Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/2cfdfd-1b3b-4aaa-bd82-3f78bc3de3a8/1/YJuJ8o0WHgLprEYuuICdtS3WmuE.roa
File:                     YJuJ8o0WHgLprEYuuICdtS3WmuE.roa (raw, json)
Hash identifier:          OV2v0gIzx+CswKqEYZ8Fqvtdnp2voGCUsdTuU3aYkZE=
Subject key identifier:   60:9B:89:F2:8D:16:1E:02:E9:AC:46:2E:B8:80:9D:B5:2D:D6:9A:E1
Certificate issuer:       /CN=a55004661a09e2675fc1599d4e40027d778c404c
Certificate serial:       018CC8030E1D952FE063B5F080EA6FEDBD82
Authority key identifier: A5:50:04:66:1A:09:E2:67:5F:C1:59:9D:4E:40:02:7D:77:8C:40:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pVAEZhoJ4mdfwVmdTkACfXeMQEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/2cfdfd-1b3b-4aaa-bd82-3f78bc3de3a8/1/YJuJ8o0WHgLprEYuuICdtS3WmuE.roa
Signing time:             Tue 02 Jan 2024 02:31:32 +0000
ROA not before:           Tue 02 Jan 2024 02:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56988
IP address blocks:        91.229.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/2cfdfd-1b3b-4aaa-bd82-3f78bc3de3a8/1/pVAEZhoJ4mdfwVmdTkACfXeMQEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/2cfdfd-1b3b-4aaa-bd82-3f78bc3de3a8/1/pVAEZhoJ4mdfwVmdTkACfXeMQEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pVAEZhoJ4mdfwVmdTkACfXeMQEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 16:03:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:03:0e:1d:95:2f:e0:63:b5:f0:80:ea:6f:ed:bd:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a55004661a09e2675fc1599d4e40027d778c404c
        Validity
            Not Before: Jan  2 02:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=609b89f28d161e02e9ac462eb8809db52dd69ae1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:39:a8:1e:3e:55:c7:fc:97:5c:c1:30:14:80:
                    3b:4f:59:e4:44:bf:3f:c7:ad:35:c3:46:d4:33:ab:
                    16:70:e3:06:8c:da:1f:b0:b5:30:72:3b:7d:c6:43:
                    2c:74:fc:de:b3:a5:35:47:0b:e7:f6:c6:49:6b:40:
                    67:b1:82:78:70:68:d5:ab:53:b7:e9:93:a0:a3:c6:
                    55:eb:e7:1d:42:80:c8:80:db:41:39:50:18:b2:05:
                    e4:49:44:e9:2e:b6:75:14:e5:33:8d:95:ef:12:ad:
                    a7:00:31:9a:e1:b7:44:a1:3e:cd:c0:14:87:d0:9d:
                    9b:dd:95:84:60:a2:10:28:ce:d2:5f:b3:84:bc:68:
                    94:fd:72:54:77:30:97:0a:ed:f6:31:2b:d5:03:5e:
                    39:0a:b1:b8:c9:9e:4e:d9:a5:51:39:9c:df:b1:df:
                    83:6d:c8:49:72:71:bf:35:f9:76:f5:8a:af:75:8a:
                    3d:73:51:47:b8:57:11:b6:18:20:cd:30:41:a8:23:
                    40:2b:fa:41:d3:f9:4a:d1:db:d5:24:24:ec:9c:9b:
                    9f:b8:cb:67:fa:8a:ee:1b:aa:42:da:ee:db:5c:cd:
                    2b:f9:b7:75:dc:26:4a:5a:a2:d0:7a:c6:98:f9:97:
                    d9:ad:7f:3c:2d:2f:d0:cc:d8:84:15:61:7c:7f:c1:
                    e8:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:9B:89:F2:8D:16:1E:02:E9:AC:46:2E:B8:80:9D:B5:2D:D6:9A:E1
            X509v3 Authority Key Identifier:
                keyid:A5:50:04:66:1A:09:E2:67:5F:C1:59:9D:4E:40:02:7D:77:8C:40:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pVAEZhoJ4mdfwVmdTkACfXeMQEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/2cfdfd-1b3b-4aaa-bd82-3f78bc3de3a8/1/YJuJ8o0WHgLprEYuuICdtS3WmuE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/2cfdfd-1b3b-4aaa-bd82-3f78bc3de3a8/1/pVAEZhoJ4mdfwVmdTkACfXeMQEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:52:83:94:fe:ee:0a:f1:0d:e3:3a:79:52:4e:66:d6:07:50:
         2c:f1:2d:4d:49:66:7b:c7:f8:b0:2b:51:f0:33:e3:b2:03:19:
         d2:a7:b8:2f:45:86:ef:db:5c:82:af:a1:23:d1:e6:ac:53:58:
         fe:a5:53:e2:b5:b0:05:f4:d4:f1:f4:f6:c3:2d:cd:6c:18:1f:
         87:72:ea:79:b2:fe:1f:b6:fb:af:41:dc:84:44:9b:c3:1c:b3:
         7d:6f:51:3e:4e:15:6e:6a:e8:b3:77:52:27:83:56:7d:87:f4:
         b7:0a:c4:08:e7:54:45:af:4b:87:da:44:04:a4:97:df:10:d7:
         b8:35:83:2a:9f:c6:96:38:5c:cc:7b:59:b0:4f:44:37:83:80:
         69:e7:00:0b:3b:91:06:ee:dd:c8:b4:aa:0b:92:48:cb:f6:9c:
         c9:f8:3f:bd:41:2f:19:9b:69:4d:5a:17:2f:2c:df:2a:32:ef:
         17:81:aa:5b:2f:8c:ff:13:5d:bf:0b:3b:61:0a:66:ff:49:33:
         51:9e:66:7b:7e:a0:17:a9:14:e8:d7:b6:d1:15:0f:7b:7e:18:
         5c:37:a6:fd:99:75:06:86:4a:6d:82:63:0e:d9:eb:2a:b3:57:
         87:43:9b:c7:a5:8b:e9:e0:91:97:30:a2:e2:65:37:20:17:98:
         c9:17:08:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAw4dlS/gY7XwgOpv7b2CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NTAwNDY2MWEwOWUyNjc1ZmMxNTk5ZDRlNDAwMjdkNzc4
YzQwNGMwHhcNMjQwMTAyMDIzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDliODlmMjhkMTYxZTAyZTlhYzQ2MmViODgwOWRiNTJkZDY5YWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzmoHj5Vx/yXXMEwFIA7T1nkRL8/
x601w0bUM6sWcOMGjNofsLUwcjt9xkMsdPzes6U1Rwvn9sZJa0BnsYJ4cGjVq1O3
6ZOgo8ZV6+cdQoDIgNtBOVAYsgXkSUTpLrZ1FOUzjZXvEq2nADGa4bdEoT7NwBSH
0J2b3ZWEYKIQKM7SX7OEvGiU/XJUdzCXCu32MSvVA145CrG4yZ5O2aVROZzfsd+D
bchJcnG/Nfl29YqvdYo9c1FHuFcRthggzTBBqCNAK/pB0/lK0dvVJCTsnJufuMtn
+oruG6pC2u7bXM0r+bd13CZKWqLQesaY+ZfZrX88LS/QzNiEFWF8f8HoMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGCbifKNFh4C6axGLriAnbUt1prhMB8GA1UdIwQY
MBaAFKVQBGYaCeJnX8FZnU5AAn13jEBMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFZBRVpob0o0bWRmd1ZtZFRrQUNmWGVNUUV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8yY2ZkZmQtMWIzYi00YWFhLWJkODIt
M2Y3OGJjM2RlM2E4LzEvWUp1SjhvMFdIZ0xwckVZdXVJQ2R0UzNXbXVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8yY2ZkZmQtMWIzYi00YWFhLWJkODItM2Y3OGJjM2RlM2E4
LzEvcFZBRVpob0o0bWRmd1ZtZFRrQUNmWGVNUUV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+XgMA0G
CSqGSIb3DQEBCwUAA4IBAQAkUoOU/u4K8Q3jOnlSTmbWB1As8S1NSWZ7x/iwK1Hw
M+OyAxnSp7gvRYbv21yCr6Ej0easU1j+pVPitbAF9NTx9PbDLc1sGB+Hcup5sv4f
tvuvQdyERJvDHLN9b1E+ThVuauizd1Ing1Z9h/S3CsQI51RFr0uH2kQEpJffENe4
NYMqn8aWOFzMe1mwT0Q3g4Bp5wALO5EG7t3ItKoLkkjL9pzJ+D+9QS8Zm2lNWhcv
LN8qMu8XgapbL4z/E12/CzthCmb/STNRnmZ7fqAXqRTo17bRFQ97fhhcN6b9mXUG
hkptgmMO2esqs1eHQ5vHpYvp4JGXMKLiZTcgF5jJFwj+
-----END CERTIFICATE-----