Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/58e8f8-1b27-41a4-92ab-fe8484f7079d/1/SZn1fzNAlQzzI4IC2i17cbeJW1I.roa
File:                     SZn1fzNAlQzzI4IC2i17cbeJW1I.roa (raw, json)
Hash identifier:          og4xFJOxkXaB2KYKXleMOth6AtPhGf/wRcy7PG6Pu3Y=
Subject key identifier:   49:99:F5:7F:33:40:95:0C:F3:23:82:02:DA:2D:7B:71:B7:89:5B:52
Certificate issuer:       /CN=0d32172261c9509e57352137ba0192a8486b6fdd
Certificate serial:       018CC500671B1150A5FB856CD2252ABC3D67
Authority key identifier: 0D:32:17:22:61:C9:50:9E:57:35:21:37:BA:01:92:A8:48:6B:6F:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTIXImHJUJ5XNSE3ugGSqEhrb90.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/58e8f8-1b27-41a4-92ab-fe8484f7079d/1/SZn1fzNAlQzzI4IC2i17cbeJW1I.roa
Signing time:             Mon 01 Jan 2024 12:29:47 +0000
ROA not before:           Mon 01 Jan 2024 12:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212552
IP address blocks:        91.216.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/58e8f8-1b27-41a4-92ab-fe8484f7079d/1/DTIXImHJUJ5XNSE3ugGSqEhrb90.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/58e8f8-1b27-41a4-92ab-fe8484f7079d/1/DTIXImHJUJ5XNSE3ugGSqEhrb90.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTIXImHJUJ5XNSE3ugGSqEhrb90.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:67:1b:11:50:a5:fb:85:6c:d2:25:2a:bc:3d:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d32172261c9509e57352137ba0192a8486b6fdd
        Validity
            Not Before: Jan  1 12:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4999f57f3340950cf3238202da2d7b71b7895b52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:e1:96:3f:da:1f:b8:6c:6a:de:d2:2f:71:a9:
                    c3:bd:91:e0:3f:97:0e:8f:d9:33:35:f2:74:e7:ec:
                    44:d8:52:36:3f:53:3c:6b:61:75:d0:b5:11:5c:5c:
                    24:97:e1:52:14:b0:bc:00:1f:93:00:1a:85:af:1a:
                    f3:27:1f:15:bf:77:69:d6:d6:b2:ce:00:67:1b:2c:
                    da:dc:77:a9:ec:d9:a7:20:45:54:99:97:22:da:5f:
                    f0:39:97:2f:ad:f4:93:51:8e:11:aa:0d:9d:2c:bd:
                    c0:45:46:e3:a5:e5:83:fe:78:c1:0c:c6:64:23:33:
                    33:3e:af:ad:ab:c2:ca:e8:fd:fe:a9:b7:7b:cc:cd:
                    d5:ed:f0:a0:7b:53:46:57:1c:91:2a:67:34:57:cb:
                    3d:64:64:3b:ac:07:02:a9:c1:2d:60:06:fc:a7:8b:
                    12:58:dc:c2:c6:33:4a:1d:fe:d4:1b:c7:08:53:f1:
                    bd:b7:44:03:e3:2d:c7:d4:87:6e:ba:1d:d6:f8:79:
                    fa:45:75:5f:83:38:2b:9b:9e:d6:5b:6e:9e:06:4f:
                    3d:b8:36:33:00:56:ee:67:b4:02:fc:27:f5:12:ce:
                    e7:bc:05:49:76:58:b7:c5:d8:1a:35:a5:f2:9f:ef:
                    19:36:28:09:aa:a6:0d:fa:93:82:cb:4e:03:56:f1:
                    37:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:99:F5:7F:33:40:95:0C:F3:23:82:02:DA:2D:7B:71:B7:89:5B:52
            X509v3 Authority Key Identifier:
                keyid:0D:32:17:22:61:C9:50:9E:57:35:21:37:BA:01:92:A8:48:6B:6F:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTIXImHJUJ5XNSE3ugGSqEhrb90.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/58e8f8-1b27-41a4-92ab-fe8484f7079d/1/SZn1fzNAlQzzI4IC2i17cbeJW1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/58e8f8-1b27-41a4-92ab-fe8484f7079d/1/DTIXImHJUJ5XNSE3ugGSqEhrb90.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:74:52:b2:fe:96:b1:9c:46:f4:ab:92:89:cc:88:91:52:b0:
         f6:b6:f6:e6:05:6a:a9:fd:9d:9a:30:2f:04:95:d9:64:e6:aa:
         08:d7:d3:98:d4:44:65:35:f7:bd:1e:13:b3:e1:10:18:c5:f6:
         b7:7d:9e:01:4d:df:1c:6c:38:b1:7e:5a:5d:0e:b5:88:d9:f8:
         34:13:c3:0e:47:8b:71:b9:a9:3b:a9:1e:6e:dd:aa:df:1c:b6:
         68:28:78:78:58:b6:24:71:f4:31:a0:c8:bb:e9:01:57:25:67:
         51:ac:ea:c6:3c:18:9f:cd:00:8f:ab:37:06:59:e9:fa:b3:ad:
         3e:84:92:d2:65:30:df:89:7e:28:5a:dc:98:71:e7:48:97:f9:
         ef:74:d1:aa:c9:0c:40:06:3e:a1:f7:d2:08:6b:39:b3:d5:c4:
         44:29:d9:0f:b4:81:97:fb:13:f2:f0:f7:ba:6f:c6:81:4b:70:
         84:86:74:fa:16:e5:e7:ac:8c:5a:14:11:79:e5:2e:90:c4:48:
         12:ad:57:c6:4d:42:70:38:8c:32:a9:31:ed:79:31:ba:03:3c:
         6c:94:fc:c4:f3:e9:fb:77:83:66:80:77:b0:61:8f:e4:6d:3c:
         74:6f:56:81:dd:5d:7a:16:b9:4b:01:a1:40:b0:d8:98:d6:0c:
         30:97:53:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAGcbEVCl+4Vs0iUqvD1nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzIxNzIyNjFjOTUwOWU1NzM1MjEzN2JhMDE5MmE4NDg2
YjZmZGQwHhcNMjQwMTAxMTIyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTk5ZjU3ZjMzNDA5NTBjZjMyMzgyMDJkYTJkN2I3MWI3ODk1YjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+GWP9ofuGxq3tIvcanDvZHgP5cO
j9kzNfJ05+xE2FI2P1M8a2F10LURXFwkl+FSFLC8AB+TABqFrxrzJx8Vv3dp1tay
zgBnGyza3Hep7NmnIEVUmZci2l/wOZcvrfSTUY4Rqg2dLL3ARUbjpeWD/njBDMZk
IzMzPq+tq8LK6P3+qbd7zM3V7fCge1NGVxyRKmc0V8s9ZGQ7rAcCqcEtYAb8p4sS
WNzCxjNKHf7UG8cIU/G9t0QD4y3H1Iduuh3W+Hn6RXVfgzgrm57WW26eBk89uDYz
AFbuZ7QC/Cf1Es7nvAVJdli3xdgaNaXyn+8ZNigJqqYN+pOCy04DVvE3KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEmZ9X8zQJUM8yOCAtote3G3iVtSMB8GA1UdIwQY
MBaAFA0yFyJhyVCeVzUhN7oBkqhIa2/dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRJWEltSEpVSjVYTlNFM3VnR1NxRWhyYjkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi81OGU4ZjgtMWIyNy00MWE0LTkyYWIt
ZmU4NDg0ZjcwNzlkLzEvU1puMWZ6TkFsUXp6STRJQzJpMTdjYmVKVzFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi81OGU4ZjgtMWIyNy00MWE0LTkyYWItZmU4NDg0ZjcwNzlk
LzEvRFRJWEltSEpVSjVYTlNFM3VnR1NxRWhyYjkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9hoMA0G
CSqGSIb3DQEBCwUAA4IBAQBgdFKy/paxnEb0q5KJzIiRUrD2tvbmBWqp/Z2aMC8E
ldlk5qoI19OY1ERlNfe9HhOz4RAYxfa3fZ4BTd8cbDixflpdDrWI2fg0E8MOR4tx
uak7qR5u3arfHLZoKHh4WLYkcfQxoMi76QFXJWdRrOrGPBifzQCPqzcGWen6s60+
hJLSZTDfiX4oWtyYcedIl/nvdNGqyQxABj6h99IIazmz1cREKdkPtIGX+xPy8Pe6
b8aBS3CEhnT6FuXnrIxaFBF55S6QxEgSrVfGTUJwOIwyqTHteTG6AzxslPzE8+n7
d4NmgHewYY/kbTx0b1aB3V16FrlLAaFAsNiY1gwwl1OA
-----END CERTIFICATE-----