Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/zoOrXJe8r8tS1P9nilG5wPNB1Q8.roa
File:                     zoOrXJe8r8tS1P9nilG5wPNB1Q8.roa (raw, json)
Hash identifier:          WyBlQoWs8Q7UPNdQhMroR6jwiGpUIIeP504zsUP1GoU=
Subject key identifier:   CE:83:AB:5C:97:BC:AF:CB:52:D4:FF:67:8A:51:B9:C0:F3:41:D5:0F
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       018CC26D5097C63EE20B4F52FE4AE6445DF0
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/zoOrXJe8r8tS1P9nilG5wPNB1Q8.roa
Signing time:             Mon 01 Jan 2024 00:29:53 +0000
ROA not before:           Mon 01 Jan 2024 00:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25407
IP address blocks:        213.91.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:50:97:c6:3e:e2:0b:4f:52:fe:4a:e6:44:5d:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 00:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce83ab5c97bcafcb52d4ff678a51b9c0f341d50f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:2e:b1:16:06:41:65:2c:73:36:9b:9a:93:22:
                    97:b6:b8:c7:f5:88:b4:9c:d2:48:8d:b4:bd:e3:45:
                    4d:6b:e7:27:f2:4a:99:17:eb:07:b2:40:e7:37:20:
                    d3:20:a2:2d:be:c5:0c:2b:34:71:3c:00:30:66:a5:
                    be:5d:e7:f2:6d:33:a4:25:fb:62:a9:a3:7d:87:a1:
                    64:94:0e:95:21:eb:b5:da:66:f5:26:f7:24:73:b2:
                    bc:47:da:7f:f4:a8:79:d4:63:da:80:b5:f3:e1:86:
                    41:0b:64:85:3b:1d:08:7e:6f:8e:b2:d6:e6:24:6b:
                    63:7b:cc:8d:63:23:1f:be:e7:b9:81:08:ba:34:d5:
                    38:0c:0c:2a:a7:70:b5:13:fa:61:e1:1b:82:59:cc:
                    0b:6e:91:b3:d6:75:66:20:6d:c5:b1:a8:db:ae:ac:
                    2d:83:f0:29:e2:b5:fe:ca:39:fa:ef:a9:d2:43:90:
                    00:b1:85:d6:bb:e3:cb:14:b4:37:a8:d6:24:34:2e:
                    6f:74:dc:47:69:b4:3c:b7:c6:03:26:d1:49:64:67:
                    0d:18:00:9f:7f:f0:85:95:82:5f:0a:33:f5:59:2a:
                    c6:2b:58:96:92:71:51:2d:2e:68:d9:9a:f3:39:51:
                    3c:07:c2:37:cf:c3:ab:f2:f5:0b:34:fb:41:c6:d9:
                    e7:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:83:AB:5C:97:BC:AF:CB:52:D4:FF:67:8A:51:B9:C0:F3:41:D5:0F
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/zoOrXJe8r8tS1P9nilG5wPNB1Q8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.91.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:aa:7d:14:ae:b6:c8:48:f4:d0:d3:1d:0d:1e:4f:82:00:a3:
         a7:99:27:80:63:61:82:5a:54:ea:13:15:88:18:4b:fe:65:ab:
         7b:20:d9:bb:ac:89:c6:b6:de:95:dc:aa:da:e9:63:6e:70:36:
         b4:6c:3e:d0:66:9c:10:9c:65:5a:e5:98:5e:8d:85:25:36:e3:
         df:4c:be:56:45:29:d4:e6:aa:d9:b3:41:2e:58:35:71:67:09:
         81:db:74:54:68:43:d4:2e:ac:58:4c:9d:66:fc:2f:f2:25:a2:
         d2:fc:a6:0a:77:2a:9c:90:d0:0a:3f:d1:bc:a7:b4:f5:d2:3b:
         7b:84:d6:f6:53:92:86:cb:3f:03:3f:0d:73:a5:ba:e4:ce:c6:
         36:e8:23:22:8c:c7:22:56:1c:9f:c0:77:2e:65:53:cf:d6:88:
         03:3d:c4:20:72:06:de:03:92:22:d6:0f:68:1a:78:36:bc:99:
         1a:6f:67:52:e0:b3:04:b0:44:ef:d2:d1:8d:6a:0e:e5:94:15:
         39:76:85:94:7c:3c:60:89:0f:68:17:e9:5b:02:ba:56:22:a9:
         bb:a1:3c:ea:36:3a:0f:05:51:a3:12:28:e3:22:5c:75:9c:95:
         ac:37:d4:01:56:09:3d:91:68:21:39:21:a4:2e:ce:2f:43:5b:
         9d:99:90:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbVCXxj7iC09S/krmRF3wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjQwMTAxMDAyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTgzYWI1Yzk3YmNhZmNiNTJkNGZmNjc4YTUxYjljMGYzNDFkNTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqS6xFgZBZSxzNpuakyKXtrjH9Yi0
nNJIjbS940VNa+cn8kqZF+sHskDnNyDTIKItvsUMKzRxPAAwZqW+XefybTOkJfti
qaN9h6FklA6VIeu12mb1Jvckc7K8R9p/9Kh51GPagLXz4YZBC2SFOx0Ifm+Ostbm
JGtje8yNYyMfvue5gQi6NNU4DAwqp3C1E/ph4RuCWcwLbpGz1nVmIG3Fsajbrqwt
g/Ap4rX+yjn676nSQ5AAsYXWu+PLFLQ3qNYkNC5vdNxHabQ8t8YDJtFJZGcNGACf
f/CFlYJfCjP1WSrGK1iWknFRLS5o2ZrzOVE8B8I3z8Or8vULNPtBxtnnCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM6Dq1yXvK/LUtT/Z4pRucDzQdUPMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvem9PclhKZThyOHRTMVA5bmlsRzV3UE5CMVE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1VujMA0G
CSqGSIb3DQEBCwUAA4IBAQBsqn0UrrbISPTQ0x0NHk+CAKOnmSeAY2GCWlTqExWI
GEv+Zat7INm7rInGtt6V3Kra6WNucDa0bD7QZpwQnGVa5ZhejYUlNuPfTL5WRSnU
5qrZs0EuWDVxZwmB23RUaEPULqxYTJ1m/C/yJaLS/KYKdyqckNAKP9G8p7T10jt7
hNb2U5KGyz8DPw1zpbrkzsY26CMijMciVhyfwHcuZVPP1ogDPcQgcgbeA5Ii1g9o
Gng2vJkab2dS4LMEsETv0tGNag7llBU5doWUfDxgiQ9oF+lbArpWIqm7oTzqNjoP
BVGjEijjIlx1nJWsN9QBVgk9kWghOSGkLs4vQ1udmZBZ
-----END CERTIFICATE-----