Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/603444-4a0d-4c52-bef7-d79b0ec78e97/1/n0CF4jGp_EDVKypL-rKRctlE3N0.roa
File:                     n0CF4jGp_EDVKypL-rKRctlE3N0.roa (raw, json)
Hash identifier:          /jDucvsuuw4NXWRnqiJy3miUoLsC4CwFNrDqWNZSBO0=
Subject key identifier:   9F:40:85:E2:31:A9:FC:40:D5:2B:2A:4B:FA:B2:91:72:D9:44:DC:DD
Certificate issuer:       /CN=72aa02f45b97930c7a46d0ef18a91c0aaf8992f2
Certificate serial:       018CC348C723ADAA1D7C188EA15762EBE77A
Authority key identifier: 72:AA:02:F4:5B:97:93:0C:7A:46:D0:EF:18:A9:1C:0A:AF:89:92:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cqoC9FuXkwx6RtDvGKkcCq-JkvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/603444-4a0d-4c52-bef7-d79b0ec78e97/1/n0CF4jGp_EDVKypL-rKRctlE3N0.roa
Signing time:             Mon 01 Jan 2024 04:29:35 +0000
ROA not before:           Mon 01 Jan 2024 04:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42708
IP address blocks:        91.212.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/603444-4a0d-4c52-bef7-d79b0ec78e97/1/cqoC9FuXkwx6RtDvGKkcCq-JkvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/603444-4a0d-4c52-bef7-d79b0ec78e97/1/cqoC9FuXkwx6RtDvGKkcCq-JkvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cqoC9FuXkwx6RtDvGKkcCq-JkvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 04:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c7:23:ad:aa:1d:7c:18:8e:a1:57:62:eb:e7:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72aa02f45b97930c7a46d0ef18a91c0aaf8992f2
        Validity
            Not Before: Jan  1 04:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f4085e231a9fc40d52b2a4bfab29172d944dcdd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:e0:ed:7c:e7:c7:bf:a4:12:27:e6:ad:72:32:
                    3d:0a:85:45:32:08:c2:99:60:b2:28:fa:05:d8:9d:
                    f8:d1:4d:3f:50:e5:ab:55:66:38:ae:fd:7a:e5:a1:
                    82:e6:e1:f8:fc:c9:77:a3:b2:84:51:b5:cf:2f:29:
                    af:a1:e7:a3:c4:09:91:f2:55:f7:45:d7:48:e7:99:
                    f5:f0:0e:05:b5:f2:2a:0b:f6:a9:2b:7d:2f:8f:c3:
                    37:7a:0a:73:51:e1:c8:4a:4e:6f:0a:92:32:ad:0e:
                    f1:53:ac:e6:29:f7:63:16:19:44:8d:9b:e2:49:5f:
                    47:4e:a3:68:d0:17:59:20:ac:e2:81:a6:76:c2:d6:
                    eb:1e:94:17:3e:12:45:ec:0e:00:1a:88:6c:5f:f3:
                    6c:5b:54:c5:f5:f0:93:55:9f:b9:19:e3:10:86:69:
                    38:91:33:00:2c:95:93:0d:56:9e:9d:69:48:d0:69:
                    d8:45:e3:6a:b9:ea:d8:5d:ae:02:75:e2:2d:45:00:
                    3e:ad:08:01:ee:60:ed:7f:62:87:48:8b:70:b1:03:
                    07:3a:47:4a:93:ae:10:00:09:fc:fe:bb:b6:bb:e3:
                    4e:99:97:63:07:9a:64:ee:45:c5:87:3d:03:5e:e1:
                    b6:b1:c9:58:7e:34:f8:2c:24:df:c7:ee:49:9a:a7:
                    2c:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:40:85:E2:31:A9:FC:40:D5:2B:2A:4B:FA:B2:91:72:D9:44:DC:DD
            X509v3 Authority Key Identifier:
                keyid:72:AA:02:F4:5B:97:93:0C:7A:46:D0:EF:18:A9:1C:0A:AF:89:92:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cqoC9FuXkwx6RtDvGKkcCq-JkvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/603444-4a0d-4c52-bef7-d79b0ec78e97/1/n0CF4jGp_EDVKypL-rKRctlE3N0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/603444-4a0d-4c52-bef7-d79b0ec78e97/1/cqoC9FuXkwx6RtDvGKkcCq-JkvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:c1:0a:db:a8:10:19:73:07:aa:94:4b:cb:8b:a9:44:81:43:
         4e:f4:1b:66:64:5f:a4:ea:d9:17:93:ae:0e:e0:08:df:04:fa:
         af:31:94:08:f4:9a:b9:95:3c:ab:65:f5:0f:e5:52:22:b5:c1:
         43:db:ba:5d:79:2e:52:61:e9:4f:af:e6:6b:cc:53:d3:db:7f:
         e7:cf:4f:28:b0:00:c6:4d:34:17:76:ae:e6:ef:31:41:a7:9b:
         7e:e8:ed:02:95:6c:e0:71:da:ba:0c:36:5f:90:9a:be:e9:94:
         c0:69:19:66:34:e4:09:1b:80:52:1b:9c:ef:d5:8d:33:5f:bc:
         7a:10:8a:fc:84:ee:d5:02:34:0a:cb:dc:9e:b1:6b:8f:49:a3:
         b0:af:32:ca:d1:f9:bb:4d:bc:cd:f5:7e:5b:91:77:7a:b9:df:
         e7:f5:67:77:75:90:97:d6:fb:55:e2:09:cf:4c:52:75:82:1a:
         f7:4f:40:53:8b:d8:3b:00:bb:e4:4c:f1:01:0a:df:65:1f:5c:
         d2:17:23:91:e6:f7:ec:49:60:3d:79:98:b2:f5:b0:8c:c4:27:
         e5:21:d8:a4:f5:13:b0:82:e6:7e:ea:4d:54:a5:25:9b:7b:f4:
         a5:4f:6a:98:32:ee:0b:6f:28:ad:4f:8a:f2:19:ee:2d:c7:77:
         39:9e:41:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSMcjraodfBiOoVdi6+d6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYWEwMmY0NWI5NzkzMGM3YTQ2ZDBlZjE4YTkxYzBhYWY4
OTkyZjIwHhcNMjQwMTAxMDQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjQwODVlMjMxYTlmYzQwZDUyYjJhNGJmYWIyOTE3MmQ5NDRkY2RkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjeDtfOfHv6QSJ+atcjI9CoVFMgjC
mWCyKPoF2J340U0/UOWrVWY4rv165aGC5uH4/Ml3o7KEUbXPLymvoeejxAmR8lX3
RddI55n18A4FtfIqC/apK30vj8M3egpzUeHISk5vCpIyrQ7xU6zmKfdjFhlEjZvi
SV9HTqNo0BdZIKzigaZ2wtbrHpQXPhJF7A4AGohsX/NsW1TF9fCTVZ+5GeMQhmk4
kTMALJWTDVaenWlI0GnYReNquerYXa4CdeItRQA+rQgB7mDtf2KHSItwsQMHOkdK
k64QAAn8/ru2u+NOmZdjB5pk7kXFhz0DXuG2sclYfjT4LCTfx+5JmqcsSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ9AheIxqfxA1SsqS/qykXLZRNzdMB8GA1UdIwQY
MBaAFHKqAvRbl5MMekbQ7xipHAqviZLyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3FvQzlGdVhrd3g2UnREdkdLa2NDcS1Ka3ZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC82MDM0NDQtNGEwZC00YzUyLWJlZjct
ZDc5YjBlYzc4ZTk3LzEvbjBDRjRqR3BfRURWS3lwTC1yS1JjdGxFM04wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC82MDM0NDQtNGEwZC00YzUyLWJlZjctZDc5YjBlYzc4ZTk3
LzEvY3FvQzlGdVhrd3g2UnREdkdLa2NDcS1Ka3ZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9QKMA0G
CSqGSIb3DQEBCwUAA4IBAQBbwQrbqBAZcweqlEvLi6lEgUNO9BtmZF+k6tkXk64O
4AjfBPqvMZQI9Jq5lTyrZfUP5VIitcFD27pdeS5SYelPr+ZrzFPT23/nz08osADG
TTQXdq7m7zFBp5t+6O0ClWzgcdq6DDZfkJq+6ZTAaRlmNOQJG4BSG5zv1Y0zX7x6
EIr8hO7VAjQKy9yesWuPSaOwrzLK0fm7TbzN9X5bkXd6ud/n9Wd3dZCX1vtV4gnP
TFJ1ghr3T0BTi9g7ALvkTPEBCt9lH1zSFyOR5vfsSWA9eZiy9bCMxCflIdik9ROw
guZ+6k1UpSWbe/SlT2qYMu4LbyitT4ryGe4tx3c5nkG1
-----END CERTIFICATE-----