Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/1faa24-f086-4b48-b1bd-45527e8e44d2/1/daRkFVsWIwe8tAsklauoDwt6UpA.roa
File:                     daRkFVsWIwe8tAsklauoDwt6UpA.roa (raw, json)
Hash identifier:          a6fXOEYxSdy4VfRiyyu63eijEDfNFxmj7t/XlgH/vhk=
Subject key identifier:   75:A4:64:15:5B:16:23:07:BC:B4:0B:24:95:AB:A8:0F:0B:7A:52:90
Certificate issuer:       /CN=72e12a3876ff7bd00d9d9ebb972ab1e621ea1e8d
Certificate serial:       019422FBD6FD209782A3962CC313B0F33227
Authority key identifier: 72:E1:2A:38:76:FF:7B:D0:0D:9D:9E:BB:97:2A:B1:E6:21:EA:1E:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cuEqOHb_e9ANnZ67lyqx5iHqHo0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/1faa24-f086-4b48-b1bd-45527e8e44d2/1/daRkFVsWIwe8tAsklauoDwt6UpA.roa
Signing time:             Wed 01 Jan 2025 17:48:37 +0000
ROA not before:           Wed 01 Jan 2025 17:48:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12414
IP address blocks:        91.235.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/1faa24-f086-4b48-b1bd-45527e8e44d2/1/cuEqOHb_e9ANnZ67lyqx5iHqHo0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/1faa24-f086-4b48-b1bd-45527e8e44d2/1/cuEqOHb_e9ANnZ67lyqx5iHqHo0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cuEqOHb_e9ANnZ67lyqx5iHqHo0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:d6:fd:20:97:82:a3:96:2c:c3:13:b0:f3:32:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72e12a3876ff7bd00d9d9ebb972ab1e621ea1e8d
        Validity
            Not Before: Jan  1 17:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=75a464155b162307bcb40b2495aba80f0b7a5290
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:69:14:f5:ae:34:af:f7:6b:97:60:c3:62:76:
                    40:07:0b:90:21:0a:20:e0:45:f5:23:7a:ab:c1:28:
                    30:77:26:b5:1f:8e:7a:ef:0a:26:43:96:82:1d:f2:
                    d4:d1:81:c2:9b:4b:80:ea:b2:3f:2d:67:1c:be:25:
                    f3:ce:39:f4:41:7c:e3:16:da:70:d1:41:b8:7b:64:
                    8a:a3:49:29:9a:b8:ac:d7:73:0f:35:17:9b:23:53:
                    0a:67:86:b6:2b:2b:90:39:22:31:dd:05:39:8b:49:
                    c7:c2:e1:f1:4f:f6:67:f4:1d:47:d8:6e:5e:1e:9d:
                    91:79:53:aa:66:3f:57:52:e0:df:d1:36:b6:28:c2:
                    b9:2b:aa:b9:bf:14:74:25:9c:67:4f:f6:96:5e:b1:
                    0f:1d:50:5c:5e:b8:0e:90:75:01:68:c2:0b:be:8a:
                    07:5f:90:92:ce:d0:7a:e2:f8:f9:ce:2d:15:8e:dc:
                    06:ee:b1:08:a6:ee:db:5d:9e:79:5a:76:a9:af:94:
                    60:7a:27:28:e0:c9:28:f4:66:73:97:6c:c1:ee:14:
                    85:8e:3b:c4:d3:95:d2:7e:1e:f3:42:54:0b:40:4b:
                    e8:3a:8b:c8:16:3c:4b:94:11:86:24:ee:d1:07:62:
                    a6:5d:ad:22:e5:b6:29:a2:87:de:39:9b:00:1c:35:
                    f6:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:A4:64:15:5B:16:23:07:BC:B4:0B:24:95:AB:A8:0F:0B:7A:52:90
            X509v3 Authority Key Identifier:
                keyid:72:E1:2A:38:76:FF:7B:D0:0D:9D:9E:BB:97:2A:B1:E6:21:EA:1E:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cuEqOHb_e9ANnZ67lyqx5iHqHo0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/1faa24-f086-4b48-b1bd-45527e8e44d2/1/daRkFVsWIwe8tAsklauoDwt6UpA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/1faa24-f086-4b48-b1bd-45527e8e44d2/1/cuEqOHb_e9ANnZ67lyqx5iHqHo0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.235.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:f1:9b:fb:51:b9:c5:a0:e9:aa:65:c2:b3:d5:47:29:f5:78:
         72:b7:fb:1b:76:a8:30:c4:28:a1:ca:22:9d:d5:e2:1b:aa:a3:
         e1:f8:58:f5:b5:54:86:1a:ce:e3:77:2e:5d:bb:73:23:33:4f:
         01:00:31:ae:23:1f:10:c2:e0:60:d5:1f:c6:15:4c:fa:e3:7c:
         38:0b:4b:a3:0a:ba:7e:ff:67:36:1a:ab:d8:93:a2:8e:b5:22:
         7f:62:71:54:f9:53:3b:f4:ef:32:3f:12:4c:01:0b:35:1a:a8:
         4a:8b:a3:d0:46:fc:68:0a:0f:9e:d9:fb:5b:70:4b:f4:df:b0:
         14:b7:bd:9c:57:a1:00:97:8a:1c:44:8c:42:1a:54:c4:08:f5:
         75:56:65:36:0d:18:e5:44:60:c9:c3:59:6b:30:78:d9:06:db:
         df:c9:0a:36:a7:79:52:13:49:67:66:af:9c:8b:bf:27:2a:02:
         c4:c3:a1:94:b2:25:34:b8:76:46:96:e6:f0:d0:ae:c6:10:30:
         cc:5e:9a:83:9d:ce:c1:d5:f7:87:66:d5:13:f6:32:9c:46:ec:
         54:ce:76:9c:41:9c:b0:56:c9:d0:09:1b:30:8a:f3:39:84:78:
         4b:38:58:9f:aa:80:d4:16:50:b0:67:18:69:b9:71:cb:cb:a9:
         75:3a:89:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+9b9IJeCo5YswxOw8zInMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyZTEyYTM4NzZmZjdiZDAwZDlkOWViYjk3MmFiMWU2MjFl
YTFlOGQwHhcNMjUwMTAxMTc0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWE0NjQxNTViMTYyMzA3YmNiNDBiMjQ5NWFiYTgwZjBiN2E1MjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsGkU9a40r/drl2DDYnZABwuQIQog
4EX1I3qrwSgwdya1H4567womQ5aCHfLU0YHCm0uA6rI/LWccviXzzjn0QXzjFtpw
0UG4e2SKo0kpmris13MPNRebI1MKZ4a2KyuQOSIx3QU5i0nHwuHxT/Zn9B1H2G5e
Hp2ReVOqZj9XUuDf0Ta2KMK5K6q5vxR0JZxnT/aWXrEPHVBcXrgOkHUBaMILvooH
X5CSztB64vj5zi0VjtwG7rEIpu7bXZ55Wnapr5Rgeico4Mko9GZzl2zB7hSFjjvE
05XSfh7zQlQLQEvoOovIFjxLlBGGJO7RB2KmXa0i5bYpoofeOZsAHDX2wwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHWkZBVbFiMHvLQLJJWrqA8LelKQMB8GA1UdIwQY
MBaAFHLhKjh2/3vQDZ2eu5cqseYh6h6NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3VFcU9IYl9lOUFOblo2N2x5cXg1aUhxSG8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS8xZmFhMjQtZjA4Ni00YjQ4LWIxYmQt
NDU1MjdlOGU0NGQyLzEvZGFSa0ZWc1dJd2U4dEFza2xhdW9Ed3Q2VXBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS8xZmFhMjQtZjA4Ni00YjQ4LWIxYmQtNDU1MjdlOGU0NGQy
LzEvY3VFcU9IYl9lOUFOblo2N2x5cXg1aUhxSG8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+vtMA0G
CSqGSIb3DQEBCwUAA4IBAQBy8Zv7UbnFoOmqZcKz1Ucp9Xhyt/sbdqgwxCihyiKd
1eIbqqPh+Fj1tVSGGs7jdy5du3MjM08BADGuIx8QwuBg1R/GFUz643w4C0ujCrp+
/2c2GqvYk6KOtSJ/YnFU+VM79O8yPxJMAQs1GqhKi6PQRvxoCg+e2ftbcEv037AU
t72cV6EAl4ocRIxCGlTECPV1VmU2DRjlRGDJw1lrMHjZBtvfyQo2p3lSE0lnZq+c
i78nKgLEw6GUsiU0uHZGlubw0K7GEDDMXpqDnc7B1feHZtUT9jKcRuxUznacQZyw
VsnQCRswivM5hHhLOFifqoDUFlCwZxhpuXHLy6l1Oom2
-----END CERTIFICATE-----