Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/9342f8-df9e-45bb-972f-37273df3901c/1/pK4grJx8WAIU5v-RDNiIxltTTw4.roa
File:                     pK4grJx8WAIU5v-RDNiIxltTTw4.roa (raw, json)
Hash identifier:          z4xSsxlieIH6btkKmOJGaR/lDDOrjdCcqWnw0/KNLx8=
Subject key identifier:   A4:AE:20:AC:9C:7C:58:02:14:E6:FF:91:0C:D8:88:C6:5B:53:4F:0E
Certificate issuer:       /CN=dcfae7d4e69d42e4f4c95d99f482b9a944dbefc8
Certificate serial:       01909CD133F15A6E1CE26B841AFE97C492DB
Authority key identifier: DC:FA:E7:D4:E6:9D:42:E4:F4:C9:5D:99:F4:82:B9:A9:44:DB:EF:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3Prn1OadQuT0yV2Z9IK5qUTb78g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/9342f8-df9e-45bb-972f-37273df3901c/1/pK4grJx8WAIU5v-RDNiIxltTTw4.roa
Signing time:             Wed 10 Jul 2024 13:24:34 +0000
ROA not before:           Wed 10 Jul 2024 13:24:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41354
IP address blocks:        91.236.67.0/24 maxlen: 24
                          2a10:a700:3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/9342f8-df9e-45bb-972f-37273df3901c/1/3Prn1OadQuT0yV2Z9IK5qUTb78g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/9342f8-df9e-45bb-972f-37273df3901c/1/3Prn1OadQuT0yV2Z9IK5qUTb78g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3Prn1OadQuT0yV2Z9IK5qUTb78g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:9c:d1:33:f1:5a:6e:1c:e2:6b:84:1a:fe:97:c4:92:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcfae7d4e69d42e4f4c95d99f482b9a944dbefc8
        Validity
            Not Before: Jul 10 13:24:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4ae20ac9c7c580214e6ff910cd888c65b534f0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:09:17:6c:59:8d:8a:b8:0b:45:56:b3:0a:7a:
                    d3:f3:43:26:2f:56:2f:5c:d9:60:23:a3:d1:b8:52:
                    a5:b4:7f:1f:c0:d8:5b:8d:28:af:59:f4:44:bf:19:
                    7a:ce:27:a0:7c:43:54:00:33:c2:f5:cd:71:45:83:
                    7b:94:7d:eb:80:d5:f9:ad:24:14:5c:be:cd:08:f9:
                    ec:3c:ee:a5:74:56:77:f5:7f:78:cb:44:d2:0d:f3:
                    d7:ab:e3:ce:a0:c9:8b:c6:6a:29:76:e2:d6:a8:b3:
                    23:ad:fb:8c:c0:c0:6c:f1:9f:94:89:71:ae:6b:89:
                    2a:98:1e:ab:69:25:3d:80:be:c0:e7:d3:f8:25:62:
                    06:89:9c:8f:7b:70:a9:70:88:7f:6f:38:42:e8:b4:
                    35:c7:22:c6:4e:3f:de:db:b9:69:47:66:4d:ea:73:
                    09:54:b8:1f:c6:e3:1e:3c:ee:72:fd:64:4d:47:f4:
                    ba:2d:a0:88:88:89:f7:28:3d:a2:ba:ba:df:b6:12:
                    e5:6c:b6:75:de:3f:a3:83:2e:ce:a4:f6:0e:0c:21:
                    d3:44:6b:18:d7:96:14:ad:93:43:6c:19:bd:7b:c9:
                    ee:09:77:39:a3:cf:5f:c7:cc:e9:96:74:fd:3f:2a:
                    df:37:3e:cf:c8:07:8c:b9:a2:ea:f1:95:05:cf:86:
                    4f:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:AE:20:AC:9C:7C:58:02:14:E6:FF:91:0C:D8:88:C6:5B:53:4F:0E
            X509v3 Authority Key Identifier:
                keyid:DC:FA:E7:D4:E6:9D:42:E4:F4:C9:5D:99:F4:82:B9:A9:44:DB:EF:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3Prn1OadQuT0yV2Z9IK5qUTb78g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/9342f8-df9e-45bb-972f-37273df3901c/1/pK4grJx8WAIU5v-RDNiIxltTTw4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/9342f8-df9e-45bb-972f-37273df3901c/1/3Prn1OadQuT0yV2Z9IK5qUTb78g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.67.0/24
                IPv6:
                  2a10:a700:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         26:7d:96:05:db:c1:2d:59:d1:51:b8:30:2a:f4:22:a2:96:33:
         7c:cc:78:06:cc:25:9a:db:b6:be:6f:ca:f1:c4:0c:4f:fd:b4:
         ea:1c:b3:d8:e2:3c:e8:87:20:74:6f:4b:b9:ae:c7:6f:21:27:
         78:57:cf:e2:ee:29:d5:9a:a5:cf:c1:80:02:0e:5f:fd:b8:97:
         95:4b:14:2a:21:a2:68:ef:85:ec:09:2a:40:68:30:e4:62:7f:
         f4:2b:de:97:fd:14:c5:12:68:d6:f4:60:a1:b5:22:96:c4:56:
         4a:2e:a1:7b:b9:98:2f:1c:f8:5f:26:65:70:dc:be:0a:6c:bf:
         8e:91:ba:ca:9f:94:bf:aa:ea:f2:54:37:d4:f4:cc:cd:19:ab:
         1e:36:f8:80:b2:32:56:be:2f:8a:bf:c6:e7:a8:ff:f5:37:76:
         5d:b0:f3:73:9a:c0:6e:45:80:a7:d1:8b:b4:ae:dd:83:7a:78:
         08:3b:ca:f8:62:87:8e:68:a2:33:28:e5:d2:3a:7a:c4:4b:21:
         b3:74:ac:48:60:4d:16:a3:3f:a1:91:9e:8b:22:ce:3f:61:63:
         14:a5:dd:7e:4c:26:d6:5a:91:2e:b1:aa:9f:1d:f1:b4:1d:e2:
         f8:f5:25:0a:30:3e:9c:70:37:ec:46:4f:98:f8:01:93:43:8d:
         f9:57:a2:8d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZCc0TPxWm4c4muEGv6XxJLbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZmFlN2Q0ZTY5ZDQyZTRmNGM5NWQ5OWY0ODJiOWE5NDRk
YmVmYzgwHhcNMjQwNzEwMTMyNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGFlMjBhYzljN2M1ODAyMTRlNmZmOTEwY2Q4ODhjNjViNTM0ZjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoQkXbFmNirgLRVazCnrT80MmL1Yv
XNlgI6PRuFKltH8fwNhbjSivWfREvxl6ziegfENUADPC9c1xRYN7lH3rgNX5rSQU
XL7NCPnsPO6ldFZ39X94y0TSDfPXq+POoMmLxmopduLWqLMjrfuMwMBs8Z+UiXGu
a4kqmB6raSU9gL7A59P4JWIGiZyPe3CpcIh/bzhC6LQ1xyLGTj/e27lpR2ZN6nMJ
VLgfxuMePO5y/WRNR/S6LaCIiIn3KD2iurrfthLlbLZ13j+jgy7OpPYODCHTRGsY
15YUrZNDbBm9e8nuCXc5o89fx8zplnT9PyrfNz7PyAeMuaLq8ZUFz4ZP4QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKSuIKycfFgCFOb/kQzYiMZbU08OMB8GA1UdIwQY
MBaAFNz659TmnULk9MldmfSCualE2+/IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1BybjFPYWRRdVQweVYyWjlJSzVxVVRiNzhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS85MzQyZjgtZGY5ZS00NWJiLTk3MmYt
MzcyNzNkZjM5MDFjLzEvcEs0Z3JKeDhXQUlVNXYtUkROaUl4bHRUVHc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS85MzQyZjgtZGY5ZS00NWJiLTk3MmYtMzcyNzNkZjM5MDFj
LzEvM1BybjFPYWRRdVQweVYyWjlJSzVxVVRiNzhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW+xDMA8E
AgACMAkDBwAqEKcAAAMwDQYJKoZIhvcNAQELBQADggEBACZ9lgXbwS1Z0VG4MCr0
IqKWM3zMeAbMJZrbtr5vyvHEDE/9tOocs9jiPOiHIHRvS7mux28hJ3hXz+LuKdWa
pc/BgAIOX/24l5VLFCohomjvhewJKkBoMORif/Qr3pf9FMUSaNb0YKG1IpbEVkou
oXu5mC8c+F8mZXDcvgpsv46RusqflL+q6vJUN9T0zM0Zqx42+ICyMla+L4q/xueo
//U3dl2w83OawG5FgKfRi7Su3YN6eAg7yvhih45oojMo5dI6esRLIbN0rEhgTRaj
P6GRnosizj9hYxSl3X5MJtZakS6xqp8d8bQd4vj1JQowPpxwN+xGT5j4AZNDjflX
oo0=
-----END CERTIFICATE-----