Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/440217-c5af-44ac-95d3-adfc72ef0dfa/1/2uGK-ZWUDnP8-IMcXvtBDG8c8xg.roa
File:                     2uGK-ZWUDnP8-IMcXvtBDG8c8xg.roa (raw, json)
Hash identifier:          0fNBYFHxIt2OiTlukEkBINVkYWjaD5CL1nrorml4Va4=
Subject key identifier:   DA:E1:8A:F9:95:94:0E:73:FC:F8:83:1C:5E:FB:41:0C:6F:1C:F3:18
Certificate issuer:       /CN=0c5cf70730512aefa70307662cf59288e8cd264c
Certificate serial:       0192AEB3E0A2C4F0B0035419248D1D6F2969
Authority key identifier: 0C:5C:F7:07:30:51:2A:EF:A7:03:07:66:2C:F5:92:88:E8:CD:26:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DFz3BzBRKu-nAwdmLPWSiOjNJkw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/440217-c5af-44ac-95d3-adfc72ef0dfa/1/2uGK-ZWUDnP8-IMcXvtBDG8c8xg.roa
Signing time:             Mon 21 Oct 2024 10:51:16 +0000
ROA not before:           Mon 21 Oct 2024 10:51:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209242
IP address blocks:        91.209.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/440217-c5af-44ac-95d3-adfc72ef0dfa/1/DFz3BzBRKu-nAwdmLPWSiOjNJkw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/440217-c5af-44ac-95d3-adfc72ef0dfa/1/DFz3BzBRKu-nAwdmLPWSiOjNJkw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DFz3BzBRKu-nAwdmLPWSiOjNJkw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:ae:b3:e0:a2:c4:f0:b0:03:54:19:24:8d:1d:6f:29:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c5cf70730512aefa70307662cf59288e8cd264c
        Validity
            Not Before: Oct 21 10:51:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dae18af995940e73fcf8831c5efb410c6f1cf318
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:de:da:4b:e3:2d:45:a9:ac:fd:6b:26:00:80:
                    d9:d7:89:f5:1e:40:67:43:2b:17:a3:b3:98:5b:0c:
                    c0:07:2d:5c:45:61:ae:d6:c9:c4:aa:65:51:78:4f:
                    38:8c:c0:37:13:71:fd:4e:06:6a:79:61:52:d4:ac:
                    b8:c1:a6:dc:6d:65:f7:10:fb:30:9d:6a:89:94:65:
                    39:0b:92:a0:f9:8b:29:4e:eb:79:ef:6e:c2:f5:44:
                    7a:e6:c7:6e:c9:4f:54:50:22:b3:70:45:b7:1e:5d:
                    18:e7:1c:72:d3:95:8c:07:84:78:57:29:38:93:b4:
                    d1:22:e6:43:23:6f:cd:81:39:07:14:c4:38:d5:bb:
                    e9:50:49:0d:6f:77:49:dc:af:80:c8:13:8c:25:a8:
                    95:7c:84:26:38:a7:fa:38:cb:0a:9b:7e:80:24:53:
                    8a:40:12:d0:e4:b8:20:42:9b:be:5b:5d:ea:64:78:
                    40:a2:4b:50:c1:e8:cc:da:b0:a3:71:de:87:e4:f9:
                    fb:03:b1:73:bd:f0:60:69:d2:3f:0e:07:23:3f:4d:
                    31:73:68:30:2c:df:2a:3a:1f:a0:65:28:30:3b:b9:
                    d4:58:c0:dc:cd:e3:2d:81:bf:c5:aa:92:17:e6:13:
                    43:6c:53:ab:c1:78:f7:68:36:2a:a0:02:7e:32:c3:
                    99:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:E1:8A:F9:95:94:0E:73:FC:F8:83:1C:5E:FB:41:0C:6F:1C:F3:18
            X509v3 Authority Key Identifier:
                keyid:0C:5C:F7:07:30:51:2A:EF:A7:03:07:66:2C:F5:92:88:E8:CD:26:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DFz3BzBRKu-nAwdmLPWSiOjNJkw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/440217-c5af-44ac-95d3-adfc72ef0dfa/1/2uGK-ZWUDnP8-IMcXvtBDG8c8xg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/440217-c5af-44ac-95d3-adfc72ef0dfa/1/DFz3BzBRKu-nAwdmLPWSiOjNJkw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:b6:b3:bc:23:e6:56:cd:52:8e:f0:46:5e:85:1d:e9:da:ab:
         b1:7b:65:fa:74:09:7b:fc:92:c1:2b:55:2c:eb:30:8e:e9:74:
         49:0f:58:09:b1:0f:2a:62:2c:0b:0f:40:9b:3c:bf:09:af:bd:
         c9:c3:1d:42:2d:91:2d:8f:01:3f:13:6f:2a:1c:0e:9b:ee:30:
         50:f6:26:80:a4:6c:26:9b:3a:27:92:05:3e:35:2a:81:c7:9e:
         6a:51:bd:91:b4:19:4f:07:0d:ec:64:77:40:89:23:4a:08:ee:
         33:22:77:e5:e9:b9:98:83:97:8b:27:b3:81:57:00:67:97:5c:
         29:eb:d4:b0:ab:12:ee:22:7c:14:60:b1:4d:b1:eb:f5:79:4e:
         35:62:44:dd:39:6b:76:b7:89:53:e8:8a:3f:a0:63:b4:17:32:
         26:bf:a4:70:a9:c7:c7:77:46:10:d8:68:8c:5f:67:76:2d:34:
         e2:1e:9c:61:3b:f3:6d:51:7f:f6:87:60:29:06:eb:63:86:f6:
         5c:b5:f0:d5:c6:e1:79:af:56:d9:d4:af:fd:21:82:f4:73:54:
         fc:e0:27:18:83:9f:95:23:84:51:a4:54:4d:79:df:44:ef:e1:
         70:74:a5:15:df:33:06:e4:05:02:bd:db:7d:67:34:42:70:3c:
         d6:d8:47:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKus+CixPCwA1QZJI0dbylpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjNWNmNzA3MzA1MTJhZWZhNzAzMDc2NjJjZjU5Mjg4ZThj
ZDI2NGMwHhcNMjQxMDIxMTA1MTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWUxOGFmOTk1OTQwZTczZmNmODgzMWM1ZWZiNDEwYzZmMWNmMzE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnN7aS+MtRams/WsmAIDZ14n1HkBn
QysXo7OYWwzABy1cRWGu1snEqmVReE84jMA3E3H9TgZqeWFS1Ky4wabcbWX3EPsw
nWqJlGU5C5Kg+YspTut5727C9UR65sduyU9UUCKzcEW3Hl0Y5xxy05WMB4R4Vyk4
k7TRIuZDI2/NgTkHFMQ41bvpUEkNb3dJ3K+AyBOMJaiVfIQmOKf6OMsKm36AJFOK
QBLQ5LggQpu+W13qZHhAoktQwejM2rCjcd6H5Pn7A7FzvfBgadI/DgcjP00xc2gw
LN8qOh+gZSgwO7nUWMDczeMtgb/FqpIX5hNDbFOrwXj3aDYqoAJ+MsOZFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNrhivmVlA5z/PiDHF77QQxvHPMYMB8GA1UdIwQY
MBaAFAxc9wcwUSrvpwMHZiz1kojozSZMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREZ6M0J6QlJLdS1uQXdkbUxQV1NpT2pOSmt3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi80NDAyMTctYzVhZi00NGFjLTk1ZDMt
YWRmYzcyZWYwZGZhLzEvMnVHSy1aV1VEblA4LUlNY1h2dEJERzhjOHhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi80NDAyMTctYzVhZi00NGFjLTk1ZDMtYWRmYzcyZWYwZGZh
LzEvREZ6M0J6QlJLdS1uQXdkbUxQV1NpT2pOSmt3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9H9MA0G
CSqGSIb3DQEBCwUAA4IBAQCFtrO8I+ZWzVKO8EZehR3p2quxe2X6dAl7/JLBK1Us
6zCO6XRJD1gJsQ8qYiwLD0CbPL8Jr73Jwx1CLZEtjwE/E28qHA6b7jBQ9iaApGwm
mzonkgU+NSqBx55qUb2RtBlPBw3sZHdAiSNKCO4zInfl6bmYg5eLJ7OBVwBnl1wp
69SwqxLuInwUYLFNsev1eU41YkTdOWt2t4lT6Io/oGO0FzImv6RwqcfHd0YQ2GiM
X2d2LTTiHpxhO/NtUX/2h2ApButjhvZctfDVxuF5r1bZ1K/9IYL0c1T84CcYg5+V
I4RRpFRNed9E7+FwdKUV3zMG5AUCvdt9ZzRCcDzW2EcG
-----END CERTIFICATE-----