Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/zIA6BDrr_xrDLDlzAGpw_9P6klo.roa
File:                     zIA6BDrr_xrDLDlzAGpw_9P6klo.roa (raw, json)
Hash identifier:          pfzDsna4zGoCQX7v3ji49EBWdSr9XYlq27X+4n1BNgY=
Subject key identifier:   CC:80:3A:04:3A:EB:FF:1A:C3:2C:39:73:00:6A:70:FF:D3:FA:92:5A
Certificate issuer:       /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial:       0194221FDC36B0A968A589843CCC0E1C7BC9
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/zIA6BDrr_xrDLDlzAGpw_9P6klo.roa
Signing time:             Wed 01 Jan 2025 13:48:20 +0000
ROA not before:           Wed 01 Jan 2025 13:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215355
IP address blocks:        91.103.120.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:dc:36:b0:a9:68:a5:89:84:3c:cc:0e:1c:7b:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
        Validity
            Not Before: Jan  1 13:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cc803a043aebff1ac32c3973006a70ffd3fa925a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:50:4b:3e:c7:54:20:3c:f9:4f:ce:a9:4f:c4:
                    a4:25:d1:ac:ad:eb:eb:e7:7f:cf:c5:73:07:7f:48:
                    a9:3e:f9:5a:54:bb:8c:4e:5d:ae:90:de:8e:e7:b7:
                    95:e0:ce:c7:6e:1a:5d:90:f7:dd:f9:b8:1d:5c:84:
                    27:2c:32:b0:e8:d1:99:8d:b9:31:13:4d:52:eb:71:
                    be:b3:b5:b8:ec:45:09:0a:02:bb:f1:a1:d1:9f:b8:
                    94:5f:55:d5:57:68:b2:a8:ea:d6:4e:1f:66:c4:75:
                    f6:03:1f:29:11:80:0a:e0:4f:eb:7f:93:ea:b3:d6:
                    af:98:fc:ce:72:f3:7c:38:68:7d:64:02:09:b5:95:
                    9b:e6:4a:c7:9d:3f:42:1f:01:a1:f6:54:c3:6e:f1:
                    1e:1d:de:ac:30:d9:37:95:81:b0:59:c9:fc:45:6d:
                    e4:2e:9a:e8:0e:f0:9b:83:42:be:34:0c:3e:73:cf:
                    6a:36:a5:2a:21:d8:1f:9f:30:e5:79:ad:ad:60:15:
                    44:b0:92:e3:0d:de:0d:75:79:19:0b:ff:eb:ba:5c:
                    5a:35:6c:db:cc:b0:63:10:e8:bc:c6:8a:6f:70:50:
                    1f:77:4e:a5:b2:c1:97:58:9c:5b:58:ed:f6:7a:cf:
                    dd:5e:c9:35:21:e5:7f:53:fa:6f:4c:4a:cf:79:b3:
                    2c:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:80:3A:04:3A:EB:FF:1A:C3:2C:39:73:00:6A:70:FF:D3:FA:92:5A
            X509v3 Authority Key Identifier:
                keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/zIA6BDrr_xrDLDlzAGpw_9P6klo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.103.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         11:b9:1e:28:3f:a0:99:42:b6:b9:72:33:40:38:2e:79:a6:ec:
         ca:c1:b2:b2:a7:af:fc:a4:90:62:d8:ef:4d:80:89:e9:90:ee:
         17:a0:96:d6:23:cf:a7:57:9c:b9:23:fa:a6:37:86:62:12:77:
         6f:5b:55:ce:f3:a7:5b:78:e1:8b:a9:22:77:2e:ec:bd:2b:f8:
         77:8f:51:d0:f3:ee:d0:dc:97:3d:ed:5c:f5:20:39:fe:7b:85:
         7e:0f:8f:4a:76:40:c8:2a:a1:66:31:89:10:5e:fc:8c:b8:63:
         4b:61:c5:65:d6:72:92:04:62:09:35:cb:e7:e0:d4:fa:46:8d:
         ec:56:15:6a:a6:d4:d0:74:32:4a:66:aa:2d:ca:bd:47:65:bc:
         9c:3c:36:2f:87:1d:7f:48:e3:f0:6b:59:cf:67:58:a3:4a:52:
         67:80:0e:06:87:5b:44:60:78:aa:0a:e3:55:52:74:da:60:c8:
         60:52:5a:87:94:1b:71:b6:15:fa:51:aa:d2:be:5e:88:3c:c5:
         93:78:a1:fb:ec:da:bb:55:a3:58:65:61:fd:68:fb:e8:a1:8e:
         cc:e1:00:da:9b:1e:2b:b2:d1:e5:12:60:6a:06:27:b1:8c:58:
         18:0d:51:38:f6:cf:02:6a:6d:65:cb:a9:ba:fc:40:5d:2f:eb:
         b9:09:70:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH9w2sKlopYmEPMwOHHvJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjUwMTAxMTM0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzgwM2EwNDNhZWJmZjFhYzMyYzM5NzMwMDZhNzBmZmQzZmE5MjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmVBLPsdUIDz5T86pT8SkJdGsrevr
53/PxXMHf0ipPvlaVLuMTl2ukN6O57eV4M7HbhpdkPfd+bgdXIQnLDKw6NGZjbkx
E01S63G+s7W47EUJCgK78aHRn7iUX1XVV2iyqOrWTh9mxHX2Ax8pEYAK4E/rf5Pq
s9avmPzOcvN8OGh9ZAIJtZWb5krHnT9CHwGh9lTDbvEeHd6sMNk3lYGwWcn8RW3k
LproDvCbg0K+NAw+c89qNqUqIdgfnzDlea2tYBVEsJLjDd4NdXkZC//rulxaNWzb
zLBjEOi8xopvcFAfd06lssGXWJxbWO32es/dXsk1IeV/U/pvTErPebMsqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMyAOgQ66/8awyw5cwBqcP/T+pJaMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEveklBNkJEcnJfeHJETERsekFHcHdfOVA2a2xvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW2d4MA0G
CSqGSIb3DQEBCwUAA4IBAQARuR4oP6CZQra5cjNAOC55puzKwbKyp6/8pJBi2O9N
gInpkO4XoJbWI8+nV5y5I/qmN4ZiEndvW1XO86dbeOGLqSJ3Luy9K/h3j1HQ8+7Q
3Jc97Vz1IDn+e4V+D49KdkDIKqFmMYkQXvyMuGNLYcVl1nKSBGIJNcvn4NT6Ro3s
VhVqptTQdDJKZqotyr1HZbycPDYvhx1/SOPwa1nPZ1ijSlJngA4Gh1tEYHiqCuNV
UnTaYMhgUlqHlBtxthX6UarSvl6IPMWTeKH77Nq7VaNYZWH9aPvooY7M4QDamx4r
stHlEmBqBiexjFgYDVE49s8Cam1ly6m6/EBdL+u5CXDH
-----END CERTIFICATE-----