Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/112fdc-8374-47e6-8c50-996344f31145/1/WhznZMD8JwsPJjKhkGvlzr-gP0k.roa
File:                     WhznZMD8JwsPJjKhkGvlzr-gP0k.roa (raw, json)
Hash identifier:          V4KhycwTYlOChvUYd/1t6HNCSGzM7Wq7Bs8CL5yFN+U=
Subject key identifier:   5A:1C:E7:64:C0:FC:27:0B:0F:26:32:A1:90:6B:E5:CE:BF:A0:3F:49
Certificate issuer:       /CN=9c0ea1d1dd5b6064851d849c70f1cb14fcb2a383
Certificate serial:       018CC5DC3F65B61DA91525E185A7E469B790
Authority key identifier: 9C:0E:A1:D1:DD:5B:60:64:85:1D:84:9C:70:F1:CB:14:FC:B2:A3:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nA6h0d1bYGSFHYSccPHLFPyyo4M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/112fdc-8374-47e6-8c50-996344f31145/1/WhznZMD8JwsPJjKhkGvlzr-gP0k.roa
Signing time:             Mon 01 Jan 2024 16:29:54 +0000
ROA not before:           Mon 01 Jan 2024 16:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41820
IP address blocks:        91.220.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/112fdc-8374-47e6-8c50-996344f31145/1/nA6h0d1bYGSFHYSccPHLFPyyo4M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/112fdc-8374-47e6-8c50-996344f31145/1/nA6h0d1bYGSFHYSccPHLFPyyo4M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nA6h0d1bYGSFHYSccPHLFPyyo4M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:3f:65:b6:1d:a9:15:25:e1:85:a7:e4:69:b7:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c0ea1d1dd5b6064851d849c70f1cb14fcb2a383
        Validity
            Not Before: Jan  1 16:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a1ce764c0fc270b0f2632a1906be5cebfa03f49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:9e:af:a9:13:b0:b7:85:97:48:17:79:c9:d7:
                    ed:63:a3:08:d9:ed:c4:8f:f2:54:3d:ad:52:2d:d8:
                    41:8d:2d:c2:d9:c5:f2:30:5b:eb:9f:d3:6c:e2:f4:
                    17:1e:72:a7:25:07:a6:f8:8f:d8:02:58:a4:59:55:
                    be:31:45:d8:7b:db:a6:c9:81:49:b3:9c:4d:dd:69:
                    8d:9e:cd:f6:6b:9e:cf:15:9e:d3:d2:4d:f0:3d:2e:
                    ff:97:75:fc:bd:0e:4b:04:0c:54:88:73:eb:0a:27:
                    aa:5e:3a:53:7f:cc:b8:fe:79:8c:14:68:7c:b5:8f:
                    74:b3:d6:00:3a:da:f8:dc:a3:f2:f8:37:14:e5:7b:
                    6c:cc:93:8c:8c:4c:db:5f:19:ad:b4:83:ca:d2:cf:
                    35:87:26:cd:37:60:a9:a0:9d:c3:55:bd:37:75:ae:
                    f8:ef:ac:2d:6f:25:ca:7a:4d:19:93:77:46:ec:5f:
                    d1:ff:2e:be:b3:6c:68:cd:24:99:62:ff:00:c0:51:
                    f9:04:6f:ce:50:30:31:4a:a1:44:5a:cd:0b:e5:98:
                    5b:44:f4:4a:30:cf:ff:b7:75:90:c2:36:cd:0b:dd:
                    50:99:28:a7:74:3a:ae:43:a9:61:d0:45:63:5b:1a:
                    53:eb:75:9d:2d:4e:3f:1a:45:0c:6b:26:76:b2:58:
                    98:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:1C:E7:64:C0:FC:27:0B:0F:26:32:A1:90:6B:E5:CE:BF:A0:3F:49
            X509v3 Authority Key Identifier:
                keyid:9C:0E:A1:D1:DD:5B:60:64:85:1D:84:9C:70:F1:CB:14:FC:B2:A3:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nA6h0d1bYGSFHYSccPHLFPyyo4M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/112fdc-8374-47e6-8c50-996344f31145/1/WhznZMD8JwsPJjKhkGvlzr-gP0k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/112fdc-8374-47e6-8c50-996344f31145/1/nA6h0d1bYGSFHYSccPHLFPyyo4M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:4a:a4:63:fe:16:a5:59:87:0b:ba:26:6e:c5:aa:31:dc:13:
         f7:10:00:31:cd:78:dd:fb:9f:c1:e4:48:d5:53:e1:a3:24:f2:
         bd:73:01:86:48:a1:46:24:19:9b:e5:a9:60:ab:cf:0d:4c:c6:
         eb:9c:e0:e2:14:56:6b:10:65:65:1f:1b:e4:bb:b9:55:ff:d3:
         ee:30:1f:10:32:92:50:33:74:5e:d9:f1:30:49:3f:30:ec:cd:
         5c:d3:14:09:2d:c2:6c:a5:ab:6e:09:25:b4:10:9e:1e:4c:76:
         f4:65:28:9c:7b:22:9d:79:5b:ba:fc:78:ff:c4:15:8b:ca:e2:
         43:22:88:23:cb:ac:ca:da:64:06:85:a3:b9:93:22:8f:ee:32:
         5f:de:c3:2c:d6:8c:77:90:ed:f8:f3:12:be:ae:b5:d9:89:de:
         bf:76:9d:f9:d9:e9:a7:3a:f3:75:ed:4b:8c:b3:a6:e2:e2:44:
         7d:9d:c4:96:d1:17:93:dc:9e:32:62:c0:cf:ca:9d:e3:b5:e4:
         f6:4f:c9:a2:3c:c9:bc:d4:2e:02:6e:3e:ab:b5:f5:e4:11:3e:
         a6:2d:f9:20:60:72:76:e6:8a:7d:1f:6e:97:62:96:15:96:09:
         3e:c4:c4:5b:03:c7:30:b4:ad:d0:ac:a1:b3:fd:49:ac:b7:10:
         1d:24:58:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3D9lth2pFSXhhafkabeQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljMGVhMWQxZGQ1YjYwNjQ4NTFkODQ5YzcwZjFjYjE0ZmNi
MmEzODMwHhcNMjQwMTAxMTYyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTFjZTc2NGMwZmMyNzBiMGYyNjMyYTE5MDZiZTVjZWJmYTAzZjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlp6vqROwt4WXSBd5ydftY6MI2e3E
j/JUPa1SLdhBjS3C2cXyMFvrn9Ns4vQXHnKnJQem+I/YAlikWVW+MUXYe9umyYFJ
s5xN3WmNns32a57PFZ7T0k3wPS7/l3X8vQ5LBAxUiHPrCieqXjpTf8y4/nmMFGh8
tY90s9YAOtr43KPy+DcU5XtszJOMjEzbXxmttIPK0s81hybNN2CpoJ3DVb03da74
76wtbyXKek0Zk3dG7F/R/y6+s2xozSSZYv8AwFH5BG/OUDAxSqFEWs0L5ZhbRPRK
MM//t3WQwjbNC91QmSindDquQ6lh0EVjWxpT63WdLU4/GkUMayZ2sliYQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFoc52TA/CcLDyYyoZBr5c6/oD9JMB8GA1UdIwQY
MBaAFJwOodHdW2BkhR2EnHDxyxT8sqODMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkE2aDBkMWJZR1NGSFlTY2NQSExGUHl5bzRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi8xMTJmZGMtODM3NC00N2U2LThjNTAt
OTk2MzQ0ZjMxMTQ1LzEvV2h6blpNRDhKd3NQSmpLaGtHdmx6ci1nUDBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi8xMTJmZGMtODM3NC00N2U2LThjNTAtOTk2MzQ0ZjMxMTQ1
LzEvbkE2aDBkMWJZR1NGSFlTY2NQSExGUHl5bzRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9ziMA0G
CSqGSIb3DQEBCwUAA4IBAQBLSqRj/halWYcLuiZuxaox3BP3EAAxzXjd+5/B5EjV
U+GjJPK9cwGGSKFGJBmb5algq88NTMbrnODiFFZrEGVlHxvku7lV/9PuMB8QMpJQ
M3Re2fEwST8w7M1c0xQJLcJspatuCSW0EJ4eTHb0ZSiceyKdeVu6/Hj/xBWLyuJD
Iogjy6zK2mQGhaO5kyKP7jJf3sMs1ox3kO348xK+rrXZid6/dp352emnOvN17UuM
s6bi4kR9ncSW0ReT3J4yYsDPyp3jteT2T8miPMm81C4Cbj6rtfXkET6mLfkgYHJ2
5op9H26XYpYVlgk+xMRbA8cwtK3QrKGz/UmstxAdJFhU
-----END CERTIFICATE-----