Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/1974ee-408f-4120-8f19-fa2f0d54b1d1/1/CceoYmZ2TjmUhjGp2sgz9ci5GtY.roa
File:                     CceoYmZ2TjmUhjGp2sgz9ci5GtY.roa (raw, json)
Hash identifier:          G8UJpM8MISj14gJraiUHgjK/RaJaVsCagCFUZZGfnUc=
Subject key identifier:   09:C7:A8:62:66:76:4E:39:94:86:31:A9:DA:C8:33:F5:C8:B9:1A:D6
Certificate issuer:       /CN=950f284cf5c39f26ddd2352e7f2adf7a8dc60f8e
Certificate serial:       018CC86F5EE64C3845BA26E5E7C0199EAA1A
Authority key identifier: 95:0F:28:4C:F5:C3:9F:26:DD:D2:35:2E:7F:2A:DF:7A:8D:C6:0F:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lQ8oTPXDnybd0jUufyrfeo3GD44.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/1974ee-408f-4120-8f19-fa2f0d54b1d1/1/CceoYmZ2TjmUhjGp2sgz9ci5GtY.roa
Signing time:             Tue 02 Jan 2024 04:29:51 +0000
ROA not before:           Tue 02 Jan 2024 04:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60215
IP address blocks:        91.212.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/1974ee-408f-4120-8f19-fa2f0d54b1d1/1/lQ8oTPXDnybd0jUufyrfeo3GD44.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/1974ee-408f-4120-8f19-fa2f0d54b1d1/1/lQ8oTPXDnybd0jUufyrfeo3GD44.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lQ8oTPXDnybd0jUufyrfeo3GD44.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:5e:e6:4c:38:45:ba:26:e5:e7:c0:19:9e:aa:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=950f284cf5c39f26ddd2352e7f2adf7a8dc60f8e
        Validity
            Not Before: Jan  2 04:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=09c7a86266764e39948631a9dac833f5c8b91ad6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:a4:9e:98:87:18:ce:0c:e6:b9:8f:5d:00:74:
                    1f:a2:50:14:4c:58:58:13:15:94:90:68:10:db:32:
                    50:20:12:f1:d8:aa:77:29:38:6b:9d:1b:9a:f1:5f:
                    db:87:ad:7c:a3:00:91:6a:f8:5f:d4:00:c6:1b:e9:
                    d9:2d:16:c2:6b:c1:f9:47:18:5d:be:61:9e:74:4c:
                    83:9d:59:9c:ea:76:c9:0e:b8:40:f9:bc:75:e9:84:
                    3e:db:d7:bf:cb:65:c2:ff:f1:57:9e:62:03:c0:39:
                    4b:08:bf:a8:c1:6d:6c:a1:96:0b:30:a9:91:22:16:
                    3a:50:ee:1b:70:7e:b4:82:50:d7:47:ac:7d:36:4c:
                    55:8c:94:03:c2:79:f5:50:91:b2:e4:87:a5:59:d7:
                    79:19:50:e3:2f:6f:64:53:cc:40:4f:d0:c6:a8:0a:
                    01:a2:ba:ab:cf:37:ca:7b:b1:7b:73:15:35:29:1f:
                    92:b1:b5:68:02:b5:d2:e4:c3:dd:a2:b4:36:79:ef:
                    ad:e7:1b:fb:85:37:d4:ae:bc:f8:47:c4:8c:75:0c:
                    f4:93:e9:8e:f1:4a:69:97:3d:89:97:54:51:1a:e4:
                    b1:22:79:34:5c:4e:38:58:d8:55:07:2a:90:52:5f:
                    83:c6:bc:33:00:c0:9c:b6:5c:ae:f0:a0:f1:45:e0:
                    c3:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:C7:A8:62:66:76:4E:39:94:86:31:A9:DA:C8:33:F5:C8:B9:1A:D6
            X509v3 Authority Key Identifier:
                keyid:95:0F:28:4C:F5:C3:9F:26:DD:D2:35:2E:7F:2A:DF:7A:8D:C6:0F:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lQ8oTPXDnybd0jUufyrfeo3GD44.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/1974ee-408f-4120-8f19-fa2f0d54b1d1/1/CceoYmZ2TjmUhjGp2sgz9ci5GtY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/1974ee-408f-4120-8f19-fa2f0d54b1d1/1/lQ8oTPXDnybd0jUufyrfeo3GD44.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:73:82:58:c3:fe:bb:25:c4:38:1c:00:66:d4:45:43:24:9b:
         11:40:7d:fc:7c:1f:ff:7b:27:0b:5c:0c:5b:73:83:a2:26:e1:
         c0:5c:97:5e:ac:df:64:96:4f:8e:09:32:d6:87:78:05:a4:75:
         76:75:b4:a3:77:19:39:98:5e:56:76:f8:ec:7a:90:40:39:7d:
         fb:ee:65:27:f0:6b:23:57:43:e4:83:ed:06:86:44:89:42:ce:
         44:88:d5:c4:60:35:90:91:03:26:c6:07:66:ac:33:9c:a0:89:
         08:84:e0:dc:35:c3:7b:cc:56:a8:71:88:43:de:2d:15:cf:d3:
         e4:03:8d:c8:bc:3a:2f:f2:b7:30:b3:b6:20:33:82:b8:85:d7:
         be:a2:16:91:86:65:51:5d:ca:fb:48:47:f0:72:56:5c:f6:6e:
         da:81:82:1d:86:9a:ed:9b:fa:e8:b0:42:99:33:29:0c:e2:1b:
         92:22:a4:aa:4b:71:fd:a7:58:5e:81:6b:a4:24:74:d4:ff:09:
         54:c4:85:3a:fe:f7:8c:19:8c:d8:77:0c:28:ec:45:aa:2e:50:
         e7:ac:2d:b2:da:37:8f:10:88:02:b7:c8:0d:b5:13:46:d9:b6:
         1c:98:0f:cb:56:1f:cc:a4:e4:05:15:f3:3b:96:b2:1a:17:05:
         f5:57:62:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb17mTDhFuibl58AZnqoaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MGYyODRjZjVjMzlmMjZkZGQyMzUyZTdmMmFkZjdhOGRj
NjBmOGUwHhcNMjQwMTAyMDQyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWM3YTg2MjY2NzY0ZTM5OTQ4NjMxYTlkYWM4MzNmNWM4YjkxYWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjaSemIcYzgzmuY9dAHQfolAUTFhY
ExWUkGgQ2zJQIBLx2Kp3KThrnRua8V/bh618owCRavhf1ADGG+nZLRbCa8H5Rxhd
vmGedEyDnVmc6nbJDrhA+bx16YQ+29e/y2XC//FXnmIDwDlLCL+owW1soZYLMKmR
IhY6UO4bcH60glDXR6x9NkxVjJQDwnn1UJGy5IelWdd5GVDjL29kU8xAT9DGqAoB
orqrzzfKe7F7cxU1KR+SsbVoArXS5MPdorQ2ee+t5xv7hTfUrrz4R8SMdQz0k+mO
8Upplz2Jl1RRGuSxInk0XE44WNhVByqQUl+DxrwzAMCctlyu8KDxReDDjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAnHqGJmdk45lIYxqdrIM/XIuRrWMB8GA1UdIwQY
MBaAFJUPKEz1w58m3dI1Ln8q33qNxg+OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFE4b1RQWERueWJkMGpVdWZ5cmZlbzNHRDQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8xOTc0ZWUtNDA4Zi00MTIwLThmMTkt
ZmEyZjBkNTRiMWQxLzEvQ2Nlb1ltWjJUam1VaGpHcDJzZ3o5Y2k1R3RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8xOTc0ZWUtNDA4Zi00MTIwLThmMTktZmEyZjBkNTRiMWQx
LzEvbFE4b1RQWERueWJkMGpVdWZ5cmZlbzNHRDQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9QYMA0G
CSqGSIb3DQEBCwUAA4IBAQBIc4JYw/67JcQ4HABm1EVDJJsRQH38fB//eycLXAxb
c4OiJuHAXJderN9klk+OCTLWh3gFpHV2dbSjdxk5mF5WdvjsepBAOX377mUn8Gsj
V0Pkg+0GhkSJQs5EiNXEYDWQkQMmxgdmrDOcoIkIhODcNcN7zFaocYhD3i0Vz9Pk
A43IvDov8rcws7YgM4K4hde+ohaRhmVRXcr7SEfwclZc9m7agYIdhprtm/rosEKZ
MykM4huSIqSqS3H9p1hegWukJHTU/wlUxIU6/veMGYzYdwwo7EWqLlDnrC2y2jeP
EIgCt8gNtRNG2bYcmA/LVh/MpOQFFfM7lrIaFwX1V2KC
-----END CERTIFICATE-----