Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/71786a-4637-4364-a742-929287872a53/1/dtPY3lbPmH-lDHxlBV8qBrXOcC8.roa
File:                     dtPY3lbPmH-lDHxlBV8qBrXOcC8.roa (raw, json)
Hash identifier:          tDZGOUOFT//uTaOMO75h0K9TiRMl2MTgUtBLb9pFINs=
Subject key identifier:   76:D3:D8:DE:56:CF:98:7F:A5:0C:7C:65:05:5F:2A:06:B5:CE:70:2F
Certificate issuer:       /CN=345b87125acb0251facfd8c0a95b48bc22522146
Certificate serial:       018CC3B6FB60DBEC3ADBF62C5376FA735B91
Authority key identifier: 34:5B:87:12:5A:CB:02:51:FA:CF:D8:C0:A9:5B:48:BC:22:52:21:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NFuHElrLAlH6z9jAqVtIvCJSIUY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/71786a-4637-4364-a742-929287872a53/1/dtPY3lbPmH-lDHxlBV8qBrXOcC8.roa
Signing time:             Mon 01 Jan 2024 06:29:57 +0000
ROA not before:           Mon 01 Jan 2024 06:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42413
IP address blocks:        91.192.92.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/71786a-4637-4364-a742-929287872a53/1/NFuHElrLAlH6z9jAqVtIvCJSIUY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/71786a-4637-4364-a742-929287872a53/1/NFuHElrLAlH6z9jAqVtIvCJSIUY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NFuHElrLAlH6z9jAqVtIvCJSIUY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:fb:60:db:ec:3a:db:f6:2c:53:76:fa:73:5b:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=345b87125acb0251facfd8c0a95b48bc22522146
        Validity
            Not Before: Jan  1 06:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76d3d8de56cf987fa50c7c65055f2a06b5ce702f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:f7:8e:32:62:3e:22:11:11:8e:48:d8:90:bd:
                    30:9d:d5:8d:d8:4a:29:6c:1f:20:70:96:f2:78:d9:
                    6a:dc:69:c9:eb:fb:9f:c2:1b:3b:41:82:cb:1c:3d:
                    d7:3d:7e:2b:80:57:d1:93:42:1c:39:f4:2c:c4:a4:
                    0d:29:f2:56:76:18:d7:b8:08:b4:da:32:b4:fa:b9:
                    1d:54:06:82:6e:f8:45:dd:4a:68:60:81:3d:04:9c:
                    ba:ed:2c:25:7b:eb:31:78:76:8e:51:fa:bb:df:83:
                    d5:64:9d:9f:71:68:d5:7f:98:08:78:fe:97:4c:de:
                    a8:b0:18:4b:c7:a2:1f:fe:24:f7:cc:43:a7:73:b7:
                    83:c4:b8:a2:40:ba:88:ee:b3:56:14:f8:db:7f:a6:
                    77:b1:72:5b:ec:fb:db:5c:24:b8:59:f0:3b:4f:db:
                    ae:ed:64:e5:5d:67:7f:31:7c:ef:92:1f:a9:b6:62:
                    25:3f:08:63:e1:fe:0e:c1:fe:da:1a:43:19:ad:04:
                    b0:b8:11:71:af:2f:89:c4:d6:a5:25:8f:a2:c3:52:
                    2c:a6:f6:16:53:fa:e7:ad:56:a1:35:51:97:ec:c6:
                    25:cc:98:49:43:62:ff:49:0b:47:24:e1:9c:8d:d2:
                    22:bb:d8:d2:6f:83:4b:e8:63:5f:ca:e8:d8:ee:c2:
                    3d:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:D3:D8:DE:56:CF:98:7F:A5:0C:7C:65:05:5F:2A:06:B5:CE:70:2F
            X509v3 Authority Key Identifier:
                keyid:34:5B:87:12:5A:CB:02:51:FA:CF:D8:C0:A9:5B:48:BC:22:52:21:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NFuHElrLAlH6z9jAqVtIvCJSIUY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/71786a-4637-4364-a742-929287872a53/1/dtPY3lbPmH-lDHxlBV8qBrXOcC8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/71786a-4637-4364-a742-929287872a53/1/NFuHElrLAlH6z9jAqVtIvCJSIUY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.192.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ac:a5:1c:5f:57:54:8f:1b:46:bb:ff:f8:a9:fb:92:c7:44:07:
         4a:52:df:3e:a3:e1:4a:e6:6f:2b:62:b3:b2:e7:97:1a:0a:4b:
         85:6c:d2:18:34:82:a3:26:b3:de:12:7d:f3:bf:a1:c2:aa:47:
         ab:59:2f:02:ea:cd:cb:51:46:1e:5c:3e:46:a4:2a:4d:6b:d7:
         2b:ad:3c:8f:75:e2:4c:ba:c0:fd:9b:54:10:54:73:9b:cc:da:
         12:e4:e7:65:53:b3:2e:8e:c4:e0:c1:3a:8c:4f:cb:0f:ed:6b:
         97:d2:72:c8:68:96:0a:62:1f:18:c9:0f:47:40:62:8b:e3:1c:
         a5:3b:7b:71:9d:38:d7:c6:95:14:50:e8:75:40:ed:b6:8c:3e:
         4b:5b:f6:5d:3f:c5:34:1d:95:d6:b3:5f:19:36:66:3f:01:b7:
         94:4e:3d:bc:59:22:2c:7b:88:20:34:b6:c8:da:c9:cf:d6:a4:
         de:78:27:b8:e7:69:e7:f5:f8:1c:97:39:f0:56:ad:12:23:b3:
         52:df:a7:78:bc:34:b2:90:e8:67:1f:b2:5c:1a:2f:66:91:de:
         de:59:c0:8a:d2:64:43:f2:a2:58:b3:c1:d1:0c:2e:ce:05:2f:
         ea:11:7d:59:be:5c:4a:27:0c:8b:fe:5f:ce:22:c6:d6:42:7a:
         6c:bc:5e:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtvtg2+w62/YsU3b6c1uRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0NWI4NzEyNWFjYjAyNTFmYWNmZDhjMGE5NWI0OGJjMjI1
MjIxNDYwHhcNMjQwMTAxMDYyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmQzZDhkZTU2Y2Y5ODdmYTUwYzdjNjUwNTVmMmEwNmI1Y2U3MDJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/eOMmI+IhERjkjYkL0wndWN2Eop
bB8gcJbyeNlq3GnJ6/ufwhs7QYLLHD3XPX4rgFfRk0IcOfQsxKQNKfJWdhjXuAi0
2jK0+rkdVAaCbvhF3UpoYIE9BJy67Swle+sxeHaOUfq734PVZJ2fcWjVf5gIeP6X
TN6osBhLx6If/iT3zEOnc7eDxLiiQLqI7rNWFPjbf6Z3sXJb7PvbXCS4WfA7T9uu
7WTlXWd/MXzvkh+ptmIlPwhj4f4Owf7aGkMZrQSwuBFxry+JxNalJY+iw1IspvYW
U/rnrVahNVGX7MYlzJhJQ2L/SQtHJOGcjdIiu9jSb4NL6GNfyujY7sI9IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHbT2N5Wz5h/pQx8ZQVfKga1znAvMB8GA1UdIwQY
MBaAFDRbhxJaywJR+s/YwKlbSLwiUiFGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkZ1SEVsckxBbEg2ejlqQXFWdEl2Q0pTSVVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS83MTc4NmEtNDYzNy00MzY0LWE3NDIt
OTI5Mjg3ODcyYTUzLzEvZHRQWTNsYlBtSC1sREh4bEJWOHFCclhPY0M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS83MTc4NmEtNDYzNy00MzY0LWE3NDItOTI5Mjg3ODcyYTUz
LzEvTkZ1SEVsckxBbEg2ejlqQXFWdEl2Q0pTSVVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW8BcMA0G
CSqGSIb3DQEBCwUAA4IBAQCspRxfV1SPG0a7//ip+5LHRAdKUt8+o+FK5m8rYrOy
55caCkuFbNIYNIKjJrPeEn3zv6HCqkerWS8C6s3LUUYeXD5GpCpNa9crrTyPdeJM
usD9m1QQVHObzNoS5OdlU7MujsTgwTqMT8sP7WuX0nLIaJYKYh8YyQ9HQGKL4xyl
O3txnTjXxpUUUOh1QO22jD5LW/ZdP8U0HZXWs18ZNmY/AbeUTj28WSIse4ggNLbI
2snP1qTeeCe452nn9fgclznwVq0SI7NS36d4vDSykOhnH7JcGi9mkd7eWcCK0mRD
8qJYs8HRDC7OBS/qEX1ZvlxKJwyL/l/OIsbWQnpsvF6X
-----END CERTIFICATE-----