Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/vsZmI73j1l0F5LUFB41ZYaQs_Cs.roa
File:                     vsZmI73j1l0F5LUFB41ZYaQs_Cs.roa (raw, json)
Hash identifier:          nZ33GCfbpIYKPXjqivfkgFha5BmKCs/riEjE4yHbJng=
Subject key identifier:   BE:C6:66:23:BD:E3:D6:5D:05:E4:B5:05:07:8D:59:61:A4:2C:FC:2B
Certificate issuer:       /CN=af5e93f902354ce4804b4cb049cf68b20f76aeb2
Certificate serial:       01941F8C22F183AF718C588824C8900A2924
Authority key identifier: AF:5E:93:F9:02:35:4C:E4:80:4B:4C:B0:49:CF:68:B2:0F:76:AE:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/vsZmI73j1l0F5LUFB41ZYaQs_Cs.roa
Signing time:             Wed 01 Jan 2025 01:47:45 +0000
ROA not before:           Wed 01 Jan 2025 01:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57142
IP address blocks:        91.230.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 19:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:22:f1:83:af:71:8c:58:88:24:c8:90:0a:29:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af5e93f902354ce4804b4cb049cf68b20f76aeb2
        Validity
            Not Before: Jan  1 01:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bec66623bde3d65d05e4b505078d5961a42cfc2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:df:e5:bf:8c:1b:30:4a:7f:56:7d:66:b0:d4:
                    92:5e:e7:a3:7d:80:2d:bf:42:55:c0:0b:6e:b6:8a:
                    ae:de:7e:ae:1b:e4:9b:6b:af:3d:71:d8:0e:40:c7:
                    db:b2:04:5a:f6:de:ac:bc:75:ff:aa:7d:8d:35:72:
                    44:a3:c2:b6:e8:8e:38:62:c0:93:ea:e7:64:ef:f8:
                    12:9a:df:9f:5d:7c:47:a3:f5:cc:d3:70:82:ae:df:
                    e2:0f:34:62:ac:40:cd:4a:c4:b9:e8:91:e9:70:61:
                    80:da:6d:8a:9c:8e:75:f7:42:87:92:a6:17:53:53:
                    34:56:08:7e:9b:24:80:7a:05:60:5f:dd:1c:46:7f:
                    dd:97:43:70:12:8f:52:22:58:58:dc:b7:b1:bc:94:
                    a7:4c:2b:8b:8c:0d:95:43:a2:2b:b2:6b:84:65:c6:
                    a6:a9:e8:54:f0:b2:31:63:0d:f2:23:3c:80:e2:bc:
                    c9:b8:49:d0:c0:a7:a1:61:fa:ca:b7:9d:6c:2e:57:
                    2a:11:bf:c6:f4:c3:a0:3c:6d:2f:af:9f:2b:a5:12:
                    bb:79:b0:00:89:01:21:e0:1d:2e:3e:59:38:26:71:
                    bf:fa:f4:17:51:d1:ab:bd:ef:42:d1:ff:68:db:b2:
                    43:a9:cc:07:24:f7:be:9e:df:54:05:62:07:89:b8:
                    06:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:C6:66:23:BD:E3:D6:5D:05:E4:B5:05:07:8D:59:61:A4:2C:FC:2B
            X509v3 Authority Key Identifier:
                keyid:AF:5E:93:F9:02:35:4C:E4:80:4B:4C:B0:49:CF:68:B2:0F:76:AE:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/vsZmI73j1l0F5LUFB41ZYaQs_Cs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.230.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:43:79:27:a8:02:32:70:e0:41:aa:63:90:85:00:fd:bd:3b:
         46:c1:29:90:c7:6e:c4:b1:6e:d2:db:9c:d8:49:70:e2:f0:d7:
         45:b7:68:19:8c:92:17:96:f7:d4:43:d6:d0:45:95:0c:0c:2b:
         70:74:e3:6f:e5:d8:2a:37:24:91:8e:8d:01:a1:a3:10:2f:7b:
         ed:c6:d9:9c:f8:9f:2d:26:d9:d6:58:61:20:66:0b:d9:2c:45:
         6a:bb:ec:07:46:6e:96:fa:20:bd:2e:4e:66:8e:24:b2:e6:2c:
         48:6c:4e:ad:cc:ef:ff:94:69:f7:78:50:30:b1:f4:be:88:35:
         69:1a:10:8f:b1:4d:d0:60:ea:2d:0b:2d:ba:6c:aa:46:64:e3:
         ce:d6:a6:05:a3:d9:64:cd:42:bd:dc:fc:da:87:f1:00:e8:b9:
         18:c7:2e:2a:ca:16:2a:92:69:3e:10:b0:ec:92:be:b5:84:05:
         f1:81:67:65:4b:b1:f7:56:75:be:92:d9:47:c5:c4:5e:95:33:
         ac:0d:f4:c4:61:23:1a:a6:8e:28:f5:46:26:de:1c:51:94:a1:
         d5:a0:ed:3a:08:d7:4d:bf:71:17:49:ee:5e:49:08:4b:63:e4:
         76:e4:32:38:89:27:a2:b8:63:df:f3:bd:6e:e8:8f:17:d0:b3:
         88:65:80:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjCLxg69xjFiIJMiQCikkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNWU5M2Y5MDIzNTRjZTQ4MDRiNGNiMDQ5Y2Y2OGIyMGY3
NmFlYjIwHhcNMjUwMTAxMDE0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWM2NjYyM2JkZTNkNjVkMDVlNGI1MDUwNzhkNTk2MWE0MmNmYzJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9/lv4wbMEp/Vn1msNSSXuejfYAt
v0JVwAtutoqu3n6uG+Sba689cdgOQMfbsgRa9t6svHX/qn2NNXJEo8K26I44YsCT
6udk7/gSmt+fXXxHo/XM03CCrt/iDzRirEDNSsS56JHpcGGA2m2KnI5190KHkqYX
U1M0Vgh+mySAegVgX90cRn/dl0NwEo9SIlhY3LexvJSnTCuLjA2VQ6IrsmuEZcam
qehU8LIxYw3yIzyA4rzJuEnQwKehYfrKt51sLlcqEb/G9MOgPG0vr58rpRK7ebAA
iQEh4B0uPlk4JnG/+vQXUdGrve9C0f9o27JDqcwHJPe+nt9UBWIHibgGmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL7GZiO949ZdBeS1BQeNWWGkLPwrMB8GA1UdIwQY
MBaAFK9ek/kCNUzkgEtMsEnPaLIPdq6yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjE2VC1RSTFUT1NBUzB5d1NjOW9zZzkycnJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9mNDAwNGItZDYwMi00NzVkLTkzMWIt
N2UwNWFkMDE5MGNlLzEvdnNabUk3M2oxbDBGNUxVRkI0MVpZYVFzX0NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9mNDAwNGItZDYwMi00NzVkLTkzMWItN2UwNWFkMDE5MGNl
LzEvcjE2VC1RSTFUT1NBUzB5d1NjOW9zZzkycnJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+b3MA0G
CSqGSIb3DQEBCwUAA4IBAQAIQ3knqAIycOBBqmOQhQD9vTtGwSmQx27EsW7S25zY
SXDi8NdFt2gZjJIXlvfUQ9bQRZUMDCtwdONv5dgqNySRjo0BoaMQL3vtxtmc+J8t
JtnWWGEgZgvZLEVqu+wHRm6W+iC9Lk5mjiSy5ixIbE6tzO//lGn3eFAwsfS+iDVp
GhCPsU3QYOotCy26bKpGZOPO1qYFo9lkzUK93Pzah/EA6LkYxy4qyhYqkmk+ELDs
kr61hAXxgWdlS7H3VnW+ktlHxcRelTOsDfTEYSMapo4o9UYm3hxRlKHVoO06CNdN
v3EXSe5eSQhLY+R25DI4iSeiuGPf871u6I8X0LOIZYDl
-----END CERTIFICATE-----