Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/f309c9-230a-41e2-bf27-6613aeaa60de/1/cZbiz7B2t2SglVNnSrqI3pPsvYU.roa
File:                     cZbiz7B2t2SglVNnSrqI3pPsvYU.roa (raw, json)
Hash identifier:          LblU9yUa0wTO69eyXK7wxUYG5Ui7ajonenLF1CkeuzY=
Subject key identifier:   71:96:E2:CF:B0:76:B7:64:A0:95:53:67:4A:BA:88:DE:93:EC:BD:85
Certificate issuer:       /CN=2ddeff4b8fc307544fec1fa99da2a6897df462b8
Certificate serial:       019424B3B61EBC8BC4B1981DE2B4808CD00C
Authority key identifier: 2D:DE:FF:4B:8F:C3:07:54:4F:EC:1F:A9:9D:A2:A6:89:7D:F4:62:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ld7_S4_DB1RP7B-pnaKmiX30Yrg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/f309c9-230a-41e2-bf27-6613aeaa60de/1/cZbiz7B2t2SglVNnSrqI3pPsvYU.roa
Signing time:             Thu 02 Jan 2025 01:49:04 +0000
ROA not before:           Thu 02 Jan 2025 01:49:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     196954
IP address blocks:        91.194.132.0/23 maxlen: 23
                          91.239.92.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/f309c9-230a-41e2-bf27-6613aeaa60de/1/Ld7_S4_DB1RP7B-pnaKmiX30Yrg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/f309c9-230a-41e2-bf27-6613aeaa60de/1/Ld7_S4_DB1RP7B-pnaKmiX30Yrg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ld7_S4_DB1RP7B-pnaKmiX30Yrg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:b6:1e:bc:8b:c4:b1:98:1d:e2:b4:80:8c:d0:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ddeff4b8fc307544fec1fa99da2a6897df462b8
        Validity
            Not Before: Jan  2 01:49:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7196e2cfb076b764a09553674aba88de93ecbd85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:19:da:15:b1:33:e4:92:3d:4c:f6:ec:2f:4b:
                    41:24:70:b1:b4:46:49:4a:45:0a:15:69:38:6c:73:
                    9e:64:12:4f:25:92:a7:67:b1:08:28:b6:a6:e5:5a:
                    55:c6:66:3a:b7:b2:8e:9b:5f:39:4e:25:69:67:21:
                    c4:bf:09:48:53:b7:0c:4d:db:ee:5f:d7:9a:bc:67:
                    0a:01:c7:88:1d:ac:34:6a:17:4c:01:2d:cf:87:e0:
                    bb:b0:af:d6:6b:b3:ee:45:b5:32:a8:25:79:37:61:
                    b0:d3:90:c0:4a:81:ce:67:56:64:e9:9f:b6:34:89:
                    f3:43:9f:6b:91:b7:3a:e8:21:1b:31:d9:83:4e:09:
                    51:d9:74:eb:13:cb:23:c5:12:73:09:8f:b7:97:39:
                    d6:f9:5c:0d:92:bf:c3:dd:c8:f8:54:fe:38:f9:fd:
                    e6:01:64:35:45:df:a2:ed:96:aa:4d:ac:84:7e:f8:
                    5b:dd:40:d6:4b:df:a7:d1:7a:48:3e:34:85:6c:f4:
                    75:17:76:dc:fa:df:3b:10:04:82:31:ef:e4:f8:62:
                    a8:4c:25:1f:df:23:f6:ff:ce:27:c0:fc:0a:d8:31:
                    d3:68:65:c5:ff:ac:34:74:f2:94:80:1e:5b:cd:4d:
                    f6:75:63:58:54:b9:9f:a3:ae:a3:e2:df:79:bf:ed:
                    72:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:96:E2:CF:B0:76:B7:64:A0:95:53:67:4A:BA:88:DE:93:EC:BD:85
            X509v3 Authority Key Identifier:
                keyid:2D:DE:FF:4B:8F:C3:07:54:4F:EC:1F:A9:9D:A2:A6:89:7D:F4:62:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ld7_S4_DB1RP7B-pnaKmiX30Yrg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/f309c9-230a-41e2-bf27-6613aeaa60de/1/cZbiz7B2t2SglVNnSrqI3pPsvYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/f309c9-230a-41e2-bf27-6613aeaa60de/1/Ld7_S4_DB1RP7B-pnaKmiX30Yrg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.132.0/23
                  91.239.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5d:c3:6b:e4:50:71:7b:65:1e:b5:f2:be:cb:7b:c8:ac:51:7b:
         27:02:b1:37:b0:c3:41:10:f6:aa:24:a8:10:b0:0e:4b:89:93:
         70:40:a2:13:59:65:23:d8:59:1f:5f:49:bb:10:11:88:d7:1e:
         67:f2:8f:8c:de:52:8b:ae:bc:98:20:19:8d:1d:81:23:26:17:
         03:a1:66:62:4e:d6:2f:6b:78:46:f0:51:92:ea:a1:91:df:8b:
         33:97:bd:0f:f6:cd:43:80:39:f0:72:be:e7:69:05:9f:0f:b9:
         bc:c8:f1:54:58:71:26:c8:22:0a:8c:21:9b:a2:32:bb:07:16:
         e5:ba:36:58:b0:03:dc:7e:cb:68:ae:c7:1f:19:a9:e4:ba:e3:
         83:a7:41:a5:9c:30:25:bf:df:6e:dc:78:3f:b4:98:74:3d:b6:
         67:50:7d:27:37:25:a4:1c:80:90:4c:ae:90:e9:9e:06:a9:8a:
         2d:b9:88:ae:10:ef:a6:d1:b9:54:01:a4:6b:94:bf:3e:58:15:
         c4:59:9e:af:9a:c4:0a:b9:ef:52:1c:4d:58:5e:f4:5a:5e:86:
         f1:09:d1:5c:a2:a7:bd:4c:6e:c5:af:60:f0:60:95:a1:0e:a4:
         64:36:fe:64:e0:f6:9f:0f:ac:88:c4:37:82:d5:13:5b:88:f6:
         9a:f5:1c:53
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQks7YevIvEsZgd4rSAjNAMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkZGVmZjRiOGZjMzA3NTQ0ZmVjMWZhOTlkYTJhNjg5N2Rm
NDYyYjgwHhcNMjUwMTAyMDE0OTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTk2ZTJjZmIwNzZiNzY0YTA5NTUzNjc0YWJhODhkZTkzZWNiZDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRnaFbEz5JI9TPbsL0tBJHCxtEZJ
SkUKFWk4bHOeZBJPJZKnZ7EIKLam5VpVxmY6t7KOm185TiVpZyHEvwlIU7cMTdvu
X9eavGcKAceIHaw0ahdMAS3Ph+C7sK/Wa7PuRbUyqCV5N2Gw05DASoHOZ1Zk6Z+2
NInzQ59rkbc66CEbMdmDTglR2XTrE8sjxRJzCY+3lznW+VwNkr/D3cj4VP44+f3m
AWQ1Rd+i7ZaqTayEfvhb3UDWS9+n0XpIPjSFbPR1F3bc+t87EASCMe/k+GKoTCUf
3yP2/84nwPwK2DHTaGXF/6w0dPKUgB5bzU32dWNYVLmfo66j4t95v+1yhwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHGW4s+wdrdkoJVTZ0q6iN6T7L2FMB8GA1UdIwQY
MBaAFC3e/0uPwwdUT+wfqZ2ipol99GK4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGQ3X1M0X0RCMVJQN0ItcG5hS21pWDMwWXJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS9mMzA5YzktMjMwYS00MWUyLWJmMjct
NjYxM2FlYWE2MGRlLzEvY1piaXo3QjJ0MlNnbFZOblNycUkzcFBzdllVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS9mMzA5YzktMjMwYS00MWUyLWJmMjctNjYxM2FlYWE2MGRl
LzEvTGQ3X1M0X0RCMVJQN0ItcG5hS21pWDMwWXJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW8KEAwQB
W+9cMA0GCSqGSIb3DQEBCwUAA4IBAQBdw2vkUHF7ZR618r7Le8isUXsnArE3sMNB
EPaqJKgQsA5LiZNwQKITWWUj2FkfX0m7EBGI1x5n8o+M3lKLrryYIBmNHYEjJhcD
oWZiTtYva3hG8FGS6qGR34szl70P9s1DgDnwcr7naQWfD7m8yPFUWHEmyCIKjCGb
ojK7BxblujZYsAPcfstorscfGankuuODp0GlnDAlv99u3Hg/tJh0PbZnUH0nNyWk
HICQTK6Q6Z4GqYotuYiuEO+m0blUAaRrlL8+WBXEWZ6vmsQKue9SHE1YXvRaXobx
CdFcoqe9TG7Fr2DwYJWhDqRkNv5k4PafD6yIxDeC1RNbiPaa9RxT
-----END CERTIFICATE-----