Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/4c7379-3649-41de-89f7-d56374e1157a/1/d6blSjaqO2EcEPuhj7EsQzjBTt0.roa
File:                     d6blSjaqO2EcEPuhj7EsQzjBTt0.roa (raw, json)
Hash identifier:          4jd/vZVphNUOF+ezj/NTHKtL7kzqYpJOJYm6eI+27Hw=
Subject key identifier:   77:A6:E5:4A:36:AA:3B:61:1C:10:FB:A1:8F:B1:2C:43:38:C1:4E:DD
Certificate issuer:       /CN=9c0a8c177911f64c30557368815b9e67d8fc3c0f
Certificate serial:       0194266B9AE3DE35A24B15BB9B81EB4FF6BC
Authority key identifier: 9C:0A:8C:17:79:11:F6:4C:30:55:73:68:81:5B:9E:67:D8:FC:3C:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nAqMF3kR9kwwVXNogVueZ9j8PA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/4c7379-3649-41de-89f7-d56374e1157a/1/d6blSjaqO2EcEPuhj7EsQzjBTt0.roa
Signing time:             Thu 02 Jan 2025 09:49:33 +0000
ROA not before:           Thu 02 Jan 2025 09:49:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48332
IP address blocks:        91.209.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/4c7379-3649-41de-89f7-d56374e1157a/1/nAqMF3kR9kwwVXNogVueZ9j8PA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/4c7379-3649-41de-89f7-d56374e1157a/1/nAqMF3kR9kwwVXNogVueZ9j8PA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nAqMF3kR9kwwVXNogVueZ9j8PA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:9a:e3:de:35:a2:4b:15:bb:9b:81:eb:4f:f6:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c0a8c177911f64c30557368815b9e67d8fc3c0f
        Validity
            Not Before: Jan  2 09:49:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=77a6e54a36aa3b611c10fba18fb12c4338c14edd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:d2:c3:c0:99:3b:47:83:f9:e5:5c:54:ff:5a:
                    49:57:55:9b:73:84:6f:dc:7e:91:8f:50:9e:b1:77:
                    0b:a3:48:92:04:b6:ed:41:16:cc:31:85:30:a4:1f:
                    0e:31:29:3e:3d:02:4d:ce:6a:82:f7:fe:b5:a2:a1:
                    cf:ca:64:ca:cd:9d:64:1b:63:cb:d5:fe:cc:b1:be:
                    eb:2f:28:61:a0:60:d2:cf:54:e0:c3:bb:8a:33:cd:
                    03:08:e7:5f:4e:8e:b6:94:b2:a3:cd:d4:c0:7b:6c:
                    db:bd:19:33:f1:14:1e:43:78:c2:37:e0:9a:db:e1:
                    78:c1:19:1c:e2:bb:c3:51:0d:8c:03:b5:ba:bd:cb:
                    87:a8:6a:ff:22:46:27:b9:e3:ab:63:3e:7f:3d:fb:
                    ed:4d:11:5a:7c:08:c2:38:f6:d8:25:ac:15:7b:17:
                    d4:cb:23:c7:e7:c4:54:3e:a3:95:c5:28:a7:b5:a8:
                    4c:66:77:5f:f5:a0:c6:4b:9a:fb:35:cd:8f:41:9f:
                    ca:75:d4:25:c3:6a:6f:ba:4d:e6:57:90:17:4a:94:
                    98:c8:ec:36:d0:ba:4d:a8:64:ae:74:42:10:e8:ce:
                    5a:0e:b8:c9:7a:fd:d0:c9:f8:4f:28:13:a0:7f:7d:
                    9e:95:82:71:e4:7e:3d:e3:51:d3:17:cc:d5:96:66:
                    95:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:A6:E5:4A:36:AA:3B:61:1C:10:FB:A1:8F:B1:2C:43:38:C1:4E:DD
            X509v3 Authority Key Identifier:
                keyid:9C:0A:8C:17:79:11:F6:4C:30:55:73:68:81:5B:9E:67:D8:FC:3C:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nAqMF3kR9kwwVXNogVueZ9j8PA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/4c7379-3649-41de-89f7-d56374e1157a/1/d6blSjaqO2EcEPuhj7EsQzjBTt0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/4c7379-3649-41de-89f7-d56374e1157a/1/nAqMF3kR9kwwVXNogVueZ9j8PA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:a6:d5:ba:90:42:59:9f:ee:ae:cc:f2:37:93:f2:9c:85:b0:
         67:bb:41:7a:e9:46:4f:4c:46:63:d1:00:0e:e1:4e:85:44:c3:
         d6:17:62:00:14:df:c2:7f:15:9c:2b:b7:fc:15:91:e0:be:1e:
         e4:db:9e:e8:9e:5f:68:75:c0:0b:8a:a5:07:56:82:6c:e5:40:
         db:ab:f5:c2:7e:47:c9:61:2f:47:d1:59:7c:77:89:fa:79:70:
         ef:b6:a7:77:6f:b4:6b:e6:be:24:ee:65:4b:78:5f:ef:b0:24:
         be:6b:cd:f4:95:e3:bd:f2:48:2d:3a:65:c0:99:a0:b9:2d:b8:
         61:1a:b9:1d:3a:94:05:76:5c:02:68:62:16:a0:b7:1a:bc:b9:
         56:32:7f:8d:d2:44:75:3e:9b:5c:ba:96:81:d0:5f:ec:5b:d9:
         72:ba:56:a8:d3:36:64:ea:e8:d4:e4:06:39:b4:8d:7b:3f:1c:
         5f:32:6e:75:91:f7:cc:a2:3e:56:8f:c6:92:0b:cb:29:81:2f:
         08:70:aa:59:33:a2:ba:64:d7:56:bc:36:6d:c3:7e:3c:30:f8:
         7c:63:e5:19:dd:3e:0d:0d:6b:4d:47:cf:13:1e:85:6e:bf:da:
         a9:18:e0:f7:5b:9a:62:51:8c:9d:fe:fc:19:82:25:bc:fe:96:
         0d:69:75:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma5rj3jWiSxW7m4HrT/a8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljMGE4YzE3NzkxMWY2NGMzMDU1NzM2ODgxNWI5ZTY3ZDhm
YzNjMGYwHhcNMjUwMTAyMDk0OTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2E2ZTU0YTM2YWEzYjYxMWMxMGZiYTE4ZmIxMmM0MzM4YzE0ZWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt9LDwJk7R4P55VxU/1pJV1Wbc4Rv
3H6Rj1CesXcLo0iSBLbtQRbMMYUwpB8OMSk+PQJNzmqC9/61oqHPymTKzZ1kG2PL
1f7Msb7rLyhhoGDSz1Tgw7uKM80DCOdfTo62lLKjzdTAe2zbvRkz8RQeQ3jCN+Ca
2+F4wRkc4rvDUQ2MA7W6vcuHqGr/IkYnueOrYz5/PfvtTRFafAjCOPbYJawVexfU
yyPH58RUPqOVxSintahMZndf9aDGS5r7Nc2PQZ/KddQlw2pvuk3mV5AXSpSYyOw2
0LpNqGSudEIQ6M5aDrjJev3QyfhPKBOgf32elYJx5H4941HTF8zVlmaV7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHem5Uo2qjthHBD7oY+xLEM4wU7dMB8GA1UdIwQY
MBaAFJwKjBd5EfZMMFVzaIFbnmfY/DwPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkFxTUYza1I5a3d3VlhOb2dWdWVaOWo4UEE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy80YzczNzktMzY0OS00MWRlLTg5Zjct
ZDU2Mzc0ZTExNTdhLzEvZDZibFNqYXFPMkVjRVB1aGo3RXNRempCVHQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy80YzczNzktMzY0OS00MWRlLTg5ZjctZDU2Mzc0ZTExNTdh
LzEvbkFxTUYza1I5a3d3VlhOb2dWdWVaOWo4UEE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9FtMA0G
CSqGSIb3DQEBCwUAA4IBAQBwptW6kEJZn+6uzPI3k/KchbBnu0F66UZPTEZj0QAO
4U6FRMPWF2IAFN/CfxWcK7f8FZHgvh7k257onl9odcALiqUHVoJs5UDbq/XCfkfJ
YS9H0Vl8d4n6eXDvtqd3b7Rr5r4k7mVLeF/vsCS+a830leO98kgtOmXAmaC5Lbhh
GrkdOpQFdlwCaGIWoLcavLlWMn+N0kR1PptcupaB0F/sW9lyulao0zZk6ujU5AY5
tI17PxxfMm51kffMoj5Wj8aSC8spgS8IcKpZM6K6ZNdWvDZtw348MPh8Y+UZ3T4N
DWtNR88THoVuv9qpGOD3W5piUYyd/vwZgiW8/pYNaXV6
-----END CERTIFICATE-----