Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/gHopFDwH9_KCufCcSXHdJ_Rdz9g.roa
File:                     gHopFDwH9_KCufCcSXHdJ_Rdz9g.roa (raw, json)
Hash identifier:          e86b+H0Nq+5wDx0btLrAf9x5FNpPCmr69ciaUDFK/zQ=
Subject key identifier:   80:7A:29:14:3C:07:F7:F2:82:B9:F0:9C:49:71:DD:27:F4:5D:CF:D8
Certificate issuer:       /CN=a2088e06d553cff293d277f4d76c3a710bd8b2f7
Certificate serial:       0191FB3C73DF5583E108945C7CFB675C2B86
Authority key identifier: A2:08:8E:06:D5:53:CF:F2:93:D2:77:F4:D7:6C:3A:71:0B:D8:B2:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/gHopFDwH9_KCufCcSXHdJ_Rdz9g.roa
Signing time:             Mon 16 Sep 2024 14:28:48 +0000
ROA not before:           Mon 16 Sep 2024 14:28:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60707
IP address blocks:        94.176.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:fb:3c:73:df:55:83:e1:08:94:5c:7c:fb:67:5c:2b:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2088e06d553cff293d277f4d76c3a710bd8b2f7
        Validity
            Not Before: Sep 16 14:28:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=807a29143c07f7f282b9f09c4971dd27f45dcfd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:13:6d:79:d5:e5:cd:ff:c0:3f:6b:84:41:de:
                    82:ba:11:d5:30:cb:10:fe:8d:db:b4:6f:5a:34:24:
                    bd:16:d0:5e:15:10:2a:ff:51:93:33:d8:50:63:fa:
                    75:c2:b1:09:ce:ac:57:e4:3d:e5:85:11:fc:a4:29:
                    24:81:63:8f:15:ba:81:e3:b3:17:7e:1c:af:a3:c4:
                    68:cf:60:fb:fa:66:b2:e9:f5:28:e6:04:0d:26:4d:
                    71:b2:88:6c:e4:08:22:d2:b9:50:aa:ed:cc:1e:50:
                    23:cc:ef:8d:84:73:ed:b9:8c:d5:b1:20:46:2a:59:
                    e8:50:5a:50:1f:3d:0c:aa:67:36:b3:07:39:36:22:
                    de:50:22:31:df:5c:85:14:62:d6:a9:9a:6c:9e:5f:
                    d0:d6:e8:b2:78:12:52:1f:e9:24:30:74:3c:a4:8b:
                    e9:25:81:67:a3:91:56:a3:bf:bd:31:57:5c:44:56:
                    31:bf:94:1f:55:6d:b4:37:6e:a5:d7:28:af:e9:7e:
                    2d:51:1a:50:95:15:25:b1:06:19:42:3f:7f:71:df:
                    99:eb:6b:d0:75:12:d6:ed:3e:71:8b:83:5a:9e:76:
                    d7:7b:9d:80:c6:af:87:4f:4f:e1:8d:a2:78:6c:d7:
                    7c:d8:43:80:11:4b:60:f9:20:f8:39:f4:ef:a5:a5:
                    69:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:7A:29:14:3C:07:F7:F2:82:B9:F0:9C:49:71:DD:27:F4:5D:CF:D8
            X509v3 Authority Key Identifier:
                keyid:A2:08:8E:06:D5:53:CF:F2:93:D2:77:F4:D7:6C:3A:71:0B:D8:B2:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/gHopFDwH9_KCufCcSXHdJ_Rdz9g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.176.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:46:b1:c5:77:49:a8:2e:72:d1:c0:9b:c1:a1:8c:3c:1b:53:
         4a:68:21:ef:20:1c:8e:e9:df:9a:6e:88:e4:2d:34:46:b1:bf:
         90:11:48:35:43:ba:80:c3:ca:15:37:4c:c3:b7:bf:1d:c7:f3:
         9a:4a:94:b6:7d:29:be:a4:85:91:ce:fe:0c:7f:30:ba:9a:b9:
         b6:17:a6:8a:78:cb:6a:0f:b4:43:e8:4a:9b:7f:e5:c1:68:af:
         4d:5a:38:43:cb:b4:98:8e:9e:46:08:68:6f:04:b6:6a:b9:0b:
         82:6d:2f:47:20:f9:e6:86:28:22:bd:67:56:60:66:a0:dc:40:
         2c:3f:f7:9d:df:2d:53:15:0e:4c:6e:5c:98:9b:6a:b4:46:fc:
         2f:e5:88:e4:c4:e2:ae:30:b0:40:aa:37:99:9b:40:41:f6:2a:
         f9:30:9b:47:4b:47:b3:b8:83:24:67:9a:a2:5a:25:07:5e:fa:
         d2:27:f1:88:ed:ea:5e:13:db:52:8a:17:b0:6d:d6:52:2d:ab:
         6b:1c:27:0e:f7:fc:81:df:5e:7f:08:15:bc:67:3e:07:16:e0:
         ee:37:4c:bb:f1:6c:2c:67:59:41:6a:7f:41:04:51:3f:7f:6b:
         2b:4a:24:fd:02:a9:01:cf:2e:25:7a:6e:86:95:e9:46:c4:ec:
         eb:ab:5a:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZH7PHPfVYPhCJRcfPtnXCuGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyMDg4ZTA2ZDU1M2NmZjI5M2QyNzdmNGQ3NmMzYTcxMGJk
OGIyZjcwHhcNMjQwOTE2MTQyODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDdhMjkxNDNjMDdmN2YyODJiOWYwOWM0OTcxZGQyN2Y0NWRjZmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuRNtedXlzf/AP2uEQd6CuhHVMMsQ
/o3btG9aNCS9FtBeFRAq/1GTM9hQY/p1wrEJzqxX5D3lhRH8pCkkgWOPFbqB47MX
fhyvo8Roz2D7+may6fUo5gQNJk1xsohs5Agi0rlQqu3MHlAjzO+NhHPtuYzVsSBG
KlnoUFpQHz0Mqmc2swc5NiLeUCIx31yFFGLWqZpsnl/Q1uiyeBJSH+kkMHQ8pIvp
JYFno5FWo7+9MVdcRFYxv5QfVW20N26l1yiv6X4tURpQlRUlsQYZQj9/cd+Z62vQ
dRLW7T5xi4NannbXe52Axq+HT0/hjaJ4bNd82EOAEUtg+SD4OfTvpaVp3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIB6KRQ8B/fygrnwnElx3Sf0Xc/YMB8GA1UdIwQY
MBaAFKIIjgbVU8/yk9J39NdsOnEL2LL3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2dpT0J0VlR6X0tUMG5mMDEydzZjUXZZc3ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9iNDVkNzktYTRkNy00NDYwLWJmZTct
YmJlYTI5MThlMTAyLzEvZ0hvcEZEd0g5X0tDdWZDY1NYSGRKX1JkejlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9iNDVkNzktYTRkNy00NDYwLWJmZTctYmJlYTI5MThlMTAy
LzEvb2dpT0J0VlR6X0tUMG5mMDEydzZjUXZZc3ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXrBIMA0G
CSqGSIb3DQEBCwUAA4IBAQB8RrHFd0moLnLRwJvBoYw8G1NKaCHvIByO6d+abojk
LTRGsb+QEUg1Q7qAw8oVN0zDt78dx/OaSpS2fSm+pIWRzv4MfzC6mrm2F6aKeMtq
D7RD6Eqbf+XBaK9NWjhDy7SYjp5GCGhvBLZquQuCbS9HIPnmhigivWdWYGag3EAs
P/ed3y1TFQ5MblyYm2q0Rvwv5YjkxOKuMLBAqjeZm0BB9ir5MJtHS0ezuIMkZ5qi
WiUHXvrSJ/GI7epeE9tSihewbdZSLatrHCcO9/yB315/CBW8Zz4HFuDuN0y78Wws
Z1lBan9BBFE/f2srSiT9AqkBzy4lem6GlelGxOzrq1ph
-----END CERTIFICATE-----