Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/dcQPvYMkpNFzPPg1VUx1qjFuYe8.roa
File:                     dcQPvYMkpNFzPPg1VUx1qjFuYe8.roa (raw, json)
Hash identifier:          G12ka9DXzvXsxQ8epCaSbntaxPD9dB6DXa2vNX4nb08=
Subject key identifier:   75:C4:0F:BD:83:24:A4:D1:73:3C:F8:35:55:4C:75:AA:31:6E:61:EF
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       018D84C459E037FA5ADDBEB91A26EECFD2CF
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/dcQPvYMkpNFzPPg1VUx1qjFuYe8.roa
Signing time:             Wed 07 Feb 2024 18:11:16 +0000
ROA not before:           Wed 07 Feb 2024 18:11:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48882
IP address blocks:        91.224.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:09:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:84:c4:59:e0:37:fa:5a:dd:be:b9:1a:26:ee:cf:d2:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Feb  7 18:11:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75c40fbd8324a4d1733cf835554c75aa316e61ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:af:55:b4:76:55:12:3e:7c:6f:d4:ec:78:56:
                    5f:97:f2:4d:dd:2d:e6:67:f8:e9:d6:1e:fd:22:17:
                    d5:e3:96:43:0e:0d:32:01:f0:03:8a:1c:e2:2d:33:
                    a4:e5:51:0d:57:9f:f5:f6:7c:5f:fe:b7:70:9d:e4:
                    12:21:82:df:f4:bd:85:37:14:2c:74:fd:8a:f2:2c:
                    ae:52:26:66:47:b5:06:f7:48:d2:83:38:cb:6c:7d:
                    15:42:87:d6:7e:2b:8a:cb:bb:80:46:8b:93:28:27:
                    c1:1d:65:11:fa:f4:b5:86:e2:68:7a:d2:47:24:df:
                    5b:88:22:9a:d1:d7:ff:98:25:77:d1:37:67:8c:31:
                    be:92:7e:46:f3:53:24:7d:c2:ad:e0:03:e4:b2:7a:
                    15:ae:c3:34:03:a1:82:24:6c:66:94:cd:3b:3b:93:
                    ce:85:7d:7e:b8:0e:84:57:27:4b:6c:39:35:5d:2b:
                    e4:ce:51:02:48:fc:18:95:e2:4c:8e:4d:7f:c5:68:
                    64:18:f8:5e:0e:ef:9a:14:a9:c4:db:d4:6a:15:f3:
                    50:aa:b1:a7:c0:1f:8f:58:42:b3:d1:49:38:81:aa:
                    33:1a:11:8b:3e:af:23:48:b7:e6:74:76:25:9e:80:
                    1c:7f:c9:84:6e:d4:c7:63:73:5a:53:f3:ee:9c:db:
                    a1:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:C4:0F:BD:83:24:A4:D1:73:3C:F8:35:55:4C:75:AA:31:6E:61:EF
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/dcQPvYMkpNFzPPg1VUx1qjFuYe8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:a3:17:4f:4c:82:1f:a2:df:d3:f0:14:74:ca:ed:ec:de:77:
         41:34:d0:43:a0:a3:48:7c:36:18:59:e3:01:85:d1:db:45:2d:
         00:b2:33:2e:5a:a9:dd:1b:2b:6a:cc:ce:ed:46:4a:5f:ad:ba:
         ef:e6:1d:b8:a7:00:d4:f8:9a:44:5b:83:d5:d2:05:da:15:47:
         82:ba:90:b3:34:e0:58:62:ff:49:6c:f6:11:00:31:cb:59:72:
         de:78:2a:71:ac:1e:22:1b:04:40:16:1b:57:32:08:6c:c9:e7:
         5a:db:d0:c9:56:e2:6f:66:56:06:ec:fa:62:39:f6:48:4b:47:
         3a:76:ad:ff:41:ea:fb:5b:25:c9:b4:12:00:57:db:cc:fa:f5:
         f3:c8:1c:0a:54:15:b8:b3:80:c3:d2:35:3d:0a:7f:57:82:57:
         92:50:ad:9c:5f:81:c3:5c:89:4e:b4:81:bc:a7:89:1c:a4:55:
         f8:c8:7f:dd:c2:df:c9:dd:1e:a8:be:7f:e1:51:b4:65:07:59:
         13:af:75:c9:8e:7a:26:90:c5:6c:dc:99:b5:1b:5c:74:84:3a:
         2d:2e:54:b3:28:dc:f2:33:19:f1:4e:20:67:56:ae:1e:7f:1f:
         87:6e:5d:58:4a:c3:30:59:36:97:f4:03:dc:aa:ee:86:35:01:
         37:0c:0d:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2ExFngN/pa3b65Gibuz9LPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwMjA3MTgxMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWM0MGZiZDgzMjRhNGQxNzMzY2Y4MzU1NTRjNzVhYTMxNmU2MWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqq9VtHZVEj58b9TseFZfl/JN3S3m
Z/jp1h79IhfV45ZDDg0yAfADihziLTOk5VENV5/19nxf/rdwneQSIYLf9L2FNxQs
dP2K8iyuUiZmR7UG90jSgzjLbH0VQofWfiuKy7uARouTKCfBHWUR+vS1huJoetJH
JN9biCKa0df/mCV30TdnjDG+kn5G81MkfcKt4APksnoVrsM0A6GCJGxmlM07O5PO
hX1+uA6EVydLbDk1XSvkzlECSPwYleJMjk1/xWhkGPheDu+aFKnE29RqFfNQqrGn
wB+PWEKz0Uk4gaozGhGLPq8jSLfmdHYlnoAcf8mEbtTHY3NaU/PunNuhcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHXED72DJKTRczz4NVVMdaoxbmHvMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvZGNRUHZZTWtwTkZ6UFBnMVZVeDFxakZ1WWU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+CMMA0G
CSqGSIb3DQEBCwUAA4IBAQCboxdPTIIfot/T8BR0yu3s3ndBNNBDoKNIfDYYWeMB
hdHbRS0AsjMuWqndGytqzM7tRkpfrbrv5h24pwDU+JpEW4PV0gXaFUeCupCzNOBY
Yv9JbPYRADHLWXLeeCpxrB4iGwRAFhtXMghsyeda29DJVuJvZlYG7PpiOfZIS0c6
dq3/Qer7WyXJtBIAV9vM+vXzyBwKVBW4s4DD0jU9Cn9XgleSUK2cX4HDXIlOtIG8
p4kcpFX4yH/dwt/J3R6ovn/hUbRlB1kTr3XJjnomkMVs3Jm1G1x0hDotLlSzKNzy
MxnxTiBnVq4efx+Hbl1YSsMwWTaX9APcqu6GNQE3DA1x
-----END CERTIFICATE-----