Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/ba70f2-b7ac-4346-9d08-63ae0bfc169f/1/Zeio8G8F7d8ppWeP2ZyG17JXT6w.roa
File:                     Zeio8G8F7d8ppWeP2ZyG17JXT6w.roa (raw, json)
Hash identifier:          nF3JyiKDubkFKWVoJeyww8LR0PDS9FDR2B455+zachk=
Subject key identifier:   65:E8:A8:F0:6F:05:ED:DF:29:A5:67:8F:D9:9C:86:D7:B2:57:4F:AC
Certificate issuer:       /CN=3bfccd4a00422c865f5093b85bb868c2bb30c469
Certificate serial:       018CC6B9398CB90D683AFA05B5E72953D985
Authority key identifier: 3B:FC:CD:4A:00:42:2C:86:5F:50:93:B8:5B:B8:68:C2:BB:30:C4:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O_zNSgBCLIZfUJO4W7howrswxGk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/ba70f2-b7ac-4346-9d08-63ae0bfc169f/1/Zeio8G8F7d8ppWeP2ZyG17JXT6w.roa
Signing time:             Mon 01 Jan 2024 20:31:16 +0000
ROA not before:           Mon 01 Jan 2024 20:31:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8454
IP address blocks:        91.213.98.0/24 maxlen: 24
                          2001:67c:2f78::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/ba70f2-b7ac-4346-9d08-63ae0bfc169f/1/O_zNSgBCLIZfUJO4W7howrswxGk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/ba70f2-b7ac-4346-9d08-63ae0bfc169f/1/O_zNSgBCLIZfUJO4W7howrswxGk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O_zNSgBCLIZfUJO4W7howrswxGk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:39:8c:b9:0d:68:3a:fa:05:b5:e7:29:53:d9:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3bfccd4a00422c865f5093b85bb868c2bb30c469
        Validity
            Not Before: Jan  1 20:31:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=65e8a8f06f05eddf29a5678fd99c86d7b2574fac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:31:a7:b4:ac:17:7b:f8:f6:ce:be:2d:ea:6e:
                    e9:a8:36:72:98:45:32:51:c9:fd:70:1a:e0:02:d9:
                    bc:4e:93:25:2e:f7:fd:b3:09:bc:c7:48:de:6d:d3:
                    d7:bc:1a:38:5d:81:bc:d8:a4:44:89:f2:05:33:af:
                    59:ff:be:38:f4:ef:a7:f0:dc:8f:fc:c4:5a:f3:fe:
                    a6:86:66:78:45:50:23:96:19:da:c8:af:58:94:09:
                    d8:2c:08:d4:41:6f:8e:d7:0a:1f:03:5b:c6:8a:de:
                    84:47:02:cf:f5:d3:87:a8:07:5c:59:5b:1d:a0:ab:
                    57:30:7c:21:9d:15:c4:f2:65:eb:3e:7b:ae:7d:01:
                    87:be:1e:83:ed:41:a5:40:19:fc:c0:50:ce:db:13:
                    7f:0d:8a:70:7a:f1:1e:64:2f:2d:a3:44:97:46:5a:
                    45:f9:08:ef:b1:65:10:42:b4:67:d6:ae:4e:23:31:
                    5c:0c:05:58:33:81:96:91:93:f2:47:68:3f:eb:a3:
                    3d:90:d0:0b:95:af:76:f6:3d:2c:76:7d:77:8d:ae:
                    0a:0f:f9:95:6e:63:51:f6:75:d0:e8:d5:c7:a9:34:
                    97:f3:1b:a9:05:08:d6:b1:73:f2:19:47:da:ce:ef:
                    e7:e4:9e:69:ef:ae:f3:9f:94:37:db:5d:c1:ad:f1:
                    f6:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:E8:A8:F0:6F:05:ED:DF:29:A5:67:8F:D9:9C:86:D7:B2:57:4F:AC
            X509v3 Authority Key Identifier:
                keyid:3B:FC:CD:4A:00:42:2C:86:5F:50:93:B8:5B:B8:68:C2:BB:30:C4:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O_zNSgBCLIZfUJO4W7howrswxGk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/ba70f2-b7ac-4346-9d08-63ae0bfc169f/1/Zeio8G8F7d8ppWeP2ZyG17JXT6w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/ba70f2-b7ac-4346-9d08-63ae0bfc169f/1/O_zNSgBCLIZfUJO4W7howrswxGk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.98.0/24
                IPv6:
                  2001:67c:2f78::/48

    Signature Algorithm: sha256WithRSAEncryption
         1c:19:a3:49:e4:05:42:b8:8f:41:4c:8c:fb:21:cb:7d:85:a9:
         b3:16:f3:ad:2c:8e:52:c7:62:0f:bc:1c:68:aa:73:86:3c:f3:
         97:87:ff:3d:f0:af:60:9f:1f:0a:09:6e:56:e5:d0:35:6f:e1:
         e8:5d:96:d4:8a:ac:e1:e0:41:ee:c5:40:5d:de:1e:0e:6e:f0:
         7d:22:f4:2f:89:7e:73:c0:a1:ec:ed:0f:33:1a:7d:70:c0:0d:
         3c:fa:60:f6:f0:d7:5f:d7:01:68:7f:cc:34:f6:13:60:57:1a:
         2a:0b:52:c1:38:9d:f0:55:4a:ed:e9:67:f4:da:13:e6:1e:a5:
         ac:47:0f:ab:d8:6b:48:e1:49:f7:95:f7:5b:b8:c6:36:78:6d:
         18:4c:4e:cc:07:6b:d0:b9:49:47:f0:6f:fd:49:a6:7c:c9:7a:
         8a:36:db:74:1c:69:5f:db:33:94:90:17:21:61:9d:d7:97:0d:
         28:d9:b7:ca:0d:ff:4d:4c:b1:b9:3a:11:1c:03:1d:d4:6a:9d:
         00:89:e4:97:4d:13:b9:2d:b1:b5:ca:f9:89:99:84:d6:11:f5:
         00:cd:78:f9:47:c4:79:9e:98:2b:80:a1:88:a2:87:58:f1:da:
         d4:a2:1d:7f:ee:f6:14:0b:78:2c:45:01:d0:47:60:ab:28:33:
         15:3d:e3:10
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzGuTmMuQ1oOvoFtecpU9mFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiZmNjZDRhMDA0MjJjODY1ZjUwOTNiODViYjg2OGMyYmIz
MGM0NjkwHhcNMjQwMTAxMjAzMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWU4YThmMDZmMDVlZGRmMjlhNTY3OGZkOTljODZkN2IyNTc0ZmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjDGntKwXe/j2zr4t6m7pqDZymEUy
Ucn9cBrgAtm8TpMlLvf9swm8x0jebdPXvBo4XYG82KREifIFM69Z/7449O+n8NyP
/MRa8/6mhmZ4RVAjlhnayK9YlAnYLAjUQW+O1wofA1vGit6ERwLP9dOHqAdcWVsd
oKtXMHwhnRXE8mXrPnuufQGHvh6D7UGlQBn8wFDO2xN/DYpwevEeZC8to0SXRlpF
+QjvsWUQQrRn1q5OIzFcDAVYM4GWkZPyR2g/66M9kNALla929j0sdn13ja4KD/mV
bmNR9nXQ6NXHqTSX8xupBQjWsXPyGUfazu/n5J5p767zn5Q3213BrfH24wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGXoqPBvBe3fKaVnj9mchteyV0+sMB8GA1UdIwQY
MBaAFDv8zUoAQiyGX1CTuFu4aMK7MMRpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT196TlNnQkNMSVpmVUpPNFc3aG93cnN3eEdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9iYTcwZjItYjdhYy00MzQ2LTlkMDgt
NjNhZTBiZmMxNjlmLzEvWmVpbzhHOEY3ZDhwcFdlUDJaeUcxN0pYVDZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9iYTcwZjItYjdhYy00MzQ2LTlkMDgtNjNhZTBiZmMxNjlm
LzEvT196TlNnQkNMSVpmVUpPNFc3aG93cnN3eEdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW9ViMA8E
AgACMAkDBwAgAQZ8L3gwDQYJKoZIhvcNAQELBQADggEBABwZo0nkBUK4j0FMjPsh
y32FqbMW860sjlLHYg+8HGiqc4Y885eH/z3wr2CfHwoJblbl0DVv4ehdltSKrOHg
Qe7FQF3eHg5u8H0i9C+JfnPAoeztDzMafXDADTz6YPbw11/XAWh/zDT2E2BXGioL
UsE4nfBVSu3pZ/TaE+YepaxHD6vYa0jhSfeV91u4xjZ4bRhMTswHa9C5SUfwb/1J
pnzJeoo223QcaV/bM5SQFyFhndeXDSjZt8oN/01Msbk6ERwDHdRqnQCJ5JdNE7kt
sbXK+YmZhNYR9QDNePlHxHmemCuAoYiih1jx2tSiHX/u9hQLeCxFAdBHYKsoMxU9
4xA=
-----END CERTIFICATE-----