Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/ZtPUyk_TNktoLC4Kb0JqAQbyro0.roa
File:                     ZtPUyk_TNktoLC4Kb0JqAQbyro0.roa (raw, json)
Hash identifier:          AOW26RlAnZ0u9tHghS8csH7uDfnP5ryVT/Rp+gEYBlU=
Subject key identifier:   66:D3:D4:CA:4F:D3:36:4B:68:2C:2E:0A:6F:42:6A:01:06:F2:AE:8D
Certificate issuer:       /CN=2793bde946ae936d3cacc136a5f3239edf2431f4
Certificate serial:       019428243E42FBF8C10FB38E113B1367EA1B
Authority key identifier: 27:93:BD:E9:46:AE:93:6D:3C:AC:C1:36:A5:F3:23:9E:DF:24:31:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J5O96Uauk208rME2pfMjnt8kMfQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/ZtPUyk_TNktoLC4Kb0JqAQbyro0.roa
Signing time:             Thu 02 Jan 2025 17:50:51 +0000
ROA not before:           Thu 02 Jan 2025 17:50:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     399641
IP address blocks:        91.188.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/J5O96Uauk208rME2pfMjnt8kMfQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/J5O96Uauk208rME2pfMjnt8kMfQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J5O96Uauk208rME2pfMjnt8kMfQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 02:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:3e:42:fb:f8:c1:0f:b3:8e:11:3b:13:67:ea:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2793bde946ae936d3cacc136a5f3239edf2431f4
        Validity
            Not Before: Jan  2 17:50:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=66d3d4ca4fd3364b682c2e0a6f426a0106f2ae8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:7f:f3:b5:a5:c2:c9:c9:25:e1:cf:d8:24:8c:
                    4b:e9:90:0c:50:e4:ab:a5:73:9e:0f:06:3a:a8:59:
                    f0:f9:2d:76:eb:e7:ca:a2:b5:f4:65:96:53:cc:37:
                    59:bf:55:32:a5:f6:c7:4e:a4:64:45:e9:d1:d4:94:
                    7d:a3:e2:65:53:60:1c:ae:58:79:a2:bb:65:5f:cb:
                    9c:7b:df:55:c9:14:93:e8:52:e5:42:93:c6:e5:54:
                    d2:b6:d7:44:8a:82:99:79:b8:46:d8:cf:df:94:21:
                    34:25:52:e1:a6:05:ac:1d:7b:00:fe:7d:2d:6c:4b:
                    70:60:8d:80:0b:b5:86:35:1b:7a:1c:a6:12:ad:22:
                    3a:c2:9c:fa:0f:e4:db:64:97:ec:b5:eb:4c:a1:05:
                    f3:13:60:da:14:11:59:d9:a1:00:1f:d3:09:70:99:
                    8b:33:60:bd:1b:48:c2:56:2c:48:e0:c4:ce:b9:52:
                    f3:b2:d6:0b:77:6d:ce:0d:fa:38:39:18:42:aa:bd:
                    6b:02:61:36:6c:20:9a:25:5d:fb:00:65:05:5f:f2:
                    f6:00:9e:18:51:9d:cc:7a:0d:81:cd:ff:86:bf:36:
                    0d:67:9a:1f:40:26:d3:12:28:7e:6d:9d:94:75:ae:
                    41:c7:1a:07:83:87:95:a4:8c:79:c6:0c:ca:70:50:
                    a5:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:D3:D4:CA:4F:D3:36:4B:68:2C:2E:0A:6F:42:6A:01:06:F2:AE:8D
            X509v3 Authority Key Identifier:
                keyid:27:93:BD:E9:46:AE:93:6D:3C:AC:C1:36:A5:F3:23:9E:DF:24:31:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J5O96Uauk208rME2pfMjnt8kMfQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/ZtPUyk_TNktoLC4Kb0JqAQbyro0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/J5O96Uauk208rME2pfMjnt8kMfQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.188.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:d8:e1:6e:8d:bc:4d:2d:f5:60:e5:ce:fc:c1:0d:5f:c4:ed:
         8b:96:ec:bc:a4:72:0e:bf:bf:46:56:95:4d:fe:d5:90:fc:75:
         98:62:7d:1b:54:62:78:f8:1d:1a:59:bb:2b:a2:94:76:56:a2:
         98:d2:41:f5:62:3b:23:a5:6f:b4:6f:c4:b5:f7:26:f9:70:67:
         b2:26:a4:da:7a:df:a4:c5:29:13:e0:5e:70:3e:bf:43:ad:3f:
         1e:82:ff:b6:48:8e:37:12:01:39:d5:11:7f:54:02:a6:e2:4f:
         82:cb:4d:41:90:ce:7d:78:35:01:22:2f:0f:6f:da:7f:50:f7:
         5a:44:a0:43:93:ed:a5:b9:38:e5:80:f3:fe:e7:5f:d8:0a:66:
         97:0f:2f:6f:48:87:83:78:2b:fc:bf:2f:2c:76:b1:c0:c3:03:
         1b:5d:ed:89:98:2e:f8:5d:9c:b9:58:79:f3:a1:8b:e4:74:8a:
         74:c4:57:10:04:91:ca:e8:6c:48:36:63:49:13:51:34:ff:7c:
         74:28:3f:38:3c:99:c6:cc:e2:36:b4:b9:e8:e1:4a:98:19:21:
         51:b7:ff:4d:e9:52:26:93:cb:4c:ef:dd:da:bd:23:b8:c0:77:
         34:fc:6d:34:c5:e6:c6:b1:fb:78:10:98:23:27:69:e4:28:f8:
         57:45:b1:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJD5C+/jBD7OOETsTZ+obMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OTNiZGU5NDZhZTkzNmQzY2FjYzEzNmE1ZjMyMzllZGYy
NDMxZjQwHhcNMjUwMTAyMTc1MDUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmQzZDRjYTRmZDMzNjRiNjgyYzJlMGE2ZjQyNmEwMTA2ZjJhZThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxX/ztaXCyckl4c/YJIxL6ZAMUOSr
pXOeDwY6qFnw+S126+fKorX0ZZZTzDdZv1UypfbHTqRkRenR1JR9o+JlU2Acrlh5
ortlX8uce99VyRST6FLlQpPG5VTSttdEioKZebhG2M/flCE0JVLhpgWsHXsA/n0t
bEtwYI2AC7WGNRt6HKYSrSI6wpz6D+TbZJfstetMoQXzE2DaFBFZ2aEAH9MJcJmL
M2C9G0jCVixI4MTOuVLzstYLd23ODfo4ORhCqr1rAmE2bCCaJV37AGUFX/L2AJ4Y
UZ3Meg2Bzf+GvzYNZ5ofQCbTEih+bZ2Uda5BxxoHg4eVpIx5xgzKcFClswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGbT1MpP0zZLaCwuCm9CagEG8q6NMB8GA1UdIwQY
MBaAFCeTvelGrpNtPKzBNqXzI57fJDH0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjVPOTZVYXVrMjA4ck1FMnBmTWpudDhrTWZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9iZjU4ZGEtYTlkMi00MjFhLWI0M2Et
OTJjM2JmNzRhOTdiLzEvWnRQVXlrX1ROa3RvTEM0S2IwSnFBUWJ5cm8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9iZjU4ZGEtYTlkMi00MjFhLWI0M2EtOTJjM2JmNzRhOTdi
LzEvSjVPOTZVYXVrMjA4ck1FMnBmTWpudDhrTWZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW7z9MA0G
CSqGSIb3DQEBCwUAA4IBAQCP2OFujbxNLfVg5c78wQ1fxO2Lluy8pHIOv79GVpVN
/tWQ/HWYYn0bVGJ4+B0aWbsropR2VqKY0kH1YjsjpW+0b8S19yb5cGeyJqTaet+k
xSkT4F5wPr9DrT8egv+2SI43EgE51RF/VAKm4k+Cy01BkM59eDUBIi8Pb9p/UPda
RKBDk+2luTjlgPP+51/YCmaXDy9vSIeDeCv8vy8sdrHAwwMbXe2JmC74XZy5WHnz
oYvkdIp0xFcQBJHK6GxINmNJE1E0/3x0KD84PJnGzOI2tLno4UqYGSFRt/9N6VIm
k8tM793avSO4wHc0/G00xebGsft4EJgjJ2nkKPhXRbHq
-----END CERTIFICATE-----