Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/4989ba-9af3-4e3d-845d-eb977164a7e4/1/cPCmmEZLQBEPkXcziSUSzgr9A8M.roa
File:                     cPCmmEZLQBEPkXcziSUSzgr9A8M.roa (raw, json)
Hash identifier:          9oHg9VMQIEZDDm9PNgCyWP6uwuVuI5uEg0oqSov1DY0=
Subject key identifier:   70:F0:A6:98:46:4B:40:11:0F:91:77:33:89:25:12:CE:0A:FD:03:C3
Certificate issuer:       /CN=0a77196340d2144b8ca7b0778984bb04bc1cb378
Certificate serial:       018CC349169D918B120E83800F90A2A514B6
Authority key identifier: 0A:77:19:63:40:D2:14:4B:8C:A7:B0:77:89:84:BB:04:BC:1C:B3:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CncZY0DSFEuMp7B3iYS7BLwcs3g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/4989ba-9af3-4e3d-845d-eb977164a7e4/1/cPCmmEZLQBEPkXcziSUSzgr9A8M.roa
Signing time:             Mon 01 Jan 2024 04:29:56 +0000
ROA not before:           Mon 01 Jan 2024 04:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205552
IP address blocks:        185.212.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/4989ba-9af3-4e3d-845d-eb977164a7e4/1/CncZY0DSFEuMp7B3iYS7BLwcs3g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/4989ba-9af3-4e3d-845d-eb977164a7e4/1/CncZY0DSFEuMp7B3iYS7BLwcs3g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CncZY0DSFEuMp7B3iYS7BLwcs3g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:16:9d:91:8b:12:0e:83:80:0f:90:a2:a5:14:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a77196340d2144b8ca7b0778984bb04bc1cb378
        Validity
            Not Before: Jan  1 04:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=70f0a698464b40110f917733892512ce0afd03c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:5f:39:49:c1:4a:8f:23:56:a9:c7:05:e5:97:
                    ec:62:f2:ef:89:a8:2f:89:4d:c2:c2:f0:ad:08:b1:
                    47:ee:27:df:06:ad:e3:4f:1b:a1:cd:fb:3c:4c:76:
                    d2:d1:91:dd:18:7a:97:0f:dc:4e:08:e9:07:a2:c6:
                    6d:64:c2:6d:d0:a3:00:a9:d4:e4:19:f7:28:23:f4:
                    27:cc:d7:85:1f:ed:b5:7f:c1:ae:9f:3a:fd:18:0d:
                    c4:cc:0a:8f:ac:85:70:ea:04:47:91:7b:d3:5a:ac:
                    b3:56:e1:31:a9:f6:a2:37:e9:54:bc:fc:d0:0f:ab:
                    9d:d4:ac:29:2e:1f:17:ad:cd:57:06:41:14:62:db:
                    a6:19:61:43:7e:36:ab:1a:04:12:6c:bb:c6:46:c4:
                    f6:82:ed:fc:41:50:55:c7:28:c1:b9:eb:95:fa:09:
                    12:ad:cc:67:46:6e:06:cc:c8:6a:2a:fb:c1:49:7e:
                    b0:77:54:51:f2:e7:36:2b:c6:06:e8:c4:2c:4b:42:
                    64:4e:d2:4d:bc:9d:b5:71:e8:8f:77:a8:7d:93:00:
                    3e:73:43:21:e2:44:7f:c8:a7:42:dc:72:38:fe:8e:
                    11:78:ab:2b:60:52:eb:7d:e7:80:26:67:1d:d6:25:
                    4f:d5:90:7e:85:7c:c5:ce:d8:47:5a:53:79:36:7d:
                    e5:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:F0:A6:98:46:4B:40:11:0F:91:77:33:89:25:12:CE:0A:FD:03:C3
            X509v3 Authority Key Identifier:
                keyid:0A:77:19:63:40:D2:14:4B:8C:A7:B0:77:89:84:BB:04:BC:1C:B3:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CncZY0DSFEuMp7B3iYS7BLwcs3g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/4989ba-9af3-4e3d-845d-eb977164a7e4/1/cPCmmEZLQBEPkXcziSUSzgr9A8M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/4989ba-9af3-4e3d-845d-eb977164a7e4/1/CncZY0DSFEuMp7B3iYS7BLwcs3g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:13:7e:9b:99:85:c1:45:f2:18:dd:a7:9e:b4:99:6c:58:de:
         ae:31:06:80:02:fe:77:70:f2:72:90:52:7c:75:bf:1c:a0:6e:
         2f:38:30:ee:70:9f:f0:a0:25:bf:3d:b4:57:6e:16:e5:e0:51:
         ea:17:06:0e:ed:fe:43:79:90:12:ca:27:0d:1a:cd:96:94:70:
         ab:c0:86:cf:13:6f:ec:11:36:a3:51:2f:49:50:4c:bf:5d:3f:
         b4:bf:05:de:1b:bb:54:1b:30:08:e7:47:de:17:a1:fe:c4:59:
         d3:0c:07:0c:89:75:a6:0e:d3:c8:24:45:8e:14:80:e2:13:5b:
         3d:7b:04:9f:f7:f1:a5:4d:ed:8e:bd:49:d4:b2:46:58:24:a9:
         db:80:62:7e:a5:4e:bf:63:13:d2:d6:20:31:9a:ca:88:3b:08:
         eb:de:60:8d:28:c9:93:f0:31:7d:bd:38:48:b9:f2:eb:b6:74:
         a5:d6:9f:ff:02:ca:1a:a2:83:58:bd:82:72:cc:15:73:b3:c6:
         7b:52:8d:59:55:79:21:46:ea:1d:bb:bd:24:59:9d:68:cb:b5:
         0d:03:9e:fb:5d:5b:fa:b2:92:2d:a5:39:78:3f:e2:74:3f:61:
         2b:e0:3a:5f:86:4b:76:cf:b2:c2:db:35:d6:06:ee:95:f4:85:
         5f:9d:64:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSRadkYsSDoOAD5CipRS2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNzcxOTYzNDBkMjE0NGI4Y2E3YjA3Nzg5ODRiYjA0YmMx
Y2IzNzgwHhcNMjQwMTAxMDQyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGYwYTY5ODQ2NGI0MDExMGY5MTc3MzM4OTI1MTJjZTBhZmQwM2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkV85ScFKjyNWqccF5ZfsYvLviagv
iU3CwvCtCLFH7iffBq3jTxuhzfs8THbS0ZHdGHqXD9xOCOkHosZtZMJt0KMAqdTk
GfcoI/QnzNeFH+21f8Gunzr9GA3EzAqPrIVw6gRHkXvTWqyzVuExqfaiN+lUvPzQ
D6ud1KwpLh8Xrc1XBkEUYtumGWFDfjarGgQSbLvGRsT2gu38QVBVxyjBueuV+gkS
rcxnRm4GzMhqKvvBSX6wd1RR8uc2K8YG6MQsS0JkTtJNvJ21ceiPd6h9kwA+c0Mh
4kR/yKdC3HI4/o4ReKsrYFLrfeeAJmcd1iVP1ZB+hXzFzthHWlN5Nn3l0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHDwpphGS0ARD5F3M4klEs4K/QPDMB8GA1UdIwQY
MBaAFAp3GWNA0hRLjKewd4mEuwS8HLN4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ25jWlkwRFNGRXVNcDdCM2lZUzdCTHdjczNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS80OTg5YmEtOWFmMy00ZTNkLTg0NWQt
ZWI5NzcxNjRhN2U0LzEvY1BDbW1FWkxRQkVQa1hjemlTVVN6Z3I5QThNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS80OTg5YmEtOWFmMy00ZTNkLTg0NWQtZWI5NzcxNjRhN2U0
LzEvQ25jWlkwRFNGRXVNcDdCM2lZUzdCTHdjczNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudRbMA0G
CSqGSIb3DQEBCwUAA4IBAQAXE36bmYXBRfIY3aeetJlsWN6uMQaAAv53cPJykFJ8
db8coG4vODDucJ/woCW/PbRXbhbl4FHqFwYO7f5DeZASyicNGs2WlHCrwIbPE2/s
ETajUS9JUEy/XT+0vwXeG7tUGzAI50feF6H+xFnTDAcMiXWmDtPIJEWOFIDiE1s9
ewSf9/GlTe2OvUnUskZYJKnbgGJ+pU6/YxPS1iAxmsqIOwjr3mCNKMmT8DF9vThI
ufLrtnSl1p//AsoaooNYvYJyzBVzs8Z7Uo1ZVXkhRuodu70kWZ1oy7UNA577XVv6
spItpTl4P+J0P2Er4Dpfhkt2z7LC2zXWBu6V9IVfnWS0
-----END CERTIFICATE-----