Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/3ac761-9ad8-4513-8a32-1f55d9999eeb/1/AyRnRugEs-BUu0Lf6vJfkoNWD4o.roa
File:                     AyRnRugEs-BUu0Lf6vJfkoNWD4o.roa (raw, json)
Hash identifier:          z+FJ4dE0ouCOdE7psBkgdR6Mp8ZQYie8bXMQnWy4uPY=
Subject key identifier:   03:24:67:46:E8:04:B3:E0:54:BB:42:DF:EA:F2:5F:92:83:56:0F:8A
Certificate issuer:       /CN=44728fb31c4ebdfb9bf129745b91bd2e2ee8ef31
Certificate serial:       018CC94ACF2FC6CBE47F9C0504437A43E0E9
Authority key identifier: 44:72:8F:B3:1C:4E:BD:FB:9B:F1:29:74:5B:91:BD:2E:2E:E8:EF:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RHKPsxxOvfub8Sl0W5G9Li7o7zE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/3ac761-9ad8-4513-8a32-1f55d9999eeb/1/AyRnRugEs-BUu0Lf6vJfkoNWD4o.roa
Signing time:             Tue 02 Jan 2024 08:29:32 +0000
ROA not before:           Tue 02 Jan 2024 08:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     55569
IP address blocks:        91.199.242.0/24 maxlen: 24
                          91.212.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/3ac761-9ad8-4513-8a32-1f55d9999eeb/1/RHKPsxxOvfub8Sl0W5G9Li7o7zE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/3ac761-9ad8-4513-8a32-1f55d9999eeb/1/RHKPsxxOvfub8Sl0W5G9Li7o7zE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RHKPsxxOvfub8Sl0W5G9Li7o7zE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:cf:2f:c6:cb:e4:7f:9c:05:04:43:7a:43:e0:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44728fb31c4ebdfb9bf129745b91bd2e2ee8ef31
        Validity
            Not Before: Jan  2 08:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03246746e804b3e054bb42dfeaf25f9283560f8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:f4:2c:a2:d5:f8:04:4b:cf:db:b0:57:4b:6d:
                    81:d8:4e:f7:29:eb:93:3f:12:a6:c8:82:74:52:10:
                    4b:2c:1d:fa:05:30:60:dc:67:75:94:a2:4d:88:46:
                    ff:ef:9a:be:60:97:4b:c4:c7:c3:d8:07:5f:a3:d0:
                    5b:f0:76:93:ae:f6:17:f1:39:51:fc:5a:9c:56:db:
                    c7:4a:d1:df:82:14:90:a8:d2:81:2c:18:c9:43:48:
                    75:58:f0:38:64:3f:b9:02:96:42:d7:d8:25:84:44:
                    a4:bf:ad:aa:24:b6:f9:fd:0d:70:a8:e5:af:67:8e:
                    90:78:e0:cd:6d:61:64:fc:6f:69:2d:a6:a0:80:1d:
                    dc:e3:bb:0a:9a:a7:11:48:00:36:d2:ab:a7:f2:d0:
                    07:51:48:07:7b:77:06:44:12:cb:13:0a:4f:15:c2:
                    74:33:5c:2e:98:e2:c7:cd:b0:53:3f:c9:b7:d6:08:
                    b3:53:7e:fd:ab:0d:09:ce:fa:70:f8:bb:55:db:a3:
                    5b:20:36:3b:16:e3:cc:d9:ea:18:36:33:4a:5d:fd:
                    8c:59:db:87:85:7e:60:fd:5c:63:63:ab:d8:29:d1:
                    8d:c4:e8:98:a7:2e:c7:aa:fd:09:aa:ad:94:72:5e:
                    6b:68:6f:05:36:f4:f4:ce:b3:06:ea:37:ce:9a:25:
                    fe:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:24:67:46:E8:04:B3:E0:54:BB:42:DF:EA:F2:5F:92:83:56:0F:8A
            X509v3 Authority Key Identifier:
                keyid:44:72:8F:B3:1C:4E:BD:FB:9B:F1:29:74:5B:91:BD:2E:2E:E8:EF:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RHKPsxxOvfub8Sl0W5G9Li7o7zE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/3ac761-9ad8-4513-8a32-1f55d9999eeb/1/AyRnRugEs-BUu0Lf6vJfkoNWD4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/3ac761-9ad8-4513-8a32-1f55d9999eeb/1/RHKPsxxOvfub8Sl0W5G9Li7o7zE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.242.0/24
                  91.212.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:58:e8:bc:14:e7:2e:b0:2d:7a:41:9f:9f:b5:1e:21:16:08:
         45:22:ee:2e:c3:2b:fa:cd:bf:b1:25:f2:f4:60:9b:1b:40:6d:
         c4:b3:3f:fd:9d:45:c6:0f:98:c0:d6:6e:bf:9a:e9:ed:cc:1c:
         92:b0:02:79:38:6e:e2:83:30:c8:86:3f:6a:d3:ed:44:da:91:
         89:a7:f7:66:87:0a:c5:f8:f8:bc:e1:81:65:fd:98:ec:61:49:
         69:e6:08:b6:49:66:17:51:25:bd:69:41:bb:53:7d:6c:f4:bd:
         fb:1b:68:bf:d8:97:18:b3:00:ee:37:9c:bd:0c:30:7c:8e:b5:
         a6:bd:df:e9:32:03:95:b4:04:68:fb:32:c2:f2:b7:1d:86:d4:
         9d:60:7c:7e:25:ad:bd:f4:26:df:0b:51:e7:8b:37:4f:54:a2:
         38:91:7a:39:91:bc:15:d6:6b:8f:19:e0:9f:5e:e5:f5:48:a8:
         04:c9:1e:a1:90:57:f9:29:a3:27:9f:92:e0:8c:d9:d0:b9:9c:
         6f:4c:e2:19:37:b6:39:dd:78:30:a2:c1:ad:c9:a7:64:16:fe:
         d2:45:15:81:a7:2b:f9:5f:23:34:66:9a:6f:fa:75:8f:31:ea:
         50:b5:9d:fe:84:2a:53:e6:d5:c9:ac:c3:27:d8:14:74:bb:a7:
         c2:b3:7d:fe
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJSs8vxsvkf5wFBEN6Q+DpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NzI4ZmIzMWM0ZWJkZmI5YmYxMjk3NDViOTFiZDJlMmVl
OGVmMzEwHhcNMjQwMTAyMDgyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzI0Njc0NmU4MDRiM2UwNTRiYjQyZGZlYWYyNWY5MjgzNTYwZjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAofQsotX4BEvP27BXS22B2E73KeuT
PxKmyIJ0UhBLLB36BTBg3Gd1lKJNiEb/75q+YJdLxMfD2Adfo9Bb8HaTrvYX8TlR
/FqcVtvHStHfghSQqNKBLBjJQ0h1WPA4ZD+5ApZC19glhESkv62qJLb5/Q1wqOWv
Z46QeODNbWFk/G9pLaaggB3c47sKmqcRSAA20qun8tAHUUgHe3cGRBLLEwpPFcJ0
M1wumOLHzbBTP8m31gizU379qw0Jzvpw+LtV26NbIDY7FuPM2eoYNjNKXf2MWduH
hX5g/VxjY6vYKdGNxOiYpy7Hqv0Jqq2Ucl5raG8FNvT0zrMG6jfOmiX+GwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAMkZ0boBLPgVLtC3+ryX5KDVg+KMB8GA1UdIwQY
MBaAFERyj7McTr37m/EpdFuRvS4u6O8xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkhLUHN4eE92ZnViOFNsMFc1RzlMaTdvN3pFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS8zYWM3NjEtOWFkOC00NTEzLThhMzIt
MWY1NWQ5OTk5ZWViLzEvQXlSblJ1Z0VzLUJVdTBMZjZ2SmZrb05XRDRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS8zYWM3NjEtOWFkOC00NTEzLThhMzItMWY1NWQ5OTk5ZWVi
LzEvUkhLUHN4eE92ZnViOFNsMFc1RzlMaTdvN3pFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8fyAwQA
W9RiMA0GCSqGSIb3DQEBCwUAA4IBAQCfWOi8FOcusC16QZ+ftR4hFghFIu4uwyv6
zb+xJfL0YJsbQG3Esz/9nUXGD5jA1m6/muntzBySsAJ5OG7igzDIhj9q0+1E2pGJ
p/dmhwrF+Pi84YFl/ZjsYUlp5gi2SWYXUSW9aUG7U31s9L37G2i/2JcYswDuN5y9
DDB8jrWmvd/pMgOVtARo+zLC8rcdhtSdYHx+Ja299CbfC1HnizdPVKI4kXo5kbwV
1muPGeCfXuX1SKgEyR6hkFf5KaMnn5LgjNnQuZxvTOIZN7Y53XgwosGtyadkFv7S
RRWBpyv5XyM0Zppv+nWPMepQtZ3+hCpT5tXJrMMn2BR0u6fCs33+
-----END CERTIFICATE-----