Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/92c1cf-5a22-453c-907f-eb1f8715eec0/1/60oYbcXkayZuaU8C0JD9JUPYztw.roa
File:                     60oYbcXkayZuaU8C0JD9JUPYztw.roa (raw, json)
Hash identifier:          MpkTvLfYoUUXnDusH13raII1J8Nho2J1p/vE6Gk0HNY=
Subject key identifier:   EB:4A:18:6D:C5:E4:6B:26:6E:69:4F:02:D0:90:FD:25:43:D8:CE:DC
Certificate issuer:       /CN=b3d66297c5cdbd36d86849ddeae7985979f450ca
Certificate serial:       018CC56E5E7C39DD83FE1EB9A2A3CAB23348
Authority key identifier: B3:D6:62:97:C5:CD:BD:36:D8:68:49:DD:EA:E7:98:59:79:F4:50:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s9Zil8XNvTbYaEnd6ueYWXn0UMo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/92c1cf-5a22-453c-907f-eb1f8715eec0/1/60oYbcXkayZuaU8C0JD9JUPYztw.roa
Signing time:             Mon 01 Jan 2024 14:29:53 +0000
ROA not before:           Mon 01 Jan 2024 14:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        91.241.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/92c1cf-5a22-453c-907f-eb1f8715eec0/1/s9Zil8XNvTbYaEnd6ueYWXn0UMo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/92c1cf-5a22-453c-907f-eb1f8715eec0/1/s9Zil8XNvTbYaEnd6ueYWXn0UMo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s9Zil8XNvTbYaEnd6ueYWXn0UMo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:5e:7c:39:dd:83:fe:1e:b9:a2:a3:ca:b2:33:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3d66297c5cdbd36d86849ddeae7985979f450ca
        Validity
            Not Before: Jan  1 14:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eb4a186dc5e46b266e694f02d090fd2543d8cedc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:8c:46:59:14:a1:4e:d4:33:83:92:f0:e9:fb:
                    b7:c2:4c:9e:2b:f9:ee:3a:23:47:59:1c:0c:38:81:
                    43:7a:c0:56:9c:2c:e5:1a:f7:e7:53:83:4f:00:cf:
                    15:f2:f5:d2:25:7d:07:55:77:dc:22:ae:01:b5:26:
                    8f:05:47:80:b7:01:c0:f7:a9:d9:17:6d:c1:84:0f:
                    24:e1:0d:c8:80:5b:9e:76:67:41:f1:86:9a:25:33:
                    54:90:f8:9d:6e:30:1e:dc:36:d9:b4:d6:4c:80:a3:
                    46:9f:29:7f:79:e8:67:1a:f1:07:ac:c8:68:67:87:
                    47:3b:a6:97:4e:2a:d9:18:09:84:c9:f3:9b:5a:b2:
                    16:7c:4a:f9:c1:52:96:db:e3:e8:48:82:32:17:47:
                    17:f4:5a:dc:b3:a9:aa:f7:5e:9b:95:61:f2:79:92:
                    84:05:0e:67:f4:2e:38:a2:92:2e:52:f1:e8:43:19:
                    02:51:4e:62:25:aa:f4:46:a0:52:3d:1a:e3:63:0c:
                    e5:7f:51:c7:4b:f0:59:a7:4d:86:f8:ab:66:1a:9f:
                    5f:e6:b9:36:24:56:0c:0b:6a:f7:bd:02:c4:86:6d:
                    3a:60:33:f2:05:f5:65:08:a2:bb:5f:2c:e0:f7:e6:
                    ac:a8:56:76:28:85:65:f9:44:b1:ba:49:2a:7e:7b:
                    2e:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:4A:18:6D:C5:E4:6B:26:6E:69:4F:02:D0:90:FD:25:43:D8:CE:DC
            X509v3 Authority Key Identifier:
                keyid:B3:D6:62:97:C5:CD:BD:36:D8:68:49:DD:EA:E7:98:59:79:F4:50:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s9Zil8XNvTbYaEnd6ueYWXn0UMo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/92c1cf-5a22-453c-907f-eb1f8715eec0/1/60oYbcXkayZuaU8C0JD9JUPYztw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/92c1cf-5a22-453c-907f-eb1f8715eec0/1/s9Zil8XNvTbYaEnd6ueYWXn0UMo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.241.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:78:eb:8e:20:9c:e9:a4:37:58:cf:2d:fd:55:e6:d5:e2:89:
         78:d4:c1:ab:02:aa:85:3d:b4:e1:6f:06:41:aa:aa:65:0b:7b:
         13:de:a3:45:4d:d8:76:d0:f4:93:b5:6e:24:53:de:d6:2b:c7:
         b8:f9:19:13:b7:6e:be:90:c0:14:04:55:52:3e:81:4c:6a:d7:
         5c:1e:c7:4c:9a:cd:52:62:45:70:05:4d:fb:6f:1d:f1:dd:cc:
         e5:20:e8:e2:29:ce:fb:02:3b:4a:55:35:b4:ea:ff:a8:32:0c:
         c1:25:3f:90:53:cd:a7:31:68:29:3f:0f:b5:4a:4a:cb:09:a1:
         08:a1:7c:1e:67:45:3e:f1:12:00:7e:e9:eb:bb:7a:6e:d4:7c:
         53:3d:5d:1a:d0:f9:a9:9a:7f:94:39:af:5e:e7:f6:4a:13:5e:
         16:01:f4:4e:73:53:14:b5:07:00:1e:b7:b6:c0:50:52:4b:2b:
         ed:f7:c2:8b:b6:44:8d:0b:c3:da:97:43:f1:45:d5:49:73:d5:
         b5:1d:7a:da:33:75:55:97:89:d7:99:48:30:67:2f:1b:4e:ec:
         f4:70:b4:b6:4d:24:46:46:49:9b:1e:87:e5:e9:a5:6d:b0:4b:
         cc:21:b9:ef:35:f6:81:9c:a8:04:f5:bc:ff:90:a0:69:a9:0a:
         af:70:de:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbl58Od2D/h65oqPKsjNIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzZDY2Mjk3YzVjZGJkMzZkODY4NDlkZGVhZTc5ODU5Nzlm
NDUwY2EwHhcNMjQwMTAxMTQyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjRhMTg2ZGM1ZTQ2YjI2NmU2OTRmMDJkMDkwZmQyNTQzZDhjZWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkYxGWRShTtQzg5Lw6fu3wkyeK/nu
OiNHWRwMOIFDesBWnCzlGvfnU4NPAM8V8vXSJX0HVXfcIq4BtSaPBUeAtwHA96nZ
F23BhA8k4Q3IgFuedmdB8YaaJTNUkPidbjAe3DbZtNZMgKNGnyl/eehnGvEHrMho
Z4dHO6aXTirZGAmEyfObWrIWfEr5wVKW2+PoSIIyF0cX9Frcs6mq916blWHyeZKE
BQ5n9C44opIuUvHoQxkCUU5iJar0RqBSPRrjYwzlf1HHS/BZp02G+KtmGp9f5rk2
JFYMC2r3vQLEhm06YDPyBfVlCKK7Xyzg9+asqFZ2KIVl+USxukkqfnsumwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOtKGG3F5GsmbmlPAtCQ/SVD2M7cMB8GA1UdIwQY
MBaAFLPWYpfFzb022GhJ3ernmFl59FDKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczlaaWw4WE52VGJZYUVuZDZ1ZVlXWG4wVU1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS85MmMxY2YtNWEyMi00NTNjLTkwN2Yt
ZWIxZjg3MTVlZWMwLzEvNjBvWWJjWGtheVp1YVU4QzBKRDlKVVBZenR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS85MmMxY2YtNWEyMi00NTNjLTkwN2YtZWIxZjg3MTVlZWMw
LzEvczlaaWw4WE52VGJZYUVuZDZ1ZVlXWG4wVU1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/EOMA0G
CSqGSIb3DQEBCwUAA4IBAQAReOuOIJzppDdYzy39VebV4ol41MGrAqqFPbThbwZB
qqplC3sT3qNFTdh20PSTtW4kU97WK8e4+RkTt26+kMAUBFVSPoFMatdcHsdMms1S
YkVwBU37bx3x3czlIOjiKc77AjtKVTW06v+oMgzBJT+QU82nMWgpPw+1SkrLCaEI
oXweZ0U+8RIAfunru3pu1HxTPV0a0Pmpmn+UOa9e5/ZKE14WAfROc1MUtQcAHre2
wFBSSyvt98KLtkSNC8Pal0PxRdVJc9W1HXraM3VVl4nXmUgwZy8bTuz0cLS2TSRG
RkmbHofl6aVtsEvMIbnvNfaBnKgE9bz/kKBpqQqvcN5b
-----END CERTIFICATE-----