Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/a264a8-a666-4c87-851c-ada24ef310ca/1/CoDL1rMPxfdpffPEynRQx35TTeE.roa
File:                     CoDL1rMPxfdpffPEynRQx35TTeE.roa (raw, json)
Hash identifier:          avC24JYivQmLLY5PTdyHs5JB4u57qa8JMZhWXR86DI4=
Subject key identifier:   0A:80:CB:D6:B3:0F:C5:F7:69:7D:F3:C4:CA:74:50:C7:7E:53:4D:E1
Certificate issuer:       /CN=aca2a1952e718944a40434a0ebefffda2bfeed5f
Certificate serial:       018CC5DBF896DB3463ABE400EA3A3B261B98
Authority key identifier: AC:A2:A1:95:2E:71:89:44:A4:04:34:A0:EB:EF:FF:DA:2B:FE:ED:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rKKhlS5xiUSkBDSg6-__2iv-7V8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/a264a8-a666-4c87-851c-ada24ef310ca/1/CoDL1rMPxfdpffPEynRQx35TTeE.roa
Signing time:             Mon 01 Jan 2024 16:29:36 +0000
ROA not before:           Mon 01 Jan 2024 16:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58147
IP address blocks:        91.239.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/a264a8-a666-4c87-851c-ada24ef310ca/1/rKKhlS5xiUSkBDSg6-__2iv-7V8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/a264a8-a666-4c87-851c-ada24ef310ca/1/rKKhlS5xiUSkBDSg6-__2iv-7V8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rKKhlS5xiUSkBDSg6-__2iv-7V8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:f8:96:db:34:63:ab:e4:00:ea:3a:3b:26:1b:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aca2a1952e718944a40434a0ebefffda2bfeed5f
        Validity
            Not Before: Jan  1 16:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a80cbd6b30fc5f7697df3c4ca7450c77e534de1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:cf:c5:90:35:ff:7e:d4:4a:10:ea:2a:65:83:
                    50:6d:6d:f5:fb:2b:6a:d9:2a:df:12:9b:f5:80:2b:
                    e4:3d:a2:6f:e8:73:c4:39:d5:34:41:94:dc:cb:31:
                    4c:e6:25:9d:0d:fa:45:66:e6:84:cb:ed:92:df:1c:
                    91:23:32:43:83:16:ef:ce:5d:53:6e:f4:ac:b7:3a:
                    a3:30:a8:1b:5f:da:3a:24:ed:f5:98:2e:ba:85:00:
                    5a:45:b2:9f:09:1e:94:71:47:30:98:43:bb:5d:00:
                    e9:9d:ba:84:85:0d:07:b2:52:65:92:9b:70:2b:84:
                    31:1c:29:e3:c4:07:ca:55:b4:b5:a3:74:98:96:8a:
                    e5:c0:d2:e3:bb:fd:1b:72:95:1f:9b:97:16:b5:f7:
                    ca:7d:d8:83:05:df:c6:ea:ce:80:f3:d3:8f:42:ec:
                    ba:97:4d:0f:42:0a:9f:20:bd:58:b0:34:b7:f6:78:
                    5e:15:9e:88:5c:de:71:7b:68:7d:73:0c:24:a9:86:
                    56:3d:35:23:9c:b3:54:6b:d9:40:f9:e7:61:a3:d6:
                    d6:bd:8d:06:a8:15:ea:d2:6d:2b:6d:a1:d2:99:b8:
                    f4:a3:76:ca:3b:b5:e0:ae:f6:ac:7b:a7:59:cc:27:
                    66:7e:f8:4f:37:07:da:51:ea:f6:c6:19:79:de:4f:
                    f0:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:80:CB:D6:B3:0F:C5:F7:69:7D:F3:C4:CA:74:50:C7:7E:53:4D:E1
            X509v3 Authority Key Identifier:
                keyid:AC:A2:A1:95:2E:71:89:44:A4:04:34:A0:EB:EF:FF:DA:2B:FE:ED:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rKKhlS5xiUSkBDSg6-__2iv-7V8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/a264a8-a666-4c87-851c-ada24ef310ca/1/CoDL1rMPxfdpffPEynRQx35TTeE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/a264a8-a666-4c87-851c-ada24ef310ca/1/rKKhlS5xiUSkBDSg6-__2iv-7V8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:23:75:ed:83:0a:f3:28:b2:20:ca:2e:db:e2:8f:4f:1e:09:
         d1:71:6d:84:dd:4e:40:ae:06:75:77:21:5f:87:87:da:3f:58:
         ce:67:81:9e:5d:b9:ed:dc:a9:90:0e:28:ab:0f:24:8b:20:b8:
         9e:0b:9a:82:17:85:8a:46:49:e5:1a:73:66:ea:61:27:7b:99:
         cf:f6:b0:34:e4:ab:dd:b6:90:fa:cf:21:53:1e:7b:33:eb:7a:
         91:0e:69:48:7c:c2:3b:c1:8f:51:cc:c5:55:db:ef:39:df:fe:
         25:47:a7:22:54:69:72:ee:ba:87:c3:eb:dc:2e:d7:f5:a3:75:
         64:25:19:fd:91:4d:01:46:8a:f2:95:17:01:69:35:a9:bd:4e:
         5d:e9:d1:35:36:ef:92:8c:62:c2:14:8e:49:6e:7e:03:2a:86:
         0a:c1:a2:d2:1a:63:d1:7b:08:1c:34:8b:af:18:2c:b8:0e:07:
         81:c0:89:cc:1e:50:92:d6:d2:5b:46:03:f2:7a:4b:f9:5d:d9:
         93:5f:1a:93:1a:f5:84:62:98:46:16:8c:6f:ba:0e:e6:b9:b2:
         3d:33:b1:03:75:1c:71:7d:ea:98:35:63:f0:21:75:55:35:d8:
         e4:fa:e1:3a:22:8e:c3:b5:01:28:77:65:5d:67:94:1e:cc:d2:
         8a:cf:35:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2/iW2zRjq+QA6jo7JhuYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYTJhMTk1MmU3MTg5NDRhNDA0MzRhMGViZWZmZmRhMmJm
ZWVkNWYwHhcNMjQwMTAxMTYyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTgwY2JkNmIzMGZjNWY3Njk3ZGYzYzRjYTc0NTBjNzdlNTM0ZGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlM/FkDX/ftRKEOoqZYNQbW31+ytq
2SrfEpv1gCvkPaJv6HPEOdU0QZTcyzFM5iWdDfpFZuaEy+2S3xyRIzJDgxbvzl1T
bvSstzqjMKgbX9o6JO31mC66hQBaRbKfCR6UcUcwmEO7XQDpnbqEhQ0HslJlkptw
K4QxHCnjxAfKVbS1o3SYlorlwNLju/0bcpUfm5cWtffKfdiDBd/G6s6A89OPQuy6
l00PQgqfIL1YsDS39nheFZ6IXN5xe2h9cwwkqYZWPTUjnLNUa9lA+edho9bWvY0G
qBXq0m0rbaHSmbj0o3bKO7Xgrvase6dZzCdmfvhPNwfaUer2xhl53k/wVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAqAy9azD8X3aX3zxMp0UMd+U03hMB8GA1UdIwQY
MBaAFKyioZUucYlEpAQ0oOvv/9or/u1fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcktLaGxTNXhpVVNrQkRTZzYtX18yaXYtN1Y4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC9hMjY0YTgtYTY2Ni00Yzg3LTg1MWMt
YWRhMjRlZjMxMGNhLzEvQ29ETDFyTVB4ZmRwZmZQRXluUlF4MzVUVGVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC9hMjY0YTgtYTY2Ni00Yzg3LTg1MWMtYWRhMjRlZjMxMGNh
LzEvcktLaGxTNXhpVVNrQkRTZzYtX18yaXYtN1Y4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+88MA0G
CSqGSIb3DQEBCwUAA4IBAQCXI3XtgwrzKLIgyi7b4o9PHgnRcW2E3U5ArgZ1dyFf
h4faP1jOZ4GeXbnt3KmQDiirDySLILieC5qCF4WKRknlGnNm6mEne5nP9rA05Kvd
tpD6zyFTHnsz63qRDmlIfMI7wY9RzMVV2+853/4lR6ciVGly7rqHw+vcLtf1o3Vk
JRn9kU0BRorylRcBaTWpvU5d6dE1Nu+SjGLCFI5Jbn4DKoYKwaLSGmPRewgcNIuv
GCy4DgeBwInMHlCS1tJbRgPyekv5XdmTXxqTGvWEYphGFoxvug7mubI9M7EDdRxx
feqYNWPwIXVVNdjk+uE6Io7DtQEod2VdZ5QezNKKzzV1
-----END CERTIFICATE-----