Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/9c73ff-6642-4b33-b564-a2381c36c054/1/Cm4EFjnZAPxthqhBfdyN6SpvvS0.roa
File:                     Cm4EFjnZAPxthqhBfdyN6SpvvS0.roa (raw, json)
Hash identifier:          T93LynEnhtO4/AOgmQHWtJdvOBR0zP5Ys3IICY8LNyw=
Subject key identifier:   0A:6E:04:16:39:D9:00:FC:6D:86:A8:41:7D:DC:8D:E9:2A:6F:BD:2D
Certificate issuer:       /CN=00cc4d5088db71e218777d976d0aadc498c46cfd
Certificate serial:       018CC4923C0E222DF5FF347CB1CAE6FE72D4
Authority key identifier: 00:CC:4D:50:88:DB:71:E2:18:77:7D:97:6D:0A:AD:C4:98:C4:6C:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AMxNUIjbceIYd32XbQqtxJjEbP0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/9c73ff-6642-4b33-b564-a2381c36c054/1/Cm4EFjnZAPxthqhBfdyN6SpvvS0.roa
Signing time:             Mon 01 Jan 2024 10:29:27 +0000
ROA not before:           Mon 01 Jan 2024 10:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197610
IP address blocks:        91.223.149.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/9c73ff-6642-4b33-b564-a2381c36c054/1/AMxNUIjbceIYd32XbQqtxJjEbP0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/9c73ff-6642-4b33-b564-a2381c36c054/1/AMxNUIjbceIYd32XbQqtxJjEbP0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AMxNUIjbceIYd32XbQqtxJjEbP0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:3c:0e:22:2d:f5:ff:34:7c:b1:ca:e6:fe:72:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00cc4d5088db71e218777d976d0aadc498c46cfd
        Validity
            Not Before: Jan  1 10:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a6e041639d900fc6d86a8417ddc8de92a6fbd2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:8f:71:07:ef:b3:f9:b8:a1:e4:ab:e6:9f:f7:
                    cc:09:27:0e:1d:8a:d5:98:f3:3d:67:e4:e8:69:93:
                    68:c9:ef:a4:ab:9f:2d:04:5e:d1:9f:d3:3b:b6:56:
                    e1:24:5b:1c:f6:c2:98:ea:88:c6:d6:d9:a1:3e:aa:
                    64:d5:3e:55:4d:e2:13:1b:bf:31:32:d4:1c:92:d5:
                    52:33:e3:14:2d:65:db:6b:90:af:1c:29:b9:a7:a1:
                    fa:62:ea:8d:a2:26:98:dd:f2:a3:8b:02:c5:0d:2b:
                    cb:6d:c8:04:cc:ce:0e:65:0f:38:ec:92:27:56:61:
                    8b:10:4e:48:da:3d:78:d2:12:16:91:2a:09:dd:9b:
                    45:a2:c3:54:a4:23:80:24:ce:96:3c:31:2a:66:d7:
                    97:40:b2:ce:2c:3a:d5:61:ab:78:b5:c9:93:de:af:
                    0e:e7:66:3d:67:67:48:05:a2:fc:e9:82:e0:eb:a0:
                    92:c2:dd:97:72:f4:c6:1f:33:6f:31:91:c9:8d:8d:
                    21:61:c0:6e:5f:62:11:4b:e5:52:67:ce:b3:d5:dc:
                    d5:8a:f3:a9:42:73:96:33:f8:eb:62:d0:89:33:fa:
                    11:8d:f3:31:e1:b5:40:05:7e:c7:f6:3b:61:48:a2:
                    e5:b6:45:31:3a:62:46:a6:16:d5:e9:e0:86:bc:b8:
                    7a:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:6E:04:16:39:D9:00:FC:6D:86:A8:41:7D:DC:8D:E9:2A:6F:BD:2D
            X509v3 Authority Key Identifier:
                keyid:00:CC:4D:50:88:DB:71:E2:18:77:7D:97:6D:0A:AD:C4:98:C4:6C:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AMxNUIjbceIYd32XbQqtxJjEbP0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/9c73ff-6642-4b33-b564-a2381c36c054/1/Cm4EFjnZAPxthqhBfdyN6SpvvS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/9c73ff-6642-4b33-b564-a2381c36c054/1/AMxNUIjbceIYd32XbQqtxJjEbP0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:8e:cf:c4:3f:e0:79:c9:70:1b:14:97:a4:6c:ab:3d:52:ba:
         1d:a4:22:6a:2c:52:01:48:a8:14:71:af:74:0d:61:f1:72:4e:
         be:d6:ba:a0:54:72:5e:cf:c5:cc:ad:07:7e:bc:c8:48:6a:bc:
         40:4e:94:bc:de:50:31:56:0a:2f:35:5e:a6:1d:e6:99:f6:0e:
         42:39:66:35:22:c1:62:c8:25:4d:42:c8:4f:1a:72:e1:6c:28:
         2a:3a:41:af:59:77:02:cb:55:df:02:68:21:21:a2:96:5f:67:
         f4:b5:1a:65:e9:32:ca:15:58:82:4a:f4:47:9a:60:9d:31:99:
         02:50:c2:5a:1b:97:bd:31:0a:9c:08:5e:81:22:ff:90:e0:4a:
         a9:7b:d0:ae:07:b8:66:ec:5f:b9:8a:ed:0e:bd:37:05:20:4f:
         fc:b7:21:f9:29:0a:1e:25:cd:09:f7:09:1a:87:ae:f3:7f:94:
         00:c4:0b:a1:d4:0f:1d:a4:b6:8b:d1:ae:ef:5b:91:ac:d7:61:
         e9:f0:0b:37:e7:b6:09:21:d6:6f:57:eb:3c:4b:43:5d:ae:b0:
         05:c2:88:27:45:0d:eb:05:64:34:3f:46:a7:6a:aa:b2:61:f3:
         ca:07:a0:37:c3:3c:b6:e1:d9:c2:35:4d:8d:2a:63:2b:c7:74:
         cd:2e:e0:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkjwOIi31/zR8scrm/nLUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwY2M0ZDUwODhkYjcxZTIxODc3N2Q5NzZkMGFhZGM0OThj
NDZjZmQwHhcNMjQwMTAxMTAyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTZlMDQxNjM5ZDkwMGZjNmQ4NmE4NDE3ZGRjOGRlOTJhNmZiZDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjY9xB++z+bih5Kvmn/fMCScOHYrV
mPM9Z+ToaZNoye+kq58tBF7Rn9M7tlbhJFsc9sKY6ojG1tmhPqpk1T5VTeITG78x
MtQcktVSM+MULWXba5CvHCm5p6H6YuqNoiaY3fKjiwLFDSvLbcgEzM4OZQ847JIn
VmGLEE5I2j140hIWkSoJ3ZtFosNUpCOAJM6WPDEqZteXQLLOLDrVYat4tcmT3q8O
52Y9Z2dIBaL86YLg66CSwt2XcvTGHzNvMZHJjY0hYcBuX2IRS+VSZ86z1dzVivOp
QnOWM/jrYtCJM/oRjfMx4bVABX7H9jthSKLltkUxOmJGphbV6eCGvLh6lQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFApuBBY52QD8bYaoQX3cjekqb70tMB8GA1UdIwQY
MBaAFADMTVCI23HiGHd9l20KrcSYxGz9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQU14TlVJamJjZUlZZDMyWGJRcXR4SmpFYlAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi85YzczZmYtNjY0Mi00YjMzLWI1NjQt
YTIzODFjMzZjMDU0LzEvQ200RUZqblpBUHh0aHFoQmZkeU42U3B2dlMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi85YzczZmYtNjY0Mi00YjMzLWI1NjQtYTIzODFjMzZjMDU0
LzEvQU14TlVJamJjZUlZZDMyWGJRcXR4SmpFYlAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9+VMA0G
CSqGSIb3DQEBCwUAA4IBAQBujs/EP+B5yXAbFJekbKs9UrodpCJqLFIBSKgUca90
DWHxck6+1rqgVHJez8XMrQd+vMhIarxATpS83lAxVgovNV6mHeaZ9g5COWY1IsFi
yCVNQshPGnLhbCgqOkGvWXcCy1XfAmghIaKWX2f0tRpl6TLKFViCSvRHmmCdMZkC
UMJaG5e9MQqcCF6BIv+Q4Eqpe9CuB7hm7F+5iu0OvTcFIE/8tyH5KQoeJc0J9wka
h67zf5QAxAuh1A8dpLaL0a7vW5Gs12Hp8As357YJIdZvV+s8S0NdrrAFwognRQ3r
BWQ0P0anaqqyYfPKB6A3wzy24dnCNU2NKmMrx3TNLuBm
-----END CERTIFICATE-----