Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/8fc3b0-9704-4751-b149-5a37f6a1bca9/1/rz-RdiM9IWT3IB5wGzMs1ZBSN0Y.roa
File:                     rz-RdiM9IWT3IB5wGzMs1ZBSN0Y.roa (raw, json)
Hash identifier:          o6qyEqxDzSGkgBN+te6/IqxauC6oKPYhjWorkJVF6Cw=
Subject key identifier:   AF:3F:91:76:23:3D:21:64:F7:20:1E:70:1B:33:2C:D5:90:52:37:46
Certificate issuer:       /CN=4368330bea2dfe880ffa62f67b566aeae2d287fd
Certificate serial:       019420D6314C7321E1576B5C84D5CEC6C345
Authority key identifier: 43:68:33:0B:EA:2D:FE:88:0F:FA:62:F6:7B:56:6A:EA:E2:D2:87:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q2gzC-ot_ogP-mL2e1Zq6uLSh_0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/8fc3b0-9704-4751-b149-5a37f6a1bca9/1/rz-RdiM9IWT3IB5wGzMs1ZBSN0Y.roa
Signing time:             Wed 01 Jan 2025 07:48:15 +0000
ROA not before:           Wed 01 Jan 2025 07:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47873
IP address blocks:        91.205.120.0/24 maxlen: 24
                          91.205.121.0/24 maxlen: 24
                          91.205.122.0/24 maxlen: 24
                          91.205.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/8fc3b0-9704-4751-b149-5a37f6a1bca9/1/Q2gzC-ot_ogP-mL2e1Zq6uLSh_0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/8fc3b0-9704-4751-b149-5a37f6a1bca9/1/Q2gzC-ot_ogP-mL2e1Zq6uLSh_0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q2gzC-ot_ogP-mL2e1Zq6uLSh_0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:31:4c:73:21:e1:57:6b:5c:84:d5:ce:c6:c3:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4368330bea2dfe880ffa62f67b566aeae2d287fd
        Validity
            Not Before: Jan  1 07:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af3f9176233d2164f7201e701b332cd590523746
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:8a:bf:40:e4:54:b3:3a:93:99:d6:50:2e:fe:
                    f5:3d:0c:10:b9:6e:d2:43:96:c7:e6:87:21:f6:2d:
                    bf:ee:61:5a:76:c0:01:42:8b:7e:00:b9:94:76:29:
                    83:2f:f1:fe:13:23:e0:9e:1e:30:8e:c4:d7:af:d1:
                    15:fc:4c:4e:29:a4:b9:6d:59:70:25:30:5b:d2:9c:
                    bd:f3:87:60:59:eb:1a:b5:76:a1:d5:43:0d:12:0a:
                    41:ba:5f:5e:e7:cb:16:48:fa:4b:1a:1a:6e:8a:2d:
                    e5:96:3a:7e:23:c3:8d:48:9f:55:3e:1c:42:40:9c:
                    6f:6c:6b:60:c4:40:99:87:e1:1d:25:0e:22:0d:25:
                    67:d2:97:06:a5:36:e3:a7:5a:58:86:26:12:ef:90:
                    8b:c6:57:8f:0a:f3:cf:2d:8f:7d:01:4c:eb:79:88:
                    33:ec:c7:50:5a:3e:39:d0:40:66:d3:8c:19:ef:e0:
                    8d:d6:21:a2:42:77:99:91:a8:21:05:21:c9:b6:d8:
                    74:9f:de:f7:19:0f:61:b2:4d:d3:e5:7d:2a:56:80:
                    5d:9a:4b:42:f2:cf:cf:6e:34:1b:53:d0:4c:0c:a7:
                    33:3b:ae:b4:cf:41:82:2c:d8:ac:16:78:fa:a4:f1:
                    d7:f3:ae:d6:d7:e0:5c:c9:d4:da:58:34:65:f6:7d:
                    3a:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:3F:91:76:23:3D:21:64:F7:20:1E:70:1B:33:2C:D5:90:52:37:46
            X509v3 Authority Key Identifier:
                keyid:43:68:33:0B:EA:2D:FE:88:0F:FA:62:F6:7B:56:6A:EA:E2:D2:87:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q2gzC-ot_ogP-mL2e1Zq6uLSh_0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/8fc3b0-9704-4751-b149-5a37f6a1bca9/1/rz-RdiM9IWT3IB5wGzMs1ZBSN0Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/8fc3b0-9704-4751-b149-5a37f6a1bca9/1/Q2gzC-ot_ogP-mL2e1Zq6uLSh_0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.205.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9b:23:33:ba:15:b6:a6:c8:89:27:c5:2d:f1:80:50:35:58:14:
         67:a6:af:b7:bf:e9:18:f2:82:22:25:aa:87:49:67:e7:68:20:
         c2:1e:f1:77:5b:f6:f7:c0:c8:70:37:42:30:c9:5d:46:28:23:
         5d:1e:cf:53:d4:22:78:1e:da:4e:51:03:57:46:d7:d9:43:8e:
         2f:df:68:0b:1f:4c:45:d5:bf:5c:c8:95:23:3d:a8:24:bf:23:
         fc:c7:53:c7:85:e0:c5:5b:1d:4c:41:56:05:d4:43:61:61:ac:
         84:1d:06:a1:13:6e:a1:ec:7e:e0:d5:84:ec:41:37:26:10:14:
         06:9d:6f:ea:dd:4e:95:b8:6b:40:c3:20:12:a6:f1:25:dc:e1:
         c1:5f:b9:a0:37:9a:74:44:1a:1b:f8:da:89:90:92:ac:61:9d:
         7c:1f:c5:1a:31:75:76:c3:eb:0b:b3:3e:57:0d:5e:4f:2c:65:
         2d:9b:13:15:35:2f:75:f9:ed:51:76:88:ba:a8:ed:e4:21:30:
         5d:48:69:c8:1e:53:34:2e:cf:e8:9d:f0:ab:72:35:b3:98:49:
         68:68:a6:42:26:d7:db:ab:ed:e8:52:73:99:13:f1:6d:9c:e6:
         5b:5a:8b:ba:f5:44:44:92:98:11:a9:1e:24:d4:2a:b7:2b:25:
         f2:bc:ad:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1jFMcyHhV2tchNXOxsNFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzNjgzMzBiZWEyZGZlODgwZmZhNjJmNjdiNTY2YWVhZTJk
Mjg3ZmQwHhcNMjUwMTAxMDc0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjNmOTE3NjIzM2QyMTY0ZjcyMDFlNzAxYjMzMmNkNTkwNTIzNzQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoq/QORUszqTmdZQLv71PQwQuW7S
Q5bH5och9i2/7mFadsABQot+ALmUdimDL/H+EyPgnh4wjsTXr9EV/ExOKaS5bVlw
JTBb0py984dgWesatXah1UMNEgpBul9e58sWSPpLGhpuii3lljp+I8ONSJ9VPhxC
QJxvbGtgxECZh+EdJQ4iDSVn0pcGpTbjp1pYhiYS75CLxlePCvPPLY99AUzreYgz
7MdQWj450EBm04wZ7+CN1iGiQneZkaghBSHJtth0n973GQ9hsk3T5X0qVoBdmktC
8s/PbjQbU9BMDKczO660z0GCLNisFnj6pPHX867W1+BcydTaWDRl9n061wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK8/kXYjPSFk9yAecBszLNWQUjdGMB8GA1UdIwQY
MBaAFENoMwvqLf6ID/pi9ntWauri0of9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTJnekMtb3Rfb2dQLW1MMmUxWnE2dUxTaF8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS84ZmMzYjAtOTcwNC00NzUxLWIxNDkt
NWEzN2Y2YTFiY2E5LzEvcnotUmRpTTlJV1QzSUI1d0d6TXMxWkJTTjBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS84ZmMzYjAtOTcwNC00NzUxLWIxNDktNWEzN2Y2YTFiY2E5
LzEvUTJnekMtb3Rfb2dQLW1MMmUxWnE2dUxTaF8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW814MA0G
CSqGSIb3DQEBCwUAA4IBAQCbIzO6FbamyIknxS3xgFA1WBRnpq+3v+kY8oIiJaqH
SWfnaCDCHvF3W/b3wMhwN0IwyV1GKCNdHs9T1CJ4HtpOUQNXRtfZQ44v32gLH0xF
1b9cyJUjPagkvyP8x1PHheDFWx1MQVYF1ENhYayEHQahE26h7H7g1YTsQTcmEBQG
nW/q3U6VuGtAwyASpvEl3OHBX7mgN5p0RBob+NqJkJKsYZ18H8UaMXV2w+sLsz5X
DV5PLGUtmxMVNS91+e1Rdoi6qO3kITBdSGnIHlM0Ls/onfCrcjWzmEloaKZCJtfb
q+3oUnOZE/FtnOZbWou69UREkpgRqR4k1Cq3KyXyvK0r
-----END CERTIFICATE-----