Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/73db77-0a6b-4f9b-a8e8-eaedb709efbf/1/crAuW_809aXsrKI5IpTFiw2UxO8.roa
File:                     crAuW_809aXsrKI5IpTFiw2UxO8.roa (raw, json)
Hash identifier:          Bfm6nLdOeMF+ymm9UyshIDTLad6eyjzcFE8Prd1uyvI=
Subject key identifier:   72:B0:2E:5B:FF:34:F5:A5:EC:AC:A2:39:22:94:C5:8B:0D:94:C4:EF
Certificate issuer:       /CN=f8e826de1070d9d79daa9e415fc432613cc57e57
Certificate serial:       018CC2DB58ED509E78542DF4B3F463405AAB
Authority key identifier: F8:E8:26:DE:10:70:D9:D7:9D:AA:9E:41:5F:C4:32:61:3C:C5:7E:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-Ogm3hBw2dedqp5BX8QyYTzFflc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/73db77-0a6b-4f9b-a8e8-eaedb709efbf/1/crAuW_809aXsrKI5IpTFiw2UxO8.roa
Signing time:             Mon 01 Jan 2024 02:30:04 +0000
ROA not before:           Mon 01 Jan 2024 02:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20769
IP address blocks:        91.208.87.0/24 maxlen: 32
                          2a04:a500::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/73db77-0a6b-4f9b-a8e8-eaedb709efbf/1/1-Ogm3hBw2dedqp5BX8QyYTzFflc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/73db77-0a6b-4f9b-a8e8-eaedb709efbf/1/1-Ogm3hBw2dedqp5BX8QyYTzFflc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-Ogm3hBw2dedqp5BX8QyYTzFflc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:58:ed:50:9e:78:54:2d:f4:b3:f4:63:40:5a:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e826de1070d9d79daa9e415fc432613cc57e57
        Validity
            Not Before: Jan  1 02:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72b02e5bff34f5a5ecaca2392294c58b0d94c4ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:a1:8c:b0:f2:05:69:c2:cb:82:58:3b:f4:b7:
                    e9:02:e8:7e:e2:46:70:51:ce:6f:93:a8:f8:af:39:
                    fb:bd:b5:da:6c:de:37:bc:78:56:b1:0a:82:c4:32:
                    c1:63:b0:99:0e:9a:5e:01:b6:d3:63:98:f1:88:fb:
                    a6:84:b2:a4:3c:8e:f9:40:98:c5:1a:b6:a7:d2:67:
                    e2:2d:22:ea:e4:af:79:0c:a7:cb:a9:52:1b:10:03:
                    64:1a:ef:0a:81:d4:94:55:2c:5c:af:fb:81:1d:ef:
                    47:56:99:cc:66:f8:18:3b:4e:d3:65:0c:f9:d8:dd:
                    e3:8f:6d:f3:30:63:1b:f9:5f:d9:0d:37:3f:8c:a5:
                    61:68:6a:fa:9e:f1:57:b6:72:68:53:aa:cb:51:d1:
                    25:fd:cf:43:f9:f5:6e:ef:27:1e:89:fd:95:37:46:
                    80:ed:ab:28:26:a3:2b:ed:f6:2b:a6:23:71:3a:48:
                    2f:87:cb:8d:ca:9c:07:eb:4b:68:bb:24:30:56:cd:
                    e0:c6:60:2f:5f:bc:f8:1b:6f:31:bd:a6:9a:65:8d:
                    14:66:38:82:eb:94:47:42:b7:a9:05:ce:ea:10:02:
                    c5:c7:34:92:91:70:d8:67:1c:7b:19:81:47:c4:97:
                    8f:4e:e3:a0:b0:c0:2a:c6:6c:3e:25:5a:a1:5e:60:
                    70:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:B0:2E:5B:FF:34:F5:A5:EC:AC:A2:39:22:94:C5:8B:0D:94:C4:EF
            X509v3 Authority Key Identifier:
                keyid:F8:E8:26:DE:10:70:D9:D7:9D:AA:9E:41:5F:C4:32:61:3C:C5:7E:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-Ogm3hBw2dedqp5BX8QyYTzFflc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/73db77-0a6b-4f9b-a8e8-eaedb709efbf/1/crAuW_809aXsrKI5IpTFiw2UxO8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/73db77-0a6b-4f9b-a8e8-eaedb709efbf/1/1-Ogm3hBw2dedqp5BX8QyYTzFflc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.87.0/24
                IPv6:
                  2a04:a500::/29

    Signature Algorithm: sha256WithRSAEncryption
         0e:01:5d:0e:72:b3:ce:f8:dd:1b:ed:f0:bd:57:9e:a3:ac:bd:
         be:ff:25:e8:62:9c:14:70:a7:da:b9:d6:71:fb:ce:e4:49:e6:
         ee:43:24:79:3a:14:af:aa:34:79:dd:92:34:36:66:de:b3:81:
         7c:dd:4e:13:4a:52:dd:d2:cf:fb:a8:65:74:20:4d:fd:bb:36:
         70:4f:69:6f:42:58:a1:a7:ac:7b:33:e9:23:32:54:2f:8e:59:
         aa:61:97:c4:68:2c:0b:68:80:69:95:8f:28:be:ce:e2:aa:1a:
         fd:42:ff:07:b4:c7:77:0c:04:75:e4:ea:df:b9:c2:b3:52:e4:
         a9:f8:a3:80:48:70:e9:13:1c:9c:3d:73:81:aa:32:6e:91:e1:
         bb:22:d3:16:f0:c8:3c:34:11:78:ea:d2:6d:47:bb:f5:84:90:
         4d:37:57:d6:ed:c4:49:96:37:75:99:df:ac:f6:28:f5:a4:98:
         b2:93:49:da:65:01:b8:b3:3f:4c:97:79:ee:22:42:1d:6d:c3:
         f4:01:1c:f1:a5:61:f8:ea:d3:ae:2d:a4:fa:8c:20:b6:6c:b2:
         76:0f:b0:35:dd:d4:c3:e6:c0:f6:7c:9e:72:33:38:82:af:c3:
         e8:19:48:7e:dd:25:19:f6:c9:f2:c8:15:2f:a2:44:02:d5:07:
         f5:f6:b4:cb
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzC21jtUJ54VC30s/RjQFqrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTgyNmRlMTA3MGQ5ZDc5ZGFhOWU0MTVmYzQzMjYxM2Nj
NTdlNTcwHhcNMjQwMTAxMDIzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmIwMmU1YmZmMzRmNWE1ZWNhY2EyMzkyMjk0YzU4YjBkOTRjNGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6GMsPIFacLLglg79LfpAuh+4kZw
Uc5vk6j4rzn7vbXabN43vHhWsQqCxDLBY7CZDppeAbbTY5jxiPumhLKkPI75QJjF
Gran0mfiLSLq5K95DKfLqVIbEANkGu8KgdSUVSxcr/uBHe9HVpnMZvgYO07TZQz5
2N3jj23zMGMb+V/ZDTc/jKVhaGr6nvFXtnJoU6rLUdEl/c9D+fVu7yceif2VN0aA
7asoJqMr7fYrpiNxOkgvh8uNypwH60touyQwVs3gxmAvX7z4G28xvaaaZY0UZjiC
65RHQrepBc7qEALFxzSSkXDYZxx7GYFHxJePTuOgsMAqxmw+JVqhXmBwpwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHKwLlv/NPWl7KyiOSKUxYsNlMTvMB8GA1UdIwQY
MBaAFPjoJt4QcNnXnaqeQV/EMmE8xX5XMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PZ20zaEJ3MmRlZHFwNUJYOFF5WVR6RmZsYy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWQvNzNkYjc3LTBhNmItNGY5Yi1hOGU4
LWVhZWRiNzA5ZWZiZi8xL2NyQXVXXzgwOWFYc3JLSTVJcFRGaXcyVXhPOC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOWQvNzNkYjc3LTBhNmItNGY5Yi1hOGU4LWVhZWRiNzA5ZWZi
Zi8xLzEtT2dtM2hCdzJkZWRxcDVCWDhReVlUekZmbGMuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBABb0Fcw
DQQCAAIwBwMFAyoEpQAwDQYJKoZIhvcNAQELBQADggEBAA4BXQ5ys8743Rvt8L1X
nqOsvb7/JehinBRwp9q51nH7zuRJ5u5DJHk6FK+qNHndkjQ2Zt6zgXzdThNKUt3S
z/uoZXQgTf27NnBPaW9CWKGnrHsz6SMyVC+OWaphl8RoLAtogGmVjyi+zuKqGv1C
/we0x3cMBHXk6t+5wrNS5Kn4o4BIcOkTHJw9c4GqMm6R4bsi0xbwyDw0EXjq0m1H
u/WEkE03V9btxEmWN3WZ36z2KPWkmLKTSdplAbizP0yXee4iQh1tw/QBHPGlYfjq
064tpPqMILZssnYPsDXd1MPmwPZ8nnIzOIKvw+gZSH7dJRn2yfLIFS+iRALVB/X2
tMs=
-----END CERTIFICATE-----