Jan 2025 01:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197610
IP address blocks:        91.223.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/9c73ff-6642-4b33-b564-a2381c36c054/1/AMxNUIjbceIYd32XbQqtxJjEbP0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/9c73ff-6642-4b33-b564-a2381c36c054/1/AMxNUIjbceIYd32XbQqtxJjEbP0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AMxNUIjbceIYd32XbQqtxJjEbP0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:8e:bd:f2:d7:07:8a:a2:32:d8:ca:33:29:8c:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00cc4d5088db71e218777d976d0aadc498c46cfd
        Validity
            Not Before: Jan  1 01:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0bc54d0d3d1e2f253a6be04649a6addb4901b794
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:c2:2d:bb:23:85:0a:bc:21:85:04:a2:02:19:
                    09:d9:07:4f:df:d4:ca:24:87:7a:86:9c:09:9f:b2:
                    43:bb:3c:7a:ef:df:c4:3c:71:d9:a8:1b:33:aa:b9:
                    e6:5c:80:ba:19:fd:7c:13:1c:32:36:a9:74:bc:5d:
                    65:0f:51:19:a0:eb:8c:ed:74:fd:36:46:ae:24:68:
                    e4:28:47:69:27:61:59:2c:5d:1b:9b:9e:08:6f:bd:
                    c6:8e:8c:36:0d:bf:a3:ad:1e:d4:db:20:e2:e9:5a:
                    2b:f6:10:77:2c:7d:43:c4:d7:ef:84:64:26:55:ee:
                    69:78:6f:ec:9f:cd:c7:82:fa:3e:ea:34:75:af:5d:
                    ee:b9:32:b4:55:d9:d2:4f:9c:96:96:71:be:c4:c7:
                    38:05:41:d0:71:a7:42:f3:63:7d:86:6b:39:c7:83:
                    7a:91:c5:f9:cd:03:91:04:53:fb:92:f4:a9:6f:3e:
                    1b:95:63:db:62:e1:94:78:a0:09:e9:cd:02:82:75:
                    3b:c0:61:2b:3f:0a:4f:3e:77:aa:0d:cb:62:67:6d:
                    76:ab:8b:49:fb:71:47:90:76:77:c0:64:bf:fd:3d:
                    28:aa:02:a8:5f:4c:60:17:08:32:e8:c3:0c:53:d7:
                    70:07:77:f4:19:f1:31:67:76:bd:b3:31:ee:28:e2:
                    31:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:C5:4D:0D:3D:1E:2F:25:3A:6B:E0:46:49:A6:AD:DB:49:01:B7:94
            X509v3 Authority Key Identifier:
                keyid:00:CC:4D:50:88:DB:71:E2:18:77:7D:97:6D:0A:AD:C4:98:C4:6C:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AMxNUIjbceIYd32XbQqtxJjEbP0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/9c73ff-6642-4b33-b564-a2381c36c054/1/C8VNDT0eLyU6a-BGSaat20kBt5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/9c73ff-6642-4b33-b564-a2381c36c054/1/AMxNUIjbceIYd32XbQqtxJjEbP0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:0e:f9:3c:91:97:4e:36:ba:2e:36:6f:a7:c2:f6:26:0b:27:
         2d:14:65:54:1a:c2:f3:ad:0f:1b:b8:69:89:d6:bb:b9:c4:82:
         37:10:0e:9f:85:79:d2:e0:56:0e:17:33:f6:b0:a6:0b:4c:4f:
         7b:da:92:5d:37:ba:ba:72:05:15:39:c8:44:82:64:b8:01:31:
         86:8c:0e:dc:d3:da:83:51:69:75:55:79:e7:9e:11:4c:a2:be:
         7d:13:5f:64:03:d9:db:6d:1b:73:7e:3d:c8:9f:12:4e:fe:99:
         34:9f:4f:16:aa:a2:06:7d:f6:8d:55:28:43:74:23:61:fa:4c:
         76:03:bb:52:54:a1:49:ab:21:7c:f6:dc:52:4e:48:45:af:57:
         ae:1d:ab:5a:d2:3b:65:72:d5:4a:8b:97:52:51:dc:fe:63:b6:
         12:37:29:9f:92:76:57:b0:94:14:0c:41:ef:47:ea:db:a1:d9:
         8e:fe:16:fe:95:e9:9d:6a:db:04:10:e7:e1:3b:85:e7:f7:7a:
         90:b8:af:57:06:38:48:7a:94:bc:09:25:09:0b:2a:96:c1:c0:
         b9:f8:9f:6a:0e:7b:f6:91:40:fb:55:55:5f:af:72:d7:f4:e7:
         29:93:ae:1b:ff:6c:9d:f4:f2:08:3e:39:ac:d1:27:6f:30:71:
         e6:20:9a:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjI698tcHiqIy2MozKYybMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwY2M0ZDUwODhkYjcxZTIxODc3N2Q5NzZkMGFhZGM0OThj
NDZjZmQwHhcNMjUwMTAxMDE0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmM1NGQwZDNkMWUyZjI1M2E2YmUwNDY0OWE2YWRkYjQ5MDFiNzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzcItuyOFCrwhhQSiAhkJ2QdP39TK
JId6hpwJn7JDuzx679/EPHHZqBszqrnmXIC6Gf18ExwyNql0vF1lD1EZoOuM7XT9
NkauJGjkKEdpJ2FZLF0bm54Ib73Gjow2Db+jrR7U2yDi6Vor9hB3LH1DxNfvhGQm
Ve5peG/sn83Hgvo+6jR1r13uuTK0VdnST5yWlnG+xMc4BUHQcadC82N9hms5x4N6
kcX5zQORBFP7kvSpbz4blWPbYuGUeKAJ6c0CgnU7wGErPwpPPneqDctiZ212q4tJ
+3FHkHZ3wGS//T0oqgKoX0xgFwgy6MMMU9dwB3f0GfExZ3a9szHuKOIxhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAvFTQ09Hi8lOmvgRkmmrdtJAbeUMB8GA1UdIwQY
MBaAFADMTVCI23HiGHd9l20KrcSYxGz9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQU14TlVJamJjZUlZZDMyWGJRcXR4SmpFYlAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi85YzczZmYtNjY0Mi00YjMzLWI1NjQt
YTIzODFjMzZjMDU0LzEvQzhWTkRUMGVMeVU2YS1CR1NhYXQyMGtCdDVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi85YzczZmYtNjY0Mi00YjMzLWI1NjQtYTIzODFjMzZjMDU0
LzEvQU14TlVJamJjZUlZZDMyWGJRcXR4SmpFYlAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9+VMA0G
CSqGSIb3DQEBCwUAA4IBAQDADvk8kZdONrouNm+nwvYmCyctFGVUGsLzrQ8buGmJ
1ru5xII3EA6fhXnS4FYOFzP2sKYLTE972pJdN7q6cgUVOchEgmS4ATGGjA7c09qD
UWl1VXnnnhFMor59E19kA9nbbRtzfj3InxJO/pk0n08WqqIGffaNVShDdCNh+kx2
A7tSVKFJqyF89txSTkhFr1euHata0jtlctVKi5dSUdz+Y7YSNymfknZXsJQUDEHv
R+rbodmO/hb+lemdatsEEOfhO4Xn93qQuK9XBjhIepS8CSUJCyqWwcC5+J9qDnv2
kUD7VVVfr3LX9Ocpk64b/2yd9PIIPjms0SdvMHHmIJrz
-----END CERTIFICATE-----