Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/5ff89a-2f15-4090-bcc2-807b7c2d6389/1/ZnnDziCLyw6qwb2HgCcqPOeS9w8.roa
File:                     ZnnDziCLyw6qwb2HgCcqPOeS9w8.roa (raw, json)
Hash identifier:          JOB1HXbR6n8FQpfIs/y1HZUJ4PWR9ej9vLxLlL+a7jg=
Subject key identifier:   66:79:C3:CE:20:8B:CB:0E:AA:C1:BD:87:80:27:2A:3C:E7:92:F7:0F
Certificate issuer:       /CN=1bb80b4a3327c583aecdb03cef3f64f33bd59b08
Certificate serial:       018CC64AF2615EE4D0CDA2DDF12EA614E38E
Authority key identifier: 1B:B8:0B:4A:33:27:C5:83:AE:CD:B0:3C:EF:3F:64:F3:3B:D5:9B:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G7gLSjMnxYOuzbA87z9k8zvVmwg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/5ff89a-2f15-4090-bcc2-807b7c2d6389/1/ZnnDziCLyw6qwb2HgCcqPOeS9w8.roa
Signing time:             Mon 01 Jan 2024 18:30:49 +0000
ROA not before:           Mon 01 Jan 2024 18:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56967
IP address blocks:        91.212.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/5ff89a-2f15-4090-bcc2-807b7c2d6389/1/G7gLSjMnxYOuzbA87z9k8zvVmwg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/5ff89a-2f15-4090-bcc2-807b7c2d6389/1/G7gLSjMnxYOuzbA87z9k8zvVmwg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G7gLSjMnxYOuzbA87z9k8zvVmwg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 20:24:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:f2:61:5e:e4:d0:cd:a2:dd:f1:2e:a6:14:e3:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1bb80b4a3327c583aecdb03cef3f64f33bd59b08
        Validity
            Not Before: Jan  1 18:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6679c3ce208bcb0eaac1bd8780272a3ce792f70f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:1c:07:58:9d:e0:35:6c:d8:e5:c6:3b:13:5b:
                    79:b3:a8:39:3e:f6:27:c6:0f:41:56:d2:23:93:4a:
                    10:af:0c:c7:15:c9:de:29:79:4f:1e:8d:18:c0:91:
                    58:33:d2:e8:19:21:89:57:b7:6c:05:18:16:8c:1e:
                    29:41:81:bc:9f:f2:fb:50:d0:df:e4:87:4e:90:b3:
                    e8:87:f2:c7:52:9e:14:72:e9:82:da:d8:cd:ff:26:
                    16:9b:35:42:fe:ac:4c:d1:8f:b1:37:dc:f3:98:54:
                    e8:60:cf:87:4d:0f:56:f6:b5:dc:67:f4:09:f0:1a:
                    e5:00:33:f6:e1:3b:5f:e3:80:0f:f7:a9:33:86:98:
                    62:11:22:c5:a9:47:f5:a6:4c:4d:3f:a9:c8:2c:df:
                    1f:28:65:1b:11:b9:da:8a:54:da:9a:6b:78:01:c9:
                    b5:ff:be:2d:1a:bd:ce:fb:43:0b:d9:f5:63:e2:64:
                    f7:98:fd:8e:b5:cc:ee:c5:14:99:b5:99:af:45:a9:
                    9e:f2:a1:6f:67:85:cf:b6:0e:b4:c8:be:2c:79:8f:
                    92:c7:91:0f:4d:38:17:76:ab:61:5a:9b:dd:d3:61:
                    a8:5e:7e:a4:a3:49:58:96:e3:ab:37:08:68:36:ff:
                    05:a1:f2:5a:6e:58:01:12:e0:2b:8f:da:13:48:21:
                    a2:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:79:C3:CE:20:8B:CB:0E:AA:C1:BD:87:80:27:2A:3C:E7:92:F7:0F
            X509v3 Authority Key Identifier:
                keyid:1B:B8:0B:4A:33:27:C5:83:AE:CD:B0:3C:EF:3F:64:F3:3B:D5:9B:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G7gLSjMnxYOuzbA87z9k8zvVmwg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/5ff89a-2f15-4090-bcc2-807b7c2d6389/1/ZnnDziCLyw6qwb2HgCcqPOeS9w8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/5ff89a-2f15-4090-bcc2-807b7c2d6389/1/G7gLSjMnxYOuzbA87z9k8zvVmwg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:8a:d4:14:a7:49:f5:6d:70:03:27:3d:ea:68:5f:8c:97:d4:
         20:d3:ab:52:a0:fa:b3:13:d0:50:26:d9:1e:a3:2d:7c:cb:69:
         45:16:d0:f8:9d:9b:3d:16:11:62:8c:d6:d1:7a:5a:f1:0a:e4:
         14:3d:42:9c:35:f1:6c:df:34:47:51:81:67:ec:7d:14:a9:4b:
         40:6a:f2:a5:8b:f2:8b:49:c1:76:98:fc:5e:87:0c:78:24:18:
         24:2a:f7:56:53:82:fc:27:94:68:8e:12:3c:ca:bb:60:66:b1:
         a2:6f:24:e4:fe:fd:21:ec:a2:ee:0e:66:07:eb:2a:e3:76:a2:
         a6:2e:8c:8d:39:54:88:38:f3:52:e0:75:8b:bd:86:0f:96:6e:
         4f:01:f2:6a:9f:c7:33:0b:e0:8e:42:9e:33:99:01:c3:2f:c2:
         00:a2:23:ae:99:6b:c7:b0:d8:93:04:01:60:55:82:4b:b0:ca:
         c5:46:43:7f:08:f3:35:7c:0e:1f:08:96:cd:0d:5b:db:e4:bd:
         7b:15:e1:9e:3e:f7:ed:e2:b9:17:10:83:48:84:d6:7c:db:9d:
         cc:09:b6:e5:b6:9e:65:22:6a:de:41:ea:c0:ed:ce:9a:71:a4:
         e8:1f:25:ba:a9:4c:23:3d:b5:6b:23:15:56:a4:9e:23:7b:48:
         27:9e:2b:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSvJhXuTQzaLd8S6mFOOOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiYjgwYjRhMzMyN2M1ODNhZWNkYjAzY2VmM2Y2NGYzM2Jk
NTliMDgwHhcNMjQwMTAxMTgzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Njc5YzNjZTIwOGJjYjBlYWFjMWJkODc4MDI3MmEzY2U3OTJmNzBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlRwHWJ3gNWzY5cY7E1t5s6g5PvYn
xg9BVtIjk0oQrwzHFcneKXlPHo0YwJFYM9LoGSGJV7dsBRgWjB4pQYG8n/L7UNDf
5IdOkLPoh/LHUp4UcumC2tjN/yYWmzVC/qxM0Y+xN9zzmFToYM+HTQ9W9rXcZ/QJ
8BrlADP24Ttf44AP96kzhphiESLFqUf1pkxNP6nILN8fKGUbEbnailTammt4Acm1
/74tGr3O+0ML2fVj4mT3mP2OtczuxRSZtZmvRame8qFvZ4XPtg60yL4seY+Sx5EP
TTgXdqthWpvd02GoXn6ko0lYluOrNwhoNv8FofJablgBEuArj9oTSCGiMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGZ5w84gi8sOqsG9h4AnKjznkvcPMB8GA1UdIwQY
MBaAFBu4C0ozJ8WDrs2wPO8/ZPM71ZsIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzdnTFNqTW54WU91emJBODd6OWs4enZWbXdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS81ZmY4OWEtMmYxNS00MDkwLWJjYzIt
ODA3YjdjMmQ2Mzg5LzEvWm5uRHppQ0x5dzZxd2IySGdDY3FQT2VTOXc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS81ZmY4OWEtMmYxNS00MDkwLWJjYzItODA3YjdjMmQ2Mzg5
LzEvRzdnTFNqTW54WU91emJBODd6OWs4enZWbXdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9RvMA0G
CSqGSIb3DQEBCwUAA4IBAQAEitQUp0n1bXADJz3qaF+Ml9Qg06tSoPqzE9BQJtke
oy18y2lFFtD4nZs9FhFijNbRelrxCuQUPUKcNfFs3zRHUYFn7H0UqUtAavKli/KL
ScF2mPxehwx4JBgkKvdWU4L8J5RojhI8yrtgZrGibyTk/v0h7KLuDmYH6yrjdqKm
LoyNOVSIOPNS4HWLvYYPlm5PAfJqn8czC+COQp4zmQHDL8IAoiOumWvHsNiTBAFg
VYJLsMrFRkN/CPM1fA4fCJbNDVvb5L17FeGePvft4rkXEINIhNZ8253MCbbltp5l
ImreQerA7c6acaToHyW6qUwjPbVrIxVWpJ4je0gnnivK
-----END CERTIFICATE-----