Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/f83781-2949-48c7-8900-20167cd42b82/1/mzva8Fgs7hQhcnFbjBVTbc_1ucI.roa
File:                     mzva8Fgs7hQhcnFbjBVTbc_1ucI.roa (raw, json)
Hash identifier:          obQ2CnxeEGWWBvGaUqbGNGgiDJUFZB0c5J/jmGovCEg=
Subject key identifier:   9B:3B:DA:F0:58:2C:EE:14:21:72:71:5B:8C:15:53:6D:CF:F5:B9:C2
Certificate issuer:       /CN=2f2709cb399c4e168ccbda16db136b5bc8b96dd6
Certificate serial:       018CC87156CD0B59915A128CC969F20C6586
Authority key identifier: 2F:27:09:CB:39:9C:4E:16:8C:CB:DA:16:DB:13:6B:5B:C8:B9:6D:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LycJyzmcThaMy9oW2xNrW8i5bdY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/f83781-2949-48c7-8900-20167cd42b82/1/mzva8Fgs7hQhcnFbjBVTbc_1ucI.roa
Signing time:             Tue 02 Jan 2024 04:32:00 +0000
ROA not before:           Tue 02 Jan 2024 04:32:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56624
IP address blocks:        91.237.236.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/f83781-2949-48c7-8900-20167cd42b82/1/LycJyzmcThaMy9oW2xNrW8i5bdY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/f83781-2949-48c7-8900-20167cd42b82/1/LycJyzmcThaMy9oW2xNrW8i5bdY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LycJyzmcThaMy9oW2xNrW8i5bdY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:56:cd:0b:59:91:5a:12:8c:c9:69:f2:0c:65:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f2709cb399c4e168ccbda16db136b5bc8b96dd6
        Validity
            Not Before: Jan  2 04:32:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9b3bdaf0582cee142172715b8c15536dcff5b9c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:e3:bb:78:67:86:40:e5:da:34:2f:d0:1c:e6:
                    36:92:7d:96:7b:4c:cd:89:b8:6a:bd:a7:5f:c2:88:
                    b5:5b:db:60:30:6a:7b:7e:a0:01:61:2e:ff:88:ee:
                    93:c6:4d:7e:38:a3:f8:fd:fa:36:3c:80:96:1b:b6:
                    22:a4:aa:a7:f2:ff:9d:5a:74:43:cd:4e:cd:5b:c3:
                    b7:c0:b8:6a:31:2d:a8:7d:6d:c8:83:ee:80:83:23:
                    c9:16:a2:01:da:f1:7a:b0:60:cf:76:25:16:b9:6d:
                    9b:0d:6f:d2:dd:bc:b2:1e:95:97:4a:55:2b:04:cc:
                    64:d6:fb:1c:ce:79:ad:1a:6f:cf:e6:e9:14:83:8b:
                    ea:d1:cd:26:0a:19:cd:a7:12:06:88:43:ab:47:60:
                    66:64:3c:89:2b:cf:90:8d:78:59:32:22:7d:ee:c7:
                    06:41:46:40:ae:6e:f9:62:7b:f3:79:16:fc:18:95:
                    60:8d:06:55:05:33:c3:0a:f8:82:10:e4:63:8d:29:
                    c9:d2:a4:14:2f:d8:1c:fc:eb:78:b1:6f:2d:81:7b:
                    22:62:4a:b1:ba:20:a9:3e:46:2a:00:cd:54:82:9e:
                    68:92:9c:5b:fc:ad:5c:c2:08:08:b7:06:83:38:23:
                    4a:7f:f5:f8:ec:c2:03:55:78:64:80:bc:b9:59:98:
                    e0:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:3B:DA:F0:58:2C:EE:14:21:72:71:5B:8C:15:53:6D:CF:F5:B9:C2
            X509v3 Authority Key Identifier:
                keyid:2F:27:09:CB:39:9C:4E:16:8C:CB:DA:16:DB:13:6B:5B:C8:B9:6D:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LycJyzmcThaMy9oW2xNrW8i5bdY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/f83781-2949-48c7-8900-20167cd42b82/1/mzva8Fgs7hQhcnFbjBVTbc_1ucI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/f83781-2949-48c7-8900-20167cd42b82/1/LycJyzmcThaMy9oW2xNrW8i5bdY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.237.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9a:42:dc:c3:5f:65:eb:b5:90:f4:9c:d1:e4:20:1b:16:e1:6c:
         fd:7a:2e:4a:aa:2e:c3:35:fd:7d:8c:b0:77:be:49:1c:c5:60:
         d1:a7:38:b5:59:b5:31:ae:aa:29:4a:82:d8:53:cf:0c:5e:20:
         41:77:fd:5a:8b:4e:16:e7:32:75:10:5e:60:66:82:fa:46:85:
         38:6f:da:2a:9f:5d:a8:7f:a2:f3:fc:fa:62:7a:c3:09:72:fe:
         27:eb:1a:bf:96:03:12:3e:ea:0a:a0:36:af:f6:89:41:68:a4:
         10:1b:17:78:38:52:9f:dd:3b:59:b7:77:e8:ec:f1:13:c3:05:
         3c:4e:78:9c:fb:d9:6e:60:22:72:b1:fc:c4:61:05:b1:aa:f3:
         b1:99:7e:4c:f8:30:d5:e1:f3:f0:c3:22:f8:d1:62:ce:6d:9a:
         d7:57:b8:49:de:32:13:be:2a:30:ba:43:6f:97:ae:73:22:8a:
         7f:4a:76:7a:02:23:19:de:f9:50:7d:2e:aa:8f:1a:0a:79:a5:
         92:ee:c6:43:3b:4d:13:7a:30:eb:a8:90:22:5b:f0:b5:24:55:
         8a:e3:2a:59:c6:68:e4:54:62:d9:62:c2:b2:85:0d:76:78:7c:
         26:11:fb:b5:67:47:45:f5:be:fc:d5:66:81:59:54:75:1f:10:
         20:8b:90:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcVbNC1mRWhKMyWnyDGWGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmMjcwOWNiMzk5YzRlMTY4Y2NiZGExNmRiMTM2YjViYzhi
OTZkZDYwHhcNMjQwMTAyMDQzMjAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjNiZGFmMDU4MmNlZTE0MjE3MjcxNWI4YzE1NTM2ZGNmZjViOWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+O7eGeGQOXaNC/QHOY2kn2We0zN
ibhqvadfwoi1W9tgMGp7fqABYS7/iO6Txk1+OKP4/fo2PICWG7YipKqn8v+dWnRD
zU7NW8O3wLhqMS2ofW3Ig+6AgyPJFqIB2vF6sGDPdiUWuW2bDW/S3byyHpWXSlUr
BMxk1vscznmtGm/P5ukUg4vq0c0mChnNpxIGiEOrR2BmZDyJK8+QjXhZMiJ97scG
QUZArm75YnvzeRb8GJVgjQZVBTPDCviCEORjjSnJ0qQUL9gc/Ot4sW8tgXsiYkqx
uiCpPkYqAM1Ugp5okpxb/K1cwggItwaDOCNKf/X47MIDVXhkgLy5WZjgMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJs72vBYLO4UIXJxW4wVU23P9bnCMB8GA1UdIwQY
MBaAFC8nCcs5nE4WjMvaFtsTa1vIuW3WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHljSnl6bWNUaGFNeTlvVzJ4TnJXOGk1YmRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9mODM3ODEtMjk0OS00OGM3LTg5MDAt
MjAxNjdjZDQyYjgyLzEvbXp2YThGZ3M3aFFoY25GYmpCVlRiY18xdWNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9mODM3ODEtMjk0OS00OGM3LTg5MDAtMjAxNjdjZDQyYjgy
LzEvTHljSnl6bWNUaGFNeTlvVzJ4TnJXOGk1YmRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+3sMA0G
CSqGSIb3DQEBCwUAA4IBAQCaQtzDX2XrtZD0nNHkIBsW4Wz9ei5Kqi7DNf19jLB3
vkkcxWDRpzi1WbUxrqopSoLYU88MXiBBd/1ai04W5zJ1EF5gZoL6RoU4b9oqn12o
f6Lz/PpiesMJcv4n6xq/lgMSPuoKoDav9olBaKQQGxd4OFKf3TtZt3fo7PETwwU8
Tnic+9luYCJysfzEYQWxqvOxmX5M+DDV4fPwwyL40WLObZrXV7hJ3jITviowukNv
l65zIop/SnZ6AiMZ3vlQfS6qjxoKeaWS7sZDO00TejDrqJAiW/C1JFWK4ypZxmjk
VGLZYsKyhQ12eHwmEfu1Z0dF9b781WaBWVR1HxAgi5Dh
-----END CERTIFICATE-----