Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/96184d-5981-4702-9d32-6cc0daf341c4/1/dVb_tmnMf7XIlaVIyXJXCZF6L1s.roa
File:                     dVb_tmnMf7XIlaVIyXJXCZF6L1s.roa (raw, json)
Hash identifier:          junFz0Mlbw+cyOsN+xg29y4NKa1unV5FCethyirNkj0=
Subject key identifier:   75:56:FF:B6:69:CC:7F:B5:C8:95:A5:48:C9:72:57:09:91:7A:2F:5B
Certificate issuer:       /CN=0ffe0011ebe4f216c58d3ab42812b98402be0b2c
Certificate serial:       018CC64A8B8EBF38977F48AFEF75E6B70041
Authority key identifier: 0F:FE:00:11:EB:E4:F2:16:C5:8D:3A:B4:28:12:B9:84:02:BE:0B:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D_4AEevk8hbFjTq0KBK5hAK-Cyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/96184d-5981-4702-9d32-6cc0daf341c4/1/dVb_tmnMf7XIlaVIyXJXCZF6L1s.roa
Signing time:             Mon 01 Jan 2024 18:30:23 +0000
ROA not before:           Mon 01 Jan 2024 18:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24971
IP address blocks:        91.216.179.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/96184d-5981-4702-9d32-6cc0daf341c4/1/D_4AEevk8hbFjTq0KBK5hAK-Cyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/96184d-5981-4702-9d32-6cc0daf341c4/1/D_4AEevk8hbFjTq0KBK5hAK-Cyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D_4AEevk8hbFjTq0KBK5hAK-Cyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:8b:8e:bf:38:97:7f:48:af:ef:75:e6:b7:00:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ffe0011ebe4f216c58d3ab42812b98402be0b2c
        Validity
            Not Before: Jan  1 18:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7556ffb669cc7fb5c895a548c9725709917a2f5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:60:fb:00:4e:11:eb:22:0f:19:70:11:bb:6a:
                    f1:2c:ed:2c:64:34:4d:76:dd:1f:e5:25:ba:c5:10:
                    6e:3b:1d:58:c0:57:93:4f:30:bb:14:6a:fd:a2:b6:
                    5a:a2:3a:ed:1b:d3:8d:5d:85:25:f0:58:01:d6:d1:
                    7a:c1:36:13:f5:80:73:c1:e1:78:2a:70:99:5c:a0:
                    f2:c6:e0:9f:d5:4d:43:04:17:26:45:d7:f5:5a:79:
                    26:fe:94:a9:b3:d0:92:c9:8e:42:3f:29:0f:9f:6b:
                    8a:67:ab:11:8b:ed:a0:d9:b8:e6:85:2f:14:77:b6:
                    e1:97:df:f7:94:a9:14:97:f1:53:3b:01:e3:98:8c:
                    28:7e:38:49:fa:74:8a:54:d3:b1:af:36:75:83:e5:
                    fa:71:9f:2b:1d:fd:d1:ed:71:2c:13:9d:06:ee:ae:
                    0c:7b:13:5e:93:6c:30:61:26:10:99:f1:3e:fe:83:
                    89:da:6f:71:5a:c9:75:a8:be:aa:70:10:0e:87:5d:
                    ff:7f:a5:59:ed:ea:bb:09:ec:5e:7b:60:01:ac:f7:
                    90:99:d1:66:9c:26:61:c0:a5:f5:13:2b:db:26:57:
                    57:74:f8:0c:24:54:03:70:51:86:b4:cc:d6:de:0d:
                    03:c1:28:5e:26:ae:d2:97:e4:96:c3:19:bd:61:61:
                    3f:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:56:FF:B6:69:CC:7F:B5:C8:95:A5:48:C9:72:57:09:91:7A:2F:5B
            X509v3 Authority Key Identifier:
                keyid:0F:FE:00:11:EB:E4:F2:16:C5:8D:3A:B4:28:12:B9:84:02:BE:0B:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_4AEevk8hbFjTq0KBK5hAK-Cyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/96184d-5981-4702-9d32-6cc0daf341c4/1/dVb_tmnMf7XIlaVIyXJXCZF6L1s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/96184d-5981-4702-9d32-6cc0daf341c4/1/D_4AEevk8hbFjTq0KBK5hAK-Cyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:2b:56:a4:eb:a5:ae:5e:90:a2:ef:f2:8c:5c:ba:b2:c9:87:
         bf:3c:18:ba:73:97:f0:7a:05:de:a9:5a:ab:a9:84:58:57:82:
         f7:b0:ff:b1:5c:cf:23:2f:97:77:5d:c1:b2:b8:03:dd:3a:bc:
         4e:df:f9:2c:f9:c7:31:1a:3e:1d:4a:eb:33:02:7c:53:1c:44:
         05:c9:da:74:ba:d1:7e:7a:2e:0f:6e:e6:26:71:70:e2:9b:eb:
         98:6b:20:44:1b:86:fa:16:38:37:d4:75:e1:1a:f3:81:62:a0:
         df:8b:7f:89:04:5f:6e:f4:de:19:10:19:5c:0d:5f:b9:64:77:
         88:25:f9:3d:16:16:09:01:fd:72:af:29:d9:ef:d0:1f:f6:ac:
         28:f4:7b:6b:dd:a2:4d:d9:21:bf:74:2f:38:b6:1b:6a:f4:04:
         48:11:ca:cb:a0:c1:c6:a7:a4:8c:d5:d0:89:20:88:51:65:97:
         dd:ab:03:cb:86:aa:1f:9c:91:09:b1:3e:a8:e6:19:e9:af:60:
         75:d1:81:ea:34:6d:86:58:b2:40:f2:a9:d3:dd:4f:64:e3:66:
         98:d1:f6:fc:d1:c7:93:48:c9:63:d6:88:28:0b:75:5c:1e:87:
         10:2c:fb:f9:19:2c:6f:f5:85:ec:67:af:f8:9d:12:38:ba:2a:
         06:38:f1:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSouOvziXf0iv73XmtwBBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZmUwMDExZWJlNGYyMTZjNThkM2FiNDI4MTJiOTg0MDJi
ZTBiMmMwHhcNMjQwMTAxMTgzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTU2ZmZiNjY5Y2M3ZmI1Yzg5NWE1NDhjOTcyNTcwOTkxN2EyZjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2D7AE4R6yIPGXARu2rxLO0sZDRN
dt0f5SW6xRBuOx1YwFeTTzC7FGr9orZaojrtG9ONXYUl8FgB1tF6wTYT9YBzweF4
KnCZXKDyxuCf1U1DBBcmRdf1Wnkm/pSps9CSyY5CPykPn2uKZ6sRi+2g2bjmhS8U
d7bhl9/3lKkUl/FTOwHjmIwofjhJ+nSKVNOxrzZ1g+X6cZ8rHf3R7XEsE50G7q4M
exNek2wwYSYQmfE+/oOJ2m9xWsl1qL6qcBAOh13/f6VZ7eq7Cexee2ABrPeQmdFm
nCZhwKX1EyvbJldXdPgMJFQDcFGGtMzW3g0DwSheJq7Sl+SWwxm9YWE/kQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHVW/7ZpzH+1yJWlSMlyVwmRei9bMB8GA1UdIwQY
MBaAFA/+ABHr5PIWxY06tCgSuYQCvgssMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF80QUVldms4aGJGalRxMEtCSzVoQUstQ3l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS85NjE4NGQtNTk4MS00NzAyLTlkMzIt
NmNjMGRhZjM0MWM0LzEvZFZiX3Rtbk1mN1hJbGFWSXlYSlhDWkY2TDFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS85NjE4NGQtNTk4MS00NzAyLTlkMzItNmNjMGRhZjM0MWM0
LzEvRF80QUVldms4aGJGalRxMEtCSzVoQUstQ3l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9izMA0G
CSqGSIb3DQEBCwUAA4IBAQBDK1ak66WuXpCi7/KMXLqyyYe/PBi6c5fwegXeqVqr
qYRYV4L3sP+xXM8jL5d3XcGyuAPdOrxO3/ks+ccxGj4dSuszAnxTHEQFydp0utF+
ei4PbuYmcXDim+uYayBEG4b6Fjg31HXhGvOBYqDfi3+JBF9u9N4ZEBlcDV+5ZHeI
Jfk9FhYJAf1yrynZ79Af9qwo9Htr3aJN2SG/dC84thtq9ARIEcrLoMHGp6SM1dCJ
IIhRZZfdqwPLhqofnJEJsT6o5hnpr2B10YHqNG2GWLJA8qnT3U9k42aY0fb80ceT
SMlj1ogoC3VcHocQLPv5GSxv9YXsZ6/4nRI4uioGOPEW
-----END CERTIFICATE-----