Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/309c36-7c1d-4a33-9cf5-ed36477b9480/1/72dbJ5fLH5CPw3Gcd64Qv2XnAm4.roa
File:                     72dbJ5fLH5CPw3Gcd64Qv2XnAm4.roa (raw, json)
Hash identifier:          X11wFua92jJAJdTV/b4lbAiuNa3nSGZAd59E96D6lKM=
Subject key identifier:   EF:67:5B:27:97:CB:1F:90:8F:C3:71:9C:77:AE:10:BF:65:E7:02:6E
Certificate issuer:       /CN=a9a28417c1e1b68f69be1d3ec812037097619ccd
Certificate serial:       018CC4246AACA892EB9548C6EAF9C285691D
Authority key identifier: A9:A2:84:17:C1:E1:B6:8F:69:BE:1D:3E:C8:12:03:70:97:61:9C:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qaKEF8Hhto9pvh0-yBIDcJdhnM0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/309c36-7c1d-4a33-9cf5-ed36477b9480/1/72dbJ5fLH5CPw3Gcd64Qv2XnAm4.roa
Signing time:             Mon 01 Jan 2024 08:29:30 +0000
ROA not before:           Mon 01 Jan 2024 08:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44157
IP address blocks:        91.201.80.0/24 maxlen: 24
                          91.201.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/309c36-7c1d-4a33-9cf5-ed36477b9480/1/qaKEF8Hhto9pvh0-yBIDcJdhnM0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/309c36-7c1d-4a33-9cf5-ed36477b9480/1/qaKEF8Hhto9pvh0-yBIDcJdhnM0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qaKEF8Hhto9pvh0-yBIDcJdhnM0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 16:03:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:6a:ac:a8:92:eb:95:48:c6:ea:f9:c2:85:69:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9a28417c1e1b68f69be1d3ec812037097619ccd
        Validity
            Not Before: Jan  1 08:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ef675b2797cb1f908fc3719c77ae10bf65e7026e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:f6:d2:2a:5e:8a:c4:19:70:3c:7e:50:81:16:
                    a0:9c:46:70:2d:90:8e:7a:93:2a:82:6e:5b:90:66:
                    e0:98:75:a5:f1:3f:6c:87:6e:54:30:29:8c:9e:96:
                    da:f4:5d:fa:e3:dd:8d:9f:55:66:6a:f7:7f:f4:7a:
                    2f:ba:7e:63:a6:f9:aa:f7:bb:8d:00:ac:09:a3:19:
                    0f:19:25:d6:8a:d0:1e:63:5b:60:e2:82:b6:9f:8e:
                    d7:74:bc:9e:ca:be:66:5e:63:67:c5:f4:00:df:86:
                    cf:32:20:66:0f:6a:d2:15:73:dc:21:47:20:9f:98:
                    e3:87:24:96:bf:32:1c:73:eb:40:1a:65:57:a8:08:
                    5b:78:bf:49:4e:8d:b0:e7:75:c3:16:0a:aa:59:be:
                    de:3e:fd:54:dc:81:73:b0:25:aa:35:f8:d3:2c:90:
                    97:ea:78:60:9d:ac:30:33:26:77:4f:2f:8b:aa:b8:
                    f6:eb:0b:47:79:fd:b6:0d:24:0e:8e:8d:8c:b2:6b:
                    61:4e:62:d8:92:02:bb:88:7b:db:5e:da:19:e5:8b:
                    a9:71:f5:bb:0d:8c:f6:53:89:ff:d5:0b:46:1b:8e:
                    3b:22:dd:02:4f:14:e5:d5:8f:d8:cf:e1:4e:34:3f:
                    6c:c8:79:b7:8e:5c:bf:a2:cc:b2:a4:8c:f9:20:24:
                    a9:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:67:5B:27:97:CB:1F:90:8F:C3:71:9C:77:AE:10:BF:65:E7:02:6E
            X509v3 Authority Key Identifier:
                keyid:A9:A2:84:17:C1:E1:B6:8F:69:BE:1D:3E:C8:12:03:70:97:61:9C:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qaKEF8Hhto9pvh0-yBIDcJdhnM0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/309c36-7c1d-4a33-9cf5-ed36477b9480/1/72dbJ5fLH5CPw3Gcd64Qv2XnAm4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/309c36-7c1d-4a33-9cf5-ed36477b9480/1/qaKEF8Hhto9pvh0-yBIDcJdhnM0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.201.80.0/23

    Signature Algorithm: sha256WithRSAEncryption
         bf:ff:85:83:c2:c5:45:7e:ac:6c:38:55:a9:ff:ba:93:a1:88:
         b8:02:74:5d:0f:27:f7:f8:2a:d8:5d:ba:f5:bd:33:e7:55:e6:
         79:c8:bf:b0:df:12:4e:14:87:28:7a:78:53:9e:d7:db:c2:3a:
         dd:5e:59:31:ce:b0:35:39:d9:1f:2b:d8:28:08:23:3b:ff:ed:
         ba:40:81:8d:c6:f8:ff:7b:66:1c:67:64:95:aa:6a:04:b9:d0:
         c0:5d:8e:fe:91:fe:fd:a6:81:82:d1:28:40:24:75:50:4c:e8:
         47:7a:e7:ce:15:1a:b4:34:4f:3f:95:c4:6a:b0:d1:bf:09:d5:
         02:f1:ec:bc:88:fb:4c:5d:0e:46:b8:b6:9a:59:5c:c3:60:8b:
         10:1e:df:27:68:c3:31:d1:44:06:5c:d8:d2:89:99:28:34:e8:
         00:1d:27:59:f4:11:c6:63:0a:c0:d0:31:2d:85:83:76:be:43:
         66:a4:fe:98:01:39:a0:91:17:59:1b:ba:a8:15:01:78:bd:bb:
         5e:c5:aa:e5:eb:5c:0d:20:cc:7f:19:75:7a:3d:9d:d5:95:43:
         b1:47:c0:1a:64:2a:20:c0:6d:b1:4d:31:f8:1e:14:c4:4c:45:
         22:27:9e:f9:44:ae:c4:1e:19:76:15:47:de:8e:d9:fa:23:15:
         e3:03:15:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJGqsqJLrlUjG6vnChWkdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5YTI4NDE3YzFlMWI2OGY2OWJlMWQzZWM4MTIwMzcwOTc2
MTljY2QwHhcNMjQwMTAxMDgyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjY3NWIyNzk3Y2IxZjkwOGZjMzcxOWM3N2FlMTBiZjY1ZTcwMjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqPbSKl6KxBlwPH5QgRagnEZwLZCO
epMqgm5bkGbgmHWl8T9sh25UMCmMnpba9F36492Nn1Vmavd/9Hovun5jpvmq97uN
AKwJoxkPGSXWitAeY1tg4oK2n47XdLyeyr5mXmNnxfQA34bPMiBmD2rSFXPcIUcg
n5jjhySWvzIcc+tAGmVXqAhbeL9JTo2w53XDFgqqWb7ePv1U3IFzsCWqNfjTLJCX
6nhgnawwMyZ3Ty+Lqrj26wtHef22DSQOjo2MsmthTmLYkgK7iHvbXtoZ5YupcfW7
DYz2U4n/1QtGG447It0CTxTl1Y/Yz+FOND9syHm3jly/osyypIz5ICSptwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO9nWyeXyx+Qj8NxnHeuEL9l5wJuMB8GA1UdIwQY
MBaAFKmihBfB4baPab4dPsgSA3CXYZzNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWFLRUY4SGh0bzlwdmgwLXlCSURjSmRobk0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS8zMDljMzYtN2MxZC00YTMzLTljZjUt
ZWQzNjQ3N2I5NDgwLzEvNzJkYko1ZkxINUNQdzNHY2Q2NFF2MlhuQW00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS8zMDljMzYtN2MxZC00YTMzLTljZjUtZWQzNjQ3N2I5NDgw
LzEvcWFLRUY4SGh0bzlwdmgwLXlCSURjSmRobk0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8lQMA0G
CSqGSIb3DQEBCwUAA4IBAQC//4WDwsVFfqxsOFWp/7qToYi4AnRdDyf3+CrYXbr1
vTPnVeZ5yL+w3xJOFIcoenhTntfbwjrdXlkxzrA1OdkfK9goCCM7/+26QIGNxvj/
e2YcZ2SVqmoEudDAXY7+kf79poGC0ShAJHVQTOhHeufOFRq0NE8/lcRqsNG/CdUC
8ey8iPtMXQ5GuLaaWVzDYIsQHt8naMMx0UQGXNjSiZkoNOgAHSdZ9BHGYwrA0DEt
hYN2vkNmpP6YATmgkRdZG7qoFQF4vbtexarl61wNIMx/GXV6PZ3VlUOxR8AaZCog
wG2xTTH4HhTETEUiJ575RK7EHhl2FUfejtn6IxXjAxV6
-----END CERTIFICATE-----