Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/9606f6-da02-4bb8-b3e4-f03ac59b5a97/1/tom2C99yFX3eXrNT-hLM8ZWPpeM.roa
File:                     tom2C99yFX3eXrNT-hLM8ZWPpeM.roa (raw, json)
Hash identifier:          E/WojkHOp5cpot/3Gp015vL7ZM4CTauhGlvfNj454Rw=
Subject key identifier:   B6:89:B6:0B:DF:72:15:7D:DE:5E:B3:53:FA:12:CC:F1:95:8F:A5:E3
Certificate issuer:       /CN=9be4717112fec119f6cfcace7cc4434fb47df8f5
Certificate serial:       018CC3B7466355B4A686AA9679F55C4184D4
Authority key identifier: 9B:E4:71:71:12:FE:C1:19:F6:CF:CA:CE:7C:C4:43:4F:B4:7D:F8:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m-RxcRL-wRn2z8rOfMRDT7R9-PU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/9606f6-da02-4bb8-b3e4-f03ac59b5a97/1/tom2C99yFX3eXrNT-hLM8ZWPpeM.roa
Signing time:             Mon 01 Jan 2024 06:30:17 +0000
ROA not before:           Mon 01 Jan 2024 06:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60509
IP address blocks:        91.240.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/9606f6-da02-4bb8-b3e4-f03ac59b5a97/1/m-RxcRL-wRn2z8rOfMRDT7R9-PU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/9606f6-da02-4bb8-b3e4-f03ac59b5a97/1/m-RxcRL-wRn2z8rOfMRDT7R9-PU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m-RxcRL-wRn2z8rOfMRDT7R9-PU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 06:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:46:63:55:b4:a6:86:aa:96:79:f5:5c:41:84:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9be4717112fec119f6cfcace7cc4434fb47df8f5
        Validity
            Not Before: Jan  1 06:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b689b60bdf72157dde5eb353fa12ccf1958fa5e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:8a:87:44:9b:61:4d:d6:b8:f4:6a:41:26:84:
                    1a:aa:e6:43:34:72:27:17:a6:4a:0f:db:77:49:55:
                    9c:9a:51:44:58:60:2e:88:77:86:3f:f8:36:eb:07:
                    29:ff:ac:e4:5c:97:15:fa:38:1a:72:1c:34:a0:4d:
                    31:74:5e:cf:59:35:2d:c7:7f:20:23:95:99:fc:e8:
                    96:60:3d:f7:81:94:3d:cf:6a:53:d5:1c:fe:96:09:
                    1c:b0:af:bd:74:d7:cc:b7:ba:13:98:50:fc:7d:d9:
                    d1:c1:7d:bd:a6:25:57:c0:c1:45:04:6e:bb:7d:96:
                    1a:9b:65:35:dc:be:4c:46:d0:8a:b1:8f:8f:1d:c9:
                    63:53:67:d1:3e:bb:10:d1:2d:1c:2e:f3:3e:b9:22:
                    c3:93:ca:f2:9b:df:a7:48:cf:23:35:4d:7e:82:7f:
                    4b:24:12:90:ef:32:8a:80:5b:25:47:66:73:b1:c3:
                    cd:0c:04:f9:3d:ad:ca:9b:19:79:18:19:48:ec:0d:
                    fc:8c:e8:3b:81:85:99:f8:32:e4:da:2a:48:b7:29:
                    5b:3d:cb:18:ef:d4:4a:cf:bf:43:c8:d6:13:3a:ad:
                    bf:11:07:e9:74:49:b4:97:35:d6:61:ab:a8:9b:7b:
                    e3:57:76:8e:8f:a8:34:b5:08:f6:ce:a8:b0:31:b9:
                    f0:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:89:B6:0B:DF:72:15:7D:DE:5E:B3:53:FA:12:CC:F1:95:8F:A5:E3
            X509v3 Authority Key Identifier:
                keyid:9B:E4:71:71:12:FE:C1:19:F6:CF:CA:CE:7C:C4:43:4F:B4:7D:F8:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m-RxcRL-wRn2z8rOfMRDT7R9-PU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/9606f6-da02-4bb8-b3e4-f03ac59b5a97/1/tom2C99yFX3eXrNT-hLM8ZWPpeM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/9606f6-da02-4bb8-b3e4-f03ac59b5a97/1/m-RxcRL-wRn2z8rOfMRDT7R9-PU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:ae:66:67:83:ff:1f:c5:0c:44:21:d3:f0:40:08:99:dc:4f:
         4a:53:53:ab:b3:2b:1e:fa:9e:05:00:b2:90:ff:52:5c:86:19:
         73:89:14:15:86:cc:5d:20:33:84:57:fd:07:d4:ec:a3:92:45:
         14:c1:e1:61:fd:97:99:26:d6:aa:bb:07:ea:90:58:02:26:d2:
         e6:fa:9f:88:ea:f2:b5:52:51:ff:8e:6e:60:cc:90:c9:8e:98:
         ca:6a:b2:7e:56:84:10:5d:8c:c2:e0:25:f5:62:67:ef:3c:38:
         af:57:54:63:f7:38:9e:3c:c4:8a:d0:c1:cd:0b:72:85:0a:1f:
         17:a3:d2:70:c2:f4:3f:b3:51:e5:ba:96:6e:39:5a:bc:4f:e5:
         a4:b8:18:34:a4:46:da:fb:6b:5d:51:19:b8:46:02:47:e9:b9:
         62:64:03:1f:69:c9:17:c0:5e:53:a0:62:14:22:e8:09:aa:20:
         98:33:f1:ae:65:40:89:43:58:31:c5:7c:a3:5d:fa:22:3d:a0:
         ff:29:77:88:18:ab:f7:f3:f9:4c:2f:09:5a:fc:1f:f3:95:f5:
         89:52:1b:c7:44:bd:aa:fb:23:89:2f:06:df:85:61:7f:28:b4:
         d4:bd:47:db:22:28:0e:78:b0:b1:17:65:b7:0c:e0:79:eb:38:
         1e:b9:53:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDt0ZjVbSmhqqWefVcQYTUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliZTQ3MTcxMTJmZWMxMTlmNmNmY2FjZTdjYzQ0MzRmYjQ3
ZGY4ZjUwHhcNMjQwMTAxMDYzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjg5YjYwYmRmNzIxNTdkZGU1ZWIzNTNmYTEyY2NmMTk1OGZhNWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmoqHRJthTda49GpBJoQaquZDNHIn
F6ZKD9t3SVWcmlFEWGAuiHeGP/g26wcp/6zkXJcV+jgachw0oE0xdF7PWTUtx38g
I5WZ/OiWYD33gZQ9z2pT1Rz+lgkcsK+9dNfMt7oTmFD8fdnRwX29piVXwMFFBG67
fZYam2U13L5MRtCKsY+PHcljU2fRPrsQ0S0cLvM+uSLDk8rym9+nSM8jNU1+gn9L
JBKQ7zKKgFslR2ZzscPNDAT5Pa3Kmxl5GBlI7A38jOg7gYWZ+DLk2ipItylbPcsY
79RKz79DyNYTOq2/EQfpdEm0lzXWYauom3vjV3aOj6g0tQj2zqiwMbnwHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLaJtgvfchV93l6zU/oSzPGVj6XjMB8GA1UdIwQY
MBaAFJvkcXES/sEZ9s/KznzEQ0+0ffj1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbS1SeGNSTC13Um4yejhyT2ZNUkRUN1I5LVBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS85NjA2ZjYtZGEwMi00YmI4LWIzZTQt
ZjAzYWM1OWI1YTk3LzEvdG9tMkM5OXlGWDNlWHJOVC1oTE04WldQcGVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS85NjA2ZjYtZGEwMi00YmI4LWIzZTQtZjAzYWM1OWI1YTk3
LzEvbS1SeGNSTC13Um4yejhyT2ZNUkRUN1I5LVBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/AEMA0G
CSqGSIb3DQEBCwUAA4IBAQCmrmZng/8fxQxEIdPwQAiZ3E9KU1Orsyse+p4FALKQ
/1JchhlziRQVhsxdIDOEV/0H1OyjkkUUweFh/ZeZJtaquwfqkFgCJtLm+p+I6vK1
UlH/jm5gzJDJjpjKarJ+VoQQXYzC4CX1YmfvPDivV1Rj9ziePMSK0MHNC3KFCh8X
o9JwwvQ/s1HlupZuOVq8T+WkuBg0pEba+2tdURm4RgJH6bliZAMfackXwF5ToGIU
IugJqiCYM/GuZUCJQ1gxxXyjXfoiPaD/KXeIGKv38/lMLwla/B/zlfWJUhvHRL2q
+yOJLwbfhWF/KLTUvUfbIigOeLCxF2W3DOB56zgeuVOB
-----END CERTIFICATE-----