Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/2343a3-d0f2-4e8a-87d4-4ae3306da793/1/ZNVrNX2qqcmPu4bQFCJ_eblK-cs.roa
File:                     ZNVrNX2qqcmPu4bQFCJ_eblK-cs.roa (raw, json)
Hash identifier:          LCjd0SbA9ATTucmVNZfkgWq83HuJUeH0X/7LAHOzxns=
Subject key identifier:   64:D5:6B:35:7D:AA:A9:C9:8F:BB:86:D0:14:22:7F:79:B9:4A:F9:CB
Certificate issuer:       /CN=8796b1c31fdde2bd5e98f8fbb7798abc47493cf2
Certificate serial:       018CC64AF2C6A68CA3C1D009F5E364F7B69A
Authority key identifier: 87:96:B1:C3:1F:DD:E2:BD:5E:98:F8:FB:B7:79:8A:BC:47:49:3C:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h5axwx_d4r1emPj7t3mKvEdJPPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/2343a3-d0f2-4e8a-87d4-4ae3306da793/1/ZNVrNX2qqcmPu4bQFCJ_eblK-cs.roa
Signing time:             Mon 01 Jan 2024 18:30:49 +0000
ROA not before:           Mon 01 Jan 2024 18:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8792
IP address blocks:        91.220.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/2343a3-d0f2-4e8a-87d4-4ae3306da793/1/h5axwx_d4r1emPj7t3mKvEdJPPI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/2343a3-d0f2-4e8a-87d4-4ae3306da793/1/h5axwx_d4r1emPj7t3mKvEdJPPI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h5axwx_d4r1emPj7t3mKvEdJPPI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:f2:c6:a6:8c:a3:c1:d0:09:f5:e3:64:f7:b6:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8796b1c31fdde2bd5e98f8fbb7798abc47493cf2
        Validity
            Not Before: Jan  1 18:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=64d56b357daaa9c98fbb86d014227f79b94af9cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:f6:18:5c:1f:3d:fc:37:e8:8e:6e:99:7a:e3:
                    7f:51:89:6a:0a:f4:4d:78:2d:47:6f:29:32:07:9d:
                    03:26:01:18:fc:a9:57:e6:c6:bf:68:b9:c6:12:30:
                    04:f3:1c:c8:e1:c0:06:fc:79:1a:5f:01:27:98:2c:
                    27:dc:79:c3:dd:d4:58:ba:7f:9a:c1:95:8a:58:b3:
                    79:f6:3b:9f:af:d4:9b:5c:4f:42:39:a8:61:01:db:
                    8f:88:ec:a7:4d:f1:39:00:df:20:65:8d:d9:9d:5b:
                    9d:20:41:da:f9:84:d6:b5:d5:68:ba:dd:b9:a2:68:
                    be:50:cd:d4:53:5d:b5:17:a9:ec:81:f1:02:4c:df:
                    9c:26:7f:74:3a:67:55:37:4c:cd:43:cc:e3:10:2d:
                    d0:83:9e:01:8d:44:57:87:5b:3a:24:af:a1:99:31:
                    59:7e:29:f3:8e:0b:c6:d1:14:3c:48:89:01:ec:31:
                    ff:39:88:0f:1e:ab:68:2c:f4:2e:ab:71:bd:f9:23:
                    77:da:42:f1:7a:8b:23:2d:78:af:e8:1a:a3:d1:43:
                    41:d6:54:77:e4:a1:7d:02:37:c0:a2:33:48:13:63:
                    92:ce:f3:c8:bd:27:43:0d:8b:a9:ae:9d:4f:0e:98:
                    a8:79:64:59:63:96:bf:0e:87:45:77:23:09:f0:24:
                    e4:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:D5:6B:35:7D:AA:A9:C9:8F:BB:86:D0:14:22:7F:79:B9:4A:F9:CB
            X509v3 Authority Key Identifier:
                keyid:87:96:B1:C3:1F:DD:E2:BD:5E:98:F8:FB:B7:79:8A:BC:47:49:3C:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h5axwx_d4r1emPj7t3mKvEdJPPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/2343a3-d0f2-4e8a-87d4-4ae3306da793/1/ZNVrNX2qqcmPu4bQFCJ_eblK-cs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/2343a3-d0f2-4e8a-87d4-4ae3306da793/1/h5axwx_d4r1emPj7t3mKvEdJPPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:ad:55:b1:b9:82:9f:88:65:90:39:5c:c2:6c:a1:26:53:fb:
         02:25:a7:c6:87:41:43:c1:60:f9:66:34:a3:5b:36:bf:23:a3:
         9e:9c:a7:0d:6d:dc:9e:7d:a2:60:4b:40:7c:55:1d:13:c6:ca:
         b1:8f:79:85:1a:31:4a:d7:3a:f6:5f:c2:6d:e5:a9:b1:d2:54:
         e9:58:97:2d:8c:28:42:3a:54:b9:d0:69:a9:67:a7:2f:74:35:
         15:33:93:02:a5:7a:4c:09:de:a4:73:30:85:b8:91:6a:26:d3:
         78:68:20:93:e9:d7:0b:f7:31:b0:d4:ef:42:3d:f3:8a:89:d7:
         5e:10:9a:e1:2d:52:0d:36:c9:94:e8:9e:39:12:4f:77:0a:ed:
         cc:6e:39:45:02:d8:90:38:a7:43:af:db:bc:c5:99:8e:57:73:
         41:85:f4:f4:3c:83:53:29:91:7b:4c:8d:01:db:0c:84:e1:aa:
         77:7f:c5:ab:35:40:03:d0:bd:68:de:f1:b3:c0:10:f7:57:c5:
         07:33:99:6e:c7:2d:d6:a7:36:22:e7:08:9f:c9:9a:fb:7a:de:
         f4:bf:1a:8c:bf:c6:f7:56:b2:bf:f2:e1:52:99:68:91:3f:93:
         ac:76:0e:de:5a:a3:e3:51:fa:e2:6a:08:12:b9:20:09:18:34:
         48:83:12:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSvLGpoyjwdAJ9eNk97aaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3OTZiMWMzMWZkZGUyYmQ1ZTk4ZjhmYmI3Nzk4YWJjNDc0
OTNjZjIwHhcNMjQwMTAxMTgzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGQ1NmIzNTdkYWFhOWM5OGZiYjg2ZDAxNDIyN2Y3OWI5NGFmOWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkvYYXB89/Dfojm6ZeuN/UYlqCvRN
eC1HbykyB50DJgEY/KlX5sa/aLnGEjAE8xzI4cAG/HkaXwEnmCwn3HnD3dRYun+a
wZWKWLN59jufr9SbXE9COahhAduPiOynTfE5AN8gZY3ZnVudIEHa+YTWtdVout25
omi+UM3UU121F6nsgfECTN+cJn90OmdVN0zNQ8zjEC3Qg54BjURXh1s6JK+hmTFZ
finzjgvG0RQ8SIkB7DH/OYgPHqtoLPQuq3G9+SN32kLxeosjLXiv6Bqj0UNB1lR3
5KF9AjfAojNIE2OSzvPIvSdDDYuprp1PDpioeWRZY5a/DodFdyMJ8CTk7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGTVazV9qqnJj7uG0BQif3m5SvnLMB8GA1UdIwQY
MBaAFIeWscMf3eK9Xpj4+7d5irxHSTzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDVheHd4X2Q0cjFlbVBqN3QzbUt2RWRKUFBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8yMzQzYTMtZDBmMi00ZThhLTg3ZDQt
NGFlMzMwNmRhNzkzLzEvWk5Wck5YMnFxY21QdTRiUUZDSl9lYmxLLWNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8yMzQzYTMtZDBmMi00ZThhLTg3ZDQtNGFlMzMwNmRhNzkz
LzEvaDVheHd4X2Q0cjFlbVBqN3QzbUt2RWRKUFBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9yGMA0G
CSqGSIb3DQEBCwUAA4IBAQC/rVWxuYKfiGWQOVzCbKEmU/sCJafGh0FDwWD5ZjSj
Wza/I6OenKcNbdyefaJgS0B8VR0Txsqxj3mFGjFK1zr2X8Jt5amx0lTpWJctjChC
OlS50GmpZ6cvdDUVM5MCpXpMCd6kczCFuJFqJtN4aCCT6dcL9zGw1O9CPfOKidde
EJrhLVINNsmU6J45Ek93Cu3MbjlFAtiQOKdDr9u8xZmOV3NBhfT0PINTKZF7TI0B
2wyE4ap3f8WrNUAD0L1o3vGzwBD3V8UHM5luxy3WpzYi5wifyZr7et70vxqMv8b3
VrK/8uFSmWiRP5Osdg7eWqPjUfriaggSuSAJGDRIgxID
-----END CERTIFICATE-----