Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/dc8c02-4f6d-49f6-882c-136905e2c7c5/1/z4ec-dKrRrWzF_j744kk8vJe2CU.roa
File:                     z4ec-dKrRrWzF_j744kk8vJe2CU.roa (raw, json)
Hash identifier:          yzIajNr6fBdJtYNrAInkNoCcdl1WLFvt4nON8n56e/Y=
Subject key identifier:   CF:87:9C:F9:D2:AB:46:B5:B3:17:F8:FB:E3:89:24:F2:F2:5E:D8:25
Certificate issuer:       /CN=88f7b0dd9ffca2f85734c537cbef5ccd1199e5bc
Certificate serial:       018F4F47D31213691DC0A1FB5C0703E3ED23
Authority key identifier: 88:F7:B0:DD:9F:FC:A2:F8:57:34:C5:37:CB:EF:5C:CD:11:99:E5:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iPew3Z_8ovhXNMU3y-9czRGZ5bw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/dc8c02-4f6d-49f6-882c-136905e2c7c5/1/z4ec-dKrRrWzF_j744kk8vJe2CU.roa
Signing time:             Mon 06 May 2024 19:00:58 +0000
ROA not before:           Mon 06 May 2024 19:00:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197680
IP address blocks:        91.213.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/dc8c02-4f6d-49f6-882c-136905e2c7c5/1/iPew3Z_8ovhXNMU3y-9czRGZ5bw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/dc8c02-4f6d-49f6-882c-136905e2c7c5/1/iPew3Z_8ovhXNMU3y-9czRGZ5bw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iPew3Z_8ovhXNMU3y-9czRGZ5bw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:4f:47:d3:12:13:69:1d:c0:a1:fb:5c:07:03:e3:ed:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88f7b0dd9ffca2f85734c537cbef5ccd1199e5bc
        Validity
            Not Before: May  6 19:00:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf879cf9d2ab46b5b317f8fbe38924f2f25ed825
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:96:a7:ec:d7:bb:e0:85:fa:37:c7:d2:d1:a5:
                    af:4a:96:ef:0b:54:87:9c:9c:d5:af:7b:64:2c:c1:
                    9b:be:06:7b:a2:a1:07:de:ee:e9:32:bb:ab:6f:db:
                    4e:8f:3f:6b:69:d9:ac:3d:9f:e2:34:d3:ed:e2:7e:
                    83:6f:8e:98:64:34:7e:48:45:ee:84:c9:e5:bc:3b:
                    4e:50:40:49:cd:0c:dd:a8:6d:f7:54:ce:ca:f9:a6:
                    fb:6c:9a:ca:2b:e8:40:c3:16:8d:fe:96:45:8c:dc:
                    fd:9c:c1:08:8c:42:3a:50:21:13:99:09:40:55:e2:
                    14:af:4b:38:16:02:f4:af:e7:c1:dd:a4:fc:c6:d0:
                    7d:09:b9:15:d6:8d:8c:e8:33:06:30:2a:2b:69:ec:
                    e2:40:f4:49:5d:bf:4a:be:5d:d2:6e:c2:4d:66:d3:
                    54:14:b2:62:2f:df:8c:70:0b:fa:ae:7b:08:94:0f:
                    62:f4:21:13:d8:5b:c6:38:46:f0:49:63:ab:5a:4f:
                    53:ed:d3:5f:c1:7f:ab:92:0d:bb:e0:a9:fd:18:e6:
                    c0:5a:12:08:78:c7:03:7a:e4:ed:9f:8c:21:44:19:
                    a0:6c:41:3f:88:03:c7:45:f0:18:f2:c5:27:24:d4:
                    09:f4:91:8d:ad:35:4b:c6:25:48:f2:4d:6d:1c:ed:
                    36:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:87:9C:F9:D2:AB:46:B5:B3:17:F8:FB:E3:89:24:F2:F2:5E:D8:25
            X509v3 Authority Key Identifier:
                keyid:88:F7:B0:DD:9F:FC:A2:F8:57:34:C5:37:CB:EF:5C:CD:11:99:E5:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iPew3Z_8ovhXNMU3y-9czRGZ5bw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/dc8c02-4f6d-49f6-882c-136905e2c7c5/1/z4ec-dKrRrWzF_j744kk8vJe2CU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/dc8c02-4f6d-49f6-882c-136905e2c7c5/1/iPew3Z_8ovhXNMU3y-9czRGZ5bw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:9d:02:03:c8:79:7f:19:61:cf:fd:fd:6f:52:bd:76:d5:cb:
         45:f9:c9:95:4b:09:99:26:05:70:88:5c:00:3e:16:bb:42:fd:
         ed:d0:30:95:75:29:88:80:62:e4:d3:0b:87:39:25:91:3f:55:
         5d:59:32:82:6c:a5:9b:68:7f:44:d6:7d:ef:4f:86:dd:cb:7c:
         99:f9:e4:b1:2b:b0:a3:aa:96:5b:c2:2b:53:19:cb:5b:53:d0:
         8e:c4:1d:3c:1f:e5:b4:c0:5f:70:a1:d0:4e:5d:5e:78:a6:8d:
         50:79:26:f7:58:5c:28:a2:ee:d1:f3:9b:85:13:05:0d:da:83:
         f7:e1:d9:0d:4e:9e:20:a5:ac:a5:2a:33:b5:28:2d:92:ae:21:
         12:41:32:14:49:31:90:10:57:2c:80:b7:95:7f:e6:71:3e:2f:
         15:cf:14:b1:ce:be:46:90:f3:aa:6a:06:98:f9:8a:0b:6f:50:
         ee:69:6b:22:4f:41:35:c8:ed:75:b5:bd:21:34:86:d9:3b:58:
         40:e4:e5:35:4d:39:57:38:2a:be:4c:06:df:60:1e:38:fc:74:
         a0:6b:a4:11:20:ef:1d:f1:05:17:c6:77:6d:05:27:99:f2:af:
         a3:96:dd:b1:a9:50:52:78:e8:f6:fb:eb:c1:31:ae:bd:3a:a4:
         91:e4:53:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9PR9MSE2kdwKH7XAcD4+0jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4ZjdiMGRkOWZmY2EyZjg1NzM0YzUzN2NiZWY1Y2NkMTE5
OWU1YmMwHhcNMjQwNTA2MTkwMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjg3OWNmOWQyYWI0NmI1YjMxN2Y4ZmJlMzg5MjRmMmYyNWVkODI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJan7Ne74IX6N8fS0aWvSpbvC1SH
nJzVr3tkLMGbvgZ7oqEH3u7pMrurb9tOjz9radmsPZ/iNNPt4n6Db46YZDR+SEXu
hMnlvDtOUEBJzQzdqG33VM7K+ab7bJrKK+hAwxaN/pZFjNz9nMEIjEI6UCETmQlA
VeIUr0s4FgL0r+fB3aT8xtB9CbkV1o2M6DMGMCoraeziQPRJXb9Kvl3SbsJNZtNU
FLJiL9+McAv6rnsIlA9i9CET2FvGOEbwSWOrWk9T7dNfwX+rkg274Kn9GObAWhII
eMcDeuTtn4whRBmgbEE/iAPHRfAY8sUnJNQJ9JGNrTVLxiVI8k1tHO02OQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM+HnPnSq0a1sxf4++OJJPLyXtglMB8GA1UdIwQY
MBaAFIj3sN2f/KL4VzTFN8vvXM0RmeW8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVBldzNaXzhvdmhYTk1VM3ktOWN6UkdaNWJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9kYzhjMDItNGY2ZC00OWY2LTg4MmMt
MTM2OTA1ZTJjN2M1LzEvejRlYy1kS3JScld6Rl9qNzQ0a2s4dkplMkNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9kYzhjMDItNGY2ZC00OWY2LTg4MmMtMTM2OTA1ZTJjN2M1
LzEvaVBldzNaXzhvdmhYTk1VM3ktOWN6UkdaNWJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9XiMA0G
CSqGSIb3DQEBCwUAA4IBAQA9nQIDyHl/GWHP/f1vUr121ctF+cmVSwmZJgVwiFwA
Pha7Qv3t0DCVdSmIgGLk0wuHOSWRP1VdWTKCbKWbaH9E1n3vT4bdy3yZ+eSxK7Cj
qpZbwitTGctbU9COxB08H+W0wF9wodBOXV54po1QeSb3WFwoou7R85uFEwUN2oP3
4dkNTp4gpaylKjO1KC2SriESQTIUSTGQEFcsgLeVf+ZxPi8VzxSxzr5GkPOqagaY
+YoLb1DuaWsiT0E1yO11tb0hNIbZO1hA5OU1TTlXOCq+TAbfYB44/HSga6QRIO8d
8QUXxndtBSeZ8q+jlt2xqVBSeOj2++vBMa69OqSR5FNS
-----END CERTIFICATE-----