Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/396890-e96c-4d1f-936c-8fee7ec7c3cd/1/zVXXGHbY-w7EHl6IwdD6uilnuxI.roa
File:                     zVXXGHbY-w7EHl6IwdD6uilnuxI.roa (raw, json)
Hash identifier:          fA1ruVh33Esw0gAC7Pr3GZCh9+jWPBhEo+JQEl3x5ig=
Subject key identifier:   CD:55:D7:18:76:D8:FB:0E:C4:1E:5E:88:C1:D0:FA:BA:29:67:BB:12
Certificate issuer:       /CN=c01574cb9e0e35bf9754ef9175014bc746008f0e
Certificate serial:       0192FB6B8921D466AAC06331B4240C2105DB
Authority key identifier: C0:15:74:CB:9E:0E:35:BF:97:54:EF:91:75:01:4B:C7:46:00:8F:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wBV0y54ONb-XVO-RdQFLx0YAjw4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/396890-e96c-4d1f-936c-8fee7ec7c3cd/1/zVXXGHbY-w7EHl6IwdD6uilnuxI.roa
Signing time:             Tue 05 Nov 2024 08:23:01 +0000
ROA not before:           Tue 05 Nov 2024 08:23:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24961
IP address blocks:        91.199.44.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/396890-e96c-4d1f-936c-8fee7ec7c3cd/1/wBV0y54ONb-XVO-RdQFLx0YAjw4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/396890-e96c-4d1f-936c-8fee7ec7c3cd/1/wBV0y54ONb-XVO-RdQFLx0YAjw4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wBV0y54ONb-XVO-RdQFLx0YAjw4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:fb:6b:89:21:d4:66:aa:c0:63:31:b4:24:0c:21:05:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c01574cb9e0e35bf9754ef9175014bc746008f0e
        Validity
            Not Before: Nov  5 08:23:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd55d71876d8fb0ec41e5e88c1d0faba2967bb12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:3f:34:4c:b3:63:5b:18:25:fd:6a:16:dd:f1:
                    7a:7b:2a:b3:bc:c9:81:cd:df:4b:9a:1e:42:62:64:
                    98:d7:10:89:22:ca:b6:f9:bc:33:4a:78:39:5e:98:
                    4f:58:4c:b1:c2:68:07:a4:3c:85:9b:84:59:1a:28:
                    a7:ca:29:1d:b3:45:34:63:14:14:87:e8:39:44:70:
                    bd:f9:c4:12:0a:33:ba:e4:f0:d8:13:f1:7a:f7:cf:
                    c1:54:e8:47:90:24:bf:d1:0d:39:7a:c1:e5:d9:9c:
                    ea:4a:5c:89:70:c8:11:a3:ee:35:23:83:aa:f5:d4:
                    9f:0f:14:6d:93:8f:17:54:ef:94:e0:e0:ee:df:9c:
                    31:38:2b:ab:bc:cd:86:93:d5:f4:42:70:b2:e8:b4:
                    28:53:92:e1:56:00:fe:09:ad:d1:7e:ce:8f:d2:5b:
                    07:11:c0:e2:e5:13:91:19:db:c4:e7:0a:ae:9b:10:
                    18:b3:9b:ac:ce:31:b8:eb:7c:05:1a:be:40:0e:a5:
                    c4:4f:26:62:7e:0c:f9:28:95:0c:6a:ff:ff:09:31:
                    88:a8:3e:39:97:0c:68:7d:9d:56:f8:a7:4d:8b:7e:
                    e5:29:39:01:41:e5:21:4d:bb:bb:86:e2:9c:f8:a2:
                    6b:fd:dd:46:60:0a:d0:8a:59:d3:62:eb:3b:aa:c3:
                    24:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:55:D7:18:76:D8:FB:0E:C4:1E:5E:88:C1:D0:FA:BA:29:67:BB:12
            X509v3 Authority Key Identifier:
                keyid:C0:15:74:CB:9E:0E:35:BF:97:54:EF:91:75:01:4B:C7:46:00:8F:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wBV0y54ONb-XVO-RdQFLx0YAjw4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/396890-e96c-4d1f-936c-8fee7ec7c3cd/1/zVXXGHbY-w7EHl6IwdD6uilnuxI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/396890-e96c-4d1f-936c-8fee7ec7c3cd/1/wBV0y54ONb-XVO-RdQFLx0YAjw4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:72:78:d4:c1:c4:9a:f6:2b:7f:93:e2:4b:29:f6:60:f4:9d:
         59:84:67:45:c2:cd:db:d6:f0:a9:13:ad:2a:3d:aa:c5:6a:89:
         e3:50:3e:5b:78:80:0b:4f:e5:e1:09:e2:e9:1e:fa:2c:06:77:
         4a:d4:c4:8d:d4:57:15:65:35:c3:4f:7a:87:f1:0e:57:65:2d:
         59:c3:c6:31:40:31:e6:5c:16:bb:75:7c:3c:ca:a9:7f:25:57:
         85:fc:75:15:ca:50:69:78:3f:b5:98:2f:b5:a1:cc:88:b6:b6:
         8c:fc:f3:14:2c:2f:08:ab:23:81:1e:8e:cc:aa:68:0a:09:2c:
         8e:ff:1d:c6:bf:54:df:91:23:b6:84:71:b1:dd:71:9b:e8:4a:
         24:76:67:3f:74:c2:35:37:11:f6:67:2d:27:03:e1:04:21:20:
         3d:f2:e9:e9:d9:05:98:90:bd:ce:31:05:1b:ec:04:6c:18:3e:
         d6:6b:f0:56:e5:6e:13:2a:d6:a0:bd:ff:0c:b8:da:a8:7f:1e:
         73:88:cb:1d:df:e4:56:df:58:f1:3c:ac:0c:9f:34:39:18:ee:
         99:bc:57:67:e5:7e:4a:d9:ff:5a:04:4c:b3:2f:3c:a1:48:3a:
         dc:94:d9:c8:d1:06:18:4d:28:2c:6a:ae:6d:a5:b6:6a:8c:51:
         4e:37:b4:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZL7a4kh1GaqwGMxtCQMIQXbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwMTU3NGNiOWUwZTM1YmY5NzU0ZWY5MTc1MDE0YmM3NDYw
MDhmMGUwHhcNMjQxMTA1MDgyMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDU1ZDcxODc2ZDhmYjBlYzQxZTVlODhjMWQwZmFiYTI5NjdiYjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnD80TLNjWxgl/WoW3fF6eyqzvMmB
zd9Lmh5CYmSY1xCJIsq2+bwzSng5XphPWEyxwmgHpDyFm4RZGiinyikds0U0YxQU
h+g5RHC9+cQSCjO65PDYE/F698/BVOhHkCS/0Q05esHl2ZzqSlyJcMgRo+41I4Oq
9dSfDxRtk48XVO+U4ODu35wxOCurvM2Gk9X0QnCy6LQoU5LhVgD+Ca3Rfs6P0lsH
EcDi5RORGdvE5wqumxAYs5uszjG463wFGr5ADqXETyZifgz5KJUMav//CTGIqD45
lwxofZ1W+KdNi37lKTkBQeUhTbu7huKc+KJr/d1GYArQilnTYus7qsMkUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM1V1xh22PsOxB5eiMHQ+ropZ7sSMB8GA1UdIwQY
MBaAFMAVdMueDjW/l1TvkXUBS8dGAI8OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0JWMHk1NE9OYi1YVk8tUmRRRkx4MFlBanc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8zOTY4OTAtZTk2Yy00ZDFmLTkzNmMt
OGZlZTdlYzdjM2NkLzEvelZYWEdIYlktdzdFSGw2SXdkRDZ1aWxudXhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8zOTY4OTAtZTk2Yy00ZDFmLTkzNmMtOGZlZTdlYzdjM2Nk
LzEvd0JWMHk1NE9OYi1YVk8tUmRRRkx4MFlBanc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8csMA0G
CSqGSIb3DQEBCwUAA4IBAQALcnjUwcSa9it/k+JLKfZg9J1ZhGdFws3b1vCpE60q
ParFaonjUD5beIALT+XhCeLpHvosBndK1MSN1FcVZTXDT3qH8Q5XZS1Zw8YxQDHm
XBa7dXw8yql/JVeF/HUVylBpeD+1mC+1ocyItraM/PMULC8IqyOBHo7MqmgKCSyO
/x3Gv1TfkSO2hHGx3XGb6Eokdmc/dMI1NxH2Zy0nA+EEISA98unp2QWYkL3OMQUb
7ARsGD7Wa/BW5W4TKtagvf8MuNqofx5ziMsd3+RW31jxPKwMnzQ5GO6ZvFdn5X5K
2f9aBEyzLzyhSDrclNnI0QYYTSgsaq5tpbZqjFFON7QF
-----END CERTIFICATE-----