Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/8c33c2-6f72-41b6-a9e4-09f73c354e7c/1/cdIcsdVxXQ7xbxY7xIWoCqnHLXg.roa
File:                     cdIcsdVxXQ7xbxY7xIWoCqnHLXg.roa (raw, json)
Hash identifier:          3j53vEYVWIdoo0pJqgrORQjaLalVmdF4pYGOG90OxXI=
Subject key identifier:   71:D2:1C:B1:D5:71:5D:0E:F1:6F:16:3B:C4:85:A8:0A:A9:C7:2D:78
Certificate issuer:       /CN=09d0a2979e9b6652d61b901dd55a1928dbfdcf6d
Certificate serial:       018CCA2A341DA6A55AD79BB4414873BCDAC6
Authority key identifier: 09:D0:A2:97:9E:9B:66:52:D6:1B:90:1D:D5:5A:19:28:DB:FD:CF:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CdCil56bZlLWG5Ad1VoZKNv9z20.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/8c33c2-6f72-41b6-a9e4-09f73c354e7c/1/cdIcsdVxXQ7xbxY7xIWoCqnHLXg.roa
Signing time:             Tue 02 Jan 2024 12:33:32 +0000
ROA not before:           Tue 02 Jan 2024 12:33:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51972
IP address blocks:        91.222.63.0/24 maxlen: 24
                          91.222.60.0/24 maxlen: 24
                          91.222.60.0/22 maxlen: 22
                          91.222.61.0/24 maxlen: 24
                          91.222.62.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/8c33c2-6f72-41b6-a9e4-09f73c354e7c/1/CdCil56bZlLWG5Ad1VoZKNv9z20.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/8c33c2-6f72-41b6-a9e4-09f73c354e7c/1/CdCil56bZlLWG5Ad1VoZKNv9z20.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CdCil56bZlLWG5Ad1VoZKNv9z20.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:34:1d:a6:a5:5a:d7:9b:b4:41:48:73:bc:da:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09d0a2979e9b6652d61b901dd55a1928dbfdcf6d
        Validity
            Not Before: Jan  2 12:33:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71d21cb1d5715d0ef16f163bc485a80aa9c72d78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:7a:90:28:a1:d3:6d:da:95:61:9a:37:cc:0e:
                    16:ef:76:5e:59:53:97:ac:27:12:ed:7e:eb:06:f0:
                    15:ba:41:f2:43:c8:ca:67:03:64:4a:0f:58:27:8a:
                    92:d8:b2:20:6a:2a:53:cc:6d:8b:c5:04:e1:21:ec:
                    0e:f7:a0:04:09:6a:20:7d:09:d4:f8:99:8f:1f:7d:
                    59:0b:7e:b7:5e:5a:f3:43:3b:fb:d8:0c:b1:2c:39:
                    62:49:31:6c:d3:5d:be:a1:5a:72:0f:3c:8e:a5:b4:
                    b0:b5:dc:55:04:7f:d3:dd:c3:41:49:19:6f:fe:ec:
                    53:66:03:df:3a:c3:68:8d:90:c8:bc:cc:5c:1e:33:
                    9b:40:d3:7a:a3:3d:a5:ee:2f:25:ec:1a:13:56:4e:
                    b5:05:c1:e1:05:00:5c:2f:d3:ed:76:3c:3e:55:46:
                    0d:e8:43:64:36:26:7e:e2:ca:1d:fe:ed:55:92:24:
                    20:86:57:f7:1b:46:30:b1:5f:75:2f:e8:f7:fc:b7:
                    ef:f2:bc:b3:da:75:4f:ad:8c:43:b6:6b:37:b0:1e:
                    a0:24:fe:04:cf:26:38:ec:0c:31:c1:9e:70:31:06:
                    97:bd:85:4b:45:06:19:8d:fa:9c:2a:ac:bc:fe:da:
                    4b:8b:37:6f:8f:a5:b2:20:98:9e:65:87:b5:eb:40:
                    68:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:D2:1C:B1:D5:71:5D:0E:F1:6F:16:3B:C4:85:A8:0A:A9:C7:2D:78
            X509v3 Authority Key Identifier:
                keyid:09:D0:A2:97:9E:9B:66:52:D6:1B:90:1D:D5:5A:19:28:DB:FD:CF:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CdCil56bZlLWG5Ad1VoZKNv9z20.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/8c33c2-6f72-41b6-a9e4-09f73c354e7c/1/cdIcsdVxXQ7xbxY7xIWoCqnHLXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/8c33c2-6f72-41b6-a9e4-09f73c354e7c/1/CdCil56bZlLWG5Ad1VoZKNv9z20.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.222.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2b:40:6f:28:57:25:9e:b3:5d:e0:45:b0:bb:d0:7a:f4:5f:3a:
         e0:0f:b4:aa:52:2d:4a:63:86:4b:c7:c5:a6:a9:02:6f:58:30:
         81:4e:4c:3d:b9:ed:06:46:19:38:7a:f9:03:47:69:55:bc:29:
         f5:79:01:8e:dc:15:b0:6d:32:61:09:bb:88:3e:00:76:29:f0:
         ae:b0:6f:66:81:b0:29:0f:38:6a:dd:30:13:63:17:f2:70:35:
         5a:46:f2:dc:af:17:69:f0:18:d7:6f:6c:46:33:b0:3e:5a:40:
         3d:89:2d:2c:20:7e:2a:24:2a:33:53:83:79:03:e2:ff:70:e4:
         d8:44:47:5d:3a:58:4e:d9:d0:de:4f:62:ea:c0:cd:7e:ae:b0:
         f9:cd:75:b0:a1:35:f5:98:da:51:f3:33:97:e6:c7:6b:32:35:
         bb:a7:e9:5e:9a:6c:53:cb:d2:e2:ea:ed:24:b1:78:79:08:66:
         2f:a1:df:5b:5f:48:38:81:a9:c1:75:36:cb:2e:35:69:55:24:
         1e:8a:14:b0:e1:1f:17:d7:6d:cd:9b:04:e6:a8:7f:b1:fa:5d:
         ed:ed:eb:bf:be:a5:b7:55:fc:79:ed:a7:31:b5:fe:b1:33:43:
         8a:f6:08:50:85:51:de:45:14:3c:d8:7e:80:91:fd:0d:fa:3c:
         96:01:4b:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKjQdpqVa15u0QUhzvNrGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5ZDBhMjk3OWU5YjY2NTJkNjFiOTAxZGQ1NWExOTI4ZGJm
ZGNmNmQwHhcNMjQwMTAyMTIzMzMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWQyMWNiMWQ1NzE1ZDBlZjE2ZjE2M2JjNDg1YTgwYWE5YzcyZDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHqQKKHTbdqVYZo3zA4W73ZeWVOX
rCcS7X7rBvAVukHyQ8jKZwNkSg9YJ4qS2LIgaipTzG2LxQThIewO96AECWogfQnU
+JmPH31ZC363XlrzQzv72AyxLDliSTFs012+oVpyDzyOpbSwtdxVBH/T3cNBSRlv
/uxTZgPfOsNojZDIvMxcHjObQNN6oz2l7i8l7BoTVk61BcHhBQBcL9Ptdjw+VUYN
6ENkNiZ+4sod/u1VkiQghlf3G0YwsV91L+j3/Lfv8ryz2nVPrYxDtms3sB6gJP4E
zyY47AwxwZ5wMQaXvYVLRQYZjfqcKqy8/tpLizdvj6WyIJieZYe160BoHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHHSHLHVcV0O8W8WO8SFqAqpxy14MB8GA1UdIwQY
MBaAFAnQopeem2ZS1huQHdVaGSjb/c9tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2RDaWw1NmJabExXRzVBZDFWb1pLTnY5ejIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS84YzMzYzItNmY3Mi00MWI2LWE5ZTQt
MDlmNzNjMzU0ZTdjLzEvY2RJY3NkVnhYUTd4YnhZN3hJV29DcW5ITFhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS84YzMzYzItNmY3Mi00MWI2LWE5ZTQtMDlmNzNjMzU0ZTdj
LzEvQ2RDaWw1NmJabExXRzVBZDFWb1pLTnY5ejIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW948MA0G
CSqGSIb3DQEBCwUAA4IBAQArQG8oVyWes13gRbC70Hr0XzrgD7SqUi1KY4ZLx8Wm
qQJvWDCBTkw9ue0GRhk4evkDR2lVvCn1eQGO3BWwbTJhCbuIPgB2KfCusG9mgbAp
Dzhq3TATYxfycDVaRvLcrxdp8BjXb2xGM7A+WkA9iS0sIH4qJCozU4N5A+L/cOTY
REddOlhO2dDeT2LqwM1+rrD5zXWwoTX1mNpR8zOX5sdrMjW7p+lemmxTy9Li6u0k
sXh5CGYvod9bX0g4ganBdTbLLjVpVSQeihSw4R8X123NmwTmqH+x+l3t7eu/vqW3
Vfx57acxtf6xM0OK9ghQhVHeRRQ82H6Akf0N+jyWAUvq
-----END CERTIFICATE-----