Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/a3ccce-c0d6-49a8-bbb8-b8ae16b35c31/1/c72YdUt64cS0GsPfJIV4OhQP2XQ.roa
File:                     c72YdUt64cS0GsPfJIV4OhQP2XQ.roa (raw, json)
Hash identifier:          fni2DVfn7AuVaeik6kmAHnd8aItxX5EujznyoNtIAxQ=
Subject key identifier:   73:BD:98:75:4B:7A:E1:C4:B4:1A:C3:DF:24:85:78:3A:14:0F:D9:74
Certificate issuer:       /CN=790d1ca78761310ac39a714ff62f3b92b2e77d8a
Certificate serial:       018CC2DAEB8B073E51090141E3E9ACE4FD7F
Authority key identifier: 79:0D:1C:A7:87:61:31:0A:C3:9A:71:4F:F6:2F:3B:92:B2:E7:7D:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eQ0cp4dhMQrDmnFP9i87krLnfYo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/a3ccce-c0d6-49a8-bbb8-b8ae16b35c31/1/c72YdUt64cS0GsPfJIV4OhQP2XQ.roa
Signing time:             Mon 01 Jan 2024 02:29:36 +0000
ROA not before:           Mon 01 Jan 2024 02:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        194.42.48.0/24 maxlen: 32
                          2001:7f8:c::/48 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/a3ccce-c0d6-49a8-bbb8-b8ae16b35c31/1/eQ0cp4dhMQrDmnFP9i87krLnfYo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/a3ccce-c0d6-49a8-bbb8-b8ae16b35c31/1/eQ0cp4dhMQrDmnFP9i87krLnfYo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eQ0cp4dhMQrDmnFP9i87krLnfYo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Apr 2024 07:01:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:eb:8b:07:3e:51:09:01:41:e3:e9:ac:e4:fd:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=790d1ca78761310ac39a714ff62f3b92b2e77d8a
        Validity
            Not Before: Jan  1 02:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=73bd98754b7ae1c4b41ac3df2485783a140fd974
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:a2:d4:1c:6b:27:09:ee:2a:4f:1d:a2:30:df:
                    cb:e3:c0:32:1e:61:c5:35:5e:07:20:5c:5f:a1:82:
                    0b:6f:5f:39:c9:e0:10:f0:95:14:b6:ba:4c:58:be:
                    5d:f7:a7:c1:37:46:71:b6:d2:23:bd:a9:5a:12:30:
                    62:78:ca:a7:fc:7c:6e:e9:31:06:07:39:78:d4:11:
                    3c:ae:ab:db:57:93:45:57:3b:84:21:34:c3:e3:30:
                    34:d4:9d:b5:23:61:e2:d9:e2:ca:9e:dd:c0:71:26:
                    f9:54:76:fa:e9:b7:6b:88:ce:a8:89:90:61:e7:c4:
                    7a:e0:17:6d:5e:47:c7:a0:5f:f8:68:99:36:0f:f7:
                    a5:c3:47:5d:71:0c:b8:89:9b:c0:5c:fa:af:f2:68:
                    85:b3:da:ec:92:62:1b:bd:9f:e3:59:58:da:3d:f1:
                    0a:12:5c:ee:58:6e:69:2e:fe:3b:c7:65:38:ee:90:
                    b8:92:49:0b:ed:b4:26:89:e0:c7:59:61:98:e8:ed:
                    ab:03:e4:5f:6e:86:e4:42:26:8e:50:0f:b4:6b:a9:
                    7a:be:8a:e4:90:99:ee:44:3e:3e:46:d1:d6:74:bb:
                    73:e7:57:18:0b:45:9b:b9:21:a6:26:38:7f:e3:31:
                    9e:d1:27:1d:e1:c5:55:9c:65:4b:9d:a8:09:27:4d:
                    63:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:BD:98:75:4B:7A:E1:C4:B4:1A:C3:DF:24:85:78:3A:14:0F:D9:74
            X509v3 Authority Key Identifier:
                keyid:79:0D:1C:A7:87:61:31:0A:C3:9A:71:4F:F6:2F:3B:92:B2:E7:7D:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eQ0cp4dhMQrDmnFP9i87krLnfYo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/a3ccce-c0d6-49a8-bbb8-b8ae16b35c31/1/c72YdUt64cS0GsPfJIV4OhQP2XQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/a3ccce-c0d6-49a8-bbb8-b8ae16b35c31/1/eQ0cp4dhMQrDmnFP9i87krLnfYo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.42.48.0/24
                IPv6:
                  2001:7f8:c::/48

    Signature Algorithm: sha256WithRSAEncryption
         55:e9:24:73:73:4d:3c:25:36:6b:00:98:6d:19:2b:76:d7:c4:
         42:41:9e:5f:1a:42:d9:d1:47:b0:f5:64:31:be:85:a1:26:5f:
         d3:b9:7b:37:d4:bb:6f:7b:1a:23:c0:95:ca:f4:9f:cb:9b:af:
         0c:0a:e8:71:1b:53:b2:7a:65:77:8f:c5:64:0c:18:a5:21:d1:
         d0:95:80:b2:32:cf:e7:bf:85:e0:90:de:e0:b7:6e:83:5a:37:
         64:d5:78:41:b9:53:76:cb:dd:d8:08:23:e4:a9:ae:5d:0e:50:
         0a:d7:d7:e9:91:1e:50:85:c4:51:d9:b1:fe:23:3b:a5:3c:18:
         5c:85:82:2b:64:b6:bb:a2:c3:5a:31:5d:33:ce:ec:b3:f0:11:
         a8:ad:7d:40:d3:93:89:a2:f8:d8:ff:83:57:37:70:3d:f8:67:
         14:4c:6d:42:72:39:8d:fc:5e:d8:14:f5:d7:85:70:bb:4a:26:
         34:e0:bf:4f:43:0a:93:4f:3f:48:b8:fc:aa:5a:21:5b:c6:e6:
         45:2d:09:c7:60:94:d0:c8:33:10:85:59:0f:ed:60:ce:ee:3e:
         a4:56:dd:60:b7:cf:b8:37:70:35:90:c6:f2:8a:a6:b7:14:c7:
         27:1e:9a:5b:36:3f:f0:87:7a:ee:1d:e9:f2:eb:5a:6d:75:5d:
         95:aa:7f:39
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzC2uuLBz5RCQFB4+ms5P1/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5MGQxY2E3ODc2MTMxMGFjMzlhNzE0ZmY2MmYzYjkyYjJl
NzdkOGEwHhcNMjQwMTAxMDIyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2JkOTg3NTRiN2FlMWM0YjQxYWMzZGYyNDg1NzgzYTE0MGZkOTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi6LUHGsnCe4qTx2iMN/L48AyHmHF
NV4HIFxfoYILb185yeAQ8JUUtrpMWL5d96fBN0ZxttIjvalaEjBieMqn/Hxu6TEG
Bzl41BE8rqvbV5NFVzuEITTD4zA01J21I2Hi2eLKnt3AcSb5VHb66bdriM6oiZBh
58R64BdtXkfHoF/4aJk2D/elw0ddcQy4iZvAXPqv8miFs9rskmIbvZ/jWVjaPfEK
ElzuWG5pLv47x2U47pC4kkkL7bQmieDHWWGY6O2rA+RfbobkQiaOUA+0a6l6vork
kJnuRD4+RtHWdLtz51cYC0WbuSGmJjh/4zGe0Scd4cVVnGVLnagJJ01jfQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHO9mHVLeuHEtBrD3ySFeDoUD9l0MB8GA1UdIwQY
MBaAFHkNHKeHYTEKw5pxT/YvO5Ky532KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVEwY3A0ZGhNUXJEbW5GUDlpODdrckxuZllvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9hM2NjY2UtYzBkNi00OWE4LWJiYjgt
YjhhZTE2YjM1YzMxLzEvYzcyWWRVdDY0Y1MwR3NQZkpJVjRPaFFQMlhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9hM2NjY2UtYzBkNi00OWE4LWJiYjgtYjhhZTE2YjM1YzMx
LzEvZVEwY3A0ZGhNUXJEbW5GUDlpODdrckxuZllvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwiowMA8E
AgACMAkDBwAgAQf4AAwwDQYJKoZIhvcNAQELBQADggEBAFXpJHNzTTwlNmsAmG0Z
K3bXxEJBnl8aQtnRR7D1ZDG+haEmX9O5ezfUu297GiPAlcr0n8ubrwwK6HEbU7J6
ZXePxWQMGKUh0dCVgLIyz+e/heCQ3uC3boNaN2TVeEG5U3bL3dgII+Sprl0OUArX
1+mRHlCFxFHZsf4jO6U8GFyFgitktruiw1oxXTPO7LPwEaitfUDTk4mi+Nj/g1c3
cD34ZxRMbUJyOY38XtgU9deFcLtKJjTgv09DCpNPP0i4/KpaIVvG5kUtCcdglNDI
MxCFWQ/tYM7uPqRW3WC3z7g3cDWQxvKKprcUxycemls2P/CHeu4d6fLrWm11XZWq
fzk=
-----END CERTIFICATE-----