Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/7206c7-ff26-40ce-be71-231ac6ed9785/1/nk3NI177XmOh67vBK0jO-qE1kDs.roa
File:                     nk3NI177XmOh67vBK0jO-qE1kDs.roa (raw, json)
Hash identifier:          mj9wfwmMkcDMGJAWXTsaR5to7VXNi/U1h4Xi6nnCFQ0=
Subject key identifier:   9E:4D:CD:23:5E:FB:5E:63:A1:EB:BB:C1:2B:48:CE:FA:A1:35:90:3B
Certificate issuer:       /CN=cf368592163a49ad38ffad1d419a7752b333da77
Certificate serial:       018CC4930475D1763A5AE18CE40CAC410BA7
Authority key identifier: CF:36:85:92:16:3A:49:AD:38:FF:AD:1D:41:9A:77:52:B3:33:DA:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zzaFkhY6Sa04_60dQZp3UrMz2nc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/7206c7-ff26-40ce-be71-231ac6ed9785/1/nk3NI177XmOh67vBK0jO-qE1kDs.roa
Signing time:             Mon 01 Jan 2024 10:30:18 +0000
ROA not before:           Mon 01 Jan 2024 10:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56717
IP address blocks:        91.227.7.0/24 maxlen: 24
                          2001:67c:2c04::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/7206c7-ff26-40ce-be71-231ac6ed9785/1/zzaFkhY6Sa04_60dQZp3UrMz2nc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/7206c7-ff26-40ce-be71-231ac6ed9785/1/zzaFkhY6Sa04_60dQZp3UrMz2nc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zzaFkhY6Sa04_60dQZp3UrMz2nc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:02:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:04:75:d1:76:3a:5a:e1:8c:e4:0c:ac:41:0b:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf368592163a49ad38ffad1d419a7752b333da77
        Validity
            Not Before: Jan  1 10:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e4dcd235efb5e63a1ebbbc12b48cefaa135903b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:fe:98:80:b2:88:cf:60:53:6b:2d:7f:c2:62:
                    ec:1a:e0:3b:5f:7d:dc:e9:d7:38:ac:7c:1c:ac:93:
                    57:06:23:e5:2d:8b:d3:f7:45:a2:97:4c:73:d0:18:
                    f9:f8:1b:7b:6a:6f:ea:9f:a6:cf:bf:30:7d:1e:09:
                    8f:7e:9a:ab:3b:a3:71:2f:cd:72:4f:60:63:a0:8d:
                    36:6a:2c:a4:df:7e:e7:1b:9c:3e:ec:9e:26:40:a5:
                    a8:03:84:3c:b7:30:23:8e:97:45:2d:fd:80:65:4d:
                    6c:52:f3:fc:2a:0e:5f:df:19:fa:fa:3b:90:e5:8d:
                    1d:9f:55:21:f2:89:96:bf:3f:dc:48:5c:82:c9:ee:
                    53:c3:0c:9f:c2:1b:14:db:11:05:5a:58:5b:f1:16:
                    59:7b:4e:0d:1d:58:92:c8:6c:37:b2:b2:f6:15:2a:
                    e4:a6:0a:5c:8a:8f:a5:11:0b:f4:28:24:08:fe:90:
                    85:9b:d8:0c:69:50:b3:55:c6:1c:70:16:c3:f0:c5:
                    29:30:59:1a:f1:3e:a7:42:52:f2:17:f2:19:a8:e0:
                    c0:07:59:f6:51:d9:15:46:87:6e:16:34:28:b0:cf:
                    67:55:a5:6c:db:8a:bc:05:0c:55:84:c3:65:01:5e:
                    09:62:51:c2:c5:55:10:0e:38:6b:97:c0:d4:70:cf:
                    3a:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:4D:CD:23:5E:FB:5E:63:A1:EB:BB:C1:2B:48:CE:FA:A1:35:90:3B
            X509v3 Authority Key Identifier:
                keyid:CF:36:85:92:16:3A:49:AD:38:FF:AD:1D:41:9A:77:52:B3:33:DA:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zzaFkhY6Sa04_60dQZp3UrMz2nc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/7206c7-ff26-40ce-be71-231ac6ed9785/1/nk3NI177XmOh67vBK0jO-qE1kDs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/7206c7-ff26-40ce-be71-231ac6ed9785/1/zzaFkhY6Sa04_60dQZp3UrMz2nc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.7.0/24
                IPv6:
                  2001:67c:2c04::/48

    Signature Algorithm: sha256WithRSAEncryption
         75:ca:fe:12:37:3e:c8:33:62:09:f1:30:0b:ac:f2:9c:84:f9:
         73:37:ce:b0:01:e9:63:11:ad:d6:5b:e9:54:df:1c:dc:d0:26:
         7a:d8:40:d7:eb:6d:a7:64:ba:76:4c:a3:38:fd:0d:02:fe:a2:
         86:14:ba:8a:07:0b:ae:42:74:c4:5a:da:21:7b:11:ae:30:05:
         34:75:93:ac:09:b4:0f:7a:cb:73:70:ab:46:c0:59:6a:38:c0:
         f3:40:7d:d7:cd:3f:5e:6d:da:cf:e7:1d:ba:6d:55:38:43:97:
         50:8e:51:a6:4d:e0:99:5f:52:33:87:cb:ff:a3:63:c7:7e:76:
         56:34:52:9a:97:0e:a0:8c:66:c5:5e:da:c6:32:cd:82:b8:38:
         e6:5b:a7:9b:29:8e:49:8b:fc:67:cd:84:3e:e8:99:ee:c3:7a:
         51:3b:50:b2:93:3b:f5:c8:b6:db:57:c3:26:b1:60:50:e3:45:
         c4:e1:27:2c:83:20:fb:da:0a:03:95:bd:37:95:2b:4f:62:51:
         88:89:ba:ba:1c:20:20:95:11:45:0f:85:91:f8:7d:36:43:21:
         b2:da:02:b5:4d:bf:e7:c4:d6:f6:6e:05:2f:8a:8a:4a:42:06:
         39:1d:fa:f1:82:60:4b:85:ac:20:fb:8f:b9:07:50:5e:47:2a:
         5c:58:a2:6f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEkwR10XY6WuGM5AysQQunMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmMzY4NTkyMTYzYTQ5YWQzOGZmYWQxZDQxOWE3NzUyYjMz
M2RhNzcwHhcNMjQwMTAxMTAzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTRkY2QyMzVlZmI1ZTYzYTFlYmJiYzEyYjQ4Y2VmYWExMzU5MDNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgf6YgLKIz2BTay1/wmLsGuA7X33c
6dc4rHwcrJNXBiPlLYvT90Wil0xz0Bj5+Bt7am/qn6bPvzB9HgmPfpqrO6NxL81y
T2BjoI02aiyk337nG5w+7J4mQKWoA4Q8tzAjjpdFLf2AZU1sUvP8Kg5f3xn6+juQ
5Y0dn1Uh8omWvz/cSFyCye5TwwyfwhsU2xEFWlhb8RZZe04NHViSyGw3srL2FSrk
pgpcio+lEQv0KCQI/pCFm9gMaVCzVcYccBbD8MUpMFka8T6nQlLyF/IZqODAB1n2
UdkVRoduFjQosM9nVaVs24q8BQxVhMNlAV4JYlHCxVUQDjhrl8DUcM869QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJ5NzSNe+15joeu7wStIzvqhNZA7MB8GA1UdIwQY
MBaAFM82hZIWOkmtOP+tHUGad1KzM9p3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenphRmtoWTZTYTA0XzYwZFFacDNVck16Mm5jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS83MjA2YzctZmYyNi00MGNlLWJlNzEt
MjMxYWM2ZWQ5Nzg1LzEvbmszTkkxNzdYbU9oNjd2Qkswak8tcUUxa0RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS83MjA2YzctZmYyNi00MGNlLWJlNzEtMjMxYWM2ZWQ5Nzg1
LzEvenphRmtoWTZTYTA0XzYwZFFacDNVck16Mm5jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW+MHMA8E
AgACMAkDBwAgAQZ8LAQwDQYJKoZIhvcNAQELBQADggEBAHXK/hI3PsgzYgnxMAus
8pyE+XM3zrAB6WMRrdZb6VTfHNzQJnrYQNfrbadkunZMozj9DQL+ooYUuooHC65C
dMRa2iF7Ea4wBTR1k6wJtA96y3Nwq0bAWWo4wPNAfdfNP15t2s/nHbptVThDl1CO
UaZN4JlfUjOHy/+jY8d+dlY0UpqXDqCMZsVe2sYyzYK4OOZbp5spjkmL/GfNhD7o
me7DelE7ULKTO/XItttXwyaxYFDjRcThJyyDIPvaCgOVvTeVK09iUYiJurocICCV
EUUPhZH4fTZDIbLaArVNv+fE1vZuBS+KikpCBjkd+vGCYEuFrCD7j7kHUF5HKlxY
om8=
-----END CERTIFICATE-----