Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/cc4d76-3ae9-491e-9bd2-193cc61bce61/1/nd4i72NO084shjyZpXRhzM4iNCE.roa
File:                     nd4i72NO084shjyZpXRhzM4iNCE.roa (raw, json)
Hash identifier:          Te/kGq8CKAUWrxGrhe3DOvcvgorfpn7pC3V85RtY2to=
Subject key identifier:   9D:DE:22:EF:63:4E:D3:CE:2C:86:3C:99:A5:74:61:CC:CE:22:34:21
Certificate issuer:       /CN=afa474a5ea601c809291ee79bae3918964d0871e
Certificate serial:       018CC2DB01E9130E80CE9A6D63324A32616C
Authority key identifier: AF:A4:74:A5:EA:60:1C:80:92:91:EE:79:BA:E3:91:89:64:D0:87:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r6R0pepgHICSke55uuORiWTQhx4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/cc4d76-3ae9-491e-9bd2-193cc61bce61/1/nd4i72NO084shjyZpXRhzM4iNCE.roa
Signing time:             Mon 01 Jan 2024 02:29:41 +0000
ROA not before:           Mon 01 Jan 2024 02:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48736
IP address blocks:        91.209.241.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/cc4d76-3ae9-491e-9bd2-193cc61bce61/1/r6R0pepgHICSke55uuORiWTQhx4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/cc4d76-3ae9-491e-9bd2-193cc61bce61/1/r6R0pepgHICSke55uuORiWTQhx4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r6R0pepgHICSke55uuORiWTQhx4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:01:e9:13:0e:80:ce:9a:6d:63:32:4a:32:61:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=afa474a5ea601c809291ee79bae3918964d0871e
        Validity
            Not Before: Jan  1 02:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9dde22ef634ed3ce2c863c99a57461ccce223421
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:2b:eb:d1:6b:3d:f6:5a:d3:be:8f:8e:5d:71:
                    53:26:1b:bd:db:3e:1e:10:83:52:e1:58:50:c1:68:
                    68:7a:a0:7f:67:d6:be:04:25:40:4d:af:fe:03:81:
                    67:65:b7:d1:30:de:f0:b4:b6:aa:19:91:72:ca:5b:
                    93:0d:af:d9:be:5f:f1:ef:50:38:4c:8d:c3:79:cc:
                    ad:d5:fc:f0:4a:b7:3f:f9:8b:33:da:5a:54:64:92:
                    28:32:35:ee:40:e0:3e:43:80:70:27:56:01:73:bb:
                    f0:3a:a2:26:39:31:42:eb:af:54:d2:4e:7b:62:fc:
                    8c:9c:40:42:4d:ed:2a:3d:d4:32:06:23:8a:79:b3:
                    d6:76:0d:1d:d9:a9:aa:6f:f7:74:b6:09:ff:c0:63:
                    5f:3e:f2:5e:f0:c7:6f:c1:ef:53:a7:5e:93:38:f2:
                    e8:4b:d9:5f:56:cc:9e:42:cf:7f:6f:72:14:8d:eb:
                    68:bf:ed:48:db:ac:0a:9b:fd:34:c9:4d:42:fa:07:
                    5a:f0:9a:a6:e8:e6:e8:d3:d3:24:72:fa:71:cd:d6:
                    8a:1e:a2:97:8b:79:4c:31:c3:c1:8c:6c:c8:b9:e3:
                    9b:c2:8b:39:ec:04:be:40:ef:29:fc:9a:15:ec:0e:
                    30:80:e1:71:b6:ad:51:af:66:e0:00:78:5d:49:50:
                    1e:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:DE:22:EF:63:4E:D3:CE:2C:86:3C:99:A5:74:61:CC:CE:22:34:21
            X509v3 Authority Key Identifier:
                keyid:AF:A4:74:A5:EA:60:1C:80:92:91:EE:79:BA:E3:91:89:64:D0:87:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r6R0pepgHICSke55uuORiWTQhx4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/cc4d76-3ae9-491e-9bd2-193cc61bce61/1/nd4i72NO084shjyZpXRhzM4iNCE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/cc4d76-3ae9-491e-9bd2-193cc61bce61/1/r6R0pepgHICSke55uuORiWTQhx4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:97:93:7d:53:86:e3:33:f4:84:fd:e5:aa:a1:78:94:99:44:
         70:5d:26:97:e7:e9:d2:b8:97:99:e0:66:64:c5:a3:1b:20:d1:
         74:71:ba:02:a1:49:3d:ab:66:9b:88:d1:b7:44:4d:27:e4:80:
         e8:bf:51:9e:6c:54:e7:70:63:6e:a9:6e:e6:0c:07:a6:22:60:
         be:43:90:2a:cd:c4:68:1d:f4:5c:f5:b5:17:7f:17:54:ea:2f:
         27:df:f2:14:14:09:ca:ca:23:fc:9b:5a:44:38:a2:3b:c9:56:
         d9:52:36:aa:82:55:ac:30:2f:19:81:4e:07:c3:d8:bf:21:73:
         7c:4d:59:9e:9e:ca:55:11:b2:94:6a:61:e6:ed:ee:8d:f0:3b:
         38:14:b2:c7:cf:87:be:0e:89:71:b3:f1:f2:e8:83:58:97:65:
         da:5c:31:b6:51:29:e4:b0:c2:74:b5:92:43:db:94:38:8b:c9:
         16:93:ba:0d:4e:32:42:32:84:2d:8b:e0:f5:e6:4a:cb:30:b5:
         38:e0:ef:2e:95:9f:4c:24:f0:87:91:7f:b8:03:9a:12:0e:31:
         de:9a:46:52:5f:12:5f:0f:b3:b3:b4:4d:7b:a0:3f:a4:44:6b:
         a8:af:6a:c3:07:6e:8d:c6:1a:53:e8:b4:61:f1:92:b8:c9:84:
         a1:a2:22:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2wHpEw6AzpptYzJKMmFsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmYTQ3NGE1ZWE2MDFjODA5MjkxZWU3OWJhZTM5MTg5NjRk
MDg3MWUwHhcNMjQwMTAxMDIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGRlMjJlZjYzNGVkM2NlMmM4NjNjOTlhNTc0NjFjY2NlMjIzNDIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhivr0Ws99lrTvo+OXXFTJhu92z4e
EINS4VhQwWhoeqB/Z9a+BCVATa/+A4FnZbfRMN7wtLaqGZFyyluTDa/Zvl/x71A4
TI3Decyt1fzwSrc/+Ysz2lpUZJIoMjXuQOA+Q4BwJ1YBc7vwOqImOTFC669U0k57
YvyMnEBCTe0qPdQyBiOKebPWdg0d2amqb/d0tgn/wGNfPvJe8Mdvwe9Tp16TOPLo
S9lfVsyeQs9/b3IUjetov+1I26wKm/00yU1C+gda8Jqm6Obo09MkcvpxzdaKHqKX
i3lMMcPBjGzIueObwos57AS+QO8p/JoV7A4wgOFxtq1Rr2bgAHhdSVAeZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ3eIu9jTtPOLIY8maV0YczOIjQhMB8GA1UdIwQY
MBaAFK+kdKXqYByAkpHuebrjkYlk0IceMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjZSMHBlcGdISUNTa2U1NXV1T1JpV1RRaHg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC9jYzRkNzYtM2FlOS00OTFlLTliZDIt
MTkzY2M2MWJjZTYxLzEvbmQ0aTcyTk8wODRzaGp5WnBYUmh6TTRpTkNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC9jYzRkNzYtM2FlOS00OTFlLTliZDItMTkzY2M2MWJjZTYx
LzEvcjZSMHBlcGdISUNTa2U1NXV1T1JpV1RRaHg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9HxMA0G
CSqGSIb3DQEBCwUAA4IBAQA6l5N9U4bjM/SE/eWqoXiUmURwXSaX5+nSuJeZ4GZk
xaMbINF0cboCoUk9q2abiNG3RE0n5IDov1GebFTncGNuqW7mDAemImC+Q5AqzcRo
HfRc9bUXfxdU6i8n3/IUFAnKyiP8m1pEOKI7yVbZUjaqglWsMC8ZgU4Hw9i/IXN8
TVmenspVEbKUamHm7e6N8Ds4FLLHz4e+Dolxs/Hy6INYl2XaXDG2USnksMJ0tZJD
25Q4i8kWk7oNTjJCMoQti+D15krLMLU44O8ulZ9MJPCHkX+4A5oSDjHemkZSXxJf
D7OztE17oD+kRGuor2rDB26NxhpT6LRh8ZK4yYShoiJM
-----END CERTIFICATE-----