Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/mZScfSxL4T78-fhidGxlZmNIw6I.roa
File:                     mZScfSxL4T78-fhidGxlZmNIw6I.roa (raw, json)
Hash identifier:          Pze/pgdSIvXn1+Fag2kb0JP6MvO/4uOv01h68+qgORY=
Subject key identifier:   99:94:9C:7D:2C:4B:E1:3E:FC:F9:F8:62:74:6C:65:66:63:48:C3:A2
Certificate issuer:       /CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Certificate serial:       018CC348AFF2DB005D6D30AE16F6CA821141
Authority key identifier: 35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/mZScfSxL4T78-fhidGxlZmNIw6I.roa
Signing time:             Mon 01 Jan 2024 04:29:29 +0000
ROA not before:           Mon 01 Jan 2024 04:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205430
IP address blocks:        91.106.28.0/24 maxlen: 24
                          94.240.41.0/24 maxlen: 24
                          94.240.43.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:af:f2:db:00:5d:6d:30:ae:16:f6:ca:82:11:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
        Validity
            Not Before: Jan  1 04:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99949c7d2c4be13efcf9f862746c65666348c3a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:61:5d:ce:86:05:dc:07:43:f3:71:4e:32:e4:
                    c3:61:d2:13:6b:fb:1e:a9:a5:33:9a:72:26:8e:c7:
                    36:c3:3a:48:db:6e:e7:62:7f:9c:60:e1:07:50:f7:
                    17:aa:61:7b:d0:19:0d:47:c8:1d:a3:6a:33:00:a0:
                    20:47:21:b8:41:4d:54:16:41:91:a8:99:d0:45:d7:
                    07:72:4c:8b:60:5d:0e:de:ff:5e:33:b7:dc:2b:06:
                    d5:d3:09:43:0a:50:67:25:da:ee:43:4f:03:30:b4:
                    e6:7c:53:c7:9f:d5:ff:ab:ab:e1:f6:c2:da:7c:ea:
                    6e:28:b8:a4:ae:18:f7:9f:16:48:09:0a:36:f7:d9:
                    7e:81:b1:4b:51:21:c9:cd:83:d2:c7:ae:7d:cf:4c:
                    c7:b1:a7:57:81:4e:7a:94:14:b3:51:10:0c:dd:a7:
                    60:24:a7:98:22:ab:ea:ee:16:34:0c:54:32:d1:c5:
                    ed:bd:c2:1f:fa:18:dc:4c:78:d9:23:f9:c2:2c:74:
                    db:1e:c7:df:a0:4a:03:c0:f9:cf:4f:cc:08:ef:e7:
                    ac:23:ee:16:68:36:24:2a:ea:16:fb:92:c0:ca:d9:
                    b4:39:cf:9a:26:50:55:80:0c:36:d2:ae:41:85:92:
                    fe:36:76:41:d6:da:ff:95:55:51:0c:be:dc:34:89:
                    7f:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:94:9C:7D:2C:4B:E1:3E:FC:F9:F8:62:74:6C:65:66:63:48:C3:A2
            X509v3 Authority Key Identifier:
                keyid:35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/mZScfSxL4T78-fhidGxlZmNIw6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.106.28.0/24
                  94.240.41.0/24
                  94.240.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:c6:c3:98:bf:64:88:ca:93:d4:0e:04:47:84:83:65:4c:85:
         50:d3:38:29:f8:40:1f:d7:a8:95:ab:54:97:26:f8:08:dc:2f:
         ad:f5:3d:84:ce:d9:0a:99:09:2a:db:69:6c:34:63:ba:b4:62:
         06:0e:9c:52:09:32:fe:c9:c4:83:38:65:53:b4:6b:f2:84:ef:
         ce:43:a3:90:f0:44:32:09:e4:33:1b:9a:5b:15:3e:11:ff:d1:
         c0:fe:62:a6:4d:54:4d:6d:69:41:7a:73:79:bf:63:6a:85:b1:
         91:a6:91:c7:86:18:01:91:34:c9:e2:81:31:7e:78:86:92:52:
         55:e0:bf:9f:d0:af:77:1b:af:c5:c6:6b:e5:09:80:cf:3b:c4:
         2e:b1:cc:97:e1:f0:cd:de:83:c9:fe:a3:05:76:c4:8f:74:6b:
         62:c9:0c:f5:96:dd:b3:02:fa:0e:53:53:58:3c:02:c5:e5:ba:
         c6:e8:70:e6:97:26:1c:bc:0e:c1:c2:e2:8e:67:a4:43:18:e0:
         b9:f7:f7:f5:be:4d:7d:6a:c6:ea:fe:96:07:95:41:4c:0f:14:
         91:0e:df:99:06:83:c0:d1:07:51:95:5b:f0:41:a2:0c:3f:eb:
         75:63:bd:8a:22:73:8f:58:72:ed:09:97:b0:68:91:c2:fd:97:
         b4:7e:3c:aa
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzDSK/y2wBdbTCuFvbKghFBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MWEyZmQ2ZjVlNWFmODdkNWNlYTA5NTA2NmZiY2MzZDNl
NTQ2YTQwHhcNMjQwMTAxMDQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTk0OWM3ZDJjNGJlMTNlZmNmOWY4NjI3NDZjNjU2NjYzNDhjM2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGFdzoYF3AdD83FOMuTDYdITa/se
qaUzmnImjsc2wzpI227nYn+cYOEHUPcXqmF70BkNR8gdo2ozAKAgRyG4QU1UFkGR
qJnQRdcHckyLYF0O3v9eM7fcKwbV0wlDClBnJdruQ08DMLTmfFPHn9X/q6vh9sLa
fOpuKLikrhj3nxZICQo299l+gbFLUSHJzYPSx659z0zHsadXgU56lBSzURAM3adg
JKeYIqvq7hY0DFQy0cXtvcIf+hjcTHjZI/nCLHTbHsffoEoDwPnPT8wI7+esI+4W
aDYkKuoW+5LAytm0Oc+aJlBVgAw20q5BhZL+NnZB1tr/lVVRDL7cNIl/jQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJmUnH0sS+E+/Pn4YnRsZWZjSMOiMB8GA1UdIwQY
MBaAFDUaL9b15a+H1c6glQZvvMPT5UakMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODIt
MjMwNDllNGQyZjEyLzEvbVpTY2ZTeEw0VDc4LWZoaWRHeGxabU5JdzZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODItMjMwNDllNGQyZjEy
LzEvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW2ocAwQA
XvApAwQAXvArMA0GCSqGSIb3DQEBCwUAA4IBAQBaxsOYv2SIypPUDgRHhINlTIVQ
0zgp+EAf16iVq1SXJvgI3C+t9T2EztkKmQkq22lsNGO6tGIGDpxSCTL+ycSDOGVT
tGvyhO/OQ6OQ8EQyCeQzG5pbFT4R/9HA/mKmTVRNbWlBenN5v2NqhbGRppHHhhgB
kTTJ4oExfniGklJV4L+f0K93G6/FxmvlCYDPO8QuscyX4fDN3oPJ/qMFdsSPdGti
yQz1lt2zAvoOU1NYPALF5brG6HDmlyYcvA7BwuKOZ6RDGOC59/f1vk19asbq/pYH
lUFMDxSRDt+ZBoPA0QdRlVvwQaIMP+t1Y72KInOPWHLtCZewaJHC/Ze0fjyq
-----END CERTIFICATE-----