Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/ffa949-86c4-4984-8557-2c2c5fbda341/1/SnK6FZoFbHlfEiK_pD1Rwmlb27Q.roa
File:                     SnK6FZoFbHlfEiK_pD1Rwmlb27Q.roa (raw, json)
Hash identifier:          QpZSlPy1HZzPI6TVS7rSkL21ljunNU4rjD2gjKIxYBA=
Subject key identifier:   4A:72:BA:15:9A:05:6C:79:5F:12:22:BF:A4:3D:51:C2:69:5B:DB:B4
Certificate issuer:       /CN=79cd4bd3c9bfe20dccfe2b19de23095ca2474835
Certificate serial:       018CC8DCE7BDB2AD8F1060340428B00A2014
Authority key identifier: 79:CD:4B:D3:C9:BF:E2:0D:CC:FE:2B:19:DE:23:09:5C:A2:47:48:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ec1L08m_4g3M_isZ3iMJXKJHSDU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/ffa949-86c4-4984-8557-2c2c5fbda341/1/SnK6FZoFbHlfEiK_pD1Rwmlb27Q.roa
Signing time:             Tue 02 Jan 2024 06:29:29 +0000
ROA not before:           Tue 02 Jan 2024 06:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3303
IP address blocks:        91.198.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/ffa949-86c4-4984-8557-2c2c5fbda341/1/ec1L08m_4g3M_isZ3iMJXKJHSDU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/ffa949-86c4-4984-8557-2c2c5fbda341/1/ec1L08m_4g3M_isZ3iMJXKJHSDU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ec1L08m_4g3M_isZ3iMJXKJHSDU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 18:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:e7:bd:b2:ad:8f:10:60:34:04:28:b0:0a:20:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79cd4bd3c9bfe20dccfe2b19de23095ca2474835
        Validity
            Not Before: Jan  2 06:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a72ba159a056c795f1222bfa43d51c2695bdbb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:37:c5:fe:13:39:19:88:52:0d:32:5e:65:c4:
                    11:b5:6f:7e:40:88:44:22:53:3c:2b:4c:7f:9b:39:
                    6a:d6:84:33:cb:25:94:0e:1b:b2:69:16:e0:23:73:
                    e3:10:8a:33:c1:37:05:51:2a:9c:7b:1e:67:6b:00:
                    62:48:8e:21:44:41:77:ca:dc:d5:9f:00:7d:a7:07:
                    44:ab:41:b0:9c:7c:e1:2d:b7:0e:7c:45:cf:c8:a2:
                    7b:43:bd:62:b4:5e:ed:c8:c0:82:fa:16:29:e9:eb:
                    47:e1:e5:57:98:d3:38:0a:92:5c:61:b9:3a:8a:e9:
                    cb:bb:f7:8a:f6:80:f7:a7:0c:68:06:eb:35:28:74:
                    3e:5b:9f:3a:75:1e:9e:56:0e:3b:1e:8b:43:aa:65:
                    08:01:2b:0f:5f:9c:8e:10:b4:36:57:df:a3:4b:66:
                    cc:71:e7:97:ec:09:1b:31:43:2e:9c:31:49:bc:dc:
                    31:63:2c:4e:97:a1:38:b0:56:ef:67:15:18:0f:51:
                    30:04:d5:1a:7a:ac:f7:b0:d0:83:c7:05:08:50:e8:
                    1b:07:2f:db:ae:85:b7:52:9a:cb:59:78:77:b7:b6:
                    d7:6a:69:be:3e:7a:60:e8:e7:0e:03:60:fe:6e:5e:
                    c0:10:7e:6c:3e:c3:41:68:83:d0:2f:7b:b8:86:5b:
                    15:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:72:BA:15:9A:05:6C:79:5F:12:22:BF:A4:3D:51:C2:69:5B:DB:B4
            X509v3 Authority Key Identifier:
                keyid:79:CD:4B:D3:C9:BF:E2:0D:CC:FE:2B:19:DE:23:09:5C:A2:47:48:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec1L08m_4g3M_isZ3iMJXKJHSDU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/ffa949-86c4-4984-8557-2c2c5fbda341/1/SnK6FZoFbHlfEiK_pD1Rwmlb27Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/ffa949-86c4-4984-8557-2c2c5fbda341/1/ec1L08m_4g3M_isZ3iMJXKJHSDU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:c6:2c:b6:73:b8:cd:f1:72:98:d1:24:27:f4:0a:4e:3e:c9:
         e0:ad:d8:ac:94:9f:92:7c:3f:d4:a0:7b:51:c3:ee:65:ae:57:
         00:0e:82:67:ef:bd:68:ce:78:b1:b8:5d:07:59:af:db:1a:12:
         43:6a:6e:36:d8:c3:eb:18:c0:9e:1a:21:f1:77:63:16:88:e6:
         e4:28:ec:28:72:7e:a6:71:80:6c:fb:17:e3:85:9f:02:74:55:
         64:ca:cd:90:9e:bf:12:51:c6:57:db:70:ba:c0:22:71:46:77:
         ce:1a:80:5d:ea:af:c9:8e:52:7e:d6:27:a7:81:d0:b0:35:ab:
         18:8b:1a:4e:f7:2d:12:32:0c:c0:ab:6f:d4:bb:df:97:8a:89:
         f6:d8:f8:ea:0f:2f:2e:8c:06:22:77:47:f9:3a:a3:0d:3f:78:
         8c:86:2c:f5:9d:0f:15:f4:df:16:97:22:f5:14:21:20:e7:eb:
         03:e2:2f:9b:5d:fb:6e:bc:da:bb:09:1e:da:62:0e:07:1c:10:
         d2:c6:52:d6:9c:cd:2c:be:c9:a8:72:43:b1:8c:89:65:87:50:
         e8:07:49:ae:b1:18:d1:4e:54:de:f5:c1:6b:02:bd:f2:1c:03:
         a2:c7:f9:82:6d:da:17:9e:82:2e:85:db:65:8d:69:9a:c3:e0:
         23:f2:8c:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3Oe9sq2PEGA0BCiwCiAUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5Y2Q0YmQzYzliZmUyMGRjY2ZlMmIxOWRlMjMwOTVjYTI0
NzQ4MzUwHhcNMjQwMTAyMDYyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTcyYmExNTlhMDU2Yzc5NWYxMjIyYmZhNDNkNTFjMjY5NWJkYmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAozfF/hM5GYhSDTJeZcQRtW9+QIhE
IlM8K0x/mzlq1oQzyyWUDhuyaRbgI3PjEIozwTcFUSqcex5nawBiSI4hREF3ytzV
nwB9pwdEq0GwnHzhLbcOfEXPyKJ7Q71itF7tyMCC+hYp6etH4eVXmNM4CpJcYbk6
iunLu/eK9oD3pwxoBus1KHQ+W586dR6eVg47HotDqmUIASsPX5yOELQ2V9+jS2bM
ceeX7AkbMUMunDFJvNwxYyxOl6E4sFbvZxUYD1EwBNUaeqz3sNCDxwUIUOgbBy/b
roW3UprLWXh3t7bXamm+Pnpg6OcOA2D+bl7AEH5sPsNBaIPQL3u4hlsV7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEpyuhWaBWx5XxIiv6Q9UcJpW9u0MB8GA1UdIwQY
MBaAFHnNS9PJv+INzP4rGd4jCVyiR0g1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWMxTDA4bV80ZzNNX2lzWjNpTUpYS0pIU0RVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9mZmE5NDktODZjNC00OTg0LTg1NTct
MmMyYzVmYmRhMzQxLzEvU25LNkZab0ZiSGxmRWlLX3BEMVJ3bWxiMjdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9mZmE5NDktODZjNC00OTg0LTg1NTctMmMyYzVmYmRhMzQx
LzEvZWMxTDA4bV80ZzNNX2lzWjNpTUpYS0pIU0RVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8ZIMA0G
CSqGSIb3DQEBCwUAA4IBAQBlxiy2c7jN8XKY0SQn9ApOPsngrdislJ+SfD/UoHtR
w+5lrlcADoJn771oznixuF0HWa/bGhJDam422MPrGMCeGiHxd2MWiObkKOwocn6m
cYBs+xfjhZ8CdFVkys2Qnr8SUcZX23C6wCJxRnfOGoBd6q/JjlJ+1iengdCwNasY
ixpO9y0SMgzAq2/Uu9+Xion22PjqDy8ujAYid0f5OqMNP3iMhiz1nQ8V9N8WlyL1
FCEg5+sD4i+bXftuvNq7CR7aYg4HHBDSxlLWnM0svsmockOxjIllh1DoB0musRjR
TlTe9cFrAr3yHAOix/mCbdoXnoIuhdtljWmaw+Aj8oxt
-----END CERTIFICATE-----