Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/30c84e-e0b0-491c-971b-f1d4629ccd77/1/cpUzrFftGrfPIn9ahbAU4PTZMeo.roa
File:                     cpUzrFftGrfPIn9ahbAU4PTZMeo.roa (raw, json)
Hash identifier:          9n55AsvD5FA6Z1UN5fmc/o54vvWCfnS/crH5y8Y8X5Q=
Subject key identifier:   72:95:33:AC:57:ED:1A:B7:CF:22:7F:5A:85:B0:14:E0:F4:D9:31:EA
Certificate issuer:       /CN=906d4fbf6ddc6f5cb745a68cc6818a942eaee20e
Certificate serial:       018CCA2A556328643F03FBD539FC8AF69FAE
Authority key identifier: 90:6D:4F:BF:6D:DC:6F:5C:B7:45:A6:8C:C6:81:8A:94:2E:AE:E2:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kG1Pv23cb1y3RaaMxoGKlC6u4g4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/30c84e-e0b0-491c-971b-f1d4629ccd77/1/cpUzrFftGrfPIn9ahbAU4PTZMeo.roa
Signing time:             Tue 02 Jan 2024 12:33:41 +0000
ROA not before:           Tue 02 Jan 2024 12:33:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212384
IP address blocks:        91.213.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/30c84e-e0b0-491c-971b-f1d4629ccd77/1/kG1Pv23cb1y3RaaMxoGKlC6u4g4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/30c84e-e0b0-491c-971b-f1d4629ccd77/1/kG1Pv23cb1y3RaaMxoGKlC6u4g4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kG1Pv23cb1y3RaaMxoGKlC6u4g4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 10:03:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:55:63:28:64:3f:03:fb:d5:39:fc:8a:f6:9f:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=906d4fbf6ddc6f5cb745a68cc6818a942eaee20e
        Validity
            Not Before: Jan  2 12:33:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=729533ac57ed1ab7cf227f5a85b014e0f4d931ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:39:f8:a4:67:8c:b2:79:cc:d6:60:72:7a:9c:
                    4e:c1:f4:c1:07:a9:b9:03:67:74:0b:a7:12:25:4c:
                    03:73:cf:93:b9:26:78:1e:08:2b:c4:93:7a:4b:80:
                    47:7f:b2:ff:73:89:ad:97:00:5d:0c:3b:89:2f:ba:
                    e1:e2:11:a9:4f:ff:b8:18:d6:4d:2f:7f:42:be:aa:
                    54:fd:c9:d5:5d:91:0b:f0:13:42:58:fe:c0:2a:e7:
                    b5:fe:8c:1a:20:49:b7:77:55:a1:6d:da:3e:26:d7:
                    d0:7d:de:08:bb:f7:a5:19:39:19:11:a9:57:35:a4:
                    9e:75:0a:a2:20:df:80:2c:99:88:8b:a0:21:45:7b:
                    30:89:77:7d:86:0d:55:80:ee:f8:18:4c:c4:c2:e6:
                    b1:1f:99:10:46:df:db:6f:7c:17:3c:18:3e:ea:ec:
                    a7:04:35:ec:1a:f6:b4:e3:6f:b7:ab:e7:05:2d:a8:
                    28:f9:d0:1c:99:17:2b:60:be:cd:76:57:f0:9b:f1:
                    04:04:6b:76:69:9c:64:d2:51:1c:2f:d2:cb:b4:12:
                    8f:20:3b:5d:97:cf:0b:bb:1f:0b:c3:f9:f0:f0:21:
                    37:f5:60:0d:74:bf:8c:98:11:78:ab:52:c0:ef:c8:
                    10:e2:01:4e:3f:72:3e:ad:48:42:22:81:07:fa:a6:
                    5a:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:95:33:AC:57:ED:1A:B7:CF:22:7F:5A:85:B0:14:E0:F4:D9:31:EA
            X509v3 Authority Key Identifier:
                keyid:90:6D:4F:BF:6D:DC:6F:5C:B7:45:A6:8C:C6:81:8A:94:2E:AE:E2:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kG1Pv23cb1y3RaaMxoGKlC6u4g4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/30c84e-e0b0-491c-971b-f1d4629ccd77/1/cpUzrFftGrfPIn9ahbAU4PTZMeo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/30c84e-e0b0-491c-971b-f1d4629ccd77/1/kG1Pv23cb1y3RaaMxoGKlC6u4g4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:c1:db:0d:3e:d1:77:86:e0:af:38:0b:f6:f2:13:41:b4:93:
         a4:2a:6c:59:5a:62:41:14:3a:c4:5a:0f:2d:8f:45:c5:51:3f:
         a9:4b:75:bc:66:11:11:8a:be:0b:dd:bc:98:51:23:58:ec:2e:
         84:b4:8c:f8:9e:a0:b4:62:6c:b4:93:98:07:bf:92:f4:ca:b1:
         4c:7f:b0:94:9f:4d:b9:16:71:71:f0:c6:ea:c3:de:30:e3:38:
         8f:65:41:78:bf:78:c2:34:c0:32:fe:73:c9:c2:23:18:a7:8f:
         1a:7b:47:b9:a7:4a:38:82:ac:cf:58:c9:24:79:b7:3b:dc:d9:
         14:3b:4e:c6:69:b9:da:30:bd:87:0b:24:74:f6:2a:3c:98:43:
         c9:c3:b7:5c:80:25:92:71:00:77:7e:3f:35:d7:81:33:c5:9a:
         bf:4c:e2:4f:8f:15:e8:80:ed:99:83:06:9a:32:67:b2:8d:35:
         9e:16:85:85:df:2d:5e:d7:18:fc:cf:88:d8:bd:4f:9f:b6:55:
         b5:bf:c7:e0:8d:3b:b7:3e:04:1e:16:a6:d5:54:cf:7e:b2:32:
         42:7b:aa:e6:53:78:ca:b3:34:a4:0a:e6:43:61:6b:02:bf:25:
         78:44:b3:8e:c0:93:9f:da:6b:d6:b1:00:80:97:2a:96:db:13:
         90:89:b8:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKlVjKGQ/A/vVOfyK9p+uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwNmQ0ZmJmNmRkYzZmNWNiNzQ1YTY4Y2M2ODE4YTk0MmVh
ZWUyMGUwHhcNMjQwMTAyMTIzMzQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Mjk1MzNhYzU3ZWQxYWI3Y2YyMjdmNWE4NWIwMTRlMGY0ZDkzMWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgzn4pGeMsnnM1mByepxOwfTBB6m5
A2d0C6cSJUwDc8+TuSZ4HggrxJN6S4BHf7L/c4mtlwBdDDuJL7rh4hGpT/+4GNZN
L39CvqpU/cnVXZEL8BNCWP7AKue1/owaIEm3d1Whbdo+JtfQfd4Iu/elGTkZEalX
NaSedQqiIN+ALJmIi6AhRXswiXd9hg1VgO74GEzEwuaxH5kQRt/bb3wXPBg+6uyn
BDXsGva042+3q+cFLago+dAcmRcrYL7Ndlfwm/EEBGt2aZxk0lEcL9LLtBKPIDtd
l88Lux8Lw/nw8CE39WANdL+MmBF4q1LA78gQ4gFOP3I+rUhCIoEH+qZaDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHKVM6xX7Rq3zyJ/WoWwFOD02THqMB8GA1UdIwQY
MBaAFJBtT79t3G9ct0WmjMaBipQuruIOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0cxUHYyM2NiMXkzUmFhTXhvR0tsQzZ1NGc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS8zMGM4NGUtZTBiMC00OTFjLTk3MWIt
ZjFkNDYyOWNjZDc3LzEvY3BVenJGZnRHcmZQSW45YWhiQVU0UFRaTWVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS8zMGM4NGUtZTBiMC00OTFjLTk3MWItZjFkNDYyOWNjZDc3
LzEva0cxUHYyM2NiMXkzUmFhTXhvR0tsQzZ1NGc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9WtMA0G
CSqGSIb3DQEBCwUAA4IBAQA1wdsNPtF3huCvOAv28hNBtJOkKmxZWmJBFDrEWg8t
j0XFUT+pS3W8ZhERir4L3byYUSNY7C6EtIz4nqC0Ymy0k5gHv5L0yrFMf7CUn025
FnFx8Mbqw94w4ziPZUF4v3jCNMAy/nPJwiMYp48ae0e5p0o4gqzPWMkkebc73NkU
O07GabnaML2HCyR09io8mEPJw7dcgCWScQB3fj8114EzxZq/TOJPjxXogO2Zgwaa
MmeyjTWeFoWF3y1e1xj8z4jYvU+ftlW1v8fgjTu3PgQeFqbVVM9+sjJCe6rmU3jK
szSkCuZDYWsCvyV4RLOOwJOf2mvWsQCAlyqW2xOQibhE
-----END CERTIFICATE-----