Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/06f515-5f77-48aa-8905-f5a86cbd44ce/1/KZYzQ7jFzWYYwYRhQ-ZJNAP7g7s.roa
File:                     KZYzQ7jFzWYYwYRhQ-ZJNAP7g7s.roa (raw, json)
Hash identifier:          bwXn17r3CjUQeiw9goACwMSayH6c9Rjo8urDQ0LO3DQ=
Subject key identifier:   29:96:33:43:B8:C5:CD:66:18:C1:84:61:43:E6:49:34:03:FB:83:BB
Certificate issuer:       /CN=4155087a81848bf7b37ff8be59751d79440d8116
Certificate serial:       019424B3E90FE61BCEB4409BB9B43BAD6D9A
Authority key identifier: 41:55:08:7A:81:84:8B:F7:B3:7F:F8:BE:59:75:1D:79:44:0D:81:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QVUIeoGEi_ezf_i-WXUdeUQNgRY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/06f515-5f77-48aa-8905-f5a86cbd44ce/1/KZYzQ7jFzWYYwYRhQ-ZJNAP7g7s.roa
Signing time:             Thu 02 Jan 2025 01:49:17 +0000
ROA not before:           Thu 02 Jan 2025 01:49:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198098
IP address blocks:        91.231.118.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/06f515-5f77-48aa-8905-f5a86cbd44ce/1/QVUIeoGEi_ezf_i-WXUdeUQNgRY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/06f515-5f77-48aa-8905-f5a86cbd44ce/1/QVUIeoGEi_ezf_i-WXUdeUQNgRY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QVUIeoGEi_ezf_i-WXUdeUQNgRY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 07:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:e9:0f:e6:1b:ce:b4:40:9b:b9:b4:3b:ad:6d:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4155087a81848bf7b37ff8be59751d79440d8116
        Validity
            Not Before: Jan  2 01:49:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=29963343b8c5cd6618c1846143e6493403fb83bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:58:28:71:6d:c6:4e:d5:39:da:6a:2a:8b:dc:
                    85:77:ba:b2:71:ba:34:e5:89:c7:8d:9e:f8:f0:dd:
                    08:b0:91:cc:bf:83:b4:f6:f6:e0:3e:51:8d:9a:50:
                    1c:ca:67:59:2e:0c:98:c8:59:66:11:18:33:33:26:
                    ee:6f:29:cb:0a:4a:ca:a7:d2:6e:f1:41:ca:f2:98:
                    26:47:55:be:8f:bb:7f:f1:ca:58:df:02:68:8c:63:
                    e6:2e:9c:88:62:42:06:26:a3:b4:d1:01:32:c0:6b:
                    89:b7:8f:81:50:64:b8:57:70:33:73:64:35:fb:21:
                    de:64:bf:9b:bd:cc:5a:76:f6:65:ef:9d:f2:f4:21:
                    47:6e:ae:54:e6:f1:85:94:2e:f1:e5:ed:52:3b:f8:
                    d7:8e:19:4b:50:0b:e4:3d:ce:34:dc:11:a6:c2:d3:
                    02:84:41:c0:81:ae:35:55:25:5c:0c:97:09:ec:ef:
                    72:37:5f:3c:b9:cf:ca:75:2d:8f:7d:64:d8:e8:d9:
                    73:48:6b:7f:d5:ed:67:eb:06:b4:92:66:5c:42:e4:
                    87:84:05:7b:9b:40:52:c8:f9:c4:7e:3e:7e:54:31:
                    9a:c3:2f:7f:a2:3f:f2:24:d8:88:af:77:cb:5f:6d:
                    36:e0:06:7f:24:f4:09:56:3b:d8:b9:e0:ed:6f:01:
                    9c:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:96:33:43:B8:C5:CD:66:18:C1:84:61:43:E6:49:34:03:FB:83:BB
            X509v3 Authority Key Identifier:
                keyid:41:55:08:7A:81:84:8B:F7:B3:7F:F8:BE:59:75:1D:79:44:0D:81:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QVUIeoGEi_ezf_i-WXUdeUQNgRY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/06f515-5f77-48aa-8905-f5a86cbd44ce/1/KZYzQ7jFzWYYwYRhQ-ZJNAP7g7s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/06f515-5f77-48aa-8905-f5a86cbd44ce/1/QVUIeoGEi_ezf_i-WXUdeUQNgRY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.118.0/23

    Signature Algorithm: sha256WithRSAEncryption
         05:90:86:ba:0f:93:fa:4e:a9:cf:86:e2:d9:a5:cb:8d:1e:23:
         e6:c3:a0:69:f8:a4:cc:58:cd:06:82:8d:ed:48:d3:a1:73:02:
         4f:28:b2:13:6b:fb:d8:39:6b:0e:65:57:2d:b8:82:24:e7:b2:
         c1:2f:1a:3e:06:f1:9c:d1:3e:b4:2f:31:ed:73:6a:1b:26:91:
         d2:dc:f0:8d:3d:fd:e4:8c:24:77:0c:9a:d2:68:16:e1:54:36:
         f6:30:d0:5b:3f:65:72:31:df:71:57:a0:56:b9:bb:29:4d:3d:
         27:51:85:dd:24:89:ef:9d:25:f0:43:2a:11:32:c6:41:d0:55:
         95:52:a5:b6:c2:35:48:8d:6f:14:65:cf:20:49:e8:d8:73:2c:
         5f:e3:00:a6:a7:b9:bd:d7:26:a7:69:8c:99:62:cf:47:f3:50:
         0c:9f:94:f4:d9:46:5d:6e:27:e4:15:83:da:36:b8:10:a2:47:
         da:99:d2:5a:d8:d2:20:a9:c3:96:46:3e:09:69:18:e3:0b:9d:
         ff:2f:fb:4d:65:45:8d:c7:37:28:0c:7d:a0:e4:ba:a4:a7:42:
         51:de:55:d6:7f:0b:24:25:28:3e:23:54:ed:1c:f6:40:e1:3e:
         d2:c5:f1:b2:eb:84:ce:63:5c:b2:cf:0e:97:c2:07:b2:cd:d0:
         81:b9:14:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks+kP5hvOtECbubQ7rW2aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxNTUwODdhODE4NDhiZjdiMzdmZjhiZTU5NzUxZDc5NDQw
ZDgxMTYwHhcNMjUwMTAyMDE0OTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTk2MzM0M2I4YzVjZDY2MThjMTg0NjE0M2U2NDkzNDAzZmI4M2JiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwFgocW3GTtU52moqi9yFd7qycbo0
5YnHjZ748N0IsJHMv4O09vbgPlGNmlAcymdZLgyYyFlmERgzMybubynLCkrKp9Ju
8UHK8pgmR1W+j7t/8cpY3wJojGPmLpyIYkIGJqO00QEywGuJt4+BUGS4V3Azc2Q1
+yHeZL+bvcxadvZl753y9CFHbq5U5vGFlC7x5e1SO/jXjhlLUAvkPc403BGmwtMC
hEHAga41VSVcDJcJ7O9yN188uc/KdS2PfWTY6NlzSGt/1e1n6wa0kmZcQuSHhAV7
m0BSyPnEfj5+VDGawy9/oj/yJNiIr3fLX2024AZ/JPQJVjvYueDtbwGckwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCmWM0O4xc1mGMGEYUPmSTQD+4O7MB8GA1UdIwQY
MBaAFEFVCHqBhIv3s3/4vll1HXlEDYEWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVZVSWVvR0VpX2V6Zl9pLVdYVWRlVVFOZ1JZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8wNmY1MTUtNWY3Ny00OGFhLTg5MDUt
ZjVhODZjYmQ0NGNlLzEvS1pZelE3akZ6V1lZd1lSaFEtWkpOQVA3ZzdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8wNmY1MTUtNWY3Ny00OGFhLTg5MDUtZjVhODZjYmQ0NGNl
LzEvUVZVSWVvR0VpX2V6Zl9pLVdYVWRlVVFOZ1JZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+d2MA0G
CSqGSIb3DQEBCwUAA4IBAQAFkIa6D5P6TqnPhuLZpcuNHiPmw6Bp+KTMWM0Ggo3t
SNOhcwJPKLITa/vYOWsOZVctuIIk57LBLxo+BvGc0T60LzHtc2obJpHS3PCNPf3k
jCR3DJrSaBbhVDb2MNBbP2VyMd9xV6BWubspTT0nUYXdJInvnSXwQyoRMsZB0FWV
UqW2wjVIjW8UZc8gSejYcyxf4wCmp7m91yanaYyZYs9H81AMn5T02UZdbifkFYPa
NrgQokfamdJa2NIgqcOWRj4JaRjjC53/L/tNZUWNxzcoDH2g5Lqkp0JR3lXWfwsk
JSg+I1TtHPZA4T7SxfGy64TOY1yyzw6XwgeyzdCBuRTD
-----END CERTIFICATE-----