Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/dd1ddf-73cf-4bb2-8a6e-6e4aec86fe1e/1/72NaRxsbucnFW8h04GVCBGNBQJM.roa
File:                     72NaRxsbucnFW8h04GVCBGNBQJM.roa (raw, json)
Hash identifier:          xrYHS/UjIboaCAyzwMW7Ah8fPANTzE0hPNzykFQwrXw=
Subject key identifier:   EF:63:5A:47:1B:1B:B9:C9:C5:5B:C8:74:E0:65:42:04:63:41:40:93
Certificate issuer:       /CN=637104d927e7e1ef8febbffddf28145495011094
Certificate serial:       018CCA9982269FD3CA940274A2FBF65B69FC
Authority key identifier: 63:71:04:D9:27:E7:E1:EF:8F:EB:BF:FD:DF:28:14:54:95:01:10:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y3EE2Sfn4e-P67_93ygUVJUBEJQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/dd1ddf-73cf-4bb2-8a6e-6e4aec86fe1e/1/72NaRxsbucnFW8h04GVCBGNBQJM.roa
Signing time:             Tue 02 Jan 2024 14:35:07 +0000
ROA not before:           Tue 02 Jan 2024 14:35:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198975
IP address blocks:        91.240.130.0/24 maxlen: 24
                          91.240.136.0/24 maxlen: 24
                          91.240.136.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/dd1ddf-73cf-4bb2-8a6e-6e4aec86fe1e/1/Y3EE2Sfn4e-P67_93ygUVJUBEJQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/dd1ddf-73cf-4bb2-8a6e-6e4aec86fe1e/1/Y3EE2Sfn4e-P67_93ygUVJUBEJQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y3EE2Sfn4e-P67_93ygUVJUBEJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:82:26:9f:d3:ca:94:02:74:a2:fb:f6:5b:69:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=637104d927e7e1ef8febbffddf28145495011094
        Validity
            Not Before: Jan  2 14:35:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ef635a471b1bb9c9c55bc874e065420463414093
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:f0:4b:1d:85:89:0c:a1:c3:b4:a2:51:e1:82:
                    d7:96:50:41:f0:a1:e3:78:6f:02:da:2a:ea:11:f8:
                    8e:6e:f4:a3:08:e0:17:17:1d:9b:1a:60:89:5d:80:
                    90:5f:2a:f5:1a:fc:bf:37:cc:3c:18:9b:76:6f:79:
                    71:39:3a:d5:da:7a:59:da:cc:5f:5d:05:ed:a2:3f:
                    cd:6d:12:1b:b8:fd:3d:13:d0:e7:78:b6:2d:9a:0e:
                    ac:f0:1f:96:a9:fc:d0:90:49:b3:58:4a:b8:b7:61:
                    1a:4c:01:6e:47:16:86:5b:91:1e:3c:5e:e4:73:90:
                    1a:9b:3d:e9:66:c9:8c:56:1e:e1:86:d9:f4:7e:61:
                    bf:61:4c:cd:f5:d8:b0:ec:d0:d4:d8:bf:ce:8b:30:
                    c7:02:96:14:30:1c:0a:43:db:e3:78:29:b7:ab:71:
                    91:d4:21:e6:78:f9:d0:ba:11:b8:41:70:24:da:ab:
                    5e:fb:26:1f:33:3e:16:24:c0:5e:3e:f8:40:78:a2:
                    ec:e5:37:99:ef:51:4f:32:52:40:26:95:6a:96:be:
                    38:80:57:fb:01:98:65:5b:4d:2c:da:97:49:c9:b4:
                    ac:68:38:d4:34:a0:b5:61:78:3d:0e:54:49:a5:71:
                    d6:9c:53:23:1f:bc:77:bf:e6:f3:9c:e7:d7:bc:74:
                    1f:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:63:5A:47:1B:1B:B9:C9:C5:5B:C8:74:E0:65:42:04:63:41:40:93
            X509v3 Authority Key Identifier:
                keyid:63:71:04:D9:27:E7:E1:EF:8F:EB:BF:FD:DF:28:14:54:95:01:10:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y3EE2Sfn4e-P67_93ygUVJUBEJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/dd1ddf-73cf-4bb2-8a6e-6e4aec86fe1e/1/72NaRxsbucnFW8h04GVCBGNBQJM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/dd1ddf-73cf-4bb2-8a6e-6e4aec86fe1e/1/Y3EE2Sfn4e-P67_93ygUVJUBEJQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.130.0/24
                  91.240.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         84:2c:d0:b5:1e:c3:76:ff:7a:33:0c:c7:cd:c1:37:cc:44:b4:
         18:2d:a4:7a:3d:47:c6:8e:15:9b:45:5b:a5:8c:6b:de:12:44:
         a3:24:a1:07:ec:9e:59:c0:13:16:9f:6e:b5:ab:82:69:a2:98:
         ff:19:d7:d1:d5:53:5a:7c:df:12:27:fd:57:53:d9:78:b6:c5:
         bd:8e:d6:7f:c4:8c:c5:25:f0:9d:3a:9d:03:24:10:7c:8b:c8:
         84:a8:b2:f2:ca:98:05:fa:20:db:48:93:47:50:e8:e5:4b:a7:
         18:6a:19:5f:8c:69:65:a7:26:75:67:dc:42:89:24:31:a4:1b:
         dc:f3:b5:eb:ed:9c:2d:60:56:a4:41:23:27:c5:3e:e1:fc:54:
         30:30:7a:63:f1:c1:4b:df:33:fd:38:21:93:fd:cd:03:54:16:
         e9:4c:17:3d:66:38:86:73:d4:31:4e:3d:a1:28:28:18:e6:4e:
         3c:a6:b6:64:a1:66:3a:3b:fe:da:83:57:23:aa:62:d9:dd:4a:
         a3:11:f6:4f:85:73:f5:25:06:90:9b:c2:84:43:72:c8:48:1d:
         7e:80:5f:89:a8:a5:80:8a:2a:c3:80:75:d4:51:46:b2:3a:ff:
         de:0b:9b:71:09:69:e4:b6:bf:9d:ff:3c:93:94:2c:e2:6f:69:
         25:60:d0:0f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKmYImn9PKlAJ0ovv2W2n8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNzEwNGQ5MjdlN2UxZWY4ZmViYmZmZGRmMjgxNDU0OTUw
MTEwOTQwHhcNMjQwMTAyMTQzNTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjYzNWE0NzFiMWJiOWM5YzU1YmM4NzRlMDY1NDIwNDYzNDE0MDkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPBLHYWJDKHDtKJR4YLXllBB8KHj
eG8C2irqEfiObvSjCOAXFx2bGmCJXYCQXyr1Gvy/N8w8GJt2b3lxOTrV2npZ2sxf
XQXtoj/NbRIbuP09E9DneLYtmg6s8B+WqfzQkEmzWEq4t2EaTAFuRxaGW5EePF7k
c5Aamz3pZsmMVh7hhtn0fmG/YUzN9diw7NDU2L/OizDHApYUMBwKQ9vjeCm3q3GR
1CHmePnQuhG4QXAk2qte+yYfMz4WJMBePvhAeKLs5TeZ71FPMlJAJpVqlr44gFf7
AZhlW00s2pdJybSsaDjUNKC1YXg9DlRJpXHWnFMjH7x3v+bznOfXvHQfuQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO9jWkcbG7nJxVvIdOBlQgRjQUCTMB8GA1UdIwQY
MBaAFGNxBNkn5+Hvj+u//d8oFFSVARCUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTNFRTJTZm40ZS1QNjdfOTN5Z1VWSlVCRUpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9kZDFkZGYtNzNjZi00YmIyLThhNmUt
NmU0YWVjODZmZTFlLzEvNzJOYVJ4c2J1Y25GVzhoMDRHVkNCR05CUUpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9kZDFkZGYtNzNjZi00YmIyLThhNmUtNmU0YWVjODZmZTFl
LzEvWTNFRTJTZm40ZS1QNjdfOTN5Z1VWSlVCRUpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW/CCAwQC
W/CIMA0GCSqGSIb3DQEBCwUAA4IBAQCELNC1HsN2/3ozDMfNwTfMRLQYLaR6PUfG
jhWbRVuljGveEkSjJKEH7J5ZwBMWn261q4Jpopj/GdfR1VNafN8SJ/1XU9l4tsW9
jtZ/xIzFJfCdOp0DJBB8i8iEqLLyypgF+iDbSJNHUOjlS6cYahlfjGllpyZ1Z9xC
iSQxpBvc87Xr7ZwtYFakQSMnxT7h/FQwMHpj8cFL3zP9OCGT/c0DVBbpTBc9ZjiG
c9QxTj2hKCgY5k48prZkoWY6O/7ag1cjqmLZ3UqjEfZPhXP1JQaQm8KEQ3LISB1+
gF+JqKWAiirDgHXUUUayOv/eC5txCWnktr+d/zyTlCzib2klYNAP
-----END CERTIFICATE-----