Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/aa55a2-e33e-4dc0-9d87-8cc6579415da/1/Zizvgb-rhfS_7pHYmBZTte7Y888.roa
File:                     Zizvgb-rhfS_7pHYmBZTte7Y888.roa (raw, json)
Hash identifier:          m2FrVstJadARP/3nPJFg8KYYdRn/L9HI1kmCiAXzD14=
Subject key identifier:   66:2C:EF:81:BF:AB:85:F4:BF:EE:91:D8:98:16:53:B5:EE:D8:F3:CF
Certificate issuer:       /CN=930a572c16d0c44f7766587d92d878ba30541d1e
Certificate serial:       018CC56E6D0C5FA98ED3E8CBFF261738A4D1
Authority key identifier: 93:0A:57:2C:16:D0:C4:4F:77:66:58:7D:92:D8:78:BA:30:54:1D:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kwpXLBbQxE93Zlh9kth4ujBUHR4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/aa55a2-e33e-4dc0-9d87-8cc6579415da/1/Zizvgb-rhfS_7pHYmBZTte7Y888.roa
Signing time:             Mon 01 Jan 2024 14:29:57 +0000
ROA not before:           Mon 01 Jan 2024 14:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197481
IP address blocks:        91.213.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/aa55a2-e33e-4dc0-9d87-8cc6579415da/1/kwpXLBbQxE93Zlh9kth4ujBUHR4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/aa55a2-e33e-4dc0-9d87-8cc6579415da/1/kwpXLBbQxE93Zlh9kth4ujBUHR4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kwpXLBbQxE93Zlh9kth4ujBUHR4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:6d:0c:5f:a9:8e:d3:e8:cb:ff:26:17:38:a4:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=930a572c16d0c44f7766587d92d878ba30541d1e
        Validity
            Not Before: Jan  1 14:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=662cef81bfab85f4bfee91d8981653b5eed8f3cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:c5:26:b7:ee:06:a8:c4:c1:5a:a8:ca:af:45:
                    50:32:8f:af:e7:a7:98:77:b8:76:c5:d9:86:88:7e:
                    5f:70:65:c3:ef:71:c4:8d:58:94:74:73:7b:4d:72:
                    2a:c8:7e:81:72:bb:ab:72:2b:1c:16:fc:d8:06:1d:
                    73:25:28:e4:e3:a6:59:68:57:9f:2b:eb:42:f9:a1:
                    1f:88:91:5f:b9:81:4d:e2:13:4f:9c:c4:d0:b8:b4:
                    75:f0:d9:30:08:86:0a:f4:7e:16:6d:66:35:06:c6:
                    90:cb:e3:c5:21:f0:12:86:fd:24:e7:b7:33:cc:6e:
                    b8:58:28:4a:47:82:ec:85:51:53:88:41:89:3e:21:
                    d4:03:b2:66:7a:f1:c8:b8:a1:ff:12:94:61:b4:c1:
                    26:f7:31:50:aa:47:fc:d0:29:5e:a1:72:ae:fe:02:
                    d1:26:00:8a:b7:1c:23:20:8c:d9:2e:a9:83:b2:51:
                    73:d1:f4:17:fb:f9:b5:a8:92:db:2a:dc:2b:58:a0:
                    23:3b:32:a3:71:90:76:d5:36:29:17:34:a5:e7:3b:
                    e8:7f:37:e9:b4:d2:84:e5:50:0a:1a:9a:77:7a:ef:
                    8a:b9:1c:e5:f8:8b:90:ca:ef:9e:fd:08:21:2e:86:
                    fe:f0:b4:9b:71:8e:4b:58:57:49:6c:16:4c:87:ce:
                    2c:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:2C:EF:81:BF:AB:85:F4:BF:EE:91:D8:98:16:53:B5:EE:D8:F3:CF
            X509v3 Authority Key Identifier:
                keyid:93:0A:57:2C:16:D0:C4:4F:77:66:58:7D:92:D8:78:BA:30:54:1D:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kwpXLBbQxE93Zlh9kth4ujBUHR4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/aa55a2-e33e-4dc0-9d87-8cc6579415da/1/Zizvgb-rhfS_7pHYmBZTte7Y888.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/aa55a2-e33e-4dc0-9d87-8cc6579415da/1/kwpXLBbQxE93Zlh9kth4ujBUHR4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:7b:68:3d:0b:a4:df:28:fe:f4:2d:73:3e:01:d2:6b:51:f7:
         4b:6d:ab:19:f1:7f:b3:cc:53:9c:d4:d4:f2:c2:83:f3:5c:2f:
         66:f5:36:ac:9d:95:88:05:5e:fc:6d:44:6c:22:c4:1f:d6:0d:
         62:bc:1b:e9:d8:41:b6:e2:45:9c:1d:14:92:dd:0b:e5:b5:e3:
         8b:3b:cb:a4:d3:d8:fa:6a:b0:8d:39:a9:08:c0:18:b0:a9:fc:
         b0:f4:7f:92:96:54:83:7d:d8:28:af:fc:53:63:d4:83:be:aa:
         5c:a9:a4:32:7a:9a:11:3d:85:1f:df:47:cc:fb:47:27:25:82:
         f2:54:0c:73:1f:57:dd:3e:47:0d:ec:c5:6d:aa:73:bf:17:cb:
         aa:6f:2f:fe:33:2e:d2:b8:89:8e:eb:5a:c7:ab:25:14:0e:28:
         c8:96:57:94:cd:90:28:57:b2:7f:d9:6c:82:ce:0c:ec:38:54:
         f5:5a:e5:75:da:ed:7e:45:a3:8d:77:47:23:89:66:df:9b:16:
         25:d7:69:d5:9d:0c:ed:21:44:57:80:13:2c:3e:26:87:97:d2:
         bb:bd:1a:5e:49:89:9c:77:ff:71:88:f1:d7:bf:39:e4:f2:3c:
         bb:b8:7d:26:4d:af:2b:59:17:f8:bb:e5:7c:8e:de:52:5c:04:
         d2:ba:0f:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbm0MX6mO0+jL/yYXOKTRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzMGE1NzJjMTZkMGM0NGY3NzY2NTg3ZDkyZDg3OGJhMzA1
NDFkMWUwHhcNMjQwMTAxMTQyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjJjZWY4MWJmYWI4NWY0YmZlZTkxZDg5ODE2NTNiNWVlZDhmM2NmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl8Umt+4GqMTBWqjKr0VQMo+v56eY
d7h2xdmGiH5fcGXD73HEjViUdHN7TXIqyH6BcrurciscFvzYBh1zJSjk46ZZaFef
K+tC+aEfiJFfuYFN4hNPnMTQuLR18NkwCIYK9H4WbWY1BsaQy+PFIfAShv0k57cz
zG64WChKR4LshVFTiEGJPiHUA7JmevHIuKH/EpRhtMEm9zFQqkf80CleoXKu/gLR
JgCKtxwjIIzZLqmDslFz0fQX+/m1qJLbKtwrWKAjOzKjcZB21TYpFzSl5zvofzfp
tNKE5VAKGpp3eu+KuRzl+IuQyu+e/QghLob+8LSbcY5LWFdJbBZMh84s8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGYs74G/q4X0v+6R2JgWU7Xu2PPPMB8GA1UdIwQY
MBaAFJMKVywW0MRPd2ZYfZLYeLowVB0eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3dwWExCYlF4RTkzWmxoOWt0aDR1akJVSFI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi9hYTU1YTItZTMzZS00ZGMwLTlkODct
OGNjNjU3OTQxNWRhLzEvWml6dmdiLXJoZlNfN3BIWW1CWlR0ZTdZODg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi9hYTU1YTItZTMzZS00ZGMwLTlkODctOGNjNjU3OTQxNWRh
LzEva3dwWExCYlF4RTkzWmxoOWt0aDR1akJVSFI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9UhMA0G
CSqGSIb3DQEBCwUAA4IBAQAve2g9C6TfKP70LXM+AdJrUfdLbasZ8X+zzFOc1NTy
woPzXC9m9TasnZWIBV78bURsIsQf1g1ivBvp2EG24kWcHRSS3QvlteOLO8uk09j6
arCNOakIwBiwqfyw9H+SllSDfdgor/xTY9SDvqpcqaQyepoRPYUf30fM+0cnJYLy
VAxzH1fdPkcN7MVtqnO/F8uqby/+My7SuImO61rHqyUUDijIlleUzZAoV7J/2WyC
zgzsOFT1WuV12u1+RaONd0cjiWbfmxYl12nVnQztIURXgBMsPiaHl9K7vRpeSYmc
d/9xiPHXvznk8jy7uH0mTa8rWRf4u+V8jt5SXATSug+E
-----END CERTIFICATE-----