Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/ZN_ALgSg4qp73tZq3AThdrV1Gac.roa
File:                     ZN_ALgSg4qp73tZq3AThdrV1Gac.roa (raw, json)
Hash identifier:          1hWkRXVIAugEIgAL163hs40yfJzxwEA1auDe/ULuwF0=
Subject key identifier:   64:DF:C0:2E:04:A0:E2:AA:7B:DE:D6:6A:DC:04:E1:76:B5:75:19:A7
Certificate issuer:       /CN=af5e93f902354ce4804b4cb049cf68b20f76aeb2
Certificate serial:       018CC4933A5C65F697B5C3F148FEE41141C3
Authority key identifier: AF:5E:93:F9:02:35:4C:E4:80:4B:4C:B0:49:CF:68:B2:0F:76:AE:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/ZN_ALgSg4qp73tZq3AThdrV1Gac.roa
Signing time:             Mon 01 Jan 2024 10:30:32 +0000
ROA not before:           Mon 01 Jan 2024 10:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49367
IP address blocks:        91.230.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:3a:5c:65:f6:97:b5:c3:f1:48:fe:e4:11:41:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af5e93f902354ce4804b4cb049cf68b20f76aeb2
        Validity
            Not Before: Jan  1 10:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=64dfc02e04a0e2aa7bded66adc04e176b57519a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:d5:a9:0e:0c:c1:72:bc:4b:ef:c0:74:84:27:
                    58:c3:47:cc:bf:01:d5:83:06:ff:ed:0a:70:3c:63:
                    e1:20:cf:98:9f:ce:54:45:96:49:92:5e:c3:33:0a:
                    87:49:1b:07:d9:a5:1b:cf:fd:29:a2:01:f1:87:75:
                    19:4a:1b:78:e1:d9:06:20:70:91:76:a6:62:75:52:
                    5d:a5:c9:67:45:e3:99:1f:88:d3:b7:d9:ec:8a:30:
                    67:3e:5d:c0:f6:54:ba:43:9c:8b:a2:c2:7f:37:64:
                    ba:2f:67:02:2e:ac:4a:c8:f4:65:f1:ca:c2:f9:f5:
                    34:3f:dc:c2:55:8f:8d:a0:5c:c4:f9:8e:12:c6:83:
                    07:53:bd:fa:a0:8f:0e:ff:2d:ac:de:49:bd:0a:5d:
                    b5:bf:41:c6:5c:b2:81:e3:b7:41:f9:68:5f:1f:0e:
                    37:7b:a1:b1:5e:9e:18:a2:c2:ed:f2:e8:8c:68:e4:
                    0e:fc:46:9d:23:f6:84:1a:92:1e:98:b8:3d:54:2d:
                    20:dc:4c:0a:b0:c7:d9:ba:9c:b4:af:ae:cd:44:1d:
                    5d:70:88:94:ea:22:c7:ad:bd:67:20:1a:69:36:a6:
                    75:0c:51:e5:6c:8a:78:c5:84:cc:0e:35:d4:85:76:
                    bb:56:70:95:56:b7:4a:a9:93:5d:28:30:74:d0:96:
                    14:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:DF:C0:2E:04:A0:E2:AA:7B:DE:D6:6A:DC:04:E1:76:B5:75:19:A7
            X509v3 Authority Key Identifier:
                keyid:AF:5E:93:F9:02:35:4C:E4:80:4B:4C:B0:49:CF:68:B2:0F:76:AE:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/ZN_ALgSg4qp73tZq3AThdrV1Gac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.230.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:88:b0:aa:e6:8e:7f:29:ca:31:1d:1e:19:23:a6:5d:b6:70:
         bf:86:b8:b8:63:84:0b:19:95:5a:ac:d2:8c:f9:7d:ed:31:d5:
         b0:90:63:06:8b:3b:ea:19:66:78:d1:94:14:92:4a:ba:34:04:
         c3:74:90:8b:3d:2e:f6:5f:02:61:1e:91:a5:06:5b:3c:a5:43:
         e9:bd:42:df:b5:d6:41:09:72:61:9a:89:52:02:86:f7:41:e2:
         22:fb:bc:04:dd:e4:c7:e2:a4:16:ff:4c:4f:9b:fc:56:ac:02:
         c7:5e:27:d0:93:f0:3b:df:7d:f6:70:78:07:d1:bf:1b:b0:29:
         49:d4:09:4a:8c:79:71:44:22:b6:eb:2c:21:75:38:78:e9:88:
         bc:7c:32:c9:4b:31:46:43:18:89:0c:4b:0c:66:59:a4:2f:4a:
         d8:13:24:25:94:2c:05:75:0d:d9:59:13:fd:7a:3c:ab:1b:21:
         d6:11:76:03:97:f2:70:3d:09:0a:1c:c2:aa:c3:9d:4c:33:08:
         96:2a:a5:71:0c:b4:ef:7a:a5:c6:1f:b5:27:92:42:4f:70:48:
         51:fd:51:9d:db:ca:e3:c4:62:b9:f3:31:2b:57:d6:e9:50:9e:
         2d:eb:6e:9a:0b:ce:43:a5:19:6f:fc:53:b5:59:1c:bf:64:2e:
         b0:41:2f:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkzpcZfaXtcPxSP7kEUHDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNWU5M2Y5MDIzNTRjZTQ4MDRiNGNiMDQ5Y2Y2OGIyMGY3
NmFlYjIwHhcNMjQwMTAxMTAzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGRmYzAyZTA0YTBlMmFhN2JkZWQ2NmFkYzA0ZTE3NmI1NzUxOWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArtWpDgzBcrxL78B0hCdYw0fMvwHV
gwb/7QpwPGPhIM+Yn85URZZJkl7DMwqHSRsH2aUbz/0pogHxh3UZSht44dkGIHCR
dqZidVJdpclnReOZH4jTt9nsijBnPl3A9lS6Q5yLosJ/N2S6L2cCLqxKyPRl8crC
+fU0P9zCVY+NoFzE+Y4SxoMHU736oI8O/y2s3km9Cl21v0HGXLKB47dB+WhfHw43
e6GxXp4YosLt8uiMaOQO/EadI/aEGpIemLg9VC0g3EwKsMfZupy0r67NRB1dcIiU
6iLHrb1nIBppNqZ1DFHlbIp4xYTMDjXUhXa7VnCVVrdKqZNdKDB00JYUsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGTfwC4EoOKqe97WatwE4Xa1dRmnMB8GA1UdIwQY
MBaAFK9ek/kCNUzkgEtMsEnPaLIPdq6yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjE2VC1RSTFUT1NBUzB5d1NjOW9zZzkycnJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9mNDAwNGItZDYwMi00NzVkLTkzMWIt
N2UwNWFkMDE5MGNlLzEvWk5fQUxnU2c0cXA3M3RacTNBVGhkclYxR2FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9mNDAwNGItZDYwMi00NzVkLTkzMWItN2UwNWFkMDE5MGNl
LzEvcjE2VC1RSTFUT1NBUzB5d1NjOW9zZzkycnJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+b3MA0G
CSqGSIb3DQEBCwUAA4IBAQAUiLCq5o5/KcoxHR4ZI6ZdtnC/hri4Y4QLGZVarNKM
+X3tMdWwkGMGizvqGWZ40ZQUkkq6NATDdJCLPS72XwJhHpGlBls8pUPpvULftdZB
CXJhmolSAob3QeIi+7wE3eTH4qQW/0xPm/xWrALHXifQk/A73332cHgH0b8bsClJ
1AlKjHlxRCK26ywhdTh46Yi8fDLJSzFGQxiJDEsMZlmkL0rYEyQllCwFdQ3ZWRP9
ejyrGyHWEXYDl/JwPQkKHMKqw51MMwiWKqVxDLTveqXGH7UnkkJPcEhR/VGd28rj
xGK58zErV9bpUJ4t626aC85DpRlv/FO1WRy/ZC6wQS/9
-----END CERTIFICATE-----