Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/2c3eee-2189-4469-816b-99b873e5e74a/1/71nmtu096rzqpDQPQr5Ogo1bzRo.roa
File:                     71nmtu096rzqpDQPQr5Ogo1bzRo.roa (raw, json)
Hash identifier:          kjk4AtwGA/HrWHkHgNdUIM3n42zabHg8qQGKt5gBC84=
Subject key identifier:   EF:59:E6:B6:ED:3D:EA:BC:EA:A4:34:0F:42:BE:4E:82:8D:5B:CD:1A
Certificate issuer:       /CN=f763b7c74a47cee6bd99bbc62aef836a5602b531
Certificate serial:       018DA7937858DB2B081E1C41E1F0D53EDCA7
Authority key identifier: F7:63:B7:C7:4A:47:CE:E6:BD:99:BB:C6:2A:EF:83:6A:56:02:B5:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/92O3x0pHzua9mbvGKu-DalYCtTE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/2c3eee-2189-4469-816b-99b873e5e74a/1/71nmtu096rzqpDQPQr5Ogo1bzRo.roa
Signing time:             Wed 14 Feb 2024 12:24:36 +0000
ROA not before:           Wed 14 Feb 2024 12:24:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     40989
IP address blocks:        91.213.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/2c3eee-2189-4469-816b-99b873e5e74a/1/92O3x0pHzua9mbvGKu-DalYCtTE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/2c3eee-2189-4469-816b-99b873e5e74a/1/92O3x0pHzua9mbvGKu-DalYCtTE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/92O3x0pHzua9mbvGKu-DalYCtTE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 03:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a7:93:78:58:db:2b:08:1e:1c:41:e1:f0:d5:3e:dc:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f763b7c74a47cee6bd99bbc62aef836a5602b531
        Validity
            Not Before: Feb 14 12:24:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ef59e6b6ed3deabceaa4340f42be4e828d5bcd1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:bc:a6:35:28:20:9d:cd:28:d5:31:bc:f6:a4:
                    e8:45:87:02:ca:c9:64:e4:c8:ef:4a:59:96:09:bd:
                    17:23:da:36:70:25:c0:d3:15:dd:a0:c5:a5:0d:c8:
                    21:f2:51:33:03:9e:87:20:9b:35:0f:d5:26:ef:94:
                    de:2f:69:a2:10:17:e2:50:e0:09:3d:17:9a:02:1b:
                    81:54:7b:ab:9c:37:b3:ee:be:5a:5e:74:f9:c5:85:
                    81:76:b6:fb:6b:19:15:6e:29:58:eb:ef:21:f7:74:
                    5a:0b:bb:3d:33:89:33:0e:f7:b3:cf:22:37:c5:19:
                    95:28:6c:3f:07:77:fe:70:ea:0a:19:0e:23:ca:6b:
                    7f:c1:9b:07:a3:4c:fd:82:7d:68:32:31:55:38:30:
                    91:bd:87:81:0c:90:30:96:d3:cc:ce:8e:82:39:0e:
                    bd:c7:ec:a5:f2:60:73:80:df:31:3d:bf:6c:96:ad:
                    d5:1f:28:11:96:a9:7f:c8:5b:d4:c2:47:c3:e3:4a:
                    ff:d8:f1:43:29:11:bd:f3:5a:8f:d1:89:f0:5b:bf:
                    5d:41:f4:62:cf:d4:18:ba:f5:4e:d8:9a:87:c0:1f:
                    9c:63:36:38:d3:40:71:b7:ca:8b:43:1d:41:91:9c:
                    e7:7f:45:19:e2:89:12:9b:6f:2c:c3:4d:7b:78:92:
                    56:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:59:E6:B6:ED:3D:EA:BC:EA:A4:34:0F:42:BE:4E:82:8D:5B:CD:1A
            X509v3 Authority Key Identifier:
                keyid:F7:63:B7:C7:4A:47:CE:E6:BD:99:BB:C6:2A:EF:83:6A:56:02:B5:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/92O3x0pHzua9mbvGKu-DalYCtTE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/2c3eee-2189-4469-816b-99b873e5e74a/1/71nmtu096rzqpDQPQr5Ogo1bzRo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/2c3eee-2189-4469-816b-99b873e5e74a/1/92O3x0pHzua9mbvGKu-DalYCtTE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:8e:b1:33:0c:2c:07:87:bf:a4:1c:62:b9:2e:89:54:8d:13:
         88:6e:25:1c:67:e5:fd:55:0d:1f:28:ba:ae:02:f1:3d:fd:b0:
         7f:41:ac:a6:f8:e1:93:0e:ca:31:98:15:75:ee:59:00:1e:05:
         cf:32:27:32:a4:7a:c1:55:3e:30:ad:26:8f:64:f9:8e:5b:7b:
         0a:67:80:ef:bb:92:13:64:f2:12:78:33:bd:43:6d:5b:cf:fe:
         43:53:70:eb:6f:a7:36:40:27:12:a5:4c:cf:41:61:fd:0f:11:
         f2:15:52:3e:48:d3:66:8f:f0:2c:61:3c:f5:b8:6a:bc:f3:ac:
         73:eb:ab:04:47:3c:ac:c5:09:d2:95:5d:a3:fc:f3:ac:23:bf:
         f6:78:67:f6:22:c7:cf:8b:dd:55:6c:cc:cc:e2:94:94:6a:78:
         34:5d:eb:1e:15:b6:c2:ac:f0:7b:19:51:f3:31:23:af:d7:d5:
         70:e3:74:ce:e7:b4:6e:80:7f:7d:88:92:5f:97:c1:26:5a:e1:
         ee:01:2c:f9:bc:df:8a:4e:27:f2:71:ca:1d:40:26:3b:a5:48:
         96:f5:26:49:f9:ca:42:7c:20:96:66:b6:9b:b7:e4:bb:97:6a:
         2e:81:1b:9c:d6:11:29:ee:05:27:6f:8f:29:1c:97:77:87:73:
         41:50:75:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2nk3hY2ysIHhxB4fDVPtynMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NjNiN2M3NGE0N2NlZTZiZDk5YmJjNjJhZWY4MzZhNTYw
MmI1MzEwHhcNMjQwMjE0MTIyNDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjU5ZTZiNmVkM2RlYWJjZWFhNDM0MGY0MmJlNGU4MjhkNWJjZDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn7ymNSggnc0o1TG89qToRYcCyslk
5MjvSlmWCb0XI9o2cCXA0xXdoMWlDcgh8lEzA56HIJs1D9Um75TeL2miEBfiUOAJ
PReaAhuBVHurnDez7r5aXnT5xYWBdrb7axkVbilY6+8h93RaC7s9M4kzDvezzyI3
xRmVKGw/B3f+cOoKGQ4jymt/wZsHo0z9gn1oMjFVODCRvYeBDJAwltPMzo6COQ69
x+yl8mBzgN8xPb9slq3VHygRlql/yFvUwkfD40r/2PFDKRG981qP0YnwW79dQfRi
z9QYuvVO2JqHwB+cYzY400Bxt8qLQx1BkZznf0UZ4okSm28sw017eJJWWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO9Z5rbtPeq86qQ0D0K+ToKNW80aMB8GA1UdIwQY
MBaAFPdjt8dKR87mvZm7xirvg2pWArUxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTJPM3gwcEh6dWE5bWJ2R0t1LURhbFlDdFRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8yYzNlZWUtMjE4OS00NDY5LTgxNmIt
OTliODczZTVlNzRhLzEvNzFubXR1MDk2cnpxcERRUFFyNU9nbzFielJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8yYzNlZWUtMjE4OS00NDY5LTgxNmItOTliODczZTVlNzRh
LzEvOTJPM3gwcEh6dWE5bWJ2R0t1LURhbFlDdFRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9WWMA0G
CSqGSIb3DQEBCwUAA4IBAQBsjrEzDCwHh7+kHGK5LolUjROIbiUcZ+X9VQ0fKLqu
AvE9/bB/Qaym+OGTDsoxmBV17lkAHgXPMicypHrBVT4wrSaPZPmOW3sKZ4Dvu5IT
ZPISeDO9Q21bz/5DU3Drb6c2QCcSpUzPQWH9DxHyFVI+SNNmj/AsYTz1uGq886xz
66sERzysxQnSlV2j/POsI7/2eGf2IsfPi91VbMzM4pSUang0XeseFbbCrPB7GVHz
MSOv19Vw43TO57RugH99iJJfl8EmWuHuASz5vN+KTifyccodQCY7pUiW9SZJ+cpC
fCCWZrabt+S7l2ougRuc1hEp7gUnb48pHJd3h3NBUHUY
-----END CERTIFICATE-----