Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/CcVPPAQSFmDu4n4YsfBWgf0BCeM.roa
File:                     CcVPPAQSFmDu4n4YsfBWgf0BCeM.roa (raw, json)
Hash identifier:          obvlYbfkvGmw5DYBWnUJeRyVE0efI/RvGFvVf1zMMWQ=
Subject key identifier:   09:C5:4F:3C:04:12:16:60:EE:E2:7E:18:B1:F0:56:81:FD:01:09:E3
Certificate issuer:       /CN=a2088e06d553cff293d277f4d76c3a710bd8b2f7
Certificate serial:       019422FB679C97101F9C442592FCF0A4BD47
Authority key identifier: A2:08:8E:06:D5:53:CF:F2:93:D2:77:F4:D7:6C:3A:71:0B:D8:B2:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/CcVPPAQSFmDu4n4YsfBWgf0BCeM.roa
Signing time:             Wed 01 Jan 2025 17:48:08 +0000
ROA not before:           Wed 01 Jan 2025 17:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60707
IP address blocks:        94.176.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:67:9c:97:10:1f:9c:44:25:92:fc:f0:a4:bd:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2088e06d553cff293d277f4d76c3a710bd8b2f7
        Validity
            Not Before: Jan  1 17:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=09c54f3c04121660eee27e18b1f05681fd0109e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:a2:bd:4b:71:b6:d3:43:6d:73:d2:c5:af:3f:
                    fb:b2:f7:ee:c7:89:40:b0:3a:00:0b:bb:9f:d4:ac:
                    1e:7e:00:00:b6:77:5e:de:5b:8b:c1:5d:ad:f6:f4:
                    50:99:31:76:59:f6:86:ed:d7:0b:78:02:79:48:11:
                    95:c0:2a:25:a5:95:aa:69:8e:5f:3c:07:8b:69:b4:
                    2a:7b:6c:11:81:4c:50:0c:3e:39:42:a4:b9:44:5c:
                    63:46:ed:5c:a4:7f:d0:7b:92:b8:1a:1f:31:05:b2:
                    17:56:41:32:23:27:5a:25:71:04:73:21:d9:fc:f9:
                    a8:3d:c5:a3:c3:c0:87:84:19:ee:1b:95:98:83:48:
                    bd:e0:5f:63:3c:6e:c8:99:18:08:bf:1d:c1:5d:84:
                    15:22:78:bb:1f:f5:bb:c9:da:75:b9:d7:a2:39:1f:
                    8b:2b:e6:0e:63:89:be:48:3c:74:16:85:2f:75:cf:
                    bf:0c:ee:f1:73:42:ae:53:75:17:1c:d8:20:90:08:
                    be:9c:07:80:24:a6:a0:15:fb:f0:a4:3b:49:04:bc:
                    81:0d:7a:04:6d:08:a7:be:5c:a5:cb:32:a9:6e:b2:
                    a0:9c:39:31:89:56:ec:00:55:d6:9b:79:c6:37:68:
                    ea:1a:f8:9f:80:28:30:eb:09:65:00:fd:f4:26:bb:
                    96:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:C5:4F:3C:04:12:16:60:EE:E2:7E:18:B1:F0:56:81:FD:01:09:E3
            X509v3 Authority Key Identifier:
                keyid:A2:08:8E:06:D5:53:CF:F2:93:D2:77:F4:D7:6C:3A:71:0B:D8:B2:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/CcVPPAQSFmDu4n4YsfBWgf0BCeM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.176.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:63:04:4d:0b:32:bb:5d:33:77:e1:65:b5:ce:c7:f9:8e:51:
         70:57:d0:13:4a:f0:46:15:f4:e4:a9:94:9d:15:0e:3c:e6:83:
         c8:ca:ec:7d:7e:83:f9:c7:52:44:2d:25:43:ca:be:08:e3:ae:
         6d:89:cb:64:12:9b:db:6f:84:a4:fc:1a:e1:65:02:46:19:a5:
         f8:1f:15:37:09:c2:e0:ce:ed:d5:5b:46:ba:4c:d2:10:44:cd:
         47:fa:51:bd:76:20:a8:0f:88:38:99:9a:c8:d0:a1:19:cb:ea:
         ad:33:bf:66:84:73:aa:04:49:65:47:8f:d5:de:ce:d9:d4:64:
         f0:e9:bb:11:6d:28:53:80:ac:f3:82:5f:08:8d:f9:14:0d:29:
         ad:b2:86:5b:6f:a6:7c:2b:dd:a8:09:af:ed:f5:fc:7d:9e:20:
         c3:d0:94:b2:88:76:9d:9c:0f:69:10:dd:0d:46:3c:5b:0d:05:
         51:e3:83:03:37:f3:74:c3:6d:62:6c:b0:6d:74:76:b2:f3:e0:
         26:df:8b:e3:a6:13:65:07:ba:d2:c6:30:6e:c7:c2:c8:b7:95:
         29:30:bc:84:85:b6:10:fe:50:c9:cb:2b:d0:e3:b3:86:03:7c:
         c4:4b:44:cf:ed:41:c2:de:88:c2:44:ab:19:77:7a:cf:83:cf:
         e4:a6:f4:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+2eclxAfnEQlkvzwpL1HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyMDg4ZTA2ZDU1M2NmZjI5M2QyNzdmNGQ3NmMzYTcxMGJk
OGIyZjcwHhcNMjUwMTAxMTc0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWM1NGYzYzA0MTIxNjYwZWVlMjdlMThiMWYwNTY4MWZkMDEwOWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6qK9S3G200Ntc9LFrz/7svfux4lA
sDoAC7uf1KwefgAAtnde3luLwV2t9vRQmTF2WfaG7dcLeAJ5SBGVwColpZWqaY5f
PAeLabQqe2wRgUxQDD45QqS5RFxjRu1cpH/Qe5K4Gh8xBbIXVkEyIydaJXEEcyHZ
/PmoPcWjw8CHhBnuG5WYg0i94F9jPG7ImRgIvx3BXYQVIni7H/W7ydp1udeiOR+L
K+YOY4m+SDx0FoUvdc+/DO7xc0KuU3UXHNggkAi+nAeAJKagFfvwpDtJBLyBDXoE
bQinvlylyzKpbrKgnDkxiVbsAFXWm3nGN2jqGvifgCgw6wllAP30JruWcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAnFTzwEEhZg7uJ+GLHwVoH9AQnjMB8GA1UdIwQY
MBaAFKIIjgbVU8/yk9J39NdsOnEL2LL3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2dpT0J0VlR6X0tUMG5mMDEydzZjUXZZc3ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9iNDVkNzktYTRkNy00NDYwLWJmZTct
YmJlYTI5MThlMTAyLzEvQ2NWUFBBUVNGbUR1NG40WXNmQldnZjBCQ2VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9iNDVkNzktYTRkNy00NDYwLWJmZTctYmJlYTI5MThlMTAy
LzEvb2dpT0J0VlR6X0tUMG5mMDEydzZjUXZZc3ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXrBIMA0G
CSqGSIb3DQEBCwUAA4IBAQA9YwRNCzK7XTN34WW1zsf5jlFwV9ATSvBGFfTkqZSd
FQ485oPIyux9foP5x1JELSVDyr4I465tictkEpvbb4Sk/BrhZQJGGaX4HxU3CcLg
zu3VW0a6TNIQRM1H+lG9diCoD4g4mZrI0KEZy+qtM79mhHOqBEllR4/V3s7Z1GTw
6bsRbShTgKzzgl8IjfkUDSmtsoZbb6Z8K92oCa/t9fx9niDD0JSyiHadnA9pEN0N
RjxbDQVR44MDN/N0w21ibLBtdHay8+Am34vjphNlB7rSxjBux8LIt5UpMLyEhbYQ
/lDJyyvQ47OGA3zES0TP7UHC3ojCRKsZd3rPg8/kpvR1
-----END CERTIFICATE-----