Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/9bd122-d6a9-4a40-860b-b0efc01d4f9c/1/KpDjn9vuxfYpwdjM05ehNU9WWs8.roa
File:                     KpDjn9vuxfYpwdjM05ehNU9WWs8.roa (raw, json)
Hash identifier:          WG+rEPedVjI7S1+/c7RRw3KbCax2Kvvho9A5OYeowvw=
Subject key identifier:   2A:90:E3:9F:DB:EE:C5:F6:29:C1:D8:CC:D3:97:A1:35:4F:56:5A:CF
Certificate issuer:       /CN=322d91b4aa96cc5732576d42335fddd0e5d6294f
Certificate serial:       0191458AB953658A976948BC36224AAA18EC
Authority key identifier: 32:2D:91:B4:AA:96:CC:57:32:57:6D:42:33:5F:DD:D0:E5:D6:29:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mi2RtKqWzFcyV21CM1_d0OXWKU8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/9bd122-d6a9-4a40-860b-b0efc01d4f9c/1/KpDjn9vuxfYpwdjM05ehNU9WWs8.roa
Signing time:             Mon 12 Aug 2024 07:43:24 +0000
ROA not before:           Mon 12 Aug 2024 07:43:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215644
IP address blocks:        81.89.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/9bd122-d6a9-4a40-860b-b0efc01d4f9c/1/Mi2RtKqWzFcyV21CM1_d0OXWKU8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/9bd122-d6a9-4a40-860b-b0efc01d4f9c/1/Mi2RtKqWzFcyV21CM1_d0OXWKU8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mi2RtKqWzFcyV21CM1_d0OXWKU8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:45:8a:b9:53:65:8a:97:69:48:bc:36:22:4a:aa:18:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=322d91b4aa96cc5732576d42335fddd0e5d6294f
        Validity
            Not Before: Aug 12 07:43:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a90e39fdbeec5f629c1d8ccd397a1354f565acf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:b4:26:f0:2b:72:64:89:9e:06:dd:56:b8:39:
                    b8:fb:7d:04:a7:d2:4d:3c:ed:08:53:85:39:19:72:
                    2a:aa:36:cb:e3:a6:43:3a:6e:c0:c2:5d:20:97:4b:
                    0c:69:24:1c:92:5c:fc:5a:3d:8f:38:a1:e4:ef:df:
                    8b:91:61:d4:4f:4d:91:6b:21:95:46:e4:c4:12:53:
                    e8:0e:e2:e5:1a:12:8f:74:c9:e5:f5:2a:5e:25:ad:
                    bc:5b:2e:10:ca:16:63:37:6f:12:55:05:41:fd:e8:
                    cf:24:b0:3d:9c:e3:95:0c:62:18:ed:17:39:84:ee:
                    12:b9:76:62:28:cc:4b:f6:ec:64:7c:c5:cc:85:77:
                    ee:4e:d4:b4:49:ef:dd:13:b8:42:be:d7:9d:55:19:
                    36:17:34:35:15:57:9d:8d:94:71:b6:5f:5d:75:a5:
                    68:d4:ae:d1:0f:cd:26:51:d2:10:89:29:95:b4:54:
                    d6:90:1f:be:15:a2:6e:a1:18:75:76:42:f8:80:87:
                    3c:35:04:92:f5:ce:81:3f:61:71:ea:9e:cb:64:40:
                    04:b9:55:96:12:7c:ce:98:1c:e3:76:30:58:48:ec:
                    fa:ea:b0:bc:96:06:19:c1:17:f9:22:3b:88:78:42:
                    04:6d:f7:85:0e:76:b8:13:bf:68:8f:f0:31:35:1a:
                    03:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:90:E3:9F:DB:EE:C5:F6:29:C1:D8:CC:D3:97:A1:35:4F:56:5A:CF
            X509v3 Authority Key Identifier:
                keyid:32:2D:91:B4:AA:96:CC:57:32:57:6D:42:33:5F:DD:D0:E5:D6:29:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mi2RtKqWzFcyV21CM1_d0OXWKU8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/9bd122-d6a9-4a40-860b-b0efc01d4f9c/1/KpDjn9vuxfYpwdjM05ehNU9WWs8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/9bd122-d6a9-4a40-860b-b0efc01d4f9c/1/Mi2RtKqWzFcyV21CM1_d0OXWKU8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.89.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:0d:b5:84:88:7d:ec:68:09:f7:97:63:75:13:e6:ee:c6:ea:
         e4:53:a6:22:9f:54:a5:92:2e:9d:21:0f:87:ee:d6:4a:28:73:
         65:91:d7:10:60:79:4c:f1:9b:3c:3c:3b:90:9c:07:ad:26:07:
         17:39:7b:0e:4b:77:37:43:23:4a:e2:5c:1c:f8:35:09:97:3e:
         34:65:6d:5d:1a:29:86:a0:b7:f2:03:ca:1c:32:53:25:9f:ea:
         f2:ca:9d:47:0e:aa:85:de:08:36:b7:54:68:ee:12:e5:98:e6:
         95:72:93:90:24:d1:06:6d:57:d2:7d:4c:5d:75:17:84:e8:1a:
         b9:85:8f:ed:5a:d2:41:9a:f7:61:63:68:51:6f:ce:49:cf:2a:
         93:73:96:cd:05:0e:89:27:d0:d3:1e:61:36:80:fc:89:e4:b1:
         53:4b:11:d3:83:1d:01:60:73:9f:47:de:b5:ab:f8:d9:3b:36:
         09:ad:30:04:22:2e:70:bc:f7:09:7d:f1:8d:90:d5:9f:7f:a0:
         27:6c:7d:6c:34:47:06:7b:fb:b4:2a:8d:99:08:b8:77:37:60:
         ae:52:ef:9d:f9:bc:20:4e:f1:d0:84:6c:f4:e0:ac:22:d2:b9:
         ac:cf:15:77:e6:4f:54:2e:24:c9:f7:37:78:c3:b0:6e:8f:df:
         1a:2c:69:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFFirlTZYqXaUi8NiJKqhjsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyMmQ5MWI0YWE5NmNjNTczMjU3NmQ0MjMzNWZkZGQwZTVk
NjI5NGYwHhcNMjQwODEyMDc0MzI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTkwZTM5ZmRiZWVjNWY2MjljMWQ4Y2NkMzk3YTEzNTRmNTY1YWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0bQm8CtyZImeBt1WuDm4+30Ep9JN
PO0IU4U5GXIqqjbL46ZDOm7Awl0gl0sMaSQcklz8Wj2POKHk79+LkWHUT02RayGV
RuTEElPoDuLlGhKPdMnl9SpeJa28Wy4QyhZjN28SVQVB/ejPJLA9nOOVDGIY7Rc5
hO4SuXZiKMxL9uxkfMXMhXfuTtS0Se/dE7hCvtedVRk2FzQ1FVedjZRxtl9ddaVo
1K7RD80mUdIQiSmVtFTWkB++FaJuoRh1dkL4gIc8NQSS9c6BP2Fx6p7LZEAEuVWW
EnzOmBzjdjBYSOz66rC8lgYZwRf5IjuIeEIEbfeFDna4E79oj/AxNRoDUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCqQ45/b7sX2KcHYzNOXoTVPVlrPMB8GA1UdIwQY
MBaAFDItkbSqlsxXMldtQjNf3dDl1ilPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWkyUnRLcVd6RmN5VjIxQ00xX2QwT1hXS1U4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi85YmQxMjItZDZhOS00YTQwLTg2MGIt
YjBlZmMwMWQ0ZjljLzEvS3BEam45dnV4Zllwd2RqTTA1ZWhOVTlXV3M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi85YmQxMjItZDZhOS00YTQwLTg2MGItYjBlZmMwMWQ0Zjlj
LzEvTWkyUnRLcVd6RmN5VjIxQ00xX2QwT1hXS1U4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUVndMA0G
CSqGSIb3DQEBCwUAA4IBAQAKDbWEiH3saAn3l2N1E+buxurkU6Yin1Slki6dIQ+H
7tZKKHNlkdcQYHlM8Zs8PDuQnAetJgcXOXsOS3c3QyNK4lwc+DUJlz40ZW1dGimG
oLfyA8ocMlMln+ryyp1HDqqF3gg2t1Ro7hLlmOaVcpOQJNEGbVfSfUxddReE6Bq5
hY/tWtJBmvdhY2hRb85JzyqTc5bNBQ6JJ9DTHmE2gPyJ5LFTSxHTgx0BYHOfR961
q/jZOzYJrTAEIi5wvPcJffGNkNWff6AnbH1sNEcGe/u0Ko2ZCLh3N2CuUu+d+bwg
TvHQhGz04Kwi0rmszxV35k9ULiTJ9zd4w7Buj98aLGn3
-----END CERTIFICATE-----