Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/12c712-0c6e-4fb5-90d9-c1f9158243ea/1/UUevc5SQc1qJkmzq9gZmXOGdvVg.roa
File:                     UUevc5SQc1qJkmzq9gZmXOGdvVg.roa (raw, json)
Hash identifier:          D5eFkCBfYk4rarDsTOB4SXOxF6OggddBeE5NLjC0G9g=
Subject key identifier:   51:47:AF:73:94:90:73:5A:89:92:6C:EA:F6:06:66:5C:E1:9D:BD:58
Certificate issuer:       /CN=9e456eb39c9cc06ce71c7754a03f3f3f009281dd
Certificate serial:       018CC5DC025E73612A884F41993C5C58B132
Authority key identifier: 9E:45:6E:B3:9C:9C:C0:6C:E7:1C:77:54:A0:3F:3F:3F:00:92:81:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nkVus5ycwGznHHdUoD8_PwCSgd0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/12c712-0c6e-4fb5-90d9-c1f9158243ea/1/UUevc5SQc1qJkmzq9gZmXOGdvVg.roa
Signing time:             Mon 01 Jan 2024 16:29:39 +0000
ROA not before:           Mon 01 Jan 2024 16:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44264
IP address blocks:        91.199.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/12c712-0c6e-4fb5-90d9-c1f9158243ea/1/nkVus5ycwGznHHdUoD8_PwCSgd0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/12c712-0c6e-4fb5-90d9-c1f9158243ea/1/nkVus5ycwGznHHdUoD8_PwCSgd0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nkVus5ycwGznHHdUoD8_PwCSgd0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:02:5e:73:61:2a:88:4f:41:99:3c:5c:58:b1:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e456eb39c9cc06ce71c7754a03f3f3f009281dd
        Validity
            Not Before: Jan  1 16:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5147af739490735a89926ceaf606665ce19dbd58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:0a:53:51:3c:64:a3:10:3b:a5:e2:df:6f:49:
                    cd:3b:cc:7a:fe:0e:8e:81:27:b2:32:a6:81:f3:a6:
                    63:16:a9:6d:dd:98:c7:e1:08:9d:d5:6c:4a:29:11:
                    21:02:2c:06:21:45:e7:b6:bd:f7:5b:c7:80:27:31:
                    c0:b8:94:d6:e7:1b:26:e4:c7:f8:ba:55:56:61:bf:
                    25:69:b0:ac:44:0a:8e:6f:53:a3:85:19:6f:ff:56:
                    67:b4:cd:6c:17:d9:24:7f:78:cf:1d:10:de:9c:10:
                    12:47:6f:f4:cb:3c:4c:a7:f3:17:ef:64:13:bf:63:
                    69:52:1b:17:5e:c1:68:c0:3b:70:1e:e0:db:20:4b:
                    25:ce:50:1b:19:2c:43:b1:bb:97:96:45:9e:18:ad:
                    a5:b8:1f:3a:a4:77:a5:1e:6b:3d:66:a3:18:bc:f8:
                    29:f1:7b:ad:01:48:66:35:21:87:c3:e3:5e:03:b7:
                    fb:66:c1:a4:34:20:6e:64:1d:fc:ee:f8:a5:0c:79:
                    67:f0:b9:27:e1:f6:e3:dc:69:eb:a4:fd:fb:3f:10:
                    55:58:3d:77:3b:c4:dc:f5:8c:ce:66:30:43:d3:31:
                    50:af:d8:ff:86:ac:02:2e:34:39:29:ce:67:2a:b0:
                    ad:d4:e8:8e:09:ff:18:03:6d:94:8f:ad:9b:3f:40:
                    79:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:47:AF:73:94:90:73:5A:89:92:6C:EA:F6:06:66:5C:E1:9D:BD:58
            X509v3 Authority Key Identifier:
                keyid:9E:45:6E:B3:9C:9C:C0:6C:E7:1C:77:54:A0:3F:3F:3F:00:92:81:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nkVus5ycwGznHHdUoD8_PwCSgd0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12c712-0c6e-4fb5-90d9-c1f9158243ea/1/UUevc5SQc1qJkmzq9gZmXOGdvVg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12c712-0c6e-4fb5-90d9-c1f9158243ea/1/nkVus5ycwGznHHdUoD8_PwCSgd0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:ff:de:cd:7f:39:02:d1:2e:03:5e:37:c9:71:fa:2b:97:a2:
         7d:ff:19:0b:ac:f9:ee:86:13:8f:31:f5:20:b1:c6:ec:4a:4b:
         0c:52:39:6a:56:5a:c5:88:cd:d6:4e:5f:17:7c:8d:22:ba:7b:
         c0:04:c9:e4:6d:3d:3b:79:84:ee:e8:60:f2:c3:7f:3a:41:c6:
         f0:6b:c1:76:5f:07:01:b2:69:2e:e1:78:34:68:b1:33:ac:31:
         41:f7:7e:35:a2:87:ba:11:fa:85:57:95:e1:35:86:13:44:f3:
         85:8f:21:09:5e:ad:65:85:d9:ff:87:79:c6:27:9d:f2:6a:c7:
         30:4d:0a:ea:8d:9a:25:7e:87:1c:28:f7:9a:1e:82:4d:d2:90:
         88:4d:71:26:3b:b0:6e:97:ab:4a:10:8e:3c:90:c0:8c:b8:88:
         7d:d1:c3:da:8e:64:7d:1f:8d:fa:28:92:37:62:58:6d:62:6b:
         4a:19:f6:f9:e9:73:9f:d0:f3:25:eb:92:2c:27:7e:6e:76:48:
         41:3d:e3:68:a8:ed:4c:65:3f:01:b7:fa:7a:d5:ed:e8:06:9c:
         dc:36:47:c3:1c:93:90:34:22:e9:90:65:33:79:a1:01:c9:38:
         be:c2:27:99:5f:8f:72:6a:6b:b5:81:11:3a:7e:07:d2:85:e8:
         3e:2c:d9:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3AJec2EqiE9BmTxcWLEyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNDU2ZWIzOWM5Y2MwNmNlNzFjNzc1NGEwM2YzZjNmMDA5
MjgxZGQwHhcNMjQwMTAxMTYyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTQ3YWY3Mzk0OTA3MzVhODk5MjZjZWFmNjA2NjY1Y2UxOWRiZDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlApTUTxkoxA7peLfb0nNO8x6/g6O
gSeyMqaB86ZjFqlt3ZjH4Qid1WxKKREhAiwGIUXntr33W8eAJzHAuJTW5xsm5Mf4
ulVWYb8labCsRAqOb1OjhRlv/1ZntM1sF9kkf3jPHRDenBASR2/0yzxMp/MX72QT
v2NpUhsXXsFowDtwHuDbIEslzlAbGSxDsbuXlkWeGK2luB86pHelHms9ZqMYvPgp
8XutAUhmNSGHw+NeA7f7ZsGkNCBuZB387vilDHln8Lkn4fbj3GnrpP37PxBVWD13
O8Tc9YzOZjBD0zFQr9j/hqwCLjQ5Kc5nKrCt1OiOCf8YA22Uj62bP0B59wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFFHr3OUkHNaiZJs6vYGZlzhnb1YMB8GA1UdIwQY
MBaAFJ5FbrOcnMBs5xx3VKA/Pz8AkoHdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmtWdXM1eWN3R3puSEhkVW9EOF9Qd0NTZ2QwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8xMmM3MTItMGM2ZS00ZmI1LTkwZDkt
YzFmOTE1ODI0M2VhLzEvVVVldmM1U1FjMXFKa216cTlnWm1YT0dkdlZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8xMmM3MTItMGM2ZS00ZmI1LTkwZDktYzFmOTE1ODI0M2Vh
LzEvbmtWdXM1eWN3R3puSEhkVW9EOF9Qd0NTZ2QwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8dIMA0G
CSqGSIb3DQEBCwUAA4IBAQCX/97NfzkC0S4DXjfJcforl6J9/xkLrPnuhhOPMfUg
scbsSksMUjlqVlrFiM3WTl8XfI0iunvABMnkbT07eYTu6GDyw386Qcbwa8F2XwcB
smku4Xg0aLEzrDFB9341ooe6EfqFV5XhNYYTRPOFjyEJXq1lhdn/h3nGJ53yascw
TQrqjZolfoccKPeaHoJN0pCITXEmO7Bul6tKEI48kMCMuIh90cPajmR9H436KJI3
YlhtYmtKGfb56XOf0PMl65IsJ35udkhBPeNoqO1MZT8Bt/p61e3oBpzcNkfDHJOQ
NCLpkGUzeaEByTi+wieZX49yamu1gRE6fgfSheg+LNnZ
-----END CERTIFICATE-----