Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/hzFPEgqgrLZ304HPFsU19-s2y88.roa
File:                     hzFPEgqgrLZ304HPFsU19-s2y88.roa (raw, json)
Hash identifier:          kc2vTGb+BjO7m2HTS4HmIV3Zqqje6pjZZQHbVNOQfg8=
Subject key identifier:   87:31:4F:12:0A:A0:AC:B6:77:D3:81:CF:16:C5:35:F7:EB:36:CB:CF
Certificate issuer:       /CN=db1d6eba463b7564abfae938b46ed47187de0ec0
Certificate serial:       0191748C61394437AADA6E337DBC532D782B
Authority key identifier: DB:1D:6E:BA:46:3B:75:64:AB:FA:E9:38:B4:6E:D4:71:87:DE:0E:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/hzFPEgqgrLZ304HPFsU19-s2y88.roa
Signing time:             Wed 21 Aug 2024 10:47:22 +0000
ROA not before:           Wed 21 Aug 2024 10:47:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     26548
IP address blocks:        91.242.228.0/24 maxlen: 24
                          94.154.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:74:8c:61:39:44:37:aa:da:6e:33:7d:bc:53:2d:78:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db1d6eba463b7564abfae938b46ed47187de0ec0
        Validity
            Not Before: Aug 21 10:47:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=87314f120aa0acb677d381cf16c535f7eb36cbcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:7e:f3:95:df:72:19:03:7b:c7:f3:df:a5:00:
                    a1:5b:6d:45:89:ff:7a:c7:4b:e1:67:69:42:63:1d:
                    02:7e:fc:ec:f9:5d:cb:21:2e:cb:3c:c9:9a:21:10:
                    72:45:55:09:ea:45:32:07:9b:6d:59:df:cb:f1:a8:
                    8b:de:62:f0:61:25:5b:39:c8:d2:6b:6a:c5:35:ee:
                    a5:ff:15:76:bb:9a:df:e9:68:69:bd:91:56:45:41:
                    94:76:32:43:15:fe:c8:28:f6:d8:4b:57:49:fd:43:
                    b4:4f:ea:8d:86:f1:07:60:f6:fe:35:d7:b0:fe:04:
                    80:ee:3f:e3:30:16:f5:c4:69:31:9d:da:ce:b3:a6:
                    af:68:36:4b:78:22:5c:86:ea:08:e8:38:89:70:3a:
                    2a:84:58:ea:75:0d:43:82:6a:c0:78:19:bd:6f:22:
                    af:fb:76:51:89:26:43:5c:e4:79:c1:e0:36:73:52:
                    20:85:9a:7d:68:17:91:bf:25:06:6b:05:68:2a:36:
                    01:b5:a7:13:83:84:65:7b:f7:40:c4:02:60:00:c0:
                    b0:e4:cd:2e:45:d4:1f:e5:31:2f:4e:e3:15:b0:db:
                    99:d6:14:42:05:89:fc:dc:d4:dc:8a:7f:01:72:e8:
                    0d:f3:11:a5:fc:ca:58:c3:24:80:68:5a:82:ff:ed:
                    89:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:31:4F:12:0A:A0:AC:B6:77:D3:81:CF:16:C5:35:F7:EB:36:CB:CF
            X509v3 Authority Key Identifier:
                keyid:DB:1D:6E:BA:46:3B:75:64:AB:FA:E9:38:B4:6E:D4:71:87:DE:0E:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/hzFPEgqgrLZ304HPFsU19-s2y88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.242.228.0/24
                  94.154.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:6d:0c:03:ad:64:09:2a:f0:52:08:b5:20:dd:70:f6:df:84:
         5a:00:4f:8d:4c:89:7c:02:15:55:61:ef:82:2a:0a:dc:dd:b5:
         92:61:a7:5e:8a:0c:35:9d:8d:b4:91:a1:91:bc:7e:5f:20:73:
         82:5f:07:ea:b8:6b:62:25:61:19:38:fd:9f:78:10:96:40:ce:
         0d:10:7b:8d:34:1e:71:d5:5f:1b:c1:05:6e:e0:fc:9c:ff:57:
         fb:99:36:8e:be:03:57:0d:2c:9d:02:35:bb:84:50:d9:6d:74:
         79:56:75:f3:1f:76:63:4d:91:f3:b3:8b:70:74:36:a2:7e:2b:
         fd:d8:15:4a:1a:7b:c7:bf:22:af:c0:b9:c8:1c:47:6d:e4:1d:
         4e:a6:05:68:61:42:d7:04:3b:ae:9b:c3:ab:ee:d3:55:42:b2:
         a7:15:ff:94:75:b4:e8:48:75:e6:04:f1:29:b1:c5:3b:04:e7:
         36:33:dd:92:e1:39:0f:50:37:7d:89:e1:9a:aa:2c:9b:2e:11:
         cd:2c:98:77:8d:78:89:ee:4c:20:d8:0e:5c:19:86:cc:ee:2b:
         42:2a:09:e4:61:c6:2c:29:96:a7:47:7a:78:f5:c4:92:b4:f2:
         bb:4b:5b:55:37:99:2f:66:35:76:75:a9:03:3f:4d:22:38:9e:
         d9:01:f4:d2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZF0jGE5RDeq2m4zfbxTLXgrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiMWQ2ZWJhNDYzYjc1NjRhYmZhZTkzOGI0NmVkNDcxODdk
ZTBlYzAwHhcNMjQwODIxMTA0NzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzMxNGYxMjBhYTBhY2I2NzdkMzgxY2YxNmM1MzVmN2ViMzZjYmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxX7zld9yGQN7x/PfpQChW21Fif96
x0vhZ2lCYx0Cfvzs+V3LIS7LPMmaIRByRVUJ6kUyB5ttWd/L8aiL3mLwYSVbOcjS
a2rFNe6l/xV2u5rf6WhpvZFWRUGUdjJDFf7IKPbYS1dJ/UO0T+qNhvEHYPb+Ndew
/gSA7j/jMBb1xGkxndrOs6avaDZLeCJchuoI6DiJcDoqhFjqdQ1DgmrAeBm9byKv
+3ZRiSZDXOR5weA2c1IghZp9aBeRvyUGawVoKjYBtacTg4Rle/dAxAJgAMCw5M0u
RdQf5TEvTuMVsNuZ1hRCBYn83NTcin8BcugN8xGl/MpYwySAaFqC/+2JmwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIcxTxIKoKy2d9OBzxbFNffrNsvPMB8GA1UdIwQY
MBaAFNsdbrpGO3Vkq/rpOLRu1HGH3g7AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMngxdXVrWTdkV1NyLXVrNHRHN1VjWWZlRHNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80ZjY5ODUtYjk0YS00N2NjLWEzMDAt
NmYyY2Y0ZjAzY2ViLzEvaHpGUEVncWdyTFozMDRIUEZzVTE5LXMyeTg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80ZjY5ODUtYjk0YS00N2NjLWEzMDAtNmYyY2Y0ZjAzY2Vi
LzEvMngxdXVrWTdkV1NyLXVrNHRHN1VjWWZlRHNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW/LkAwQA
Xpp/MA0GCSqGSIb3DQEBCwUAA4IBAQAhbQwDrWQJKvBSCLUg3XD234RaAE+NTIl8
AhVVYe+CKgrc3bWSYadeigw1nY20kaGRvH5fIHOCXwfquGtiJWEZOP2feBCWQM4N
EHuNNB5x1V8bwQVu4Pyc/1f7mTaOvgNXDSydAjW7hFDZbXR5VnXzH3ZjTZHzs4tw
dDaifiv92BVKGnvHvyKvwLnIHEdt5B1OpgVoYULXBDuum8Or7tNVQrKnFf+UdbTo
SHXmBPEpscU7BOc2M92S4TkPUDd9ieGaqiybLhHNLJh3jXiJ7kwg2A5cGYbM7itC
KgnkYcYsKZanR3p49cSStPK7S1tVN5kvZjV2dakDP00iOJ7ZAfTS
-----END CERTIFICATE-----