Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/0616e0-9cbb-430a-8244-edcc52e17a94/1/NDqyDtWAEo6ZM2ceSsa7GHByinQ.roa
File:                     NDqyDtWAEo6ZM2ceSsa7GHByinQ.roa (raw, json)
Hash identifier:          3p9CyZSCc87dqU2cpaI6sW2UNCYgaQF1+fbTjK4uQF0=
Subject key identifier:   34:3A:B2:0E:D5:80:12:8E:99:33:67:1E:4A:C6:BB:18:70:72:8A:74
Certificate issuer:       /CN=9a60ae4bdd9d6efba6ea11c60737cba02dcf1e60
Certificate serial:       018CC56EA33DB851F63611435004DB5F66D1
Authority key identifier: 9A:60:AE:4B:DD:9D:6E:FB:A6:EA:11:C6:07:37:CB:A0:2D:CF:1E:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mmCuS92dbvum6hHGBzfLoC3PHmA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/0616e0-9cbb-430a-8244-edcc52e17a94/1/NDqyDtWAEo6ZM2ceSsa7GHByinQ.roa
Signing time:             Mon 01 Jan 2024 14:30:11 +0000
ROA not before:           Mon 01 Jan 2024 14:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57850
IP address blocks:        91.209.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/0616e0-9cbb-430a-8244-edcc52e17a94/1/mmCuS92dbvum6hHGBzfLoC3PHmA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/0616e0-9cbb-430a-8244-edcc52e17a94/1/mmCuS92dbvum6hHGBzfLoC3PHmA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mmCuS92dbvum6hHGBzfLoC3PHmA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 14:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:a3:3d:b8:51:f6:36:11:43:50:04:db:5f:66:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a60ae4bdd9d6efba6ea11c60737cba02dcf1e60
        Validity
            Not Before: Jan  1 14:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=343ab20ed580128e9933671e4ac6bb1870728a74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:dc:c8:ae:0b:82:a2:69:4c:b9:8e:d9:36:c2:
                    75:a0:cb:12:70:db:29:3e:3b:1d:4c:d6:8f:bd:b8:
                    ea:68:b5:59:bd:f9:36:15:bf:e5:c2:a3:b5:92:12:
                    44:41:24:11:fe:05:72:36:bf:2c:c3:96:2d:a7:da:
                    a5:21:c3:fb:a7:f4:f3:26:76:d8:a3:d6:6c:32:99:
                    ea:d0:d9:ac:35:df:cb:58:14:71:e8:2b:be:52:b9:
                    ff:46:99:4d:bc:30:15:79:44:51:96:a1:42:d2:d1:
                    42:58:36:9a:44:6d:40:80:7a:cf:78:2e:2a:69:06:
                    f0:9e:9f:f6:b8:fe:51:00:b6:72:c4:91:9e:90:7c:
                    b1:17:a1:ac:9f:4a:d2:e7:50:cc:ac:6c:ee:47:53:
                    cc:99:86:bc:9e:f7:42:06:b8:96:08:46:39:d4:ba:
                    0c:46:4f:98:a9:ae:a6:9b:ba:07:04:d2:10:6d:41:
                    53:3d:dd:a0:fd:55:d6:16:82:aa:4c:1f:a0:60:18:
                    4d:0b:6b:bf:2c:da:68:79:d3:e7:8a:9d:46:3c:67:
                    e7:ab:5e:e2:11:a2:b7:2e:e3:0b:07:2c:61:40:87:
                    73:2a:06:0f:ae:39:84:af:71:c0:72:79:91:29:72:
                    d9:50:65:f6:d9:2f:0a:dc:5e:e1:65:09:6f:3b:bf:
                    e1:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:3A:B2:0E:D5:80:12:8E:99:33:67:1E:4A:C6:BB:18:70:72:8A:74
            X509v3 Authority Key Identifier:
                keyid:9A:60:AE:4B:DD:9D:6E:FB:A6:EA:11:C6:07:37:CB:A0:2D:CF:1E:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mmCuS92dbvum6hHGBzfLoC3PHmA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/0616e0-9cbb-430a-8244-edcc52e17a94/1/NDqyDtWAEo6ZM2ceSsa7GHByinQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/0616e0-9cbb-430a-8244-edcc52e17a94/1/mmCuS92dbvum6hHGBzfLoC3PHmA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:ef:8f:55:e6:cb:a9:dd:64:1c:e2:c6:22:34:9f:95:65:9c:
         77:f8:30:80:b1:c6:e7:81:26:f8:1f:4e:01:8d:10:83:71:e7:
         2a:b8:6e:84:e8:ac:e2:8f:9c:33:0f:30:52:c9:fc:6e:44:07:
         8b:cc:0a:ff:d3:14:4a:6d:88:cc:bf:bd:de:f5:b8:52:0c:96:
         97:3e:0e:f0:cf:f3:e3:b8:9a:9d:dd:72:6a:d7:b0:c3:87:95:
         16:a7:69:ce:85:1f:75:ec:1b:e8:08:6d:30:e2:5a:70:97:76:
         e7:1a:33:70:e4:8d:32:d9:b6:41:7f:17:a7:2d:d6:cb:65:40:
         dd:8d:80:e5:1c:70:d4:62:cf:d5:37:2d:e5:72:b1:fd:bc:b4:
         b2:36:dc:2c:49:f4:cc:3b:27:1c:f3:36:2d:9d:70:8c:ce:4a:
         b7:0b:93:10:5f:b7:6a:5c:47:d0:1a:1b:ec:89:f4:d0:49:f3:
         be:a0:9f:13:d8:9d:58:5f:e6:76:46:4f:e1:32:2b:5f:fe:0e:
         ba:c7:33:7d:ec:56:a0:2e:31:91:6e:6b:8f:52:17:4a:83:40:
         da:f8:c9:98:6f:95:1f:1b:51:fe:08:62:93:1c:5b:33:24:26:
         01:9c:5d:8c:12:d7:26:77:e0:39:bd:31:6d:e5:76:ae:b2:12:
         03:0c:9a:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbqM9uFH2NhFDUATbX2bRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhNjBhZTRiZGQ5ZDZlZmJhNmVhMTFjNjA3MzdjYmEwMmRj
ZjFlNjAwHhcNMjQwMTAxMTQzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDNhYjIwZWQ1ODAxMjhlOTkzMzY3MWU0YWM2YmIxODcwNzI4YTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNzIrguComlMuY7ZNsJ1oMsScNsp
PjsdTNaPvbjqaLVZvfk2Fb/lwqO1khJEQSQR/gVyNr8sw5Ytp9qlIcP7p/TzJnbY
o9ZsMpnq0NmsNd/LWBRx6Cu+Urn/RplNvDAVeURRlqFC0tFCWDaaRG1AgHrPeC4q
aQbwnp/2uP5RALZyxJGekHyxF6Gsn0rS51DMrGzuR1PMmYa8nvdCBriWCEY51LoM
Rk+Yqa6mm7oHBNIQbUFTPd2g/VXWFoKqTB+gYBhNC2u/LNpoedPnip1GPGfnq17i
EaK3LuMLByxhQIdzKgYPrjmEr3HAcnmRKXLZUGX22S8K3F7hZQlvO7/htwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDQ6sg7VgBKOmTNnHkrGuxhwcop0MB8GA1UdIwQY
MBaAFJpgrkvdnW77puoRxgc3y6Atzx5gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbW1DdVM5MmRidnVtNmhIR0J6ZkxvQzNQSG1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC8wNjE2ZTAtOWNiYi00MzBhLTgyNDQt
ZWRjYzUyZTE3YTk0LzEvTkRxeUR0V0FFbzZaTTJjZVNzYTdHSEJ5aW5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC8wNjE2ZTAtOWNiYi00MzBhLTgyNDQtZWRjYzUyZTE3YTk0
LzEvbW1DdVM5MmRidnVtNmhIR0J6ZkxvQzNQSG1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9E8MA0G
CSqGSIb3DQEBCwUAA4IBAQBW749V5sup3WQc4sYiNJ+VZZx3+DCAscbngSb4H04B
jRCDcecquG6E6Kzij5wzDzBSyfxuRAeLzAr/0xRKbYjMv73e9bhSDJaXPg7wz/Pj
uJqd3XJq17DDh5UWp2nOhR917BvoCG0w4lpwl3bnGjNw5I0y2bZBfxenLdbLZUDd
jYDlHHDUYs/VNy3lcrH9vLSyNtwsSfTMOycc8zYtnXCMzkq3C5MQX7dqXEfQGhvs
ifTQSfO+oJ8T2J1YX+Z2Rk/hMitf/g66xzN97FagLjGRbmuPUhdKg0Da+MmYb5Uf
G1H+CGKTHFszJCYBnF2MEtcmd+A5vTFt5XaushIDDJpa
-----END CERTIFICATE-----