Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/22ffcc-592a-4a1c-b515-c1aefed4d8f9/1/AA4oL9YkOM4q5O6dYXav6rt4kiQ.roa
File:                     AA4oL9YkOM4q5O6dYXav6rt4kiQ.roa (raw, json)
Hash identifier:          dmUDNxcX9rw34QTW+P1q/8nlZPsM9MuxnEX1AaS0drc=
Subject key identifier:   00:0E:28:2F:D6:24:38:CE:2A:E4:EE:9D:61:76:AF:EA:BB:78:92:24
Certificate issuer:       /CN=2672a1b1a78ea1813599efea9c8e032e9ef42690
Certificate serial:       01902B91330B55E9BB98E04351D3DE640291
Authority key identifier: 26:72:A1:B1:A7:8E:A1:81:35:99:EF:EA:9C:8E:03:2E:9E:F4:26:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JnKhsaeOoYE1me_qnI4DLp70JpA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/22ffcc-592a-4a1c-b515-c1aefed4d8f9/1/AA4oL9YkOM4q5O6dYXav6rt4kiQ.roa
Signing time:             Tue 18 Jun 2024 13:37:34 +0000
ROA not before:           Tue 18 Jun 2024 13:37:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210448
IP address blocks:        91.199.40.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/22ffcc-592a-4a1c-b515-c1aefed4d8f9/1/JnKhsaeOoYE1me_qnI4DLp70JpA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/22ffcc-592a-4a1c-b515-c1aefed4d8f9/1/JnKhsaeOoYE1me_qnI4DLp70JpA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JnKhsaeOoYE1me_qnI4DLp70JpA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 13:50:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:2b:91:33:0b:55:e9:bb:98:e0:43:51:d3:de:64:02:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2672a1b1a78ea1813599efea9c8e032e9ef42690
        Validity
            Not Before: Jun 18 13:37:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=000e282fd62438ce2ae4ee9d6176afeabb789224
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:1d:f7:33:ae:a8:92:6b:71:a0:e5:4a:a5:96:
                    7c:c4:8e:8b:f6:f4:af:7a:ec:ee:24:7a:57:e8:78:
                    0d:46:db:38:78:f4:d8:6b:b0:38:b9:0b:4b:03:97:
                    35:5c:9e:cf:83:11:10:61:46:82:71:5d:8e:66:26:
                    91:2d:93:01:f7:a3:c3:2c:0b:13:11:4f:52:87:67:
                    1a:db:76:97:11:bb:e0:c8:25:9f:9d:77:8c:65:63:
                    a9:4f:80:a4:97:88:4b:bb:d6:23:b3:ca:e1:09:d2:
                    5d:77:4d:99:13:bf:9c:18:dd:8e:e4:91:82:b3:d9:
                    10:19:66:f3:06:51:2f:c3:ff:f1:2f:3c:76:bd:da:
                    f1:ff:0b:3f:31:35:6f:9c:e5:a1:c7:42:fe:92:42:
                    11:d1:36:64:eb:65:9b:53:67:e8:c4:1f:c6:13:33:
                    50:ac:cc:d0:18:eb:80:2c:99:8e:fd:1f:68:6e:43:
                    dd:31:23:6b:d3:f1:c6:d6:b1:d4:e5:3a:d1:7e:a7:
                    bc:28:22:55:f1:03:dc:27:db:65:64:9e:3a:8c:28:
                    cd:5d:68:d0:29:7a:c5:e3:88:74:3c:b7:7b:bc:95:
                    b0:64:8f:6a:60:61:68:56:be:e1:ef:6c:a3:75:23:
                    7d:4a:ce:48:a5:1c:b0:ad:7c:06:5c:98:b4:ad:fc:
                    0a:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:0E:28:2F:D6:24:38:CE:2A:E4:EE:9D:61:76:AF:EA:BB:78:92:24
            X509v3 Authority Key Identifier:
                keyid:26:72:A1:B1:A7:8E:A1:81:35:99:EF:EA:9C:8E:03:2E:9E:F4:26:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JnKhsaeOoYE1me_qnI4DLp70JpA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/22ffcc-592a-4a1c-b515-c1aefed4d8f9/1/AA4oL9YkOM4q5O6dYXav6rt4kiQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/22ffcc-592a-4a1c-b515-c1aefed4d8f9/1/JnKhsaeOoYE1me_qnI4DLp70JpA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:3e:87:84:f6:cb:42:66:f8:62:9b:da:71:60:ed:0f:d4:00:
         ea:94:a6:f0:79:c3:4f:d9:29:e6:b7:70:9a:db:5a:a2:b2:c7:
         b0:c5:c7:62:9a:1f:67:06:d1:9d:52:e6:aa:86:69:35:ae:75:
         bc:dd:03:c9:97:26:4b:84:ab:40:ba:ea:e3:c1:13:c0:4e:5d:
         65:a8:7c:76:cf:ef:e3:a2:0c:7d:cb:7b:62:e4:d8:fd:92:75:
         53:7a:a2:2c:93:bc:54:bb:d8:03:bf:04:e6:2c:ab:5c:b6:42:
         b4:3b:ac:49:c7:06:e8:bf:7f:9e:31:a6:02:26:7f:fd:60:90:
         41:ec:ff:23:45:39:eb:86:36:a1:50:8d:ce:3b:26:4d:15:aa:
         77:9c:f3:3c:5b:a7:ba:1b:2f:3c:5d:b4:17:db:25:c6:ae:dd:
         4d:1e:40:b8:ba:4a:c6:49:d9:c1:9a:de:4a:87:9e:2e:81:9c:
         b3:f2:b9:fa:8c:94:ba:19:ce:a0:33:d5:68:d1:ac:ec:01:d9:
         e0:08:9e:59:e4:61:81:90:d0:4f:d6:ee:65:14:44:8d:72:79:
         28:cc:46:47:cb:e7:38:bd:89:8e:5b:06:84:6f:2c:38:5e:1d:
         06:3d:3a:a4:77:03:03:51:93:e8:b3:0a:a6:05:7d:89:74:88:
         91:32:2a:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZArkTMLVem7mOBDUdPeZAKRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NzJhMWIxYTc4ZWExODEzNTk5ZWZlYTljOGUwMzJlOWVm
NDI2OTAwHhcNMjQwNjE4MTMzNzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDBlMjgyZmQ2MjQzOGNlMmFlNGVlOWQ2MTc2YWZlYWJiNzg5MjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApR33M66okmtxoOVKpZZ8xI6L9vSv
euzuJHpX6HgNRts4ePTYa7A4uQtLA5c1XJ7PgxEQYUaCcV2OZiaRLZMB96PDLAsT
EU9Sh2ca23aXEbvgyCWfnXeMZWOpT4Ckl4hLu9Yjs8rhCdJdd02ZE7+cGN2O5JGC
s9kQGWbzBlEvw//xLzx2vdrx/ws/MTVvnOWhx0L+kkIR0TZk62WbU2foxB/GEzNQ
rMzQGOuALJmO/R9obkPdMSNr0/HG1rHU5TrRfqe8KCJV8QPcJ9tlZJ46jCjNXWjQ
KXrF44h0PLd7vJWwZI9qYGFoVr7h72yjdSN9Ss5IpRywrXwGXJi0rfwKdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAAOKC/WJDjOKuTunWF2r+q7eJIkMB8GA1UdIwQY
MBaAFCZyobGnjqGBNZnv6pyOAy6e9CaQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm5LaHNhZU9vWUUxbWVfcW5JNERMcDcwSnBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS8yMmZmY2MtNTkyYS00YTFjLWI1MTUt
YzFhZWZlZDRkOGY5LzEvQUE0b0w5WWtPTTRxNU82ZFlYYXY2cnQ0a2lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS8yMmZmY2MtNTkyYS00YTFjLWI1MTUtYzFhZWZlZDRkOGY5
LzEvSm5LaHNhZU9vWUUxbWVfcW5JNERMcDcwSnBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8coMA0G
CSqGSIb3DQEBCwUAA4IBAQBmPoeE9stCZvhim9pxYO0P1ADqlKbwecNP2Snmt3Ca
21qissewxcdimh9nBtGdUuaqhmk1rnW83QPJlyZLhKtAuurjwRPATl1lqHx2z+/j
ogx9y3ti5Nj9knVTeqIsk7xUu9gDvwTmLKtctkK0O6xJxwbov3+eMaYCJn/9YJBB
7P8jRTnrhjahUI3OOyZNFap3nPM8W6e6Gy88XbQX2yXGrt1NHkC4ukrGSdnBmt5K
h54ugZyz8rn6jJS6Gc6gM9Vo0azsAdngCJ5Z5GGBkNBP1u5lFESNcnkozEZHy+c4
vYmOWwaEbyw4Xh0GPTqkdwMDUZPoswqmBX2JdIiRMiqw
-----END CERTIFICATE-----