Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/76a463-0732-497a-948d-2931104c5f7a/1/cPWanhkOF5JFf7ndWQEsgDaOym4.roa
File:                     cPWanhkOF5JFf7ndWQEsgDaOym4.roa (raw, json)
Hash identifier:          hNMT1d2ZHlvJJQiGYjNYvL4LotmJH6VgqTxIxCqCmaw=
Subject key identifier:   70:F5:9A:9E:19:0E:17:92:45:7F:B9:DD:59:01:2C:80:36:8E:CA:6E
Certificate issuer:       /CN=d6a71b4e8694417ebbbcf6268b9c8f963170b1f1
Certificate serial:       019427B63DBE123EE7D963B5955B75A88174
Authority key identifier: D6:A7:1B:4E:86:94:41:7E:BB:BC:F6:26:8B:9C:8F:96:31:70:B1:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1qcbToaUQX67vPYmi5yPljFwsfE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/76a463-0732-497a-948d-2931104c5f7a/1/cPWanhkOF5JFf7ndWQEsgDaOym4.roa
Signing time:             Thu 02 Jan 2025 15:50:42 +0000
ROA not before:           Thu 02 Jan 2025 15:50:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34412
IP address blocks:        91.206.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/76a463-0732-497a-948d-2931104c5f7a/1/1qcbToaUQX67vPYmi5yPljFwsfE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/76a463-0732-497a-948d-2931104c5f7a/1/1qcbToaUQX67vPYmi5yPljFwsfE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1qcbToaUQX67vPYmi5yPljFwsfE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 12:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:3d:be:12:3e:e7:d9:63:b5:95:5b:75:a8:81:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6a71b4e8694417ebbbcf6268b9c8f963170b1f1
        Validity
            Not Before: Jan  2 15:50:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=70f59a9e190e1792457fb9dd59012c80368eca6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:a9:74:e0:2f:29:11:04:c6:58:c7:34:f0:79:
                    fa:02:ab:d8:59:c7:32:6d:75:da:55:4d:ba:65:eb:
                    d2:7a:62:10:78:c5:97:34:bd:ad:4a:8b:f2:eb:e1:
                    89:ff:2b:c0:83:8d:12:fb:b8:af:87:ad:63:f0:38:
                    a5:50:ff:a3:9f:d6:2a:93:a4:0e:26:86:58:ae:2a:
                    0c:ca:90:11:96:ee:63:f3:88:41:7d:6b:b8:f6:9b:
                    47:6b:cf:72:06:4d:87:70:fd:f4:f0:af:9b:5f:e1:
                    98:71:c3:91:87:4b:4f:1a:96:de:af:27:1c:4b:e5:
                    b9:c2:d2:49:0e:92:d2:81:2e:0e:98:28:94:ea:1b:
                    df:72:c5:86:cb:ae:42:22:3e:aa:ca:23:cd:cd:9c:
                    03:3a:c3:3f:5e:53:ae:71:b5:8f:89:1e:3b:89:ab:
                    91:6c:62:17:67:5f:38:83:24:fa:c0:7e:e8:6f:1c:
                    bd:63:0e:ed:29:e4:5e:36:57:ee:b7:a8:3d:d1:48:
                    be:f6:e0:f7:5a:f1:64:15:e6:e7:3d:6d:f3:2f:74:
                    f6:fb:95:a1:a7:55:9d:49:55:4d:7e:01:0e:2e:15:
                    01:12:5e:a5:50:7b:8a:cc:d6:30:f5:32:02:c3:86:
                    58:bb:5f:bb:8c:ef:c6:ca:6b:ba:b9:c9:26:f3:85:
                    6b:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:F5:9A:9E:19:0E:17:92:45:7F:B9:DD:59:01:2C:80:36:8E:CA:6E
            X509v3 Authority Key Identifier:
                keyid:D6:A7:1B:4E:86:94:41:7E:BB:BC:F6:26:8B:9C:8F:96:31:70:B1:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1qcbToaUQX67vPYmi5yPljFwsfE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/76a463-0732-497a-948d-2931104c5f7a/1/cPWanhkOF5JFf7ndWQEsgDaOym4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/76a463-0732-497a-948d-2931104c5f7a/1/1qcbToaUQX67vPYmi5yPljFwsfE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:8e:3f:b6:c2:fd:54:04:09:e2:d7:ab:81:79:8f:df:83:2a:
         64:8d:81:41:0f:ec:52:ac:79:c0:0e:e7:5a:82:58:47:fd:c8:
         47:8a:e9:79:1c:26:44:74:7d:ae:f2:57:47:20:b5:df:2e:c5:
         54:ab:3b:46:b0:e2:99:73:ad:fe:4c:30:5f:67:10:07:a9:84:
         f1:4c:50:7c:d2:e1:ba:31:56:d1:ca:f2:8d:b6:ad:1e:91:87:
         4e:fa:12:0a:76:00:3b:73:cf:99:18:e9:b0:6f:6a:9f:73:06:
         d9:4f:83:89:fa:04:9b:1b:81:ab:b5:89:3b:35:34:7b:ec:d6:
         ae:bd:60:bf:5d:fa:e6:72:2f:40:da:b6:7e:8a:92:95:37:8b:
         c2:7a:62:9e:ff:df:8b:b2:72:1a:57:40:4b:a8:e0:c7:89:da:
         dd:d5:20:51:62:fd:33:2c:5e:ec:59:1c:6b:02:af:73:a6:96:
         2a:5f:3e:e3:f9:fe:df:4b:a2:e9:f0:a7:36:95:b8:f5:12:52:
         ee:1a:9a:93:f9:b4:6c:e4:b4:08:25:7a:b2:9a:63:ff:0c:fb:
         55:18:8c:2c:60:d1:04:a6:85:51:44:53:e1:13:c2:cf:1c:a5:
         89:0e:f1:1b:2d:cb:9e:5b:15:bf:f4:20:c0:4d:29:e6:64:66:
         0d:38:72:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntj2+Ej7n2WO1lVt1qIF0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2YTcxYjRlODY5NDQxN2ViYmJjZjYyNjhiOWM4Zjk2MzE3
MGIxZjEwHhcNMjUwMTAyMTU1MDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGY1OWE5ZTE5MGUxNzkyNDU3ZmI5ZGQ1OTAxMmM4MDM2OGVjYTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArql04C8pEQTGWMc08Hn6AqvYWccy
bXXaVU26ZevSemIQeMWXNL2tSovy6+GJ/yvAg40S+7ivh61j8DilUP+jn9Yqk6QO
JoZYrioMypARlu5j84hBfWu49ptHa89yBk2HcP308K+bX+GYccORh0tPGpberycc
S+W5wtJJDpLSgS4OmCiU6hvfcsWGy65CIj6qyiPNzZwDOsM/XlOucbWPiR47iauR
bGIXZ184gyT6wH7obxy9Yw7tKeReNlfut6g90Ui+9uD3WvFkFebnPW3zL3T2+5Wh
p1WdSVVNfgEOLhUBEl6lUHuKzNYw9TICw4ZYu1+7jO/Gymu6uckm84VrTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHD1mp4ZDheSRX+53VkBLIA2jspuMB8GA1UdIwQY
MBaAFNanG06GlEF+u7z2Joucj5YxcLHxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXFjYlRvYVVRWDY3dlBZbWk1eVBsakZ3c2ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy83NmE0NjMtMDczMi00OTdhLTk0OGQt
MjkzMTEwNGM1ZjdhLzEvY1BXYW5oa09GNUpGZjduZFdRRXNnRGFPeW00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy83NmE0NjMtMDczMi00OTdhLTk0OGQtMjkzMTEwNGM1Zjdh
LzEvMXFjYlRvYVVRWDY3dlBZbWk1eVBsakZ3c2ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW86xMA0G
CSqGSIb3DQEBCwUAA4IBAQAnjj+2wv1UBAni16uBeY/fgypkjYFBD+xSrHnADuda
glhH/chHiul5HCZEdH2u8ldHILXfLsVUqztGsOKZc63+TDBfZxAHqYTxTFB80uG6
MVbRyvKNtq0ekYdO+hIKdgA7c8+ZGOmwb2qfcwbZT4OJ+gSbG4GrtYk7NTR77Nau
vWC/Xfrmci9A2rZ+ipKVN4vCemKe/9+LsnIaV0BLqODHidrd1SBRYv0zLF7sWRxr
Aq9zppYqXz7j+f7fS6Lp8Kc2lbj1ElLuGpqT+bRs5LQIJXqymmP/DPtVGIwsYNEE
poVRRFPhE8LPHKWJDvEbLcueWxW/9CDATSnmZGYNOHLJ
-----END CERTIFICATE-----