Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/3f27b3-7110-4d8c-a0d8-03109c15510d/1/1EZ2cqVLIoynCYa-wnKi0wLMays.roa
File:                     1EZ2cqVLIoynCYa-wnKi0wLMays.roa (raw, json)
Hash identifier:          7zSX4rrSmtQfFRAaQZOd98qa86Uxa8uae78uZ3+o+g0=
Subject key identifier:   D4:46:76:72:A5:4B:22:8C:A7:09:86:BE:C2:72:A2:D3:02:CC:6B:2B
Certificate issuer:       /CN=60599373b0b6f04319d08becb5ad5792a13bda92
Certificate serial:       018CC8DE2162857D4F9E02E10FD3CE385C74
Authority key identifier: 60:59:93:73:B0:B6:F0:43:19:D0:8B:EC:B5:AD:57:92:A1:3B:DA:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFmTc7C28EMZ0Ivsta1XkqE72pI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/3f27b3-7110-4d8c-a0d8-03109c15510d/1/1EZ2cqVLIoynCYa-wnKi0wLMays.roa
Signing time:             Tue 02 Jan 2024 06:30:49 +0000
ROA not before:           Tue 02 Jan 2024 06:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44801
IP address blocks:        91.199.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/3f27b3-7110-4d8c-a0d8-03109c15510d/1/YFmTc7C28EMZ0Ivsta1XkqE72pI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/3f27b3-7110-4d8c-a0d8-03109c15510d/1/YFmTc7C28EMZ0Ivsta1XkqE72pI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFmTc7C28EMZ0Ivsta1XkqE72pI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:21:62:85:7d:4f:9e:02:e1:0f:d3:ce:38:5c:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60599373b0b6f04319d08becb5ad5792a13bda92
        Validity
            Not Before: Jan  2 06:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d4467672a54b228ca70986bec272a2d302cc6b2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:76:df:29:bf:f4:2c:27:76:a0:eb:59:66:88:
                    32:0a:94:18:74:54:83:4c:02:3f:65:31:ef:42:3a:
                    22:33:c6:88:71:4f:10:3b:f9:3d:02:4d:b5:28:da:
                    da:ee:f9:03:41:e1:dc:cc:a1:5c:59:09:76:0e:47:
                    43:78:ab:2b:55:f0:5a:88:a4:04:25:20:83:3e:85:
                    04:d6:76:80:4e:c5:06:f1:04:e2:f5:11:2a:aa:1b:
                    49:1b:82:d1:40:01:87:c5:de:64:14:65:f8:97:1b:
                    e2:2b:b4:c1:39:76:66:a1:a9:40:29:98:6a:5d:10:
                    bf:f7:5e:d2:f0:e5:6d:47:4a:9d:78:b7:72:fd:fd:
                    b2:cc:1b:06:0a:61:68:00:32:c2:20:da:3a:10:67:
                    21:e3:22:1f:7e:45:25:3c:8d:ec:0c:af:34:4e:78:
                    25:08:fb:37:b6:22:f9:f2:a1:ce:fd:a5:ef:35:80:
                    d3:8f:ef:d2:aa:81:e0:9d:b0:db:63:b6:15:41:dd:
                    f6:dd:8b:e0:18:d5:3b:d5:4f:23:07:17:07:76:40:
                    f1:ad:9a:0c:2b:4c:1e:e9:0c:14:b8:e4:33:47:20:
                    d7:1e:eb:0a:54:1e:99:22:ad:a0:a7:6c:0d:9d:7c:
                    b2:cc:66:7d:30:dc:b6:1f:1f:b4:17:38:98:30:eb:
                    ae:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:46:76:72:A5:4B:22:8C:A7:09:86:BE:C2:72:A2:D3:02:CC:6B:2B
            X509v3 Authority Key Identifier:
                keyid:60:59:93:73:B0:B6:F0:43:19:D0:8B:EC:B5:AD:57:92:A1:3B:DA:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFmTc7C28EMZ0Ivsta1XkqE72pI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/3f27b3-7110-4d8c-a0d8-03109c15510d/1/1EZ2cqVLIoynCYa-wnKi0wLMays.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/3f27b3-7110-4d8c-a0d8-03109c15510d/1/YFmTc7C28EMZ0Ivsta1XkqE72pI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:89:dc:99:38:c2:d8:e3:bf:b1:7a:54:80:f1:0c:36:dd:ee:
         9e:ba:6b:0f:71:25:e2:ba:34:39:36:37:91:8b:b6:96:53:0a:
         b4:35:ce:74:3a:fe:31:65:8e:c1:bc:d1:24:c6:62:3e:3d:c6:
         49:93:37:48:71:06:56:82:d4:99:63:e0:6f:04:75:ce:9c:a6:
         49:0a:47:f9:a4:15:24:91:83:1f:c0:9b:61:cb:f0:9d:72:52:
         91:65:99:4e:c6:97:23:81:0e:e2:49:e2:81:3f:0a:d1:04:b8:
         18:91:65:52:8d:19:87:1e:27:c7:00:d8:24:36:d9:a7:25:17:
         7c:f5:b4:17:19:a9:7d:cb:e6:39:53:2c:c7:e9:17:16:6e:af:
         bd:44:e5:e9:44:19:52:f5:43:ed:c0:c0:bb:82:7a:d9:10:e7:
         e1:a2:99:ef:84:e4:37:87:1d:9d:da:c1:bb:b7:dc:99:6e:1e:
         fb:0a:52:4b:fc:8c:91:92:71:63:9f:f2:ee:09:e1:19:4a:d9:
         7a:3d:7a:14:ef:d8:8f:ad:4c:d4:f3:ca:2e:df:ea:9a:87:d5:
         55:b4:c7:51:a6:29:d0:ed:28:c5:d7:b8:c6:0a:94:cd:9e:e8:
         a7:b6:6f:8c:44:e0:c0:a8:06:34:c2:74:13:17:ae:06:7c:b8:
         5b:db:d0:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3iFihX1PngLhD9POOFx0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTk5MzczYjBiNmYwNDMxOWQwOGJlY2I1YWQ1NzkyYTEz
YmRhOTIwHhcNMjQwMTAyMDYzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDQ2NzY3MmE1NGIyMjhjYTcwOTg2YmVjMjcyYTJkMzAyY2M2YjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw3bfKb/0LCd2oOtZZogyCpQYdFSD
TAI/ZTHvQjoiM8aIcU8QO/k9Ak21KNra7vkDQeHczKFcWQl2DkdDeKsrVfBaiKQE
JSCDPoUE1naATsUG8QTi9REqqhtJG4LRQAGHxd5kFGX4lxviK7TBOXZmoalAKZhq
XRC/917S8OVtR0qdeLdy/f2yzBsGCmFoADLCINo6EGch4yIffkUlPI3sDK80Tngl
CPs3tiL58qHO/aXvNYDTj+/SqoHgnbDbY7YVQd323YvgGNU71U8jBxcHdkDxrZoM
K0we6QwUuOQzRyDXHusKVB6ZIq2gp2wNnXyyzGZ9MNy2Hx+0FziYMOuuTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNRGdnKlSyKMpwmGvsJyotMCzGsrMB8GA1UdIwQY
MBaAFGBZk3OwtvBDGdCL7LWtV5KhO9qSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZtVGM3QzI4RU1aMEl2c3RhMVhrcUU3MnBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi8zZjI3YjMtNzExMC00ZDhjLWEwZDgt
MDMxMDljMTU1MTBkLzEvMUVaMmNxVkxJb3luQ1lhLXduS2kwd0xNYXlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi8zZjI3YjMtNzExMC00ZDhjLWEwZDgtMDMxMDljMTU1MTBk
LzEvWUZtVGM3QzI4RU1aMEl2c3RhMVhrcUU3MnBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8f8MA0G
CSqGSIb3DQEBCwUAA4IBAQAMidyZOMLY47+xelSA8Qw23e6eumsPcSXiujQ5NjeR
i7aWUwq0Nc50Ov4xZY7BvNEkxmI+PcZJkzdIcQZWgtSZY+BvBHXOnKZJCkf5pBUk
kYMfwJthy/CdclKRZZlOxpcjgQ7iSeKBPwrRBLgYkWVSjRmHHifHANgkNtmnJRd8
9bQXGal9y+Y5UyzH6RcWbq+9ROXpRBlS9UPtwMC7gnrZEOfhopnvhOQ3hx2d2sG7
t9yZbh77ClJL/IyRknFjn/LuCeEZStl6PXoU79iPrUzU88ou3+qah9VVtMdRpinQ
7SjF17jGCpTNnuintm+MRODAqAY0wnQTF64GfLhb29A2
-----END CERTIFICATE-----