Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/AoCkH-rDyGMhQMHBqwIXFjJT5Ug.roa
File:                     AoCkH-rDyGMhQMHBqwIXFjJT5Ug.roa (raw, json)
Hash identifier:          FtKLg5QLN4TdBHn4/feb2TSw2+hhzWbLuE/EvKvpkX8=
Subject key identifier:   02:80:A4:1F:EA:C3:C8:63:21:40:C1:C1:AB:02:17:16:32:53:E5:48
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       018CC56EEC3E3FFD7B83A7B2EC468A1D2C1C
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/AoCkH-rDyGMhQMHBqwIXFjJT5Ug.roa
Signing time:             Mon 01 Jan 2024 14:30:30 +0000
ROA not before:           Mon 01 Jan 2024 14:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57509
IP address blocks:        91.191.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:ec:3e:3f:fd:7b:83:a7:b2:ec:46:8a:1d:2c:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  1 14:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0280a41feac3c8632140c1c1ab0217163253e548
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:e2:76:45:ce:1a:66:80:cc:fe:21:b8:36:67:
                    a4:87:ed:6e:dd:b1:11:b3:5a:35:40:5b:df:19:93:
                    43:af:50:bc:5f:28:da:86:4f:19:e4:d9:d7:ee:f5:
                    ac:67:65:42:a1:ff:d9:92:78:f5:12:33:fd:dd:cf:
                    ea:8e:5f:87:7c:df:73:fa:d4:4f:ca:2b:cf:63:3f:
                    b5:ba:79:be:cf:4c:76:3d:ae:96:a4:27:6b:c0:a6:
                    4b:8e:3c:93:d7:db:b4:0c:1c:d4:1f:17:09:0c:b5:
                    b1:36:e1:0d:e8:42:83:2e:ef:fb:08:e2:51:20:1e:
                    30:b3:27:00:a5:3e:6d:ee:58:a9:ee:6a:41:d6:22:
                    1c:8d:5e:36:f5:15:f4:4d:a7:25:ac:fb:1b:56:a5:
                    7a:b6:d2:a3:6d:a8:08:e0:2d:10:8c:75:4d:d1:df:
                    9d:d7:d7:8a:58:8a:47:91:59:0f:70:64:5e:97:8a:
                    df:3e:13:89:7a:f3:17:28:b6:f1:9a:2a:d0:20:ce:
                    34:9f:5c:35:a1:f2:f9:f9:59:e5:a4:66:45:c9:76:
                    2c:6a:d1:eb:bc:3b:72:27:ed:a8:91:b8:d0:04:31:
                    e7:64:d8:de:41:2f:6d:9a:05:2b:d3:40:86:51:15:
                    a7:dd:16:6f:25:a4:25:aa:b9:a9:53:78:4b:e2:7c:
                    9b:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:80:A4:1F:EA:C3:C8:63:21:40:C1:C1:AB:02:17:16:32:53:E5:48
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/AoCkH-rDyGMhQMHBqwIXFjJT5Ug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.191.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:e6:ed:2d:6c:2b:eb:4b:95:3e:07:18:bd:2e:84:a8:7b:f7:
         1c:c1:3e:2e:95:eb:34:32:cd:06:1b:24:4e:cf:a0:64:b5:55:
         10:28:03:21:06:c8:2e:13:2c:67:c2:70:5d:e5:b8:4c:4f:9b:
         ac:8a:04:41:e4:a5:f2:d9:b4:0d:68:ef:79:50:d8:e3:ce:9f:
         59:71:e9:a2:76:f3:56:45:dd:f8:0e:a2:c4:b5:f2:05:e8:2e:
         5f:56:5c:61:87:0a:40:d7:aa:4a:1c:60:9b:08:03:12:5c:22:
         7b:cc:13:30:0e:db:0d:93:d3:fa:6a:10:93:c2:14:3a:13:cf:
         66:19:da:15:d6:db:75:8a:c8:16:47:78:af:44:35:5b:0f:0e:
         36:91:47:e3:bd:fe:61:30:3d:40:2a:a6:ef:c8:7f:95:19:72:
         02:fe:4b:f4:b8:0d:da:f7:f0:81:d8:a9:c8:15:7e:e8:a9:39:
         b0:8f:3c:51:a5:c3:c9:1f:d9:7c:c5:0e:81:fb:ac:d0:8a:10:
         7f:ae:d4:40:64:92:6c:b5:67:6a:ea:ff:36:c2:47:e3:04:2c:
         3b:d3:65:42:7a:66:f2:b2:b0:d7:6c:8c:b8:f9:4e:a4:16:c1:
         61:b1:53:fe:ad:98:5f:2d:8d:43:8b:ae:ca:a8:3a:ae:65:cc:
         ee:5d:f1:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbuw+P/17g6ey7EaKHSwcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjQwMTAxMTQzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjgwYTQxZmVhYzNjODYzMjE0MGMxYzFhYjAyMTcxNjMyNTNlNTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOJ2Rc4aZoDM/iG4Nmekh+1u3bER
s1o1QFvfGZNDr1C8Xyjahk8Z5NnX7vWsZ2VCof/Zknj1EjP93c/qjl+HfN9z+tRP
yivPYz+1unm+z0x2Pa6WpCdrwKZLjjyT19u0DBzUHxcJDLWxNuEN6EKDLu/7COJR
IB4wsycApT5t7lip7mpB1iIcjV429RX0TaclrPsbVqV6ttKjbagI4C0QjHVN0d+d
19eKWIpHkVkPcGRel4rfPhOJevMXKLbxmirQIM40n1w1ofL5+VnlpGZFyXYsatHr
vDtyJ+2okbjQBDHnZNjeQS9tmgUr00CGURWn3RZvJaQlqrmpU3hL4nybUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAKApB/qw8hjIUDBwasCFxYyU+VIMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvQW9Da0gtckR5R01oUU1IQnF3SVhGakpUNVVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW7/RMA0G
CSqGSIb3DQEBCwUAA4IBAQBC5u0tbCvrS5U+Bxi9LoSoe/ccwT4ules0Ms0GGyRO
z6BktVUQKAMhBsguEyxnwnBd5bhMT5usigRB5KXy2bQNaO95UNjjzp9ZcemidvNW
Rd34DqLEtfIF6C5fVlxhhwpA16pKHGCbCAMSXCJ7zBMwDtsNk9P6ahCTwhQ6E89m
GdoV1tt1isgWR3ivRDVbDw42kUfjvf5hMD1AKqbvyH+VGXIC/kv0uA3a9/CB2KnI
FX7oqTmwjzxRpcPJH9l8xQ6B+6zQihB/rtRAZJJstWdq6v82wkfjBCw702VCemby
srDXbIy4+U6kFsFhsVP+rZhfLY1Di67KqDquZczuXfHS
-----END CERTIFICATE-----