Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/I0ZZM8H861yvaraWpE5aUwVqKE4.roa
File:                     I0ZZM8H861yvaraWpE5aUwVqKE4.roa (raw, json)
Hash identifier:          s7tgzcVaPr37Y273uptmaMim8vguCqBE5Q8R6ubTA0E=
Subject key identifier:   23:46:59:33:C1:FC:EB:5C:AF:6A:B6:96:A4:4E:5A:53:05:6A:28:4E
Certificate issuer:       /CN=8452b03e1b01709638940d9592983cde77ecab77
Certificate serial:       01924BD95B4BE2CEA9F49DCB6813FE3923BF
Authority key identifier: 84:52:B0:3E:1B:01:70:96:38:94:0D:95:92:98:3C:DE:77:EC:AB:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hFKwPhsBcJY4lA2Vkpg83nfsq3c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/I0ZZM8H861yvaraWpE5aUwVqKE4.roa
Signing time:             Wed 02 Oct 2024 06:09:48 +0000
ROA not before:           Wed 02 Oct 2024 06:09:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        91.223.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/hFKwPhsBcJY4lA2Vkpg83nfsq3c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/hFKwPhsBcJY4lA2Vkpg83nfsq3c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hFKwPhsBcJY4lA2Vkpg83nfsq3c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:4b:d9:5b:4b:e2:ce:a9:f4:9d:cb:68:13:fe:39:23:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8452b03e1b01709638940d9592983cde77ecab77
        Validity
            Not Before: Oct  2 06:09:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23465933c1fceb5caf6ab696a44e5a53056a284e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:64:5f:6d:bf:ed:10:e8:1e:ea:80:e7:53:44:
                    e4:55:a0:90:3a:81:cc:c1:c5:ba:30:36:f7:6b:21:
                    a4:30:41:78:d6:b3:a3:2f:c1:7c:8e:94:3c:00:be:
                    3c:7a:6a:17:12:5a:cf:83:17:60:37:11:5e:7d:d1:
                    41:b2:d6:78:73:da:72:e0:41:02:32:95:83:e4:3e:
                    1a:d9:ac:a5:df:66:57:ca:87:a1:65:6b:84:19:4a:
                    de:6a:a8:9b:7e:af:2b:bd:0b:cd:19:b4:4f:86:3f:
                    b8:63:5f:af:23:8e:d0:69:32:ee:56:a9:c0:95:13:
                    c1:55:db:98:2c:92:e6:0e:59:4e:8d:a4:73:7e:e4:
                    79:a3:e0:f2:f3:2d:bc:bf:31:ca:62:e7:86:3f:dd:
                    c6:0f:84:cd:b4:80:53:33:b1:eb:a4:57:d7:bd:9e:
                    92:e6:c5:0e:b9:22:11:40:21:62:4d:70:51:68:9c:
                    b1:d3:df:a6:f8:c3:dd:18:d7:0a:31:01:3d:0f:65:
                    cf:42:a0:cc:bf:c4:0d:79:c7:e9:9e:32:3b:69:47:
                    cc:8e:04:9d:8e:88:c8:20:3a:78:59:04:49:cd:87:
                    18:33:2a:98:ab:dc:35:b8:0f:c7:17:5f:1e:be:9d:
                    52:6d:c1:10:f2:57:e6:09:5e:b0:6f:c3:a7:1b:7e:
                    3a:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:46:59:33:C1:FC:EB:5C:AF:6A:B6:96:A4:4E:5A:53:05:6A:28:4E
            X509v3 Authority Key Identifier:
                keyid:84:52:B0:3E:1B:01:70:96:38:94:0D:95:92:98:3C:DE:77:EC:AB:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hFKwPhsBcJY4lA2Vkpg83nfsq3c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/I0ZZM8H861yvaraWpE5aUwVqKE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/hFKwPhsBcJY4lA2Vkpg83nfsq3c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:35:62:f6:e1:6b:3d:1b:d9:9b:db:81:3a:d3:07:a4:17:c9:
         a1:b2:3e:9a:bd:01:d4:51:f8:72:4e:6d:7c:e1:d9:50:c9:6b:
         a5:13:f1:95:fc:b1:9a:8b:df:13:cf:d0:cf:d7:ed:e3:d4:a2:
         0b:a6:5f:c1:23:10:66:da:47:3f:be:1f:86:c1:5d:94:ed:c7:
         0e:57:81:87:65:c1:04:18:65:6a:a2:75:e8:fd:d8:8a:96:96:
         02:45:1f:95:de:91:cb:c3:e4:d4:eb:5f:3f:d8:2a:23:93:9f:
         a3:b1:c7:8e:29:cb:5c:89:44:8f:96:46:c2:56:18:bd:91:29:
         a7:68:20:fc:70:82:90:65:0b:8b:2a:34:59:dc:34:74:da:53:
         eb:3c:0b:67:eb:36:89:8d:16:11:c1:ce:c4:5c:92:cf:c4:3c:
         30:4c:83:34:a8:cb:70:dd:41:78:2e:4e:d3:31:dd:e3:bc:31:
         a7:9e:a7:de:7c:cc:db:21:07:94:91:72:78:b7:da:80:e2:c1:
         60:32:74:19:d9:d6:8d:e6:df:68:26:ee:b1:ea:6f:29:e0:8e:
         d1:2c:6c:41:6e:55:74:43:79:b4:ab:98:ad:f9:6d:1c:c5:70:
         13:3d:eb:2c:64:55:e4:15:fb:97:82:c0:09:13:98:8b:1d:de:
         af:1d:ff:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJL2VtL4s6p9J3LaBP+OSO/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NTJiMDNlMWIwMTcwOTYzODk0MGQ5NTkyOTgzY2RlNzdl
Y2FiNzcwHhcNMjQxMDAyMDYwOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzQ2NTkzM2MxZmNlYjVjYWY2YWI2OTZhNDRlNWE1MzA1NmEyODRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnGRfbb/tEOge6oDnU0TkVaCQOoHM
wcW6MDb3ayGkMEF41rOjL8F8jpQ8AL48emoXElrPgxdgNxFefdFBstZ4c9py4EEC
MpWD5D4a2ayl32ZXyoehZWuEGUreaqibfq8rvQvNGbRPhj+4Y1+vI47QaTLuVqnA
lRPBVduYLJLmDllOjaRzfuR5o+Dy8y28vzHKYueGP93GD4TNtIBTM7HrpFfXvZ6S
5sUOuSIRQCFiTXBRaJyx09+m+MPdGNcKMQE9D2XPQqDMv8QNecfpnjI7aUfMjgSd
jojIIDp4WQRJzYcYMyqYq9w1uA/HF18evp1SbcEQ8lfmCV6wb8OnG346MwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCNGWTPB/Otcr2q2lqROWlMFaihOMB8GA1UdIwQY
MBaAFIRSsD4bAXCWOJQNlZKYPN537Kt3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEZLd1Boc0JjSlk0bEEyVmtwZzgzbmZzcTNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8wMTFmNmUtZTkyOC00ZjJiLWFhMjQt
MjAwZmMyNzRjYjAxLzEvSTBaWk04SDg2MXl2YXJhV3BFNWFVd1ZxS0U0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8wMTFmNmUtZTkyOC00ZjJiLWFhMjQtMjAwZmMyNzRjYjAx
LzEvaEZLd1Boc0JjSlk0bEEyVmtwZzgzbmZzcTNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW99eMA0G
CSqGSIb3DQEBCwUAA4IBAQBdNWL24Ws9G9mb24E60wekF8mhsj6avQHUUfhyTm18
4dlQyWulE/GV/LGai98Tz9DP1+3j1KILpl/BIxBm2kc/vh+GwV2U7ccOV4GHZcEE
GGVqonXo/diKlpYCRR+V3pHLw+TU618/2Cojk5+jsceOKctciUSPlkbCVhi9kSmn
aCD8cIKQZQuLKjRZ3DR02lPrPAtn6zaJjRYRwc7EXJLPxDwwTIM0qMtw3UF4Lk7T
Md3jvDGnnqfefMzbIQeUkXJ4t9qA4sFgMnQZ2daN5t9oJu6x6m8p4I7RLGxBblV0
Q3m0q5it+W0cxXATPessZFXkFfuXgsAJE5iLHd6vHf9f
-----END CERTIFICATE-----