Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/d1130e-e07f-49ba-bef4-6c767b92c9a5/1/9BvzhIu_nmVHGYO3FnjsMYGSn7o.roa
File:                     9BvzhIu_nmVHGYO3FnjsMYGSn7o.roa (raw, json)
Hash identifier:          TH983D5xolJEa8lOZK2/mcT2sOoRLPRERmFn4sh/3AQ=
Subject key identifier:   F4:1B:F3:84:8B:BF:9E:65:47:19:83:B7:16:78:EC:31:81:92:9F:BA
Certificate issuer:       /CN=db7e1770a3804c74b9f12cb9b6fa70396de9329f
Certificate serial:       0191C6B874DD357D377042FA6BA98459BAE7
Authority key identifier: DB:7E:17:70:A3:80:4C:74:B9:F1:2C:B9:B6:FA:70:39:6D:E9:32:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/234XcKOATHS58Sy5tvpwOW3pMp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/d1130e-e07f-49ba-bef4-6c767b92c9a5/1/9BvzhIu_nmVHGYO3FnjsMYGSn7o.roa
Signing time:             Fri 06 Sep 2024 09:44:22 +0000
ROA not before:           Fri 06 Sep 2024 09:44:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59531
IP address blocks:        91.242.208.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/d1130e-e07f-49ba-bef4-6c767b92c9a5/1/234XcKOATHS58Sy5tvpwOW3pMp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/d1130e-e07f-49ba-bef4-6c767b92c9a5/1/234XcKOATHS58Sy5tvpwOW3pMp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/234XcKOATHS58Sy5tvpwOW3pMp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:c6:b8:74:dd:35:7d:37:70:42:fa:6b:a9:84:59:ba:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db7e1770a3804c74b9f12cb9b6fa70396de9329f
        Validity
            Not Before: Sep  6 09:44:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f41bf3848bbf9e65471983b71678ec3181929fba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:57:7d:6b:75:6d:4a:16:b8:e3:6b:22:7b:34:
                    f6:9d:1c:e0:26:29:74:2f:ab:92:ef:eb:31:ae:95:
                    c7:9e:7d:af:54:12:01:b6:04:11:3e:3b:2b:d1:6c:
                    36:1c:73:a4:22:77:21:b8:68:a9:df:66:a4:e7:cc:
                    5b:0b:fd:9c:46:d7:f2:8a:87:54:05:4e:a9:6e:a1:
                    92:0a:fb:2d:a0:96:6e:34:d0:26:c7:82:e9:f6:0c:
                    f4:61:6b:4c:47:d2:a2:b9:0c:70:3b:ae:2a:95:7b:
                    8f:41:51:10:27:7a:6b:1a:b4:48:1c:1b:ce:60:b3:
                    6d:96:46:5b:38:4b:f0:93:a0:12:ac:ca:dd:6e:aa:
                    0c:bd:27:ad:e1:0f:31:c5:5a:04:16:be:ab:67:8f:
                    bd:45:2d:27:fb:21:c2:8a:be:df:06:17:fc:60:d8:
                    5f:f4:46:bb:a8:79:b8:ba:db:39:36:66:9a:5a:00:
                    72:e4:90:56:dc:32:cf:ef:e7:8e:43:17:b8:15:6d:
                    55:0d:48:29:28:9b:de:be:c1:e9:28:70:82:f0:d9:
                    95:ad:ba:b4:c6:3c:7b:49:4f:a0:df:fc:90:31:28:
                    00:ed:40:ab:5b:ff:27:d7:e8:14:6b:11:de:2b:39:
                    27:25:b4:e7:c4:6c:7f:56:a8:9e:dd:2c:1f:fb:a8:
                    56:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:1B:F3:84:8B:BF:9E:65:47:19:83:B7:16:78:EC:31:81:92:9F:BA
            X509v3 Authority Key Identifier:
                keyid:DB:7E:17:70:A3:80:4C:74:B9:F1:2C:B9:B6:FA:70:39:6D:E9:32:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/234XcKOATHS58Sy5tvpwOW3pMp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/d1130e-e07f-49ba-bef4-6c767b92c9a5/1/9BvzhIu_nmVHGYO3FnjsMYGSn7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/d1130e-e07f-49ba-bef4-6c767b92c9a5/1/234XcKOATHS58Sy5tvpwOW3pMp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.242.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9b:07:4f:f4:20:c3:2f:d4:54:27:00:9c:8e:79:c7:84:61:c2:
         26:2e:4f:f3:20:41:10:34:d3:b6:f8:85:95:6b:46:38:3f:41:
         2a:54:7d:8e:81:f7:c6:97:0c:5d:4c:00:95:80:05:98:b4:88:
         1f:82:a1:1a:c7:09:16:8e:fe:ce:5a:18:29:06:a2:75:0f:f1:
         ab:06:3d:2e:9a:df:bc:e8:fd:aa:4d:f5:75:eb:a8:7a:ab:5f:
         61:83:e2:83:34:7f:4e:8a:41:55:08:52:8d:31:bd:6c:ec:90:
         e6:cd:81:16:48:4d:fd:67:f1:f0:24:91:cd:bb:21:42:05:c7:
         8e:a5:3d:4e:97:25:4f:a4:4d:0d:af:e4:50:73:67:22:64:e6:
         fa:df:70:67:74:df:8e:ab:d7:73:75:17:5b:ef:89:90:96:be:
         82:0b:67:9b:1e:cb:bc:6c:cc:09:83:28:56:7b:e7:34:1d:d9:
         4b:a2:6c:d2:d3:f7:6c:64:5f:82:79:dd:55:b1:3f:73:fb:69:
         cb:e0:dc:17:90:74:00:77:60:84:fd:d8:89:7e:97:f4:24:52:
         3b:44:8d:39:7e:9e:2d:26:a7:48:48:56:49:6b:43:eb:91:7d:
         f9:6a:3e:a2:e6:6c:46:c6:fa:66:9a:cc:95:fa:1c:03:c5:e0:
         7d:2d:5a:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHGuHTdNX03cEL6a6mEWbrnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiN2UxNzcwYTM4MDRjNzRiOWYxMmNiOWI2ZmE3MDM5NmRl
OTMyOWYwHhcNMjQwOTA2MDk0NDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDFiZjM4NDhiYmY5ZTY1NDcxOTgzYjcxNjc4ZWMzMTgxOTI5ZmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuld9a3VtSha442siezT2nRzgJil0
L6uS7+sxrpXHnn2vVBIBtgQRPjsr0Ww2HHOkInchuGip32ak58xbC/2cRtfyiodU
BU6pbqGSCvstoJZuNNAmx4Lp9gz0YWtMR9KiuQxwO64qlXuPQVEQJ3prGrRIHBvO
YLNtlkZbOEvwk6ASrMrdbqoMvSet4Q8xxVoEFr6rZ4+9RS0n+yHCir7fBhf8YNhf
9Ea7qHm4uts5NmaaWgBy5JBW3DLP7+eOQxe4FW1VDUgpKJvevsHpKHCC8NmVrbq0
xjx7SU+g3/yQMSgA7UCrW/8n1+gUaxHeKzknJbTnxGx/Vqie3Swf+6hWMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPQb84SLv55lRxmDtxZ47DGBkp+6MB8GA1UdIwQY
MBaAFNt+F3CjgEx0ufEsubb6cDlt6TKfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjM0WGNLT0FUSFM1OFN5NXR2cHdPVzNwTXA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9kMTEzMGUtZTA3Zi00OWJhLWJlZjQt
NmM3NjdiOTJjOWE1LzEvOUJ2emhJdV9ubVZIR1lPM0ZuanNNWUdTbjdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9kMTEzMGUtZTA3Zi00OWJhLWJlZjQtNmM3NjdiOTJjOWE1
LzEvMjM0WGNLT0FUSFM1OFN5NXR2cHdPVzNwTXA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW/LQMA0G
CSqGSIb3DQEBCwUAA4IBAQCbB0/0IMMv1FQnAJyOeceEYcImLk/zIEEQNNO2+IWV
a0Y4P0EqVH2OgffGlwxdTACVgAWYtIgfgqEaxwkWjv7OWhgpBqJ1D/GrBj0umt+8
6P2qTfV166h6q19hg+KDNH9OikFVCFKNMb1s7JDmzYEWSE39Z/HwJJHNuyFCBceO
pT1OlyVPpE0Nr+RQc2ciZOb633BndN+Oq9dzdRdb74mQlr6CC2ebHsu8bMwJgyhW
e+c0HdlLomzS0/dsZF+Ced1VsT9z+2nL4NwXkHQAd2CE/diJfpf0JFI7RI05fp4t
JqdISFZJa0PrkX35aj6i5mxGxvpmmsyV+hwDxeB9LVo4
-----END CERTIFICATE-----