Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/e17644-93d4-4457-8e5e-9675068857f1/1/ZDW8DfgSum-z3aKOYV8fuJSTliY.roa
File:                     ZDW8DfgSum-z3aKOYV8fuJSTliY.roa (raw, json)
Hash identifier:          scxA/YocsBXOybjLX0G3lfQTWs1pyK6vu7lkqFUOIcM=
Subject key identifier:   64:35:BC:0D:F8:12:BA:6F:B3:DD:A2:8E:61:5F:1F:B8:94:93:96:26
Certificate issuer:       /CN=c22d553b28c5d0ea5b1ef60c9bce33df50bcb493
Certificate serial:       018CC56E299FA291DF8C6D75283825BE346F
Authority key identifier: C2:2D:55:3B:28:C5:D0:EA:5B:1E:F6:0C:9B:CE:33:DF:50:BC:B4:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wi1VOyjF0OpbHvYMm84z31C8tJM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/e17644-93d4-4457-8e5e-9675068857f1/1/ZDW8DfgSum-z3aKOYV8fuJSTliY.roa
Signing time:             Mon 01 Jan 2024 14:29:40 +0000
ROA not before:           Mon 01 Jan 2024 14:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48367
IP address blocks:        91.210.220.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/e17644-93d4-4457-8e5e-9675068857f1/1/wi1VOyjF0OpbHvYMm84z31C8tJM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/e17644-93d4-4457-8e5e-9675068857f1/1/wi1VOyjF0OpbHvYMm84z31C8tJM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wi1VOyjF0OpbHvYMm84z31C8tJM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:29:9f:a2:91:df:8c:6d:75:28:38:25:be:34:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c22d553b28c5d0ea5b1ef60c9bce33df50bcb493
        Validity
            Not Before: Jan  1 14:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6435bc0df812ba6fb3dda28e615f1fb894939626
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:50:51:c1:12:3b:b9:d0:39:3c:c0:4c:2a:23:
                    55:89:81:ef:dd:fb:66:fa:e5:11:e4:eb:02:70:8d:
                    80:82:97:78:07:e9:27:b3:9c:1d:e2:89:80:a2:d2:
                    61:ed:c0:d3:df:c0:77:92:a8:e4:5c:4b:3d:68:54:
                    3e:a6:e6:1b:78:50:4a:98:f9:ec:99:75:ad:8f:82:
                    67:60:c1:84:7d:e2:27:32:72:c2:65:d3:e3:f3:42:
                    dc:38:0e:ec:bc:b3:cf:ca:74:95:56:67:51:49:dd:
                    4b:9c:8c:24:4d:9b:31:b4:f7:5e:26:61:23:0d:5c:
                    bc:63:89:0b:6a:c7:e7:d4:1c:25:8f:fd:9c:70:d1:
                    5b:7a:85:ec:b4:fa:b5:75:4d:c0:37:26:38:b7:94:
                    56:78:4a:b0:12:99:1b:57:5e:76:ad:b2:92:82:c2:
                    f7:97:e1:16:a0:d5:be:6d:a9:ff:49:4f:37:d9:f2:
                    d4:34:7b:01:bc:9d:14:2d:39:3f:78:16:d7:1b:a3:
                    91:79:ef:e6:67:97:f7:50:6d:cc:49:e0:bc:f1:47:
                    2b:87:5c:78:9c:d7:40:a8:24:2b:19:8c:d1:33:6d:
                    67:c4:c9:33:0b:ab:de:2f:e2:01:63:10:55:29:09:
                    eb:eb:4c:0f:c8:b8:6e:65:49:07:dd:83:f5:11:65:
                    f8:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:35:BC:0D:F8:12:BA:6F:B3:DD:A2:8E:61:5F:1F:B8:94:93:96:26
            X509v3 Authority Key Identifier:
                keyid:C2:2D:55:3B:28:C5:D0:EA:5B:1E:F6:0C:9B:CE:33:DF:50:BC:B4:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wi1VOyjF0OpbHvYMm84z31C8tJM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/e17644-93d4-4457-8e5e-9675068857f1/1/ZDW8DfgSum-z3aKOYV8fuJSTliY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/e17644-93d4-4457-8e5e-9675068857f1/1/wi1VOyjF0OpbHvYMm84z31C8tJM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.210.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         52:87:2a:ce:c3:c8:92:95:d8:f2:29:2f:75:3b:84:eb:dc:eb:
         ef:04:f8:e7:26:fc:6e:5d:2e:18:15:29:09:04:ad:d1:34:d3:
         f9:49:8c:30:5c:ef:de:b7:ff:d5:19:51:6d:6e:b9:e2:c3:6e:
         c8:de:d0:20:01:99:63:b4:a6:6b:f8:24:97:ba:ba:2a:25:c7:
         1d:48:2b:d3:a1:1b:7b:cb:e1:d9:23:84:30:bf:72:1f:81:af:
         ba:f1:d8:f5:71:12:6b:e3:5a:b2:ff:ca:73:cd:15:18:68:9b:
         bb:27:b6:62:27:71:c4:55:72:3f:df:31:ed:e8:d5:c4:bf:c9:
         a8:90:52:96:07:37:c7:f7:75:03:e6:8c:70:15:be:d5:8c:e0:
         73:8f:9b:42:6a:e6:e8:28:88:b5:41:9a:3e:87:f4:8a:05:92:
         16:b8:0b:8e:a5:4d:00:c6:48:18:6f:c0:16:8a:14:ae:f7:f9:
         65:39:4c:af:cf:ee:b8:37:2c:4f:d3:1f:50:ff:e3:12:c8:5c:
         33:53:94:b2:52:82:e9:59:7a:42:39:17:92:2b:bf:f6:48:d7:
         3a:74:b4:7c:ca:d1:25:2f:d0:ba:f2:3a:fd:d5:0c:50:d7:8f:
         16:f4:46:bc:70:66:cf:0b:a0:59:44:d1:1b:0f:ec:de:17:10:
         33:01:c7:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbimfopHfjG11KDglvjRvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMmQ1NTNiMjhjNWQwZWE1YjFlZjYwYzliY2UzM2RmNTBi
Y2I0OTMwHhcNMjQwMTAxMTQyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDM1YmMwZGY4MTJiYTZmYjNkZGEyOGU2MTVmMWZiODk0OTM5NjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0VBRwRI7udA5PMBMKiNViYHv3ftm
+uUR5OsCcI2Agpd4B+kns5wd4omAotJh7cDT38B3kqjkXEs9aFQ+puYbeFBKmPns
mXWtj4JnYMGEfeInMnLCZdPj80LcOA7svLPPynSVVmdRSd1LnIwkTZsxtPdeJmEj
DVy8Y4kLasfn1Bwlj/2ccNFbeoXstPq1dU3ANyY4t5RWeEqwEpkbV152rbKSgsL3
l+EWoNW+ban/SU832fLUNHsBvJ0ULTk/eBbXG6ORee/mZ5f3UG3MSeC88Ucrh1x4
nNdAqCQrGYzRM21nxMkzC6veL+IBYxBVKQnr60wPyLhuZUkH3YP1EWX4YwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGQ1vA34Erpvs92ijmFfH7iUk5YmMB8GA1UdIwQY
MBaAFMItVTsoxdDqWx72DJvOM99QvLSTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2kxVk95akYwT3BiSHZZTW04NHozMUM4dEpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9lMTc2NDQtOTNkNC00NDU3LThlNWUt
OTY3NTA2ODg1N2YxLzEvWkRXOERmZ1N1bS16M2FLT1lWOGZ1SlNUbGlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS9lMTc2NDQtOTNkNC00NDU3LThlNWUtOTY3NTA2ODg1N2Yx
LzEvd2kxVk95akYwT3BiSHZZTW04NHozMUM4dEpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW9LcMA0G
CSqGSIb3DQEBCwUAA4IBAQBShyrOw8iSldjyKS91O4Tr3OvvBPjnJvxuXS4YFSkJ
BK3RNNP5SYwwXO/et//VGVFtbrniw27I3tAgAZljtKZr+CSXuroqJccdSCvToRt7
y+HZI4Qwv3Ifga+68dj1cRJr41qy/8pzzRUYaJu7J7ZiJ3HEVXI/3zHt6NXEv8mo
kFKWBzfH93UD5oxwFb7VjOBzj5tCauboKIi1QZo+h/SKBZIWuAuOpU0AxkgYb8AW
ihSu9/llOUyvz+64NyxP0x9Q/+MSyFwzU5SyUoLpWXpCOReSK7/2SNc6dLR8ytEl
L9C68jr91QxQ148W9Ea8cGbPC6BZRNEbD+zeFxAzAcev
-----END CERTIFICATE-----