Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/09cea0-ef2b-4f20-a19a-eb5a627e76a3/1/rzccHbOqxto9iOt93MvKjJnBb_o.roa
File:                     rzccHbOqxto9iOt93MvKjJnBb_o.roa (raw, json)
Hash identifier:          /yaX9Av1La24175KrJL4cS7wNvFER3eq6ceNSzfVh9E=
Subject key identifier:   AF:37:1C:1D:B3:AA:C6:DA:3D:88:EB:7D:DC:CB:CA:8C:99:C1:6F:FA
Certificate issuer:       /CN=4c37f27eb4997b3bef9f28266a39694050fe74f9
Certificate serial:       018CC56ED8E2D2A89106194C31CDD33DB5A8
Authority key identifier: 4C:37:F2:7E:B4:99:7B:3B:EF:9F:28:26:6A:39:69:40:50:FE:74:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TDfyfrSZezvvnygmajlpQFD-dPk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/09cea0-ef2b-4f20-a19a-eb5a627e76a3/1/rzccHbOqxto9iOt93MvKjJnBb_o.roa
Signing time:             Mon 01 Jan 2024 14:30:25 +0000
ROA not before:           Mon 01 Jan 2024 14:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47253
IP address blocks:        77.91.148.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/09cea0-ef2b-4f20-a19a-eb5a627e76a3/1/TDfyfrSZezvvnygmajlpQFD-dPk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/09cea0-ef2b-4f20-a19a-eb5a627e76a3/1/TDfyfrSZezvvnygmajlpQFD-dPk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TDfyfrSZezvvnygmajlpQFD-dPk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:d8:e2:d2:a8:91:06:19:4c:31:cd:d3:3d:b5:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c37f27eb4997b3bef9f28266a39694050fe74f9
        Validity
            Not Before: Jan  1 14:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af371c1db3aac6da3d88eb7ddccbca8c99c16ffa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:3e:58:23:15:5c:3e:aa:f7:36:ca:15:55:ab:
                    72:48:cd:6d:3e:c0:f5:55:0b:88:7c:8b:16:29:bd:
                    c3:dc:4a:2d:91:c1:0a:05:fd:1c:08:63:86:f4:86:
                    8c:3e:d1:53:92:9f:fb:11:b3:da:86:93:00:cf:5c:
                    df:34:46:5b:87:ef:e2:ec:a1:89:bc:23:5e:00:19:
                    62:27:86:5b:0a:ba:1d:7f:98:85:fb:b3:f5:12:c4:
                    38:54:b8:03:74:32:7c:08:86:e8:ea:f0:b2:7d:bc:
                    9b:b8:68:7b:f5:90:e2:b1:34:6e:95:ee:3a:43:ab:
                    9a:77:93:43:bf:28:ac:a8:79:f2:a9:59:48:62:02:
                    60:f6:7b:cc:b3:0a:0f:67:88:0e:88:3a:7a:83:9e:
                    19:49:9f:d1:8c:c6:76:71:84:9b:68:61:78:b2:cc:
                    15:6d:6f:35:c8:d3:57:71:36:89:34:16:81:07:9f:
                    d8:a9:9b:c1:ae:2a:23:ed:62:33:c6:c2:d1:c5:f7:
                    46:36:56:e8:10:aa:b3:6e:7a:16:1e:d9:b1:cc:f9:
                    fa:bf:a2:ce:c3:1b:f3:75:78:6e:38:a8:96:5a:71:
                    df:b1:0b:47:9b:89:57:a3:bb:78:bc:78:0d:43:99:
                    1b:60:f4:2f:20:8b:67:0d:4c:23:b1:c5:a4:9b:65:
                    69:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:37:1C:1D:B3:AA:C6:DA:3D:88:EB:7D:DC:CB:CA:8C:99:C1:6F:FA
            X509v3 Authority Key Identifier:
                keyid:4C:37:F2:7E:B4:99:7B:3B:EF:9F:28:26:6A:39:69:40:50:FE:74:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TDfyfrSZezvvnygmajlpQFD-dPk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/09cea0-ef2b-4f20-a19a-eb5a627e76a3/1/rzccHbOqxto9iOt93MvKjJnBb_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/09cea0-ef2b-4f20-a19a-eb5a627e76a3/1/TDfyfrSZezvvnygmajlpQFD-dPk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         68:91:a5:d5:fa:04:31:7f:fb:5e:d9:7c:be:f1:54:ca:eb:e6:
         ca:3b:04:ea:49:3b:5e:be:8c:e4:af:a4:3e:2d:47:a8:84:56:
         a7:24:a6:a3:27:d4:86:6a:89:7d:80:14:8c:a6:62:69:85:66:
         0e:65:c8:26:e8:5a:59:0c:4c:e1:ba:84:f5:6c:90:4d:f4:e8:
         b5:d0:27:18:02:ff:99:18:d3:ab:58:43:83:df:7e:76:50:08:
         93:57:b5:b2:6a:6c:f2:64:e9:69:7f:d5:2e:92:da:ec:48:9e:
         83:3e:4d:2c:44:5a:20:7c:75:0b:ae:f8:26:37:8c:96:1a:aa:
         86:4c:41:59:2a:b4:57:5d:ee:f7:64:94:2c:13:4a:65:d2:1c:
         e3:3c:1e:89:a4:4b:63:57:b4:f6:1b:e9:f3:e2:e4:1e:cb:f9:
         60:f8:08:59:9a:c0:57:2f:8c:fc:f7:6d:6a:23:b5:5e:f2:b5:
         f2:bc:28:51:64:2f:ab:6a:53:7c:ec:f6:01:74:5b:b8:c4:7c:
         2a:fd:90:57:38:eb:23:97:c0:41:a4:24:64:31:fa:74:bc:f5:
         d2:56:0e:f9:30:3e:30:b0:24:90:34:a8:ca:0b:32:3a:fd:5d:
         43:2b:92:45:0d:b3:e0:7a:87:15:87:5d:d1:12:13:21:6b:15:
         9b:2d:d4:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbtji0qiRBhlMMc3TPbWoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjMzdmMjdlYjQ5OTdiM2JlZjlmMjgyNjZhMzk2OTQwNTBm
ZTc0ZjkwHhcNMjQwMTAxMTQzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjM3MWMxZGIzYWFjNmRhM2Q4OGViN2RkY2NiY2E4Yzk5YzE2ZmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqD5YIxVcPqr3NsoVVatySM1tPsD1
VQuIfIsWKb3D3EotkcEKBf0cCGOG9IaMPtFTkp/7EbPahpMAz1zfNEZbh+/i7KGJ
vCNeABliJ4ZbCrodf5iF+7P1EsQ4VLgDdDJ8CIbo6vCyfbybuGh79ZDisTRule46
Q6uad5NDvyisqHnyqVlIYgJg9nvMswoPZ4gOiDp6g54ZSZ/RjMZ2cYSbaGF4sswV
bW81yNNXcTaJNBaBB5/YqZvBrioj7WIzxsLRxfdGNlboEKqzbnoWHtmxzPn6v6LO
wxvzdXhuOKiWWnHfsQtHm4lXo7t4vHgNQ5kbYPQvIItnDUwjscWkm2VpiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK83HB2zqsbaPYjrfdzLyoyZwW/6MB8GA1UdIwQY
MBaAFEw38n60mXs7758oJmo5aUBQ/nT5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVERmeWZyU1plenZ2bnlnbWFqbHBRRkQtZFBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC8wOWNlYTAtZWYyYi00ZjIwLWExOWEt
ZWI1YTYyN2U3NmEzLzEvcnpjY0hiT3F4dG85aU90OTNNdktqSm5CYl9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC8wOWNlYTAtZWYyYi00ZjIwLWExOWEtZWI1YTYyN2U3NmEz
LzEvVERmeWZyU1plenZ2bnlnbWFqbHBRRkQtZFBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCTVuUMA0G
CSqGSIb3DQEBCwUAA4IBAQBokaXV+gQxf/te2Xy+8VTK6+bKOwTqSTtevozkr6Q+
LUeohFanJKajJ9SGaol9gBSMpmJphWYOZcgm6FpZDEzhuoT1bJBN9Oi10CcYAv+Z
GNOrWEOD3352UAiTV7WyamzyZOlpf9UuktrsSJ6DPk0sRFogfHULrvgmN4yWGqqG
TEFZKrRXXe73ZJQsE0pl0hzjPB6JpEtjV7T2G+nz4uQey/lg+AhZmsBXL4z8921q
I7Ve8rXyvChRZC+ralN87PYBdFu4xHwq/ZBXOOsjl8BBpCRkMfp0vPXSVg75MD4w
sCSQNKjKCzI6/V1DK5JFDbPgeocVh13REhMhaxWbLdTx
-----END CERTIFICATE-----