Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/d4dade-caef-4cd0-aef3-004f0cb3ed77/1/zVKwsbjUGc9jl1O1zP1e8lThsOA.roa
File:                     zVKwsbjUGc9jl1O1zP1e8lThsOA.roa (raw, json)
Hash identifier:          HJmBpHUAi9FpAEaXy6pp857DR1c5NF8vI6d/HsHAC7A=
Subject key identifier:   CD:52:B0:B1:B8:D4:19:CF:63:97:53:B5:CC:FD:5E:F2:54:E1:B0:E0
Certificate issuer:       /CN=3035546ea5b0790549ca0ba1bb2a3e1dbae4a3da
Certificate serial:       018CC86F2AA5A9E7F3702A9CCA32A2CE26EA
Authority key identifier: 30:35:54:6E:A5:B0:79:05:49:CA:0B:A1:BB:2A:3E:1D:BA:E4:A3:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MDVUbqWweQVJyguhuyo-Hbrko9o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/d4dade-caef-4cd0-aef3-004f0cb3ed77/1/zVKwsbjUGc9jl1O1zP1e8lThsOA.roa
Signing time:             Tue 02 Jan 2024 04:29:37 +0000
ROA not before:           Tue 02 Jan 2024 04:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48016
IP address blocks:        91.208.225.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/d4dade-caef-4cd0-aef3-004f0cb3ed77/1/MDVUbqWweQVJyguhuyo-Hbrko9o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/d4dade-caef-4cd0-aef3-004f0cb3ed77/1/MDVUbqWweQVJyguhuyo-Hbrko9o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MDVUbqWweQVJyguhuyo-Hbrko9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:03:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:2a:a5:a9:e7:f3:70:2a:9c:ca:32:a2:ce:26:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3035546ea5b0790549ca0ba1bb2a3e1dbae4a3da
        Validity
            Not Before: Jan  2 04:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd52b0b1b8d419cf639753b5ccfd5ef254e1b0e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:4a:8b:b1:c2:a9:e1:08:be:ed:e6:58:1b:5e:
                    89:85:ac:20:33:92:72:36:68:d1:29:18:16:f7:1a:
                    8f:1d:5c:f3:df:78:01:fe:c6:20:6f:4f:ee:12:2f:
                    6b:64:a6:24:7e:fc:01:8b:af:d2:7d:ba:1f:48:5a:
                    28:b1:9a:4f:6a:50:93:ff:53:bb:ce:b3:67:85:84:
                    db:c3:65:62:d5:fd:5d:24:ac:9f:66:ee:18:35:94:
                    35:d2:f7:08:25:13:42:ed:81:a5:1b:ee:8c:16:5e:
                    43:35:33:4a:08:98:fc:ac:0d:3d:5f:07:2a:ae:a3:
                    ac:81:0e:77:ee:08:17:05:36:fd:c3:aa:32:0e:f7:
                    1e:f5:06:76:de:a7:66:81:a7:6d:fb:70:bb:85:cc:
                    cf:f5:a5:02:3c:a1:6a:36:c9:c1:5c:d7:20:65:e0:
                    ef:b6:ac:0c:c5:cb:d8:69:09:ea:24:10:df:9d:79:
                    42:5c:27:4a:84:53:6c:fd:fd:0a:e1:6f:a5:95:8b:
                    91:ae:86:9d:a7:d1:1a:fa:c0:09:4c:2d:2d:a7:c4:
                    fc:75:a1:72:39:44:89:3d:08:01:45:22:b4:44:91:
                    44:e9:ba:30:cc:cf:76:5e:e0:bc:a3:78:6b:c6:c2:
                    0f:81:a7:07:a5:a4:b3:1e:3f:d1:98:ea:56:7e:28:
                    5b:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:52:B0:B1:B8:D4:19:CF:63:97:53:B5:CC:FD:5E:F2:54:E1:B0:E0
            X509v3 Authority Key Identifier:
                keyid:30:35:54:6E:A5:B0:79:05:49:CA:0B:A1:BB:2A:3E:1D:BA:E4:A3:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MDVUbqWweQVJyguhuyo-Hbrko9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/d4dade-caef-4cd0-aef3-004f0cb3ed77/1/zVKwsbjUGc9jl1O1zP1e8lThsOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/d4dade-caef-4cd0-aef3-004f0cb3ed77/1/MDVUbqWweQVJyguhuyo-Hbrko9o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:e7:ca:79:59:6a:0b:84:d4:33:77:56:49:90:37:6b:06:d9:
         bb:2a:5e:f0:1b:1b:5a:c9:d5:27:26:2a:f5:f9:e7:cd:71:69:
         80:79:f6:64:bc:1b:10:17:19:c5:c4:ae:7b:dd:ef:c1:e8:40:
         71:bf:82:b1:88:c5:b4:91:52:f1:01:83:29:62:49:f1:41:82:
         c0:11:52:b4:7f:2c:25:fb:d8:67:c2:76:75:d4:45:19:b9:20:
         cf:01:b5:bf:e8:40:63:1a:99:c5:2c:a5:b7:ab:d7:d0:0e:2d:
         37:51:7c:97:bd:8a:a8:09:f7:4e:bc:0a:1c:9c:6b:c5:90:8a:
         97:eb:a7:fe:aa:fa:b7:06:ab:04:98:eb:7d:d6:d2:c6:64:15:
         74:aa:ca:13:52:97:cc:14:89:0c:36:ec:bb:b3:65:17:0d:e3:
         ce:90:8f:c7:d0:4d:29:ba:bb:91:24:13:38:4d:d3:0d:4b:dd:
         2c:1e:8a:d9:5a:9d:0a:d9:4c:98:9b:6a:db:a8:55:d9:a3:98:
         35:95:b9:05:e6:55:f7:b8:07:5e:3c:df:df:2e:1e:59:89:7c:
         00:40:20:6e:a6:f2:83:5c:a6:86:7a:f2:6c:db:b8:13:b1:0c:
         ac:30:b1:95:1c:c2:ed:a8:5d:a3:cd:8a:0b:df:8c:e3:e5:3d:
         8f:62:c2:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbyqlqefzcCqcyjKizibqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwMzU1NDZlYTViMDc5MDU0OWNhMGJhMWJiMmEzZTFkYmFl
NGEzZGEwHhcNMjQwMTAyMDQyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDUyYjBiMWI4ZDQxOWNmNjM5NzUzYjVjY2ZkNWVmMjU0ZTFiMGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm0qLscKp4Qi+7eZYG16JhawgM5Jy
NmjRKRgW9xqPHVzz33gB/sYgb0/uEi9rZKYkfvwBi6/SfbofSFoosZpPalCT/1O7
zrNnhYTbw2Vi1f1dJKyfZu4YNZQ10vcIJRNC7YGlG+6MFl5DNTNKCJj8rA09Xwcq
rqOsgQ537ggXBTb9w6oyDvce9QZ23qdmgadt+3C7hczP9aUCPKFqNsnBXNcgZeDv
tqwMxcvYaQnqJBDfnXlCXCdKhFNs/f0K4W+llYuRroadp9Ea+sAJTC0tp8T8daFy
OUSJPQgBRSK0RJFE6bowzM92XuC8o3hrxsIPgacHpaSzHj/RmOpWfihbRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM1SsLG41BnPY5dTtcz9XvJU4bDgMB8GA1UdIwQY
MBaAFDA1VG6lsHkFScoLobsqPh265KPaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTURWVWJxV3dlUVZKeWd1aHV5by1IYnJrbzlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9kNGRhZGUtY2FlZi00Y2QwLWFlZjMt
MDA0ZjBjYjNlZDc3LzEvelZLd3NialVHYzlqbDFPMXpQMWU4bFRoc09BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9kNGRhZGUtY2FlZi00Y2QwLWFlZjMtMDA0ZjBjYjNlZDc3
LzEvTURWVWJxV3dlUVZKeWd1aHV5by1IYnJrbzlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9DhMA0G
CSqGSIb3DQEBCwUAA4IBAQCt58p5WWoLhNQzd1ZJkDdrBtm7Kl7wGxtaydUnJir1
+efNcWmAefZkvBsQFxnFxK573e/B6EBxv4KxiMW0kVLxAYMpYknxQYLAEVK0fywl
+9hnwnZ11EUZuSDPAbW/6EBjGpnFLKW3q9fQDi03UXyXvYqoCfdOvAocnGvFkIqX
66f+qvq3BqsEmOt91tLGZBV0qsoTUpfMFIkMNuy7s2UXDePOkI/H0E0puruRJBM4
TdMNS90sHorZWp0K2UyYm2rbqFXZo5g1lbkF5lX3uAdePN/fLh5ZiXwAQCBupvKD
XKaGevJs27gTsQysMLGVHMLtqF2jzYoL34zj5T2PYsIL
-----END CERTIFICATE-----