Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/0t9k3VKpg5XpD7MVkMNQX_l1tfc.roa
File:                     0t9k3VKpg5XpD7MVkMNQX_l1tfc.roa (raw, json)
Hash identifier:          BzUj07EejYyyMT4Im9XK7eLGF3C5NwrA/MzbT6j9keY=
Subject key identifier:   D2:DF:64:DD:52:A9:83:95:E9:0F:B3:15:90:C3:50:5F:F9:75:B5:F7
Certificate issuer:       /CN=4fb2bb7bad50f1921810a028e78edd65f81f6a7d
Certificate serial:       01942521EDB8ACE2AE86198017BA9E27B4EB
Authority key identifier: 4F:B2:BB:7B:AD:50:F1:92:18:10:A0:28:E7:8E:DD:65:F8:1F:6A:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T7K7e61Q8ZIYEKAo547dZfgfan0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/0t9k3VKpg5XpD7MVkMNQX_l1tfc.roa
Signing time:             Thu 02 Jan 2025 03:49:28 +0000
ROA not before:           Thu 02 Jan 2025 03:49:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        91.238.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/T7K7e61Q8ZIYEKAo547dZfgfan0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/T7K7e61Q8ZIYEKAo547dZfgfan0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T7K7e61Q8ZIYEKAo547dZfgfan0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:ed:b8:ac:e2:ae:86:19:80:17:ba:9e:27:b4:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fb2bb7bad50f1921810a028e78edd65f81f6a7d
        Validity
            Not Before: Jan  2 03:49:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d2df64dd52a98395e90fb31590c3505ff975b5f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:b5:8e:57:39:f7:99:17:b9:5c:a5:ea:41:d5:
                    3f:d3:57:77:18:ff:41:20:5d:24:8d:d4:93:82:84:
                    b1:8f:f6:87:53:70:9f:aa:0d:2f:78:a5:3a:1a:e1:
                    2a:2f:06:a8:96:0c:7c:f1:fd:59:fa:5c:9a:9c:16:
                    2a:ed:8d:b2:33:8d:73:79:e0:64:f4:f5:5c:8f:cd:
                    43:86:4d:38:eb:05:5e:e3:34:ff:4a:93:2f:02:2b:
                    4f:5e:5b:ea:27:e5:04:1f:e3:a4:44:01:0d:af:5c:
                    2a:cb:ca:62:80:83:1f:4c:c1:f8:97:11:1d:2f:82:
                    52:50:e4:b3:6b:57:49:89:22:29:a4:de:53:38:23:
                    e6:4e:f3:a7:98:aa:01:7e:b7:ed:2c:11:61:88:64:
                    c4:19:31:17:c6:cf:fd:0b:a0:5b:09:b3:a1:b9:bc:
                    cd:30:79:33:a9:65:82:59:cd:47:98:d0:2f:08:fa:
                    e0:a0:25:eb:39:c5:97:12:96:d5:2e:e6:61:e1:46:
                    2e:3b:c3:d7:bc:39:ff:ed:5a:00:2f:46:27:82:ba:
                    db:b5:f6:e6:4f:b4:4e:1f:d5:40:1d:ca:9c:01:5b:
                    de:35:df:f3:4e:16:9b:ff:62:8b:58:d4:15:0a:dd:
                    79:74:e1:16:97:04:bf:d9:70:6f:f2:32:80:8c:bb:
                    dd:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:DF:64:DD:52:A9:83:95:E9:0F:B3:15:90:C3:50:5F:F9:75:B5:F7
            X509v3 Authority Key Identifier:
                keyid:4F:B2:BB:7B:AD:50:F1:92:18:10:A0:28:E7:8E:DD:65:F8:1F:6A:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T7K7e61Q8ZIYEKAo547dZfgfan0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/0t9k3VKpg5XpD7MVkMNQX_l1tfc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/T7K7e61Q8ZIYEKAo547dZfgfan0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:83:dc:aa:54:9a:36:87:b1:8b:73:98:49:94:ef:e6:c7:22:
         41:46:b8:75:38:68:19:8c:8c:92:c4:6e:62:af:19:82:22:77:
         0e:7c:8f:8a:17:8b:aa:36:74:df:2e:a1:49:8b:4b:7a:45:3a:
         bc:41:d7:d5:ec:39:ca:8e:08:01:83:88:f0:22:9b:b4:46:a2:
         15:b9:c2:c5:a5:e4:a9:50:9c:56:41:51:f8:1d:ef:85:94:30:
         39:fc:5b:e6:eb:9a:ca:02:19:6d:80:83:ae:60:d8:fa:44:ec:
         4c:78:55:27:ef:28:fd:1f:99:64:91:f8:d0:46:68:12:4b:36:
         08:ff:0e:e3:1d:93:5e:be:f8:63:f5:69:2a:10:31:ff:35:38:
         55:de:3c:49:40:7d:26:9a:63:2b:3d:3e:db:88:19:df:35:38:
         b5:60:b2:2a:80:bc:39:54:fc:d0:d8:6e:a6:16:d8:8a:34:47:
         2c:92:ce:3b:da:5e:47:3f:2a:4e:ea:c9:4d:ac:3d:1f:49:68:
         62:a6:7d:3b:ab:ed:b5:76:ba:93:31:17:3f:10:36:51:b9:22:
         c1:af:75:5e:51:70:4d:e3:c8:b0:94:c5:52:cc:7a:0a:46:d9:
         2d:8b:b6:52:11:b5:83:ec:45:42:17:b6:92:2e:7b:7e:cc:57:
         98:66:5d:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIe24rOKuhhmAF7qeJ7TrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYjJiYjdiYWQ1MGYxOTIxODEwYTAyOGU3OGVkZDY1Zjgx
ZjZhN2QwHhcNMjUwMTAyMDM0OTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmRmNjRkZDUyYTk4Mzk1ZTkwZmIzMTU5MGMzNTA1ZmY5NzViNWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0rWOVzn3mRe5XKXqQdU/01d3GP9B
IF0kjdSTgoSxj/aHU3Cfqg0veKU6GuEqLwaolgx88f1Z+lyanBYq7Y2yM41zeeBk
9PVcj81Dhk046wVe4zT/SpMvAitPXlvqJ+UEH+OkRAENr1wqy8pigIMfTMH4lxEd
L4JSUOSza1dJiSIppN5TOCPmTvOnmKoBfrftLBFhiGTEGTEXxs/9C6BbCbOhubzN
MHkzqWWCWc1HmNAvCPrgoCXrOcWXEpbVLuZh4UYuO8PXvDn/7VoAL0Yngrrbtfbm
T7ROH9VAHcqcAVveNd/zThab/2KLWNQVCt15dOEWlwS/2XBv8jKAjLvdqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNLfZN1SqYOV6Q+zFZDDUF/5dbX3MB8GA1UdIwQY
MBaAFE+yu3utUPGSGBCgKOeO3WX4H2p9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDdLN2U2MVE4WklZRUtBbzU0N2RaZmdmYW4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9mZGEzODItNDI1Ny00MWMzLThlYzYt
MjdmYmM5OWVhM2M2LzEvMHQ5azNWS3BnNVhwRDdNVmtNTlFYX2wxdGZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9mZGEzODItNDI1Ny00MWMzLThlYzYtMjdmYmM5OWVhM2M2
LzEvVDdLN2U2MVE4WklZRUtBbzU0N2RaZmdmYW4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+5GMA0G
CSqGSIb3DQEBCwUAA4IBAQAsg9yqVJo2h7GLc5hJlO/mxyJBRrh1OGgZjIySxG5i
rxmCIncOfI+KF4uqNnTfLqFJi0t6RTq8QdfV7DnKjggBg4jwIpu0RqIVucLFpeSp
UJxWQVH4He+FlDA5/Fvm65rKAhltgIOuYNj6ROxMeFUn7yj9H5lkkfjQRmgSSzYI
/w7jHZNevvhj9WkqEDH/NThV3jxJQH0mmmMrPT7biBnfNTi1YLIqgLw5VPzQ2G6m
FtiKNEcsks472l5HPypO6slNrD0fSWhipn07q+21drqTMRc/EDZRuSLBr3VeUXBN
48iwlMVSzHoKRtkti7ZSEbWD7EVCF7aSLnt+zFeYZl1i
-----END CERTIFICATE-----