Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/b361cb-e610-4e8c-9b22-dd61b7e44baf/1/zpj8-Q2p60EGFKABgjR9eIfIPdk.roa
File:                     zpj8-Q2p60EGFKABgjR9eIfIPdk.roa (raw, json)
Hash identifier:          cpEPOsc7hqAFJZzz3MOPNeGYqUUJbczL6I7P0lZRE7I=
Subject key identifier:   CE:98:FC:F9:0D:A9:EB:41:06:14:A0:01:82:34:7D:78:87:C8:3D:D9
Certificate issuer:       /CN=5811ab97aac984b7524effad5fac68eb1e19cdce
Certificate serial:       018CC94E5B67C2419A545FB060F817EB10D3
Authority key identifier: 58:11:AB:97:AA:C9:84:B7:52:4E:FF:AD:5F:AC:68:EB:1E:19:CD:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WBGrl6rJhLdSTv-tX6xo6x4Zzc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/b361cb-e610-4e8c-9b22-dd61b7e44baf/1/zpj8-Q2p60EGFKABgjR9eIfIPdk.roa
Signing time:             Tue 02 Jan 2024 08:33:24 +0000
ROA not before:           Tue 02 Jan 2024 08:33:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197611
IP address blocks:        91.224.188.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/b361cb-e610-4e8c-9b22-dd61b7e44baf/1/WBGrl6rJhLdSTv-tX6xo6x4Zzc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/b361cb-e610-4e8c-9b22-dd61b7e44baf/1/WBGrl6rJhLdSTv-tX6xo6x4Zzc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WBGrl6rJhLdSTv-tX6xo6x4Zzc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 02:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:5b:67:c2:41:9a:54:5f:b0:60:f8:17:eb:10:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5811ab97aac984b7524effad5fac68eb1e19cdce
        Validity
            Not Before: Jan  2 08:33:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce98fcf90da9eb410614a00182347d7887c83dd9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:2e:83:d0:22:9b:ca:db:f9:46:5c:dc:d8:6c:
                    ed:3d:61:1f:b0:29:f8:ce:0d:ad:3b:02:29:a0:01:
                    cc:a3:27:27:75:9d:7f:9f:17:cb:98:02:87:93:e2:
                    39:ca:08:21:13:ea:6d:8a:34:70:ac:ee:3c:bd:46:
                    3e:67:03:17:6f:49:a3:18:c7:1e:27:f1:ac:db:86:
                    de:cf:3e:76:a2:24:dd:3d:db:92:86:7c:b5:2a:fd:
                    d3:d1:52:3d:c1:3d:24:a1:f3:16:24:e3:45:e3:eb:
                    85:79:74:95:b8:75:05:dc:cc:e6:a8:10:d6:aa:49:
                    bf:59:37:d5:4b:de:97:9e:1c:59:fc:b5:c2:34:46:
                    42:8a:62:29:45:26:82:b3:29:2e:e4:e8:da:4d:6c:
                    66:bb:a0:c7:e0:23:8b:d8:4e:56:65:26:2b:97:f1:
                    0d:b6:2c:e9:d5:b8:ef:9d:25:4f:96:93:14:50:dc:
                    8a:03:b3:89:b0:58:33:aa:4e:79:6e:0a:75:54:34:
                    fb:47:6f:86:d9:3c:e7:42:83:f7:47:40:9e:4e:47:
                    e4:46:7b:e5:4b:2c:29:46:34:bb:43:8d:64:6d:78:
                    f7:d1:7f:1d:b3:57:1d:69:5c:b7:4f:0b:dc:7d:86:
                    58:9d:33:7f:5f:70:d9:ec:17:3e:aa:45:23:2d:b3:
                    df:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:98:FC:F9:0D:A9:EB:41:06:14:A0:01:82:34:7D:78:87:C8:3D:D9
            X509v3 Authority Key Identifier:
                keyid:58:11:AB:97:AA:C9:84:B7:52:4E:FF:AD:5F:AC:68:EB:1E:19:CD:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WBGrl6rJhLdSTv-tX6xo6x4Zzc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/b361cb-e610-4e8c-9b22-dd61b7e44baf/1/zpj8-Q2p60EGFKABgjR9eIfIPdk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/b361cb-e610-4e8c-9b22-dd61b7e44baf/1/WBGrl6rJhLdSTv-tX6xo6x4Zzc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.188.0/23

    Signature Algorithm: sha256WithRSAEncryption
         57:5e:da:07:e6:84:74:75:0f:e2:94:b2:ad:c5:dc:67:fc:fd:
         a4:06:43:22:31:64:af:22:1e:50:5d:5e:5a:6c:8a:50:8f:86:
         a0:53:06:6a:d5:f9:b6:78:9c:46:97:64:4a:25:ec:d4:9b:b9:
         77:5a:e0:31:1d:11:73:8a:1c:c3:d2:10:ee:ce:57:8a:57:2e:
         a2:60:f3:da:a8:a7:a7:50:aa:42:24:0e:29:db:b1:1b:1a:81:
         eb:68:2e:e0:4c:74:d4:85:ee:fa:0b:df:32:fd:8b:b4:65:d5:
         22:40:e3:25:5d:13:89:4b:c5:24:f4:e9:75:fe:94:a2:77:cc:
         e4:65:f3:7a:56:4d:eb:98:aa:26:e6:ab:77:2b:5e:a6:61:b7:
         aa:11:95:aa:2c:e4:cc:f0:0b:0c:ce:40:4b:e5:9a:b9:7c:13:
         23:f2:d4:94:b7:ab:56:c2:3f:a5:73:4f:65:6f:2a:e4:cc:e4:
         01:b3:6b:2a:bf:40:06:b0:dc:25:b0:c2:1a:d7:ee:3c:e7:12:
         bc:77:55:68:3b:55:18:02:80:1b:c3:0a:df:f0:50:50:0a:3b:
         8f:e9:fa:68:b4:64:3e:84:54:87:1a:5a:04:74:08:43:9a:fa:
         46:d4:6c:c0:bc:2b:d8:5a:f6:0d:c6:a1:a9:b5:61:9d:3f:a7:
         45:0d:f9:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTltnwkGaVF+wYPgX6xDTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4MTFhYjk3YWFjOTg0Yjc1MjRlZmZhZDVmYWM2OGViMWUx
OWNkY2UwHhcNMjQwMTAyMDgzMzI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTk4ZmNmOTBkYTllYjQxMDYxNGEwMDE4MjM0N2Q3ODg3YzgzZGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAty6D0CKbytv5Rlzc2GztPWEfsCn4
zg2tOwIpoAHMoycndZ1/nxfLmAKHk+I5ygghE+ptijRwrO48vUY+ZwMXb0mjGMce
J/Gs24bezz52oiTdPduShny1Kv3T0VI9wT0kofMWJONF4+uFeXSVuHUF3MzmqBDW
qkm/WTfVS96XnhxZ/LXCNEZCimIpRSaCsyku5OjaTWxmu6DH4COL2E5WZSYrl/EN
tizp1bjvnSVPlpMUUNyKA7OJsFgzqk55bgp1VDT7R2+G2TznQoP3R0CeTkfkRnvl
SywpRjS7Q41kbXj30X8ds1cdaVy3TwvcfYZYnTN/X3DZ7Bc+qkUjLbPfAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM6Y/PkNqetBBhSgAYI0fXiHyD3ZMB8GA1UdIwQY
MBaAFFgRq5eqyYS3Uk7/rV+saOseGc3OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0JHcmw2ckpoTGRTVHYtdFg2eG82eDRaemM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9iMzYxY2ItZTYxMC00ZThjLTliMjIt
ZGQ2MWI3ZTQ0YmFmLzEvenBqOC1RMnA2MEVHRktBQmdqUjllSWZJUGRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9iMzYxY2ItZTYxMC00ZThjLTliMjItZGQ2MWI3ZTQ0YmFm
LzEvV0JHcmw2ckpoTGRTVHYtdFg2eG82eDRaemM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+C8MA0G
CSqGSIb3DQEBCwUAA4IBAQBXXtoH5oR0dQ/ilLKtxdxn/P2kBkMiMWSvIh5QXV5a
bIpQj4agUwZq1fm2eJxGl2RKJezUm7l3WuAxHRFzihzD0hDuzleKVy6iYPPaqKen
UKpCJA4p27EbGoHraC7gTHTUhe76C98y/Yu0ZdUiQOMlXROJS8Uk9Ol1/pSid8zk
ZfN6Vk3rmKom5qt3K16mYbeqEZWqLOTM8AsMzkBL5Zq5fBMj8tSUt6tWwj+lc09l
byrkzOQBs2sqv0AGsNwlsMIa1+485xK8d1VoO1UYAoAbwwrf8FBQCjuP6fpotGQ+
hFSHGloEdAhDmvpG1GzAvCvYWvYNxqGptWGdP6dFDfnj
-----END CERTIFICATE-----