Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/14f9f5-25d7-45e8-bc24-9a688080a579/1/z7o7gIWlC-A0VFSSJepyWaod8wU.roa
File:                     z7o7gIWlC-A0VFSSJepyWaod8wU.roa (raw, json)
Hash identifier:          0C62W7ULWU2Gyn1DPr0iHhK6VTFPq5MQKQfT7RehI1Q=
Subject key identifier:   CF:BA:3B:80:85:A5:0B:E0:34:54:54:92:25:EA:72:59:AA:1D:F3:05
Certificate issuer:       /CN=34cb956ec3a14f6f5e4b76d54342fa98d59c77a6
Certificate serial:       018CC94AC4F1352C6CF01273378AB21E7EB5
Authority key identifier: 34:CB:95:6E:C3:A1:4F:6F:5E:4B:76:D5:43:42:FA:98:D5:9C:77:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NMuVbsOhT29eS3bVQ0L6mNWcd6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/14f9f5-25d7-45e8-bc24-9a688080a579/1/z7o7gIWlC-A0VFSSJepyWaod8wU.roa
Signing time:             Tue 02 Jan 2024 08:29:29 +0000
ROA not before:           Tue 02 Jan 2024 08:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29686
IP address blocks:        91.195.150.0/23 maxlen: 24
                          2001:678:2e0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/14f9f5-25d7-45e8-bc24-9a688080a579/1/NMuVbsOhT29eS3bVQ0L6mNWcd6Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/14f9f5-25d7-45e8-bc24-9a688080a579/1/NMuVbsOhT29eS3bVQ0L6mNWcd6Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NMuVbsOhT29eS3bVQ0L6mNWcd6Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:c4:f1:35:2c:6c:f0:12:73:37:8a:b2:1e:7e:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34cb956ec3a14f6f5e4b76d54342fa98d59c77a6
        Validity
            Not Before: Jan  2 08:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cfba3b8085a50be03454549225ea7259aa1df305
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:65:f5:17:83:2a:9b:e4:7b:2c:64:f3:38:f5:
                    ef:81:b4:eb:98:f2:ae:cf:d3:42:80:d0:77:3c:77:
                    f6:45:c5:10:09:8e:59:a9:09:aa:c4:4d:e3:7d:7d:
                    0d:32:cc:fc:c4:41:81:cc:3f:d0:9b:07:f6:63:2c:
                    b9:c9:dd:3b:45:08:1a:65:28:bf:78:af:48:75:6e:
                    a9:5e:9c:4c:46:19:90:7b:9e:a9:a0:4c:05:47:67:
                    da:69:4b:a9:5d:1e:2b:54:98:70:7b:4b:ea:6e:bc:
                    7e:45:b4:73:71:b2:2d:26:27:06:d7:b7:17:0b:15:
                    82:13:1c:bb:ac:0e:0b:14:85:ca:e7:2b:2b:9b:27:
                    b6:94:13:c5:e7:0b:aa:6d:ae:28:0b:0b:c9:b5:44:
                    ff:3b:83:66:91:d2:79:2d:bd:30:08:6c:9d:ff:e3:
                    87:2d:79:f1:27:b6:d1:58:a1:0d:ae:82:85:d5:1f:
                    ee:d8:39:50:89:94:f8:bf:39:6e:c2:c8:d0:37:44:
                    b8:12:03:a1:f5:90:53:2d:fd:e1:b2:3d:e7:c3:ad:
                    3e:37:6f:bb:32:8c:47:35:a4:0c:64:ea:22:d3:23:
                    e6:e4:6e:07:63:bc:a0:9c:cb:81:a1:c9:82:48:e2:
                    ef:56:83:4e:62:ad:7a:57:cc:c8:27:d5:9e:6f:76:
                    4d:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:BA:3B:80:85:A5:0B:E0:34:54:54:92:25:EA:72:59:AA:1D:F3:05
            X509v3 Authority Key Identifier:
                keyid:34:CB:95:6E:C3:A1:4F:6F:5E:4B:76:D5:43:42:FA:98:D5:9C:77:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NMuVbsOhT29eS3bVQ0L6mNWcd6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/14f9f5-25d7-45e8-bc24-9a688080a579/1/z7o7gIWlC-A0VFSSJepyWaod8wU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/14f9f5-25d7-45e8-bc24-9a688080a579/1/NMuVbsOhT29eS3bVQ0L6mNWcd6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.195.150.0/23
                IPv6:
                  2001:678:2e0::/48

    Signature Algorithm: sha256WithRSAEncryption
         57:4c:8a:f6:67:70:b6:42:17:5a:4a:25:f6:ac:42:43:01:02:
         bb:f3:be:43:b5:5d:ac:a3:e3:25:c5:1e:64:fe:cb:8c:be:10:
         1e:23:b0:a1:96:e7:75:67:36:5c:76:8a:f1:28:c2:32:2e:c1:
         4b:0a:20:9c:d2:77:66:02:11:e5:fa:39:9b:65:19:33:0a:f6:
         62:85:21:dc:b9:97:5f:9e:65:f6:f8:ec:9b:0a:85:56:14:1d:
         a5:2a:dc:44:b2:65:fe:f1:d1:88:1f:dd:0c:80:f0:61:7d:be:
         92:2b:f2:9a:98:75:5a:72:e5:01:31:ef:36:13:2c:de:5e:d3:
         94:d6:78:a3:a0:1a:5d:5d:aa:36:32:d2:71:6c:ab:d1:84:6b:
         c5:a2:c9:f9:c5:49:a9:1a:52:c6:f9:40:09:29:1f:96:bc:d8:
         69:99:c3:4d:6f:10:4f:ec:b0:ac:47:e0:09:3c:2e:23:85:cf:
         42:0c:41:60:38:15:6b:54:14:13:91:39:7f:8d:0d:0e:b0:42:
         81:fd:27:d8:8c:35:bf:bf:59:d2:4f:94:30:66:91:35:dc:e9:
         d1:c4:11:21:7c:ae:54:31:d5:78:7b:51:cb:a3:b9:95:2d:79:
         3f:2f:0d:31:ad:51:31:3e:0e:fc:9c:5f:77:d4:a2:dc:ea:5c:
         51:af:87:2a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJSsTxNSxs8BJzN4qyHn61MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0Y2I5NTZlYzNhMTRmNmY1ZTRiNzZkNTQzNDJmYTk4ZDU5
Yzc3YTYwHhcNMjQwMTAyMDgyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmJhM2I4MDg1YTUwYmUwMzQ1NDU0OTIyNWVhNzI1OWFhMWRmMzA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk2X1F4Mqm+R7LGTzOPXvgbTrmPKu
z9NCgNB3PHf2RcUQCY5ZqQmqxE3jfX0NMsz8xEGBzD/Qmwf2Yyy5yd07RQgaZSi/
eK9IdW6pXpxMRhmQe56poEwFR2faaUupXR4rVJhwe0vqbrx+RbRzcbItJicG17cX
CxWCExy7rA4LFIXK5ysrmye2lBPF5wuqba4oCwvJtUT/O4NmkdJ5Lb0wCGyd/+OH
LXnxJ7bRWKENroKF1R/u2DlQiZT4vzluwsjQN0S4EgOh9ZBTLf3hsj3nw60+N2+7
MoxHNaQMZOoi0yPm5G4HY7ygnMuBocmCSOLvVoNOYq16V8zIJ9Web3ZNzQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFM+6O4CFpQvgNFRUkiXqclmqHfMFMB8GA1UdIwQY
MBaAFDTLlW7DoU9vXkt21UNC+pjVnHemMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTk11VmJzT2hUMjllUzNiVlEwTDZtTldjZDZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS8xNGY5ZjUtMjVkNy00NWU4LWJjMjQt
OWE2ODgwODBhNTc5LzEvejdvN2dJV2xDLUEwVkZTU0plcHlXYW9kOHdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS8xNGY5ZjUtMjVkNy00NWU4LWJjMjQtOWE2ODgwODBhNTc5
LzEvTk11VmJzT2hUMjllUzNiVlEwTDZtTldjZDZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBW8OWMA8E
AgACMAkDBwAgAQZ4AuAwDQYJKoZIhvcNAQELBQADggEBAFdMivZncLZCF1pKJfas
QkMBArvzvkO1Xayj4yXFHmT+y4y+EB4jsKGW53VnNlx2ivEowjIuwUsKIJzSd2YC
EeX6OZtlGTMK9mKFIdy5l1+eZfb47JsKhVYUHaUq3ESyZf7x0Ygf3QyA8GF9vpIr
8pqYdVpy5QEx7zYTLN5e05TWeKOgGl1dqjYy0nFsq9GEa8WiyfnFSakaUsb5QAkp
H5a82GmZw01vEE/ssKxH4Ak8LiOFz0IMQWA4FWtUFBOROX+NDQ6wQoH9J9iMNb+/
WdJPlDBmkTXc6dHEESF8rlQx1Xh7UcujuZUteT8vDTGtUTE+DvycX3fUotzqXFGv
hyo=
-----END CERTIFICATE-----