Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/30c84e-e0b0-491c-971b-f1d4629ccd77/1/RF9QRv_nthb6879WFhGPsdQ9MmI.roa
File:                     RF9QRv_nthb6879WFhGPsdQ9MmI.roa (raw, json)
Hash identifier:          GCFhg+T7Rw3ZTCDXjmbchktvqH5/hdoMYfM1UAi+19o=
Subject key identifier:   44:5F:50:46:FF:E7:B6:16:FA:F3:BF:56:16:11:8F:B1:D4:3D:32:62
Certificate issuer:       /CN=906d4fbf6ddc6f5cb745a68cc6818a942eaee20e
Certificate serial:       018CCA2A55210410A3D6A12652CB085A2E98
Authority key identifier: 90:6D:4F:BF:6D:DC:6F:5C:B7:45:A6:8C:C6:81:8A:94:2E:AE:E2:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kG1Pv23cb1y3RaaMxoGKlC6u4g4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/30c84e-e0b0-491c-971b-f1d4629ccd77/1/RF9QRv_nthb6879WFhGPsdQ9MmI.roa
Signing time:             Tue 02 Jan 2024 12:33:40 +0000
ROA not before:           Tue 02 Jan 2024 12:33:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211440
IP address blocks:        91.213.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/30c84e-e0b0-491c-971b-f1d4629ccd77/1/kG1Pv23cb1y3RaaMxoGKlC6u4g4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/30c84e-e0b0-491c-971b-f1d4629ccd77/1/kG1Pv23cb1y3RaaMxoGKlC6u4g4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kG1Pv23cb1y3RaaMxoGKlC6u4g4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:55:21:04:10:a3:d6:a1:26:52:cb:08:5a:2e:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=906d4fbf6ddc6f5cb745a68cc6818a942eaee20e
        Validity
            Not Before: Jan  2 12:33:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=445f5046ffe7b616faf3bf5616118fb1d43d3262
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:4a:5b:4c:83:e1:30:20:bd:dc:d0:9f:72:cc:
                    6b:cc:52:37:10:a1:cb:4a:8b:ba:d9:ea:73:e8:f9:
                    96:4e:64:d1:d0:ae:2c:a7:94:10:d3:33:9f:1a:49:
                    30:03:c6:ef:70:9f:2f:4a:9b:e6:22:90:cd:0a:f5:
                    46:9e:a4:eb:20:ed:83:2e:8f:ce:22:c1:3d:6d:e8:
                    a6:de:f8:c6:e3:36:2a:c8:d6:12:1f:f4:41:61:d5:
                    4b:2f:b2:35:9a:b8:42:a4:ac:b3:dc:91:5b:56:ff:
                    b8:36:1f:a0:c6:b6:f2:51:35:10:5c:b0:4e:a1:56:
                    a4:15:cc:93:18:1b:a0:0c:b0:b5:81:0e:89:28:70:
                    9b:f0:0c:a0:76:30:84:d6:94:76:d8:4c:1d:fd:a4:
                    ad:c3:99:ae:f7:3f:7a:9f:dc:dc:ac:58:35:78:d0:
                    db:98:10:1b:b9:14:81:c8:09:e8:a2:8d:67:6e:18:
                    b9:aa:64:a1:34:06:7a:39:e3:3d:55:dd:68:81:22:
                    9f:3a:99:37:08:82:de:c9:c6:12:e8:9d:45:c5:87:
                    a1:08:b4:5b:01:d5:71:b2:2d:26:74:77:21:5d:2f:
                    eb:f4:29:82:9b:45:c3:22:1b:95:6b:f6:a2:5e:f2:
                    7c:e0:a7:86:94:ed:b8:03:61:56:1e:db:86:b6:85:
                    7f:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:5F:50:46:FF:E7:B6:16:FA:F3:BF:56:16:11:8F:B1:D4:3D:32:62
            X509v3 Authority Key Identifier:
                keyid:90:6D:4F:BF:6D:DC:6F:5C:B7:45:A6:8C:C6:81:8A:94:2E:AE:E2:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kG1Pv23cb1y3RaaMxoGKlC6u4g4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/30c84e-e0b0-491c-971b-f1d4629ccd77/1/RF9QRv_nthb6879WFhGPsdQ9MmI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/30c84e-e0b0-491c-971b-f1d4629ccd77/1/kG1Pv23cb1y3RaaMxoGKlC6u4g4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:6a:67:6b:cf:60:6a:cf:11:27:55:b2:91:55:f7:9b:c5:5f:
         07:6c:5b:ca:7e:4c:8b:34:d0:c7:14:ed:bb:c0:8a:56:54:7f:
         ed:84:94:bb:4a:ef:89:2f:f4:67:34:f7:77:a0:71:19:eb:e4:
         3b:32:35:96:2c:e7:45:2e:5d:9c:31:45:7c:42:8a:08:95:ca:
         a3:c0:ea:5b:27:0e:c6:bd:0a:9f:cd:82:68:37:39:ad:d2:72:
         01:9c:82:ed:85:78:a9:25:9c:c0:2d:fd:6a:94:3b:b5:c3:be:
         b6:4c:e1:bf:96:ed:53:6e:78:58:80:04:54:13:4e:0f:f4:1d:
         1c:18:62:37:c1:01:f9:96:54:b9:46:d7:b8:af:10:45:03:d3:
         21:d2:f0:84:a3:1b:20:3a:3d:63:34:2f:93:f3:33:90:7d:e3:
         ae:e8:5d:44:50:2f:2c:0d:7b:ff:6c:c4:c5:f4:89:72:77:17:
         5d:95:0c:e4:15:99:3e:51:3e:9c:9b:15:6a:55:b7:3a:34:51:
         a4:ed:d4:10:54:00:53:c2:2d:de:65:2d:bd:3f:08:90:94:34:
         f9:1c:40:a7:7e:8d:98:09:f5:ad:87:62:1e:26:61:65:5a:6e:
         63:d1:c3:23:4b:55:f1:99:71:84:cc:67:1e:50:be:4e:05:47:
         2f:09:2a:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKlUhBBCj1qEmUssIWi6YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwNmQ0ZmJmNmRkYzZmNWNiNzQ1YTY4Y2M2ODE4YTk0MmVh
ZWUyMGUwHhcNMjQwMTAyMTIzMzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDVmNTA0NmZmZTdiNjE2ZmFmM2JmNTYxNjExOGZiMWQ0M2QzMjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjkpbTIPhMCC93NCfcsxrzFI3EKHL
Sou62epz6PmWTmTR0K4sp5QQ0zOfGkkwA8bvcJ8vSpvmIpDNCvVGnqTrIO2DLo/O
IsE9beim3vjG4zYqyNYSH/RBYdVLL7I1mrhCpKyz3JFbVv+4Nh+gxrbyUTUQXLBO
oVakFcyTGBugDLC1gQ6JKHCb8AygdjCE1pR22Ewd/aStw5mu9z96n9zcrFg1eNDb
mBAbuRSByAnooo1nbhi5qmShNAZ6OeM9Vd1ogSKfOpk3CILeycYS6J1FxYehCLRb
AdVxsi0mdHchXS/r9CmCm0XDIhuVa/aiXvJ84KeGlO24A2FWHtuGtoV/QwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFERfUEb/57YW+vO/VhYRj7HUPTJiMB8GA1UdIwQY
MBaAFJBtT79t3G9ct0WmjMaBipQuruIOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0cxUHYyM2NiMXkzUmFhTXhvR0tsQzZ1NGc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS8zMGM4NGUtZTBiMC00OTFjLTk3MWIt
ZjFkNDYyOWNjZDc3LzEvUkY5UVJ2X250aGI2ODc5V0ZoR1BzZFE5TW1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS8zMGM4NGUtZTBiMC00OTFjLTk3MWItZjFkNDYyOWNjZDc3
LzEva0cxUHYyM2NiMXkzUmFhTXhvR0tsQzZ1NGc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9WtMA0G
CSqGSIb3DQEBCwUAA4IBAQAIamdrz2BqzxEnVbKRVfebxV8HbFvKfkyLNNDHFO27
wIpWVH/thJS7Su+JL/RnNPd3oHEZ6+Q7MjWWLOdFLl2cMUV8QooIlcqjwOpbJw7G
vQqfzYJoNzmt0nIBnILthXipJZzALf1qlDu1w762TOG/lu1TbnhYgARUE04P9B0c
GGI3wQH5llS5Rte4rxBFA9Mh0vCEoxsgOj1jNC+T8zOQfeOu6F1EUC8sDXv/bMTF
9IlydxddlQzkFZk+UT6cmxVqVbc6NFGk7dQQVABTwi3eZS29PwiQlDT5HECnfo2Y
CfWth2IeJmFlWm5j0cMjS1XxmXGEzGceUL5OBUcvCSps
-----END CERTIFICATE-----