Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/cccc41-dd2c-41f0-82bf-e92dd8fa6abb/1/aNzZn6mddvuafnnnChXP6bsYgO0.roa
File:                     aNzZn6mddvuafnnnChXP6bsYgO0.roa (raw, json)
Hash identifier:          UscO/XoOGX3lrqPNSk+G8J0lYFTC9o1/+t+Y6HjJWO8=
Subject key identifier:   68:DC:D9:9F:A9:9D:76:FB:9A:7E:79:E7:0A:15:CF:E9:BB:18:80:ED
Certificate issuer:       /CN=aca2f7748fe363dc5939e9b854fc00403130eba5
Certificate serial:       018CC86FA07C2C3F8DCA6945B226F00E008D
Authority key identifier: AC:A2:F7:74:8F:E3:63:DC:59:39:E9:B8:54:FC:00:40:31:30:EB:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rKL3dI_jY9xZOem4VPwAQDEw66U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/cccc41-dd2c-41f0-82bf-e92dd8fa6abb/1/aNzZn6mddvuafnnnChXP6bsYgO0.roa
Signing time:             Tue 02 Jan 2024 04:30:07 +0000
ROA not before:           Tue 02 Jan 2024 04:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212204
IP address blocks:        91.239.120.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/cccc41-dd2c-41f0-82bf-e92dd8fa6abb/1/rKL3dI_jY9xZOem4VPwAQDEw66U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/cccc41-dd2c-41f0-82bf-e92dd8fa6abb/1/rKL3dI_jY9xZOem4VPwAQDEw66U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rKL3dI_jY9xZOem4VPwAQDEw66U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:a0:7c:2c:3f:8d:ca:69:45:b2:26:f0:0e:00:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aca2f7748fe363dc5939e9b854fc00403130eba5
        Validity
            Not Before: Jan  2 04:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68dcd99fa99d76fb9a7e79e70a15cfe9bb1880ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:24:83:e6:5e:e6:28:d4:ee:9c:bb:27:db:8f:
                    63:ab:2e:6f:9b:fa:cb:45:9f:51:33:36:d6:69:e7:
                    0e:64:70:dd:62:9b:e1:26:31:20:1a:aa:da:26:8f:
                    b1:87:a8:01:c1:25:70:25:a7:90:13:05:04:68:1d:
                    17:96:04:ec:38:61:88:41:0e:48:a8:ff:1d:f0:22:
                    c3:af:55:a5:d7:f0:99:e9:03:82:82:ff:40:17:8b:
                    e3:13:a8:29:3a:ce:ed:fe:3e:e7:a4:07:49:b6:ac:
                    cc:fa:f8:0c:54:58:59:72:ad:30:99:6d:46:c8:dc:
                    71:68:d6:e0:2b:85:73:ae:2c:4b:b4:33:49:c1:a3:
                    ce:0a:0e:47:f7:d2:58:48:f2:2b:f0:20:a9:39:2b:
                    94:06:5f:ac:bd:fb:44:7b:b8:a2:23:75:82:f1:ff:
                    48:7e:95:59:c7:f3:ca:42:ad:86:2c:04:15:f0:ea:
                    cb:25:66:ed:b9:21:01:98:12:a1:d3:86:6b:87:e7:
                    73:d1:fd:93:be:4f:19:7c:5f:73:54:a5:af:4a:c9:
                    9f:de:50:75:e5:46:96:42:77:dd:68:27:dd:72:ae:
                    eb:56:d2:66:d7:43:68:63:41:2a:f1:4a:f0:fd:5f:
                    b8:f5:69:a0:2f:54:c1:cd:3d:e1:9b:b7:2a:1f:0d:
                    74:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:DC:D9:9F:A9:9D:76:FB:9A:7E:79:E7:0A:15:CF:E9:BB:18:80:ED
            X509v3 Authority Key Identifier:
                keyid:AC:A2:F7:74:8F:E3:63:DC:59:39:E9:B8:54:FC:00:40:31:30:EB:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rKL3dI_jY9xZOem4VPwAQDEw66U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/cccc41-dd2c-41f0-82bf-e92dd8fa6abb/1/aNzZn6mddvuafnnnChXP6bsYgO0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/cccc41-dd2c-41f0-82bf-e92dd8fa6abb/1/rKL3dI_jY9xZOem4VPwAQDEw66U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:44:24:e8:bb:87:6e:78:5b:a8:3a:a2:ba:15:ef:1f:44:02:
         72:df:38:87:29:5f:d2:1b:e6:f5:2f:e6:9e:32:22:22:6c:79:
         8f:8e:09:b4:36:02:7a:05:92:2d:14:b1:82:97:bb:1a:c8:6a:
         25:6e:95:a6:73:dc:cc:b0:e3:47:57:03:37:38:00:06:31:97:
         b6:86:86:b5:07:10:7f:09:83:d1:1d:be:d4:3c:38:31:b3:8e:
         0e:6e:f4:8f:fd:e5:50:62:b5:22:72:b1:fd:db:32:57:11:4a:
         de:ed:f7:20:cf:fc:93:8b:1a:58:39:6f:6b:11:28:7f:bd:92:
         a2:86:55:4c:3c:7b:00:f5:d2:1d:22:18:51:2d:98:19:7f:b7:
         17:19:02:69:dd:58:7d:7a:61:ac:28:ba:46:fa:65:51:2b:35:
         11:f4:b3:72:fb:0f:2e:2e:88:8c:27:39:20:eb:e5:6b:89:66:
         8e:c2:9c:3c:c0:0c:12:b0:4c:83:1b:db:69:1a:11:c6:d1:c4:
         62:e9:b1:7f:e4:73:f9:91:57:43:ec:56:d3:eb:c8:4d:38:1d:
         5b:f5:45:2d:18:09:0d:6c:36:ca:05:4c:96:f4:17:0c:71:3c:
         19:f7:2a:a6:a0:54:70:ca:69:72:07:55:99:86:19:8f:fd:c0:
         5f:62:27:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb6B8LD+NymlFsibwDgCNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYTJmNzc0OGZlMzYzZGM1OTM5ZTliODU0ZmMwMDQwMzEz
MGViYTUwHhcNMjQwMTAyMDQzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGRjZDk5ZmE5OWQ3NmZiOWE3ZTc5ZTcwYTE1Y2ZlOWJiMTg4MGVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjiSD5l7mKNTunLsn249jqy5vm/rL
RZ9RMzbWaecOZHDdYpvhJjEgGqraJo+xh6gBwSVwJaeQEwUEaB0XlgTsOGGIQQ5I
qP8d8CLDr1Wl1/CZ6QOCgv9AF4vjE6gpOs7t/j7npAdJtqzM+vgMVFhZcq0wmW1G
yNxxaNbgK4VzrixLtDNJwaPOCg5H99JYSPIr8CCpOSuUBl+svftEe7iiI3WC8f9I
fpVZx/PKQq2GLAQV8OrLJWbtuSEBmBKh04Zrh+dz0f2Tvk8ZfF9zVKWvSsmf3lB1
5UaWQnfdaCfdcq7rVtJm10NoY0Eq8Urw/V+49WmgL1TBzT3hm7cqHw10TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGjc2Z+pnXb7mn555woVz+m7GIDtMB8GA1UdIwQY
MBaAFKyi93SP42PcWTnpuFT8AEAxMOulMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcktMM2RJX2pZOXhaT2VtNFZQd0FRREV3NjZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi9jY2NjNDEtZGQyYy00MWYwLTgyYmYt
ZTkyZGQ4ZmE2YWJiLzEvYU56Wm42bWRkdnVhZm5ubkNoWFA2YnNZZ08wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi9jY2NjNDEtZGQyYy00MWYwLTgyYmYtZTkyZGQ4ZmE2YWJi
LzEvcktMM2RJX2pZOXhaT2VtNFZQd0FRREV3NjZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+94MA0G
CSqGSIb3DQEBCwUAA4IBAQAfRCTou4dueFuoOqK6Fe8fRAJy3ziHKV/SG+b1L+ae
MiIibHmPjgm0NgJ6BZItFLGCl7sayGolbpWmc9zMsONHVwM3OAAGMZe2hoa1BxB/
CYPRHb7UPDgxs44ObvSP/eVQYrUicrH92zJXEUre7fcgz/yTixpYOW9rESh/vZKi
hlVMPHsA9dIdIhhRLZgZf7cXGQJp3Vh9emGsKLpG+mVRKzUR9LNy+w8uLoiMJzkg
6+VriWaOwpw8wAwSsEyDG9tpGhHG0cRi6bF/5HP5kVdD7FbT68hNOB1b9UUtGAkN
bDbKBUyW9BcMcTwZ9yqmoFRwymlyB1WZhhmP/cBfYidv
-----END CERTIFICATE-----