Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/80c4c0-c729-418e-80af-2299a67e6001/1/KzxZqybvsz4qWRvLNMoGl_b-dg0.roa
File:                     KzxZqybvsz4qWRvLNMoGl_b-dg0.roa (raw, json)
Hash identifier:          waO3ZFTQ9Kiow9t+yCx6WlAToF1IQKM9UgVqX7Ju9ms=
Subject key identifier:   2B:3C:59:AB:26:EF:B3:3E:2A:59:1B:CB:34:CA:06:97:F6:FE:76:0D
Certificate issuer:       /CN=896f35c5e0321acd02167def8807f0bb6f71c28d
Certificate serial:       019421445C0338A0BB229A3974829147FD7B
Authority key identifier: 89:6F:35:C5:E0:32:1A:CD:02:16:7D:EF:88:07:F0:BB:6F:71:C2:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iW81xeAyGs0CFn3viAfwu29xwo0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/80c4c0-c729-418e-80af-2299a67e6001/1/KzxZqybvsz4qWRvLNMoGl_b-dg0.roa
Signing time:             Wed 01 Jan 2025 09:48:35 +0000
ROA not before:           Wed 01 Jan 2025 09:48:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56439
IP address blocks:        91.223.152.0/24 maxlen: 24
                          2001:678:564::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/80c4c0-c729-418e-80af-2299a67e6001/1/iW81xeAyGs0CFn3viAfwu29xwo0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/80c4c0-c729-418e-80af-2299a67e6001/1/iW81xeAyGs0CFn3viAfwu29xwo0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iW81xeAyGs0CFn3viAfwu29xwo0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:5c:03:38:a0:bb:22:9a:39:74:82:91:47:fd:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=896f35c5e0321acd02167def8807f0bb6f71c28d
        Validity
            Not Before: Jan  1 09:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2b3c59ab26efb33e2a591bcb34ca0697f6fe760d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:76:8d:25:3e:6c:9d:22:7f:1f:94:30:25:c8:
                    ed:3a:64:a3:3c:2f:7c:1b:ef:8e:e2:fd:bf:1d:93:
                    62:9b:a2:8d:e8:da:a1:df:e6:7c:4f:b4:0b:9c:25:
                    70:e7:81:bc:d3:38:a6:ff:df:40:13:13:cf:4a:d3:
                    0b:a8:e4:ae:38:4c:ce:83:5c:48:3b:6a:8e:ad:e4:
                    c7:44:02:2e:36:0e:9a:30:7d:13:bd:54:17:ad:e3:
                    3d:8f:5f:be:82:a1:56:13:5d:35:67:05:46:7e:c8:
                    0e:86:70:52:ea:c4:11:c4:c2:05:59:ec:d2:66:e8:
                    a2:e3:36:f7:9f:fc:b5:d5:e7:af:67:77:04:a6:d4:
                    4f:c3:41:8d:18:fa:eb:93:7e:3f:52:13:90:96:93:
                    a0:ec:a2:fb:05:d5:72:e3:19:57:85:b2:86:6c:4b:
                    ac:16:8a:c1:07:26:9b:8d:83:0c:39:04:c8:ff:49:
                    c3:ad:66:a1:c0:37:b9:2a:00:7d:73:a6:c6:07:e3:
                    0e:7f:05:c4:1a:b1:b1:ae:d9:ca:79:fc:c4:e7:bb:
                    6b:56:07:0f:0f:1c:39:5a:3c:3c:83:d8:49:2c:86:
                    c8:9b:96:58:b5:fc:6a:92:a8:aa:85:6e:90:a4:ec:
                    01:48:50:1d:06:9f:49:e9:e0:7e:e0:ec:d2:16:68:
                    30:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:3C:59:AB:26:EF:B3:3E:2A:59:1B:CB:34:CA:06:97:F6:FE:76:0D
            X509v3 Authority Key Identifier:
                keyid:89:6F:35:C5:E0:32:1A:CD:02:16:7D:EF:88:07:F0:BB:6F:71:C2:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iW81xeAyGs0CFn3viAfwu29xwo0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/80c4c0-c729-418e-80af-2299a67e6001/1/KzxZqybvsz4qWRvLNMoGl_b-dg0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/80c4c0-c729-418e-80af-2299a67e6001/1/iW81xeAyGs0CFn3viAfwu29xwo0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.152.0/24
                IPv6:
                  2001:678:564::/48

    Signature Algorithm: sha256WithRSAEncryption
         24:ce:1b:55:8d:d7:e3:ae:4a:f3:da:db:a2:04:3b:e6:24:02:
         36:8a:99:66:e4:9d:c9:f0:1f:38:bf:15:6b:62:61:a6:bc:2a:
         ab:b8:6f:ed:d3:5c:a5:ae:cd:98:3f:92:01:22:eb:43:e5:34:
         fe:c7:77:bb:11:7a:84:f6:ed:a9:29:31:d1:81:d6:e1:3e:0d:
         70:19:72:14:67:46:36:b5:dc:32:10:3a:d5:31:45:1d:42:50:
         42:76:8e:e2:f1:e8:df:13:57:a4:13:40:16:f5:a7:e4:ed:05:
         80:d2:6c:33:fd:d8:48:aa:5e:bc:ec:ce:f6:70:af:ed:14:6e:
         d5:53:ea:de:0d:85:e2:a9:02:fc:6f:23:16:bc:29:bb:c8:64:
         cc:18:8a:f5:e8:83:75:d0:be:63:18:2b:ef:b6:5f:36:2b:db:
         d4:ba:c4:ce:8c:6b:ca:67:18:73:fe:bf:14:ec:61:e7:e3:d5:
         9f:40:50:26:8e:0c:34:94:3f:1f:f2:b6:cb:7c:20:2e:a9:0c:
         22:38:d1:16:f6:3e:d8:a7:7e:3f:c8:b7:db:13:e4:4c:51:b4:
         00:47:44:68:41:54:82:7e:1e:33:95:58:dc:bb:8f:92:08:67:
         cc:4a:27:af:59:3c:a9:3e:d1:ae:7b:a0:89:1a:ec:57:57:33:
         f3:ac:2e:9d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQhRFwDOKC7Ipo5dIKRR/17MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NmYzNWM1ZTAzMjFhY2QwMjE2N2RlZjg4MDdmMGJiNmY3
MWMyOGQwHhcNMjUwMTAxMDk0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjNjNTlhYjI2ZWZiMzNlMmE1OTFiY2IzNGNhMDY5N2Y2ZmU3NjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAknaNJT5snSJ/H5QwJcjtOmSjPC98
G++O4v2/HZNim6KN6Nqh3+Z8T7QLnCVw54G80zim/99AExPPStMLqOSuOEzOg1xI
O2qOreTHRAIuNg6aMH0TvVQXreM9j1++gqFWE101ZwVGfsgOhnBS6sQRxMIFWezS
Zuii4zb3n/y11eevZ3cEptRPw0GNGPrrk34/UhOQlpOg7KL7BdVy4xlXhbKGbEus
ForBByabjYMMOQTI/0nDrWahwDe5KgB9c6bGB+MOfwXEGrGxrtnKefzE57trVgcP
Dxw5Wjw8g9hJLIbIm5ZYtfxqkqiqhW6QpOwBSFAdBp9J6eB+4OzSFmgwGwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCs8Wasm77M+KlkbyzTKBpf2/nYNMB8GA1UdIwQY
MBaAFIlvNcXgMhrNAhZ974gH8LtvccKNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVc4MXhlQXlHczBDRm4zdmlBZnd1Mjl4d28wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC84MGM0YzAtYzcyOS00MThlLTgwYWYt
MjI5OWE2N2U2MDAxLzEvS3p4WnF5YnZzejRxV1J2TE5Nb0dsX2ItZGcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC84MGM0YzAtYzcyOS00MThlLTgwYWYtMjI5OWE2N2U2MDAx
LzEvaVc4MXhlQXlHczBDRm4zdmlBZnd1Mjl4d28wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW9+YMA8E
AgACMAkDBwAgAQZ4BWQwDQYJKoZIhvcNAQELBQADggEBACTOG1WN1+OuSvPa26IE
O+YkAjaKmWbkncnwHzi/FWtiYaa8Kqu4b+3TXKWuzZg/kgEi60PlNP7Hd7sReoT2
7akpMdGB1uE+DXAZchRnRja13DIQOtUxRR1CUEJ2juLx6N8TV6QTQBb1p+TtBYDS
bDP92EiqXrzszvZwr+0UbtVT6t4NheKpAvxvIxa8KbvIZMwYivXog3XQvmMYK++2
XzYr29S6xM6Ma8pnGHP+vxTsYefj1Z9AUCaODDSUPx/ytst8IC6pDCI40Rb2Ptin
fj/It9sT5ExRtABHRGhBVIJ+HjOVWNy7j5IIZ8xKJ69ZPKk+0a57oIka7FdXM/Os
Lp0=
-----END CERTIFICATE-----