Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/a537c0-fd4b-43b6-8891-d57373bf5162/1/zjI3SwSi2E822HBMquFH8gUJDKA.roa
File:                     zjI3SwSi2E822HBMquFH8gUJDKA.roa (raw, json)
Hash identifier:          3HjeFdwQGazf6DXzo6ARvl8DrC1R+1vh9PRGzSEoYFg=
Subject key identifier:   CE:32:37:4B:04:A2:D8:4F:36:D8:70:4C:AA:E1:47:F2:05:09:0C:A0
Certificate issuer:       /CN=96351c473a16ba38fab4d517059225e0f133c8bf
Certificate serial:       018CC64AF3E1543A0A825790DCC5EBB2B7E4
Authority key identifier: 96:35:1C:47:3A:16:BA:38:FA:B4:D5:17:05:92:25:E0:F1:33:C8:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ljUcRzoWujj6tNUXBZIl4PEzyL8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/a537c0-fd4b-43b6-8891-d57373bf5162/1/zjI3SwSi2E822HBMquFH8gUJDKA.roa
Signing time:             Mon 01 Jan 2024 18:30:50 +0000
ROA not before:           Mon 01 Jan 2024 18:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12850
IP address blocks:        91.225.180.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/a537c0-fd4b-43b6-8891-d57373bf5162/1/ljUcRzoWujj6tNUXBZIl4PEzyL8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/a537c0-fd4b-43b6-8891-d57373bf5162/1/ljUcRzoWujj6tNUXBZIl4PEzyL8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ljUcRzoWujj6tNUXBZIl4PEzyL8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:f3:e1:54:3a:0a:82:57:90:dc:c5:eb:b2:b7:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96351c473a16ba38fab4d517059225e0f133c8bf
        Validity
            Not Before: Jan  1 18:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce32374b04a2d84f36d8704caae147f205090ca0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:6c:f0:b4:a1:7a:1a:63:a2:c0:36:4f:a0:68:
                    e6:b4:32:e1:bf:77:fb:33:05:12:cf:c8:13:0a:20:
                    30:46:1d:3f:c4:29:fd:8e:f9:04:d2:cf:43:29:5f:
                    2b:14:10:1b:fc:6d:ca:dc:66:9a:06:c2:1f:70:29:
                    24:e5:9e:fa:cb:79:bb:15:be:72:01:2d:b2:5f:f3:
                    ae:b0:42:b6:5d:3c:72:29:8e:a5:54:43:ef:fc:c9:
                    01:b6:54:56:b6:0f:f9:f2:29:47:bc:01:6f:a9:4f:
                    bd:f7:c8:6d:2b:ea:4d:d5:db:da:6b:26:e5:90:88:
                    cc:6f:84:a6:3c:58:7e:25:4c:3e:14:3f:c5:9f:01:
                    fd:8a:87:c9:ae:bd:e4:7d:bd:54:6a:29:89:3c:67:
                    fc:e7:46:5c:08:86:a7:c8:01:1f:e1:82:2a:bb:2c:
                    51:1b:26:6d:bc:1d:55:9a:6a:d8:2a:60:1d:fa:b0:
                    e9:b9:39:6b:5d:84:c9:19:a0:8c:78:b3:87:fb:16:
                    40:bf:bf:83:fd:36:c9:dd:fd:a2:ef:c3:1d:b4:8c:
                    9b:b8:20:46:33:bf:73:85:97:f0:51:f6:d0:23:06:
                    95:5d:cb:08:36:75:03:86:45:d5:88:b8:8e:a4:86:
                    59:a8:c0:e0:3e:4e:45:f6:79:eb:40:65:2b:96:12:
                    45:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:32:37:4B:04:A2:D8:4F:36:D8:70:4C:AA:E1:47:F2:05:09:0C:A0
            X509v3 Authority Key Identifier:
                keyid:96:35:1C:47:3A:16:BA:38:FA:B4:D5:17:05:92:25:E0:F1:33:C8:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ljUcRzoWujj6tNUXBZIl4PEzyL8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/a537c0-fd4b-43b6-8891-d57373bf5162/1/zjI3SwSi2E822HBMquFH8gUJDKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/a537c0-fd4b-43b6-8891-d57373bf5162/1/ljUcRzoWujj6tNUXBZIl4PEzyL8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.225.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         77:46:a6:ad:99:45:45:8e:a6:7e:6a:8e:e9:02:91:a3:05:19:
         11:7d:b3:ef:cd:36:0e:56:dd:f9:aa:c1:8a:ef:b0:ad:ae:32:
         31:35:1b:8b:20:63:33:47:ec:38:8c:81:75:73:91:76:9b:16:
         f3:a4:12:d2:47:42:1c:50:d0:82:37:f0:b2:e6:61:b8:f7:84:
         24:07:12:fd:83:05:34:97:3f:10:06:b6:fc:62:95:a8:b1:6b:
         e6:0d:7d:33:7a:60:d1:af:22:28:cb:53:ac:a9:7d:5c:5d:36:
         38:d1:d1:b5:21:27:b0:ab:1c:6e:35:15:6b:25:9e:d5:ab:17:
         f4:3d:6a:8f:44:85:3e:dd:c1:35:bf:b7:7c:9f:5d:ee:c3:ee:
         0d:11:20:f8:c1:1c:7e:bf:a1:a8:be:85:be:4f:ab:f3:d2:12:
         d9:c2:91:da:b3:ed:00:1f:6c:34:14:d2:da:9f:d2:f9:66:0a:
         f7:e0:da:05:40:2b:e4:29:5a:38:34:7f:9a:8f:bb:85:62:5c:
         31:6e:ad:78:90:b6:87:aa:d1:40:d9:29:ef:dd:a3:20:d8:ec:
         97:8a:23:4f:89:c0:1a:12:66:2c:ba:1a:c9:e3:17:fe:7e:49:
         bc:86:0a:7f:42:68:99:21:e9:5a:e4:38:e2:1e:8f:a3:c3:89:
         a9:82:ff:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSvPhVDoKgleQ3MXrsrfkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2MzUxYzQ3M2ExNmJhMzhmYWI0ZDUxNzA1OTIyNWUwZjEz
M2M4YmYwHhcNMjQwMTAxMTgzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTMyMzc0YjA0YTJkODRmMzZkODcwNGNhYWUxNDdmMjA1MDkwY2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkmzwtKF6GmOiwDZPoGjmtDLhv3f7
MwUSz8gTCiAwRh0/xCn9jvkE0s9DKV8rFBAb/G3K3GaaBsIfcCkk5Z76y3m7Fb5y
AS2yX/OusEK2XTxyKY6lVEPv/MkBtlRWtg/58ilHvAFvqU+998htK+pN1dvaaybl
kIjMb4SmPFh+JUw+FD/FnwH9iofJrr3kfb1UaimJPGf850ZcCIanyAEf4YIquyxR
GyZtvB1VmmrYKmAd+rDpuTlrXYTJGaCMeLOH+xZAv7+D/TbJ3f2i78MdtIybuCBG
M79zhZfwUfbQIwaVXcsINnUDhkXViLiOpIZZqMDgPk5F9nnrQGUrlhJF+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM4yN0sEothPNthwTKrhR/IFCQygMB8GA1UdIwQY
MBaAFJY1HEc6Fro4+rTVFwWSJeDxM8i/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGpVY1J6b1d1amo2dE5VWEJaSWw0UEV6eUw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9hNTM3YzAtZmQ0Yi00M2I2LTg4OTEt
ZDU3MzczYmY1MTYyLzEvempJM1N3U2kyRTgyMkhCTXF1Rkg4Z1VKREtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9hNTM3YzAtZmQ0Yi00M2I2LTg4OTEtZDU3MzczYmY1MTYy
LzEvbGpVY1J6b1d1amo2dE5VWEJaSWw0UEV6eUw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+G0MA0G
CSqGSIb3DQEBCwUAA4IBAQB3RqatmUVFjqZ+ao7pApGjBRkRfbPvzTYOVt35qsGK
77CtrjIxNRuLIGMzR+w4jIF1c5F2mxbzpBLSR0IcUNCCN/Cy5mG494QkBxL9gwU0
lz8QBrb8YpWosWvmDX0zemDRryIoy1OsqX1cXTY40dG1ISewqxxuNRVrJZ7Vqxf0
PWqPRIU+3cE1v7d8n13uw+4NESD4wRx+v6GovoW+T6vz0hLZwpHas+0AH2w0FNLa
n9L5Zgr34NoFQCvkKVo4NH+aj7uFYlwxbq14kLaHqtFA2Snv3aMg2OyXiiNPicAa
EmYsuhrJ4xf+fkm8hgp/QmiZIela5DjiHo+jw4mpgv/J
-----END CERTIFICATE-----