Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/055c8b-04a4-412b-8bda-1f5d6f56cf72/1/ccRHiH9EVWGO3e6k1qk3dIKpNGw.roa
File:                     ccRHiH9EVWGO3e6k1qk3dIKpNGw.roa (raw, json)
Hash identifier:          LMal4uqE4sl0WthxJ9DMALt41uiCc1+eeqqGvHt9F1g=
Subject key identifier:   71:C4:47:88:7F:44:55:61:8E:DD:EE:A4:D6:A9:37:74:82:A9:34:6C
Certificate issuer:       /CN=4c60fd0941f3d2f7a29c3561e563186ef775a1e5
Certificate serial:       018D6AD7AE63085EE7A7E986AAF0AA8CA4A4
Authority key identifier: 4C:60:FD:09:41:F3:D2:F7:A2:9C:35:61:E5:63:18:6E:F7:75:A1:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TGD9CUHz0veinDVh5WMYbvd1oeU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/055c8b-04a4-412b-8bda-1f5d6f56cf72/1/ccRHiH9EVWGO3e6k1qk3dIKpNGw.roa
Signing time:             Fri 02 Feb 2024 17:22:16 +0000
ROA not before:           Fri 02 Feb 2024 17:22:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     32806
IP address blocks:        92.39.114.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/055c8b-04a4-412b-8bda-1f5d6f56cf72/1/TGD9CUHz0veinDVh5WMYbvd1oeU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/055c8b-04a4-412b-8bda-1f5d6f56cf72/1/TGD9CUHz0veinDVh5WMYbvd1oeU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TGD9CUHz0veinDVh5WMYbvd1oeU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 08:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:6a:d7:ae:63:08:5e:e7:a7:e9:86:aa:f0:aa:8c:a4:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c60fd0941f3d2f7a29c3561e563186ef775a1e5
        Validity
            Not Before: Feb  2 17:22:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71c447887f4455618eddeea4d6a9377482a9346c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:17:b6:89:42:76:06:c6:e0:1a:e5:68:dd:a3:
                    de:6e:45:4b:ad:67:b5:99:53:9a:4a:18:eb:b1:6b:
                    4e:e0:e8:6c:29:57:9c:81:29:95:ba:1e:29:b4:2e:
                    f5:54:8d:b2:5d:2a:9d:9b:a8:4d:81:9e:b0:00:4d:
                    63:22:aa:7d:96:a7:ee:44:fb:1a:24:58:9a:65:05:
                    45:e1:d4:cd:6e:b5:cb:6e:85:bf:72:97:d4:12:de:
                    96:76:ea:c3:0f:17:2d:9a:20:28:aa:db:28:1f:60:
                    9d:da:a0:d9:f8:de:19:fa:54:32:d6:f4:ab:b1:40:
                    de:3c:c6:ff:d6:d2:13:41:12:b6:0d:2f:97:2e:51:
                    5a:90:f7:a0:33:37:6d:18:3f:43:7c:fa:22:3e:c6:
                    c9:77:ac:e1:8e:2d:a2:60:e3:67:2f:c1:d4:78:26:
                    b2:8d:9a:5e:1d:11:c1:12:3b:02:b5:34:9a:94:97:
                    ce:e7:ed:68:d0:04:27:87:a5:e0:99:fa:aa:a2:46:
                    a9:4b:70:cd:b1:48:f3:7c:39:20:57:9f:93:e7:61:
                    9a:8e:f9:52:ad:4a:53:4e:0d:a7:57:22:01:9c:a2:
                    67:16:d3:63:e5:25:e6:04:cb:10:bd:f3:37:11:90:
                    8c:fe:b4:56:15:07:b2:86:fd:5a:64:8a:e6:00:3c:
                    fb:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:C4:47:88:7F:44:55:61:8E:DD:EE:A4:D6:A9:37:74:82:A9:34:6C
            X509v3 Authority Key Identifier:
                keyid:4C:60:FD:09:41:F3:D2:F7:A2:9C:35:61:E5:63:18:6E:F7:75:A1:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TGD9CUHz0veinDVh5WMYbvd1oeU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/055c8b-04a4-412b-8bda-1f5d6f56cf72/1/ccRHiH9EVWGO3e6k1qk3dIKpNGw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/055c8b-04a4-412b-8bda-1f5d6f56cf72/1/TGD9CUHz0veinDVh5WMYbvd1oeU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.39.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:89:39:17:51:c0:9d:8f:63:e7:91:4c:13:ec:f3:12:b6:24:
         6d:0d:9d:d8:3b:13:56:45:aa:79:57:ca:53:77:94:58:21:eb:
         5b:01:de:d5:f4:1e:ec:7c:5e:63:17:31:f5:72:5b:27:4b:fd:
         08:4b:61:dc:ea:ca:37:e3:96:da:03:8d:16:18:7e:26:d0:86:
         c8:35:88:34:22:b3:bb:f1:6a:8d:a4:b4:02:37:61:5a:6d:7c:
         3f:1e:86:cd:a2:bd:d5:bf:7d:1a:67:18:12:ef:19:2e:86:7c:
         83:86:a7:1d:d2:d9:fb:8d:1d:70:29:70:79:92:40:0d:4e:09:
         ee:7a:28:10:ff:34:fb:e0:9c:94:53:48:10:9b:ab:bc:8e:dd:
         9d:f0:d6:98:d4:02:2a:1e:8c:49:4e:c2:59:8d:4f:a0:c4:19:
         0c:c8:87:24:40:5e:01:20:ff:7c:97:47:6f:38:9c:ff:36:80:
         ab:da:c0:66:f9:f9:c4:0f:49:97:e0:b5:8a:92:aa:c3:6a:58:
         eb:a7:d9:cd:9e:80:18:16:9c:b7:63:42:bd:c6:e1:65:13:8a:
         81:2f:66:f3:56:7d:88:ee:57:12:4a:e4:43:6f:4a:22:cc:a9:
         35:25:50:f9:9b:23:c4:ca:04:eb:59:56:79:d3:2b:1a:c0:a0:
         40:9f:96:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1q165jCF7np+mGqvCqjKSkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjNjBmZDA5NDFmM2QyZjdhMjljMzU2MWU1NjMxODZlZjc3
NWExZTUwHhcNMjQwMjAyMTcyMjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWM0NDc4ODdmNDQ1NTYxOGVkZGVlYTRkNmE5Mzc3NDgyYTkzNDZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkBe2iUJ2BsbgGuVo3aPebkVLrWe1
mVOaShjrsWtO4OhsKVecgSmVuh4ptC71VI2yXSqdm6hNgZ6wAE1jIqp9lqfuRPsa
JFiaZQVF4dTNbrXLboW/cpfUEt6WdurDDxctmiAoqtsoH2Cd2qDZ+N4Z+lQy1vSr
sUDePMb/1tITQRK2DS+XLlFakPegMzdtGD9DfPoiPsbJd6zhji2iYONnL8HUeCay
jZpeHRHBEjsCtTSalJfO5+1o0AQnh6XgmfqqokapS3DNsUjzfDkgV5+T52GajvlS
rUpTTg2nVyIBnKJnFtNj5SXmBMsQvfM3EZCM/rRWFQeyhv1aZIrmADz78wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHHER4h/RFVhjt3upNapN3SCqTRsMB8GA1UdIwQY
MBaAFExg/QlB89L3opw1YeVjGG73daHlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEdEOUNVSHowdmVpbkRWaDVXTVlidmQxb2VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8wNTVjOGItMDRhNC00MTJiLThiZGEt
MWY1ZDZmNTZjZjcyLzEvY2NSSGlIOUVWV0dPM2U2azFxazNkSUtwTkd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8wNTVjOGItMDRhNC00MTJiLThiZGEtMWY1ZDZmNTZjZjcy
LzEvVEdEOUNVSHowdmVpbkRWaDVXTVlidmQxb2VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXCdyMA0G
CSqGSIb3DQEBCwUAA4IBAQBxiTkXUcCdj2PnkUwT7PMStiRtDZ3YOxNWRap5V8pT
d5RYIetbAd7V9B7sfF5jFzH1clsnS/0IS2Hc6so345baA40WGH4m0IbINYg0IrO7
8WqNpLQCN2FabXw/HobNor3Vv30aZxgS7xkuhnyDhqcd0tn7jR1wKXB5kkANTgnu
eigQ/zT74JyUU0gQm6u8jt2d8NaY1AIqHoxJTsJZjU+gxBkMyIckQF4BIP98l0dv
OJz/NoCr2sBm+fnED0mX4LWKkqrDaljrp9nNnoAYFpy3Y0K9xuFlE4qBL2bzVn2I
7lcSSuRDb0oizKk1JVD5myPEygTrWVZ50ysawKBAn5Yl
-----END CERTIFICATE-----