Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/2ed5da-85cf-449f-bd85-628b0fbcd0b6/1/ZSj87iV3hi_E1eRk5vDWG03jrro.roa
File:                     ZSj87iV3hi_E1eRk5vDWG03jrro.roa (raw, json)
Hash identifier:          oZmVNnO0QDPRhDUzRjOkxi/hZXFTws8ohyMcgwRjEKU=
Subject key identifier:   65:28:FC:EE:25:77:86:2F:C4:D5:E4:64:E6:F0:D6:1B:4D:E3:AE:BA
Certificate issuer:       /CN=03820e964dfd3d281420afda20ce949e60d4cc44
Certificate serial:       018CC7954225A292A0393C89D824C2D20677
Authority key identifier: 03:82:0E:96:4D:FD:3D:28:14:20:AF:DA:20:CE:94:9E:60:D4:CC:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A4IOlk39PSgUIK_aIM6UnmDUzEQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/2ed5da-85cf-449f-bd85-628b0fbcd0b6/1/ZSj87iV3hi_E1eRk5vDWG03jrro.roa
Signing time:             Tue 02 Jan 2024 00:31:36 +0000
ROA not before:           Tue 02 Jan 2024 00:31:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199165
IP address blocks:        91.241.56.0/24 maxlen: 24
                          2001:67c:2e7c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/2ed5da-85cf-449f-bd85-628b0fbcd0b6/1/A4IOlk39PSgUIK_aIM6UnmDUzEQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/2ed5da-85cf-449f-bd85-628b0fbcd0b6/1/A4IOlk39PSgUIK_aIM6UnmDUzEQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A4IOlk39PSgUIK_aIM6UnmDUzEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:42:25:a2:92:a0:39:3c:89:d8:24:c2:d2:06:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03820e964dfd3d281420afda20ce949e60d4cc44
        Validity
            Not Before: Jan  2 00:31:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6528fcee2577862fc4d5e464e6f0d61b4de3aeba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:4c:1c:a3:d9:65:3d:2a:58:56:bb:53:75:c2:
                    04:f3:9a:e3:a5:bf:39:91:f6:4b:de:ee:f0:2c:e1:
                    d9:83:78:0a:3b:db:d7:56:7c:96:2f:3a:98:02:d1:
                    46:67:fe:0e:08:fa:5a:25:35:b3:f6:1d:78:94:57:
                    c5:a8:99:53:94:8a:64:06:2b:d3:fd:e3:36:aa:80:
                    e4:2f:fd:68:e9:e2:1d:c3:d1:7d:75:75:65:47:24:
                    9b:26:4e:54:e9:38:0b:40:1a:05:b8:a9:1d:1b:1d:
                    b4:c4:df:d5:ee:53:91:75:4d:5a:aa:6b:e7:be:45:
                    80:10:87:09:ac:46:8a:13:14:7d:e4:b8:ae:9b:60:
                    76:94:76:69:79:f8:1e:d6:e3:89:5a:92:f1:49:f4:
                    7a:74:11:dc:0e:ae:71:93:d2:2b:1a:ca:8a:fa:33:
                    f6:2e:cd:56:99:cb:74:89:b7:f2:6d:b1:e1:90:6d:
                    31:f2:a3:f7:eb:c8:7c:92:ce:8e:55:75:e6:2f:04:
                    87:d4:9a:92:90:72:1e:85:5a:89:70:4f:ce:b4:43:
                    70:3b:bf:0a:79:88:d2:b0:c2:1e:ac:38:90:1a:d8:
                    2c:03:57:2d:7e:7f:d2:78:cb:c1:07:c9:08:b9:80:
                    9d:5d:85:63:85:a4:c3:d8:b2:ad:a7:1c:90:55:9b:
                    c3:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:28:FC:EE:25:77:86:2F:C4:D5:E4:64:E6:F0:D6:1B:4D:E3:AE:BA
            X509v3 Authority Key Identifier:
                keyid:03:82:0E:96:4D:FD:3D:28:14:20:AF:DA:20:CE:94:9E:60:D4:CC:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A4IOlk39PSgUIK_aIM6UnmDUzEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/2ed5da-85cf-449f-bd85-628b0fbcd0b6/1/ZSj87iV3hi_E1eRk5vDWG03jrro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/2ed5da-85cf-449f-bd85-628b0fbcd0b6/1/A4IOlk39PSgUIK_aIM6UnmDUzEQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.241.56.0/24
                IPv6:
                  2001:67c:2e7c::/48

    Signature Algorithm: sha256WithRSAEncryption
         74:6a:e6:e6:24:1a:60:ae:fe:4a:60:54:34:9f:ab:ca:f6:fd:
         26:8a:2f:2d:29:c3:26:be:ef:32:02:de:bf:71:74:10:04:53:
         f7:a4:3a:9c:a4:9b:aa:51:8a:86:17:06:f7:fb:21:b5:c9:99:
         0c:93:9a:6a:86:50:7e:c7:8c:58:e7:ff:2f:1a:07:8f:33:8e:
         1b:38:78:0e:db:be:68:67:8e:4c:f6:42:8a:8c:a5:5b:9f:bc:
         d1:29:06:c5:e5:6f:3e:32:a8:7e:c6:23:92:64:10:84:14:15:
         a9:28:d9:fe:85:75:ce:d6:03:64:85:5e:6b:24:bd:26:74:d3:
         a9:5f:8f:25:00:71:e3:47:42:00:bd:a2:e3:e0:81:0b:f8:cc:
         8e:f2:28:9c:ef:a1:ec:07:b6:3f:79:fe:44:0e:b1:c0:a8:98:
         90:34:d0:29:56:d5:1f:62:b0:a1:10:a7:e6:f9:6d:12:e2:73:
         2b:41:c5:39:8b:03:7b:33:b2:62:a6:4f:6c:44:95:dd:a1:47:
         97:72:0a:af:a6:56:86:36:f4:5c:d6:4d:76:9d:59:a8:d3:7d:
         08:36:4a:30:a8:42:8d:72:08:00:b6:01:2e:6a:96:a4:0a:57:
         12:19:1d:aa:f7:f9:18:28:5c:8f:c0:6f:1e:a8:b0:54:58:81:
         f9:f8:a6:de
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHlUIlopKgOTyJ2CTC0gZ3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzODIwZTk2NGRmZDNkMjgxNDIwYWZkYTIwY2U5NDllNjBk
NGNjNDQwHhcNMjQwMTAyMDAzMTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTI4ZmNlZTI1Nzc4NjJmYzRkNWU0NjRlNmYwZDYxYjRkZTNhZWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjUwco9llPSpYVrtTdcIE85rjpb85
kfZL3u7wLOHZg3gKO9vXVnyWLzqYAtFGZ/4OCPpaJTWz9h14lFfFqJlTlIpkBivT
/eM2qoDkL/1o6eIdw9F9dXVlRySbJk5U6TgLQBoFuKkdGx20xN/V7lORdU1aqmvn
vkWAEIcJrEaKExR95Lium2B2lHZpefge1uOJWpLxSfR6dBHcDq5xk9IrGsqK+jP2
Ls1Wmct0ibfybbHhkG0x8qP368h8ks6OVXXmLwSH1JqSkHIehVqJcE/OtENwO78K
eYjSsMIerDiQGtgsA1ctfn/SeMvBB8kIuYCdXYVjhaTD2LKtpxyQVZvDkQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGUo/O4ld4YvxNXkZObw1htN4666MB8GA1UdIwQY
MBaAFAOCDpZN/T0oFCCv2iDOlJ5g1MxEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTRJT2xrMzlQU2dVSUtfYUlNNlVubURVekVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS8yZWQ1ZGEtODVjZi00NDlmLWJkODUt
NjI4YjBmYmNkMGI2LzEvWlNqODdpVjNoaV9FMWVSazV2RFdHMDNqcnJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS8yZWQ1ZGEtODVjZi00NDlmLWJkODUtNjI4YjBmYmNkMGI2
LzEvQTRJT2xrMzlQU2dVSUtfYUlNNlVubURVekVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW/E4MA8E
AgACMAkDBwAgAQZ8LnwwDQYJKoZIhvcNAQELBQADggEBAHRq5uYkGmCu/kpgVDSf
q8r2/SaKLy0pwya+7zIC3r9xdBAEU/ekOpykm6pRioYXBvf7IbXJmQyTmmqGUH7H
jFjn/y8aB48zjhs4eA7bvmhnjkz2QoqMpVufvNEpBsXlbz4yqH7GI5JkEIQUFako
2f6Fdc7WA2SFXmskvSZ006lfjyUAceNHQgC9ouPggQv4zI7yKJzvoewHtj95/kQO
scComJA00ClW1R9isKEQp+b5bRLicytBxTmLA3szsmKmT2xEld2hR5dyCq+mVoY2
9FzWTXadWajTfQg2SjCoQo1yCAC2AS5qlqQKVxIZHar3+RgoXI/Abx6osFRYgfn4
pt4=
-----END CERTIFICATE-----