Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/908e91-27a6-414a-82e8-5e523ba8c9d7/1/ZFsInwhhSnqS2lxWCnbO2txoTSQ.roa
File:                     ZFsInwhhSnqS2lxWCnbO2txoTSQ.roa (raw, json)
Hash identifier:          fqmu7YwU6kWIf+2xMQJm5N9e+CqiStwVb2o4wAayErI=
Subject key identifier:   64:5B:08:9F:08:61:4A:7A:92:DA:5C:56:0A:76:CE:DA:DC:68:4D:24
Certificate issuer:       /CN=f0f3f049f3f28451e3e1bf68b974ffdbc8c414c7
Certificate serial:       018CC2DB4C4C568ADC9E4C46FCF59449F797
Authority key identifier: F0:F3:F0:49:F3:F2:84:51:E3:E1:BF:68:B9:74:FF:DB:C8:C4:14:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8PPwSfPyhFHj4b9ouXT_28jEFMc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/908e91-27a6-414a-82e8-5e523ba8c9d7/1/ZFsInwhhSnqS2lxWCnbO2txoTSQ.roa
Signing time:             Mon 01 Jan 2024 02:30:00 +0000
ROA not before:           Mon 01 Jan 2024 02:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197052
IP address blocks:        91.216.66.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/908e91-27a6-414a-82e8-5e523ba8c9d7/1/8PPwSfPyhFHj4b9ouXT_28jEFMc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/908e91-27a6-414a-82e8-5e523ba8c9d7/1/8PPwSfPyhFHj4b9ouXT_28jEFMc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8PPwSfPyhFHj4b9ouXT_28jEFMc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:4c:4c:56:8a:dc:9e:4c:46:fc:f5:94:49:f7:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0f3f049f3f28451e3e1bf68b974ffdbc8c414c7
        Validity
            Not Before: Jan  1 02:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=645b089f08614a7a92da5c560a76cedadc684d24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:c6:92:6b:c5:09:07:aa:58:b6:c9:a3:f5:53:
                    09:65:8d:c6:5b:91:50:14:bf:c1:13:7d:44:0f:46:
                    11:fa:fc:13:80:75:d7:62:f6:b8:1a:52:bb:27:5a:
                    39:c5:fb:0e:d1:dd:df:9e:8a:61:d2:d4:bf:b8:6f:
                    33:02:9a:c1:1f:5e:45:fb:12:bb:d4:e3:64:5c:97:
                    a9:8c:62:1f:56:6b:05:44:2b:9a:32:58:50:3b:2f:
                    37:e3:97:fd:28:fa:91:4f:b6:78:e9:d6:7a:71:e2:
                    94:59:55:a6:e4:b6:c5:4e:09:fe:a6:12:fd:34:cc:
                    ca:6d:8d:b4:79:a3:2b:f1:a2:9e:85:f0:6f:a8:ef:
                    5d:98:16:ce:31:f7:f9:79:20:a9:5c:76:63:3e:56:
                    e7:cf:ad:b6:11:3f:0e:1b:84:05:70:68:ec:b3:d1:
                    fb:7d:38:c4:ac:7e:45:e1:6f:45:79:2a:0d:f6:2a:
                    6d:1f:66:01:ad:d1:bd:dd:16:94:51:57:85:d0:e3:
                    97:48:34:a2:17:74:9d:eb:3f:5c:55:27:a5:00:c9:
                    c1:17:5d:4b:98:35:70:8a:0c:56:8b:68:53:68:2c:
                    4e:fe:4f:d5:97:3d:7d:af:e1:05:98:21:7e:08:45:
                    32:5d:b1:61:54:f3:77:4b:35:f3:08:70:6a:79:36:
                    12:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:5B:08:9F:08:61:4A:7A:92:DA:5C:56:0A:76:CE:DA:DC:68:4D:24
            X509v3 Authority Key Identifier:
                keyid:F0:F3:F0:49:F3:F2:84:51:E3:E1:BF:68:B9:74:FF:DB:C8:C4:14:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8PPwSfPyhFHj4b9ouXT_28jEFMc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/908e91-27a6-414a-82e8-5e523ba8c9d7/1/ZFsInwhhSnqS2lxWCnbO2txoTSQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/908e91-27a6-414a-82e8-5e523ba8c9d7/1/8PPwSfPyhFHj4b9ouXT_28jEFMc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:d1:2b:19:ab:66:a7:49:9f:51:5e:99:a5:48:a2:8f:f4:75:
         e8:25:45:62:a8:cc:18:6b:be:16:70:bd:a9:57:26:24:bb:15:
         d9:82:ae:d2:95:87:d8:12:5e:9a:14:fe:79:23:0a:dc:bf:59:
         3f:e7:65:5e:4b:dc:08:09:d3:bf:3d:ef:de:e0:4f:f0:d3:e1:
         06:58:8b:c5:30:95:db:e9:2b:99:4f:c6:93:d8:88:f5:4c:01:
         54:fe:6d:0c:12:a0:e1:eb:4b:07:09:3f:dd:ee:e0:d4:28:45:
         7b:fb:9e:33:4f:22:f4:4b:66:dd:a3:99:91:9e:a5:5a:4e:7e:
         66:03:f1:87:e1:bd:97:d4:a1:51:a8:fe:6b:3d:2d:3f:42:aa:
         27:d7:51:43:0f:e4:15:1a:05:c6:b3:45:ef:96:54:af:56:bf:
         7f:c2:29:f9:ec:9a:e2:5e:c0:ec:d8:75:6a:d3:62:aa:ab:a2:
         9f:1a:e1:16:1b:a2:1e:ca:99:37:f7:d9:63:fc:28:0e:69:32:
         0a:73:cb:7a:f3:9e:fa:c8:6f:f3:a6:f7:24:59:64:1c:b8:eb:
         3a:b2:0c:69:a3:94:67:00:c2:28:a9:8f:00:3e:df:4e:dd:ee:
         e5:38:db:80:86:cd:db:67:d9:c6:7d:13:39:65:ee:87:a1:66:
         c9:21:f4:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC20xMVorcnkxG/PWUSfeXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZjNmMDQ5ZjNmMjg0NTFlM2UxYmY2OGI5NzRmZmRiYzhj
NDE0YzcwHhcNMjQwMTAxMDIzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDViMDg5ZjA4NjE0YTdhOTJkYTVjNTYwYTc2Y2VkYWRjNjg0ZDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiMaSa8UJB6pYtsmj9VMJZY3GW5FQ
FL/BE31ED0YR+vwTgHXXYva4GlK7J1o5xfsO0d3fnoph0tS/uG8zAprBH15F+xK7
1ONkXJepjGIfVmsFRCuaMlhQOy8345f9KPqRT7Z46dZ6ceKUWVWm5LbFTgn+phL9
NMzKbY20eaMr8aKehfBvqO9dmBbOMff5eSCpXHZjPlbnz622ET8OG4QFcGjss9H7
fTjErH5F4W9FeSoN9iptH2YBrdG93RaUUVeF0OOXSDSiF3Sd6z9cVSelAMnBF11L
mDVwigxWi2hTaCxO/k/Vlz19r+EFmCF+CEUyXbFhVPN3SzXzCHBqeTYS8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGRbCJ8IYUp6ktpcVgp2ztrcaE0kMB8GA1UdIwQY
MBaAFPDz8Enz8oRR4+G/aLl0/9vIxBTHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFBQd1NmUHloRkhqNGI5b3VYVF8yOGpFRk1jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy85MDhlOTEtMjdhNi00MTRhLTgyZTgt
NWU1MjNiYThjOWQ3LzEvWkZzSW53aGhTbnFTMmx4V0NuYk8ydHhvVFNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy85MDhlOTEtMjdhNi00MTRhLTgyZTgtNWU1MjNiYThjOWQ3
LzEvOFBQd1NmUHloRkhqNGI5b3VYVF8yOGpFRk1jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9hCMA0G
CSqGSIb3DQEBCwUAA4IBAQBA0SsZq2anSZ9RXpmlSKKP9HXoJUViqMwYa74WcL2p
VyYkuxXZgq7SlYfYEl6aFP55Iwrcv1k/52VeS9wICdO/Pe/e4E/w0+EGWIvFMJXb
6SuZT8aT2Ij1TAFU/m0MEqDh60sHCT/d7uDUKEV7+54zTyL0S2bdo5mRnqVaTn5m
A/GH4b2X1KFRqP5rPS0/Qqon11FDD+QVGgXGs0XvllSvVr9/win57JriXsDs2HVq
02Kqq6KfGuEWG6Ieypk399lj/CgOaTIKc8t68576yG/zpvckWWQcuOs6sgxpo5Rn
AMIoqY8APt9O3e7lONuAhs3bZ9nGfRM5Ze6HoWbJIfS/
-----END CERTIFICATE-----