Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/99f5c3-6b75-48bc-a8aa-3fdba9769302/1/RDdPAE07WdcrSns_-J66eYHSZ0U.roa
File:                     RDdPAE07WdcrSns_-J66eYHSZ0U.roa (raw, json)
Hash identifier:          TKaG2JXIG6puXG/ArO9hAv1JM6yQa19dxxl5IgN0bTI=
Subject key identifier:   44:37:4F:00:4D:3B:59:D7:2B:4A:7B:3F:F8:9E:BA:79:81:D2:67:45
Certificate issuer:       /CN=107312a5016a3cdcc0b7e61dc79f55d3d5ecb37e
Certificate serial:       018CC87050F9CB03718324988DA92FFE4D61
Authority key identifier: 10:73:12:A5:01:6A:3C:DC:C0:B7:E6:1D:C7:9F:55:D3:D5:EC:B3:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EHMSpQFqPNzAt-Ydx59V09Xss34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/99f5c3-6b75-48bc-a8aa-3fdba9769302/1/RDdPAE07WdcrSns_-J66eYHSZ0U.roa
Signing time:             Tue 02 Jan 2024 04:30:53 +0000
ROA not before:           Tue 02 Jan 2024 04:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209576
IP address blocks:        91.132.66.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/99f5c3-6b75-48bc-a8aa-3fdba9769302/1/EHMSpQFqPNzAt-Ydx59V09Xss34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/99f5c3-6b75-48bc-a8aa-3fdba9769302/1/EHMSpQFqPNzAt-Ydx59V09Xss34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EHMSpQFqPNzAt-Ydx59V09Xss34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:50:f9:cb:03:71:83:24:98:8d:a9:2f:fe:4d:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=107312a5016a3cdcc0b7e61dc79f55d3d5ecb37e
        Validity
            Not Before: Jan  2 04:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=44374f004d3b59d72b4a7b3ff89eba7981d26745
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:29:f2:89:e0:d9:c3:8d:ba:61:73:08:06:92:
                    a8:30:46:8b:27:cb:cc:2a:da:d1:ba:6f:10:58:f2:
                    03:5c:77:e3:3f:3c:16:91:09:17:9e:3d:fb:c8:be:
                    0a:22:9d:39:a1:d7:f7:a7:47:a2:08:94:9d:e6:b1:
                    8d:a5:8c:0f:c6:66:97:8e:08:0d:d3:6e:0d:d9:13:
                    fe:eb:01:8b:06:2f:6c:2e:91:7b:ed:f3:ed:71:e9:
                    26:fc:5e:9d:da:09:4e:f7:8b:09:5e:8d:1e:f6:d4:
                    57:e4:7b:d4:38:98:90:0b:f8:3e:65:83:15:0f:fd:
                    2f:13:87:b7:f8:90:14:dd:a6:a7:d0:46:1a:b0:6b:
                    3e:40:36:36:79:7e:c5:29:02:d6:e4:2f:5e:66:81:
                    36:53:34:4d:c8:76:20:84:3c:84:a5:97:b8:5b:d4:
                    a8:f1:c2:a7:49:d3:ed:43:33:e5:b0:80:44:2b:4f:
                    7d:d7:08:f7:76:87:56:6d:02:b2:36:76:57:67:0e:
                    a8:36:4e:fd:7c:8b:61:67:11:cd:e6:14:81:3f:d6:
                    8b:78:43:64:9e:63:c9:0d:b6:61:ae:74:f7:a7:d5:
                    d5:77:e8:b0:a0:9f:de:67:44:b6:71:5f:da:d1:32:
                    74:18:74:83:8d:f9:db:62:06:6f:cf:02:de:59:5e:
                    df:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:37:4F:00:4D:3B:59:D7:2B:4A:7B:3F:F8:9E:BA:79:81:D2:67:45
            X509v3 Authority Key Identifier:
                keyid:10:73:12:A5:01:6A:3C:DC:C0:B7:E6:1D:C7:9F:55:D3:D5:EC:B3:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EHMSpQFqPNzAt-Ydx59V09Xss34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/99f5c3-6b75-48bc-a8aa-3fdba9769302/1/RDdPAE07WdcrSns_-J66eYHSZ0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/99f5c3-6b75-48bc-a8aa-3fdba9769302/1/EHMSpQFqPNzAt-Ydx59V09Xss34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.132.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:dc:a4:59:c0:1f:c0:43:ea:16:0f:4a:12:cf:55:6f:0d:1d:
         ce:a2:12:ea:3d:56:5f:9c:76:1e:23:1f:0c:ef:5e:aa:c2:7c:
         1b:8c:a7:0d:9b:a7:76:04:61:5d:7f:e5:ba:66:20:be:1a:75:
         40:0a:b1:ac:02:ff:d0:f5:92:39:25:f2:d6:d6:1f:86:83:8d:
         54:0c:4c:2e:b9:a9:e4:ad:ac:10:73:42:86:12:51:26:27:af:
         a0:80:f6:6d:50:d3:9b:0f:ba:d4:f6:dc:54:a9:8a:ed:e6:e0:
         f2:d0:c9:e5:b8:b9:e5:b0:04:77:24:08:b5:10:58:f8:57:17:
         6f:ff:dd:57:45:ac:1a:54:73:dd:d0:07:19:4d:d3:99:b3:40:
         bb:c0:46:be:e6:af:ec:0b:3e:d3:c5:17:59:6b:3b:6b:10:ea:
         67:80:82:c1:a2:f2:17:6c:f8:61:51:bc:a9:9f:98:25:8f:f2:
         5e:1e:a3:fd:c1:9e:97:be:23:78:84:cd:7a:a6:9f:af:37:f6:
         0d:7a:16:46:03:06:fb:51:91:b1:f8:90:c8:2a:9f:e8:da:74:
         fe:ed:19:2f:67:4d:42:61:c1:e1:e1:3a:b4:0a:0c:8d:b3:16:
         9f:ed:94:3a:05:e8:38:6c:9a:ef:ab:df:62:6b:5c:3a:48:4c:
         31:cf:26:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcFD5ywNxgySYjakv/k1hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNzMxMmE1MDE2YTNjZGNjMGI3ZTYxZGM3OWY1NWQzZDVl
Y2IzN2UwHhcNMjQwMTAyMDQzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDM3NGYwMDRkM2I1OWQ3MmI0YTdiM2ZmODllYmE3OTgxZDI2NzQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnSnyieDZw426YXMIBpKoMEaLJ8vM
KtrRum8QWPIDXHfjPzwWkQkXnj37yL4KIp05odf3p0eiCJSd5rGNpYwPxmaXjggN
024N2RP+6wGLBi9sLpF77fPtcekm/F6d2glO94sJXo0e9tRX5HvUOJiQC/g+ZYMV
D/0vE4e3+JAU3aan0EYasGs+QDY2eX7FKQLW5C9eZoE2UzRNyHYghDyEpZe4W9So
8cKnSdPtQzPlsIBEK0991wj3dodWbQKyNnZXZw6oNk79fIthZxHN5hSBP9aLeENk
nmPJDbZhrnT3p9XVd+iwoJ/eZ0S2cV/a0TJ0GHSDjfnbYgZvzwLeWV7fXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEQ3TwBNO1nXK0p7P/ieunmB0mdFMB8GA1UdIwQY
MBaAFBBzEqUBajzcwLfmHcefVdPV7LN+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUhNU3BRRnFQTnpBdC1ZZHg1OVYwOVhzczM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC85OWY1YzMtNmI3NS00OGJjLWE4YWEt
M2ZkYmE5NzY5MzAyLzEvUkRkUEFFMDdXZGNyU25zXy1KNjZlWUhTWjBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC85OWY1YzMtNmI3NS00OGJjLWE4YWEtM2ZkYmE5NzY5MzAy
LzEvRUhNU3BRRnFQTnpBdC1ZZHg1OVYwOVhzczM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW4RCMA0G
CSqGSIb3DQEBCwUAA4IBAQBP3KRZwB/AQ+oWD0oSz1VvDR3OohLqPVZfnHYeIx8M
716qwnwbjKcNm6d2BGFdf+W6ZiC+GnVACrGsAv/Q9ZI5JfLW1h+Gg41UDEwuuank
rawQc0KGElEmJ6+ggPZtUNObD7rU9txUqYrt5uDy0MnluLnlsAR3JAi1EFj4Vxdv
/91XRawaVHPd0AcZTdOZs0C7wEa+5q/sCz7TxRdZaztrEOpngILBovIXbPhhUbyp
n5glj/JeHqP9wZ6XviN4hM16pp+vN/YNehZGAwb7UZGx+JDIKp/o2nT+7RkvZ01C
YcHh4Tq0CgyNsxaf7ZQ6Beg4bJrvq99ia1w6SEwxzybx
-----END CERTIFICATE-----