Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/b96cee-9009-458b-aa60-b33a4097bcb0/1/c59Cxep28dJIRCtob6F0hWTvxZI.roa
File:                     c59Cxep28dJIRCtob6F0hWTvxZI.roa (raw, json)
Hash identifier:          S7uVXCIxxTLH63eUDs9amCjCDZ+rQJslJUtWCHto2cE=
Subject key identifier:   73:9F:42:C5:EA:76:F1:D2:48:44:2B:68:6F:A1:74:85:64:EF:C5:92
Certificate issuer:       /CN=728627f95026514b42654058f49eeb9b7c48f020
Certificate serial:       01925122A8D9237FA16E77183438490BE551
Authority key identifier: 72:86:27:F9:50:26:51:4B:42:65:40:58:F4:9E:EB:9B:7C:48:F0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/coYn-VAmUUtCZUBY9J7rm3xI8CA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/b96cee-9009-458b-aa60-b33a4097bcb0/1/c59Cxep28dJIRCtob6F0hWTvxZI.roa
Signing time:             Thu 03 Oct 2024 06:47:58 +0000
ROA not before:           Thu 03 Oct 2024 06:47:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42525
IP address blocks:        91.240.189.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/b96cee-9009-458b-aa60-b33a4097bcb0/1/coYn-VAmUUtCZUBY9J7rm3xI8CA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/b96cee-9009-458b-aa60-b33a4097bcb0/1/coYn-VAmUUtCZUBY9J7rm3xI8CA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/coYn-VAmUUtCZUBY9J7rm3xI8CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:51:22:a8:d9:23:7f:a1:6e:77:18:34:38:49:0b:e5:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=728627f95026514b42654058f49eeb9b7c48f020
        Validity
            Not Before: Oct  3 06:47:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=739f42c5ea76f1d248442b686fa1748564efc592
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:6a:d5:1d:5b:af:c5:12:5d:33:1c:f3:ad:bf:
                    91:61:5a:1e:e9:c8:5c:91:84:09:91:c9:4c:4b:4d:
                    01:09:9a:ed:c2:3d:6d:7f:d9:18:59:57:fb:d2:30:
                    77:8f:5e:08:8c:a5:7c:13:db:61:ce:8a:26:5b:64:
                    a8:9f:f6:49:57:d0:d9:30:74:9d:5c:ea:2a:d1:25:
                    89:ba:97:3a:c9:76:f2:cb:ca:f2:39:48:79:5f:49:
                    98:57:cc:02:de:03:5f:37:d5:83:5c:6c:31:de:94:
                    a4:8a:61:1e:ea:ad:52:81:e5:58:1d:48:b0:9d:6b:
                    98:9c:be:12:eb:9e:13:ee:ad:d5:c0:ac:71:ca:bc:
                    3f:e3:58:7c:6d:81:b6:48:3d:44:3e:85:60:96:5f:
                    80:26:29:ac:7e:35:89:27:5e:0a:08:f4:e3:63:ab:
                    0e:c1:fa:3d:16:6f:25:08:21:41:8d:eb:ec:ce:ac:
                    13:be:f1:9a:61:92:15:1b:6c:78:49:5f:4c:37:62:
                    77:68:ee:fa:59:b2:85:fe:12:1a:a9:ba:ac:f2:dd:
                    ba:60:82:d7:ed:b5:67:7b:4b:a9:86:2f:f4:98:ba:
                    7d:ba:18:a5:59:31:ca:65:9a:c4:44:79:eb:1f:14:
                    17:07:44:e8:35:80:2b:f7:4b:6e:e6:71:2b:91:c0:
                    03:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:9F:42:C5:EA:76:F1:D2:48:44:2B:68:6F:A1:74:85:64:EF:C5:92
            X509v3 Authority Key Identifier:
                keyid:72:86:27:F9:50:26:51:4B:42:65:40:58:F4:9E:EB:9B:7C:48:F0:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/coYn-VAmUUtCZUBY9J7rm3xI8CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/b96cee-9009-458b-aa60-b33a4097bcb0/1/c59Cxep28dJIRCtob6F0hWTvxZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/b96cee-9009-458b-aa60-b33a4097bcb0/1/coYn-VAmUUtCZUBY9J7rm3xI8CA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:15:cf:af:18:56:0d:8f:a9:4c:dc:4e:28:80:99:70:d3:8d:
         65:19:bb:fd:49:cd:43:94:05:65:3e:c1:58:40:7d:a4:79:f6:
         e6:88:28:c3:b2:ee:2c:13:23:5f:53:46:87:7c:58:24:15:b2:
         50:8a:a1:db:4a:d4:dc:85:8c:f6:16:7b:a0:84:f4:ee:0e:a8:
         30:94:54:3a:dd:7b:78:75:58:c9:54:ec:e6:66:43:55:77:f4:
         80:92:c6:b8:8e:13:d6:f6:54:bc:78:82:a4:dd:93:3d:a8:4d:
         dd:62:ae:a8:69:4b:8f:c5:d4:88:f4:71:5b:3f:a1:52:27:c8:
         44:e3:a2:70:7f:d6:0a:df:a1:4d:f3:65:5a:7d:96:77:38:c5:
         f5:ce:72:25:8d:c2:fd:eb:27:35:11:0f:a5:e0:fb:8b:3f:6c:
         f1:01:ee:94:60:2a:1f:40:f0:21:8c:54:ae:dd:7f:71:ad:6f:
         2a:e3:c9:f8:8d:60:e2:4e:19:f0:30:fc:d7:e7:f6:b0:87:f1:
         aa:2c:db:21:29:da:8d:b0:87:be:14:95:a7:59:ad:03:6c:92:
         6c:b6:f8:67:29:50:f6:ae:f5:ef:90:f5:a0:4a:97:d2:73:dc:
         1a:c5:b3:13:ab:89:9c:83:2b:07:f5:fe:47:99:72:0e:b6:1c:
         3d:d1:00:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJRIqjZI3+hbncYNDhJC+VRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyODYyN2Y5NTAyNjUxNGI0MjY1NDA1OGY0OWVlYjliN2M0
OGYwMjAwHhcNMjQxMDAzMDY0NzU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzlmNDJjNWVhNzZmMWQyNDg0NDJiNjg2ZmExNzQ4NTY0ZWZjNTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7WrVHVuvxRJdMxzzrb+RYVoe6chc
kYQJkclMS00BCZrtwj1tf9kYWVf70jB3j14IjKV8E9thzoomW2Son/ZJV9DZMHSd
XOoq0SWJupc6yXbyy8ryOUh5X0mYV8wC3gNfN9WDXGwx3pSkimEe6q1SgeVYHUiw
nWuYnL4S654T7q3VwKxxyrw/41h8bYG2SD1EPoVgll+AJimsfjWJJ14KCPTjY6sO
wfo9Fm8lCCFBjevszqwTvvGaYZIVG2x4SV9MN2J3aO76WbKF/hIaqbqs8t26YILX
7bVne0uphi/0mLp9uhilWTHKZZrERHnrHxQXB0ToNYAr90tu5nErkcADLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHOfQsXqdvHSSEQraG+hdIVk78WSMB8GA1UdIwQY
MBaAFHKGJ/lQJlFLQmVAWPSe65t8SPAgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY29Zbi1WQW1VVXRDWlVCWTlKN3JtM3hJOENBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9iOTZjZWUtOTAwOS00NThiLWFhNjAt
YjMzYTQwOTdiY2IwLzEvYzU5Q3hlcDI4ZEpJUkN0b2I2RjBoV1R2eFpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9iOTZjZWUtOTAwOS00NThiLWFhNjAtYjMzYTQwOTdiY2Iw
LzEvY29Zbi1WQW1VVXRDWlVCWTlKN3JtM3hJOENBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/C9MA0G
CSqGSIb3DQEBCwUAA4IBAQCbFc+vGFYNj6lM3E4ogJlw041lGbv9Sc1DlAVlPsFY
QH2kefbmiCjDsu4sEyNfU0aHfFgkFbJQiqHbStTchYz2FnughPTuDqgwlFQ63Xt4
dVjJVOzmZkNVd/SAksa4jhPW9lS8eIKk3ZM9qE3dYq6oaUuPxdSI9HFbP6FSJ8hE
46Jwf9YK36FN82VafZZ3OMX1znIljcL96yc1EQ+l4PuLP2zxAe6UYCofQPAhjFSu
3X9xrW8q48n4jWDiThnwMPzX5/awh/GqLNshKdqNsIe+FJWnWa0DbJJstvhnKVD2
rvXvkPWgSpfSc9waxbMTq4mcgysH9f5HmXIOthw90QD7
-----END CERTIFICATE-----