Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/8f4a2b-492c-4331-84f8-026e0a4ccaaa/1/s_9dd5AcvFjDwFxrIZ-DDwr8PXU.roa
File:                     s_9dd5AcvFjDwFxrIZ-DDwr8PXU.roa (raw, json)
Hash identifier:          js91EKDhiu8FUYd+L0+EO6Hq40axF83RvL0xYCKrF7Q=
Subject key identifier:   B3:FF:5D:77:90:1C:BC:58:C3:C0:5C:6B:21:9F:83:0F:0A:FC:3D:75
Certificate issuer:       /CN=95cb18c7ece6bddc9570f37ff78660b58e6c2044
Certificate serial:       01925176E39ADE13FA8E0E7AA724DD35D8BA
Authority key identifier: 95:CB:18:C7:EC:E6:BD:DC:95:70:F3:7F:F7:86:60:B5:8E:6C:20:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lcsYx-zmvdyVcPN_94ZgtY5sIEQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/8f4a2b-492c-4331-84f8-026e0a4ccaaa/1/s_9dd5AcvFjDwFxrIZ-DDwr8PXU.roa
Signing time:             Thu 03 Oct 2024 08:19:58 +0000
ROA not before:           Thu 03 Oct 2024 08:19:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31027
IP address blocks:        91.235.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/8f4a2b-492c-4331-84f8-026e0a4ccaaa/1/lcsYx-zmvdyVcPN_94ZgtY5sIEQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/8f4a2b-492c-4331-84f8-026e0a4ccaaa/1/lcsYx-zmvdyVcPN_94ZgtY5sIEQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lcsYx-zmvdyVcPN_94ZgtY5sIEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:51:76:e3:9a:de:13:fa:8e:0e:7a:a7:24:dd:35:d8:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95cb18c7ece6bddc9570f37ff78660b58e6c2044
        Validity
            Not Before: Oct  3 08:19:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3ff5d77901cbc58c3c05c6b219f830f0afc3d75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:91:3b:cb:9b:aa:c1:b3:a4:29:f8:f0:bf:70:
                    3d:43:e6:e4:d6:82:87:b9:b5:59:3b:23:b4:50:9b:
                    11:35:4f:42:ed:d3:8f:1a:6a:22:41:87:38:3d:18:
                    98:76:96:85:8d:a7:f7:c4:ae:8b:da:df:ba:0e:42:
                    ba:28:c6:92:0a:19:ef:b2:be:01:08:8e:96:6d:00:
                    2d:31:df:44:d0:0a:5e:30:35:88:e9:3a:af:40:68:
                    9d:27:dd:de:49:7b:c7:36:dd:ff:37:0e:b5:ef:a8:
                    cc:57:8a:f3:a7:8a:b2:95:5b:f3:1e:47:7d:5e:35:
                    0c:f0:a9:21:fe:a0:df:9d:b7:55:9e:79:e8:fb:0a:
                    07:51:53:bc:10:ac:50:f6:9f:db:1a:c4:5c:4d:85:
                    9a:2d:72:69:8e:2b:a8:55:16:6d:ee:59:a2:6c:67:
                    54:a3:d3:68:41:ac:f8:5a:b7:21:37:59:4d:38:9d:
                    66:cf:45:3e:34:fc:31:0c:d4:dc:58:17:0b:aa:de:
                    83:24:58:71:15:a5:95:3b:9d:67:ae:83:b7:8f:0f:
                    78:ea:93:2c:3c:c7:02:21:03:f7:5e:66:3f:53:7b:
                    6b:1c:17:b1:5d:67:43:83:0e:f2:be:59:e8:5d:e1:
                    02:9e:0d:61:67:28:4c:f0:e9:33:8b:45:44:a5:5c:
                    ea:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:FF:5D:77:90:1C:BC:58:C3:C0:5C:6B:21:9F:83:0F:0A:FC:3D:75
            X509v3 Authority Key Identifier:
                keyid:95:CB:18:C7:EC:E6:BD:DC:95:70:F3:7F:F7:86:60:B5:8E:6C:20:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lcsYx-zmvdyVcPN_94ZgtY5sIEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/8f4a2b-492c-4331-84f8-026e0a4ccaaa/1/s_9dd5AcvFjDwFxrIZ-DDwr8PXU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/8f4a2b-492c-4331-84f8-026e0a4ccaaa/1/lcsYx-zmvdyVcPN_94ZgtY5sIEQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.235.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:55:b7:b4:d9:3b:41:5f:84:db:95:b8:a5:7d:78:0a:df:66:
         8e:ae:23:51:bb:7f:eb:26:1d:52:fc:65:c9:84:82:a8:a2:6d:
         13:59:3b:f2:8d:82:e6:d9:c0:5d:51:2b:3c:40:d8:6a:0e:d7:
         eb:67:9d:56:32:70:1b:6b:96:59:0b:31:cd:fb:cf:37:a1:1d:
         ae:10:3c:ab:3b:54:e6:38:09:cf:73:82:73:4a:af:aa:3e:0c:
         bf:ed:5f:97:19:e4:f8:a5:ee:f5:ed:9f:6e:be:a3:9c:db:a8:
         61:e8:1b:78:f7:e2:8a:24:8a:0a:d6:10:63:4d:0f:40:8f:ea:
         23:13:a5:31:c4:c9:01:16:25:70:4b:83:10:60:b3:01:09:79:
         2f:5f:e3:52:a1:99:7f:69:e8:63:d1:95:21:92:b0:b5:5d:59:
         5b:f6:30:a7:25:19:f4:4e:25:82:da:62:99:c5:01:23:e7:8a:
         06:d9:fd:29:29:ea:10:d4:ec:c7:7a:08:92:28:87:70:f1:a4:
         f8:e0:2c:58:6c:b7:9e:d0:88:6f:61:4e:ba:54:f4:dc:8f:92:
         bd:4e:7a:13:82:24:88:04:db:60:18:66:a0:98:bd:51:2b:50:
         f3:e5:2f:44:f0:ab:b4:9d:7e:e7:73:b1:e0:b4:71:85:64:99:
         2d:42:ce:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJRduOa3hP6jg56pyTdNdi6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1Y2IxOGM3ZWNlNmJkZGM5NTcwZjM3ZmY3ODY2MGI1OGU2
YzIwNDQwHhcNMjQxMDAzMDgxOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2ZmNWQ3NzkwMWNiYzU4YzNjMDVjNmIyMTlmODMwZjBhZmMzZDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5pE7y5uqwbOkKfjwv3A9Q+bk1oKH
ubVZOyO0UJsRNU9C7dOPGmoiQYc4PRiYdpaFjaf3xK6L2t+6DkK6KMaSChnvsr4B
CI6WbQAtMd9E0ApeMDWI6TqvQGidJ93eSXvHNt3/Nw6176jMV4rzp4qylVvzHkd9
XjUM8Kkh/qDfnbdVnnno+woHUVO8EKxQ9p/bGsRcTYWaLXJpjiuoVRZt7lmibGdU
o9NoQaz4WrchN1lNOJ1mz0U+NPwxDNTcWBcLqt6DJFhxFaWVO51nroO3jw946pMs
PMcCIQP3XmY/U3trHBexXWdDgw7yvlnoXeECng1hZyhM8Okzi0VEpVzq4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLP/XXeQHLxYw8BcayGfgw8K/D11MB8GA1UdIwQY
MBaAFJXLGMfs5r3clXDzf/eGYLWObCBEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGNzWXgtem12ZHlWY1BOXzk0Wmd0WTVzSUVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi84ZjRhMmItNDkyYy00MzMxLTg0Zjgt
MDI2ZTBhNGNjYWFhLzEvc185ZGQ1QWN2RmpEd0Z4cklaLUREd3I4UFhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi84ZjRhMmItNDkyYy00MzMxLTg0ZjgtMDI2ZTBhNGNjYWFh
LzEvbGNzWXgtem12ZHlWY1BOXzk0Wmd0WTVzSUVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+uLMA0G
CSqGSIb3DQEBCwUAA4IBAQB3Vbe02TtBX4TblbilfXgK32aOriNRu3/rJh1S/GXJ
hIKoom0TWTvyjYLm2cBdUSs8QNhqDtfrZ51WMnAba5ZZCzHN+883oR2uEDyrO1Tm
OAnPc4JzSq+qPgy/7V+XGeT4pe717Z9uvqOc26hh6Bt49+KKJIoK1hBjTQ9Aj+oj
E6UxxMkBFiVwS4MQYLMBCXkvX+NSoZl/aehj0ZUhkrC1XVlb9jCnJRn0TiWC2mKZ
xQEj54oG2f0pKeoQ1OzHegiSKIdw8aT44CxYbLee0IhvYU66VPTcj5K9TnoTgiSI
BNtgGGagmL1RK1Dz5S9E8Ku0nX7nc7HgtHGFZJktQs7k
-----END CERTIFICATE-----