Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/db8a11-cadd-459c-b59f-9bf37ec98bb0/1/Z521YFhT6sNOu_GAtLJWdge8hNg.roa
File:                     Z521YFhT6sNOu_GAtLJWdge8hNg.roa (raw, json)
Hash identifier:          762VN6guJ1PKQgwMWIdJhKZGQxdNoHlXeN5G76/0NP8=
Subject key identifier:   67:9D:B5:60:58:53:EA:C3:4E:BB:F1:80:B4:B2:56:76:07:BC:84:D8
Certificate issuer:       /CN=14644dd0a81c63073f2c51bc976e11fa9c615c51
Certificate serial:       018CCA29380A0CC2E0130D8C74C3DA21828B
Authority key identifier: 14:64:4D:D0:A8:1C:63:07:3F:2C:51:BC:97:6E:11:FA:9C:61:5C:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FGRN0KgcYwc_LFG8l24R-pxhXFE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/db8a11-cadd-459c-b59f-9bf37ec98bb0/1/Z521YFhT6sNOu_GAtLJWdge8hNg.roa
Signing time:             Tue 02 Jan 2024 12:32:28 +0000
ROA not before:           Tue 02 Jan 2024 12:32:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61283
IP address blocks:        91.233.83.0/24 maxlen: 24
                          2001:67c:1530::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/db8a11-cadd-459c-b59f-9bf37ec98bb0/1/FGRN0KgcYwc_LFG8l24R-pxhXFE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/db8a11-cadd-459c-b59f-9bf37ec98bb0/1/FGRN0KgcYwc_LFG8l24R-pxhXFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FGRN0KgcYwc_LFG8l24R-pxhXFE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 10:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:38:0a:0c:c2:e0:13:0d:8c:74:c3:da:21:82:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=14644dd0a81c63073f2c51bc976e11fa9c615c51
        Validity
            Not Before: Jan  2 12:32:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=679db5605853eac34ebbf180b4b2567607bc84d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:4c:4e:cc:5c:0c:61:50:4f:fa:f8:b4:bb:35:
                    d8:a8:11:de:07:b8:4b:36:a4:85:9a:61:fc:bd:6d:
                    4f:8c:48:c5:58:60:a1:1b:a3:14:e9:b7:04:e5:26:
                    9e:2b:e4:4e:82:51:8e:ab:22:a0:f4:36:61:27:a6:
                    e3:30:2b:5d:93:5e:04:fd:2b:92:8f:50:6f:ef:cc:
                    7b:5a:af:a0:4d:df:d9:0b:a1:fc:68:88:6d:b8:7a:
                    6c:cf:9f:d1:ed:ce:62:af:cd:81:5e:34:f7:0c:16:
                    1c:cc:35:da:94:cb:f5:4c:6c:9a:96:ec:0c:56:aa:
                    97:60:d3:98:92:00:58:b9:3d:ee:42:5d:84:d6:c4:
                    60:b8:2f:aa:72:bb:71:f8:1f:8f:75:a2:98:b3:f7:
                    8b:bb:fe:1b:45:19:34:10:e8:b4:95:34:03:2e:98:
                    30:40:99:6d:88:d9:b7:61:a2:46:7a:06:c8:81:aa:
                    42:b1:9a:62:43:22:04:79:20:36:dc:cc:38:df:81:
                    7f:a1:ee:d9:ae:fe:8f:50:d9:8c:2d:ea:2c:f0:5f:
                    aa:8a:6d:b3:93:14:55:dc:cd:2c:77:d4:24:df:6e:
                    51:f7:08:df:91:9f:8a:d6:ce:2c:4f:34:64:04:56:
                    14:4d:31:61:d1:d6:23:ee:a4:c2:3b:cd:f0:b4:54:
                    ed:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:9D:B5:60:58:53:EA:C3:4E:BB:F1:80:B4:B2:56:76:07:BC:84:D8
            X509v3 Authority Key Identifier:
                keyid:14:64:4D:D0:A8:1C:63:07:3F:2C:51:BC:97:6E:11:FA:9C:61:5C:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FGRN0KgcYwc_LFG8l24R-pxhXFE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/db8a11-cadd-459c-b59f-9bf37ec98bb0/1/Z521YFhT6sNOu_GAtLJWdge8hNg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/db8a11-cadd-459c-b59f-9bf37ec98bb0/1/FGRN0KgcYwc_LFG8l24R-pxhXFE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.83.0/24
                IPv6:
                  2001:67c:1530::/48

    Signature Algorithm: sha256WithRSAEncryption
         7d:52:b1:8b:eb:0b:62:e0:17:97:ea:33:c4:d9:b9:e8:63:24:
         26:99:2d:db:a4:bb:de:e6:eb:9d:d8:20:ea:f0:92:d1:da:6f:
         fa:d6:86:31:f1:07:ed:8d:cb:7b:90:5b:ae:d2:62:27:7b:5f:
         f6:35:06:25:6a:bb:74:04:f4:d1:c8:5d:4b:aa:ed:4f:9e:e1:
         90:d0:1e:77:c9:0f:9a:e2:bc:9b:13:c1:54:40:aa:76:c9:2f:
         03:57:77:5a:e2:32:16:95:b4:09:80:20:97:a6:b1:63:eb:84:
         70:94:e8:51:fd:29:fa:ec:0d:21:08:9a:90:41:8e:6b:4f:13:
         c3:b5:f2:f6:c0:65:d6:07:1b:85:ea:9f:42:04:3c:fe:fe:98:
         dc:b7:40:20:19:67:e7:01:74:71:76:89:fa:13:32:0e:19:e1:
         e4:8a:1b:ec:d3:7f:a3:15:a4:b8:70:2e:c5:7d:4a:06:ff:ab:
         ac:5a:55:66:12:f0:90:a0:f5:84:d5:66:51:95:1a:73:3c:c5:
         6e:f4:89:d8:9f:24:e6:0a:dd:38:92:a1:b6:a9:1a:11:0a:61:
         c4:99:29:ad:2b:0a:54:ba:9a:e0:19:5f:ff:cb:91:7c:ad:d6:
         27:a6:45:67:17:9e:91:01:87:f4:93:ed:a6:cc:b5:10:40:d1:
         ec:15:cf:43
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKKTgKDMLgEw2MdMPaIYKLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0NjQ0ZGQwYTgxYzYzMDczZjJjNTFiYzk3NmUxMWZhOWM2
MTVjNTEwHhcNMjQwMTAyMTIzMjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzlkYjU2MDU4NTNlYWMzNGViYmYxODBiNGIyNTY3NjA3YmM4NGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzkxOzFwMYVBP+vi0uzXYqBHeB7hL
NqSFmmH8vW1PjEjFWGChG6MU6bcE5SaeK+ROglGOqyKg9DZhJ6bjMCtdk14E/SuS
j1Bv78x7Wq+gTd/ZC6H8aIhtuHpsz5/R7c5ir82BXjT3DBYczDXalMv1TGyaluwM
VqqXYNOYkgBYuT3uQl2E1sRguC+qcrtx+B+PdaKYs/eLu/4bRRk0EOi0lTQDLpgw
QJltiNm3YaJGegbIgapCsZpiQyIEeSA23Mw434F/oe7Zrv6PUNmMLeos8F+qim2z
kxRV3M0sd9Qk325R9wjfkZ+K1s4sTzRkBFYUTTFh0dYj7qTCO83wtFTt2wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGedtWBYU+rDTrvxgLSyVnYHvITYMB8GA1UdIwQY
MBaAFBRkTdCoHGMHPyxRvJduEfqcYVxRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkdSTjBLZ2NZd2NfTEZHOGwyNFItcHhoWEZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy9kYjhhMTEtY2FkZC00NTljLWI1OWYt
OWJmMzdlYzk4YmIwLzEvWjUyMVlGaFQ2c05PdV9HQXRMSldkZ2U4aE5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy9kYjhhMTEtY2FkZC00NTljLWI1OWYtOWJmMzdlYzk4YmIw
LzEvRkdSTjBLZ2NZd2NfTEZHOGwyNFItcHhoWEZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW+lTMA8E
AgACMAkDBwAgAQZ8FTAwDQYJKoZIhvcNAQELBQADggEBAH1SsYvrC2LgF5fqM8TZ
uehjJCaZLduku97m653YIOrwktHab/rWhjHxB+2Ny3uQW67SYid7X/Y1BiVqu3QE
9NHIXUuq7U+e4ZDQHnfJD5rivJsTwVRAqnbJLwNXd1riMhaVtAmAIJemsWPrhHCU
6FH9KfrsDSEImpBBjmtPE8O18vbAZdYHG4Xqn0IEPP7+mNy3QCAZZ+cBdHF2ifoT
Mg4Z4eSKG+zTf6MVpLhwLsV9Sgb/q6xaVWYS8JCg9YTVZlGVGnM8xW70idifJOYK
3TiSobapGhEKYcSZKa0rClS6muAZX//LkXyt1iemRWcXnpEBh/ST7abMtRBA0ewV
z0M=
-----END CERTIFICATE-----