Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/Z-S-K2tkLQH88XimL8U9JLX7zVQ.roa
File:                     Z-S-K2tkLQH88XimL8U9JLX7zVQ.roa (raw, json)
Hash identifier:          p2scXI7JgF9jrJ1YD7+kgEcAU4CT8qylmFuzEng/+UI=
Subject key identifier:   67:E4:BE:2B:6B:64:2D:01:FC:F1:78:A6:2F:C5:3D:24:B5:FB:CD:54
Certificate issuer:       /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial:       018E8565970576E5665DD940BE522497B9D9
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/Z-S-K2tkLQH88XimL8U9JLX7zVQ.roa
Signing time:             Thu 28 Mar 2024 14:10:11 +0000
ROA not before:           Thu 28 Mar 2024 14:10:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58061
IP address blocks:        91.243.189.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:85:65:97:05:76:e5:66:5d:d9:40:be:52:24:97:b9:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
        Validity
            Not Before: Mar 28 14:10:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67e4be2b6b642d01fcf178a62fc53d24b5fbcd54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:24:e7:33:06:9e:d7:f1:02:ae:04:29:86:f5:
                    c0:a6:1d:a9:80:d2:10:a0:5a:84:38:cd:ac:fe:49:
                    2a:6d:1d:ef:b5:1a:23:3a:1a:23:07:a7:6e:bd:d3:
                    21:08:ae:4d:d0:87:cc:1b:68:d9:55:e6:9b:df:c7:
                    62:2b:d3:16:70:b2:75:36:cb:20:5f:a0:2e:a5:a5:
                    c0:26:8d:0c:1c:a9:9c:c0:82:ed:58:2e:9a:4e:81:
                    4c:25:7d:45:09:0c:74:8e:0e:9c:d2:19:5d:91:a5:
                    bf:8d:72:4e:b7:05:25:96:34:49:b8:e0:d7:ef:2a:
                    74:ca:8c:a6:cf:ad:e8:fe:22:47:43:4a:3b:de:75:
                    5e:af:0d:ea:9d:26:c6:a9:d7:bb:66:f2:88:63:9d:
                    8d:c7:ca:63:3d:ee:09:8e:00:9e:f9:df:df:29:7a:
                    fb:31:51:99:00:32:16:53:89:e3:80:7a:15:5b:6f:
                    04:32:78:7b:1d:ac:d4:ac:51:e6:d5:90:59:2c:dd:
                    20:cd:60:73:9d:ee:cf:07:b4:14:4a:8e:11:e9:86:
                    dc:bc:88:74:30:f2:05:7b:e8:aa:55:2f:95:ff:39:
                    cf:db:ce:cd:d6:d5:51:ad:17:c9:37:7b:95:89:0d:
                    14:a8:77:02:eb:e6:2d:41:ee:07:0a:77:29:f7:f5:
                    4c:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:E4:BE:2B:6B:64:2D:01:FC:F1:78:A6:2F:C5:3D:24:B5:FB:CD:54
            X509v3 Authority Key Identifier:
                keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/Z-S-K2tkLQH88XimL8U9JLX7zVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.243.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:a5:ac:25:73:a5:04:a8:ed:09:5d:c1:51:e0:5f:4d:04:6e:
         54:69:63:ad:85:78:ba:6f:b8:5f:08:a4:13:df:c1:ea:90:01:
         84:ff:6d:83:7d:e9:71:b2:c2:64:26:e3:a5:c7:f1:f8:19:e3:
         59:84:75:8e:b0:19:45:d4:29:34:16:49:56:b5:5c:7a:f5:bf:
         1c:a1:58:d9:8f:fe:fd:d6:12:f1:b0:74:c7:24:28:8d:e3:57:
         44:5c:30:d4:11:5e:3a:45:48:e2:6a:5a:ad:8c:24:10:dc:09:
         d0:0d:ca:a6:23:11:91:c5:9d:05:8b:2a:10:56:ec:e6:29:a6:
         c4:d9:d9:b7:ff:7f:3b:25:48:42:c1:2a:92:15:72:b8:30:a6:
         22:2e:c6:37:ef:1a:a3:49:46:94:03:a2:3f:75:b9:ab:8e:b8:
         f6:e2:2e:c2:76:2f:9c:c4:3d:90:bd:48:73:92:c1:f3:f9:03:
         7f:08:b4:26:f9:69:1a:8d:40:17:6d:88:d5:03:ba:d1:39:51:
         ed:fc:1d:c5:37:ad:14:9e:c1:8c:a3:82:2b:cb:b5:27:3e:54:
         a9:66:9a:57:d9:be:c2:e3:2e:a5:9b:cf:16:a1:1f:2d:a0:f7:
         0c:c6:2a:81:de:c2:e7:90:02:f5:78:0b:3a:3e:9c:4d:f2:0b:
         b9:20:74:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6FZZcFduVmXdlAvlIkl7nZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjQwMzI4MTQxMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2U0YmUyYjZiNjQyZDAxZmNmMTc4YTYyZmM1M2QyNGI1ZmJjZDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqSTnMwae1/ECrgQphvXAph2pgNIQ
oFqEOM2s/kkqbR3vtRojOhojB6duvdMhCK5N0IfMG2jZVeab38diK9MWcLJ1Nssg
X6AupaXAJo0MHKmcwILtWC6aToFMJX1FCQx0jg6c0hldkaW/jXJOtwUlljRJuODX
7yp0yoymz63o/iJHQ0o73nVerw3qnSbGqde7ZvKIY52Nx8pjPe4JjgCe+d/fKXr7
MVGZADIWU4njgHoVW28EMnh7HazUrFHm1ZBZLN0gzWBzne7PB7QUSo4R6YbcvIh0
MPIFe+iqVS+V/znP287N1tVRrRfJN3uViQ0UqHcC6+YtQe4HCncp9/VMUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGfkvitrZC0B/PF4pi/FPSS1+81UMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvWi1TLUsydGtMUUg4OFhpbUw4VTlKTFg3elZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/O9MA0G
CSqGSIb3DQEBCwUAA4IBAQA0pawlc6UEqO0JXcFR4F9NBG5UaWOthXi6b7hfCKQT
38HqkAGE/22DfelxssJkJuOlx/H4GeNZhHWOsBlF1Ck0FklWtVx69b8coVjZj/79
1hLxsHTHJCiN41dEXDDUEV46RUjialqtjCQQ3AnQDcqmIxGRxZ0FiyoQVuzmKabE
2dm3/387JUhCwSqSFXK4MKYiLsY37xqjSUaUA6I/dbmrjrj24i7Cdi+cxD2QvUhz
ksHz+QN/CLQm+WkajUAXbYjVA7rROVHt/B3FN60UnsGMo4Iry7UnPlSpZppX2b7C
4y6lm88WoR8toPcMxiqB3sLnkAL1eAs6PpxN8gu5IHTL
-----END CERTIFICATE-----