Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/c98b87-1857-44bd-8b0c-78d833e4146a/1/zmt9eHpRJa7PuxPm0_85An8iRVA.roa
File:                     zmt9eHpRJa7PuxPm0_85An8iRVA.roa (raw, json)
Hash identifier:          R6+jR3yHTTElk0RHcqex3IqsMXUNl1K4RWqQPiXT3sU=
Subject key identifier:   CE:6B:7D:78:7A:51:25:AE:CF:BB:13:E6:D3:FF:39:02:7F:22:45:50
Certificate issuer:       /CN=a1411f56875b4cb7a58cee6cb607ee251cbdf980
Certificate serial:       018CC3B71BBCE0A3D488518578AE6556BCD7
Authority key identifier: A1:41:1F:56:87:5B:4C:B7:A5:8C:EE:6C:B6:07:EE:25:1C:BD:F9:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oUEfVodbTLeljO5stgfuJRy9-YA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/c98b87-1857-44bd-8b0c-78d833e4146a/1/zmt9eHpRJa7PuxPm0_85An8iRVA.roa
Signing time:             Mon 01 Jan 2024 06:30:06 +0000
ROA not before:           Mon 01 Jan 2024 06:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25512
IP address blocks:        91.234.162.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/c98b87-1857-44bd-8b0c-78d833e4146a/1/oUEfVodbTLeljO5stgfuJRy9-YA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/c98b87-1857-44bd-8b0c-78d833e4146a/1/oUEfVodbTLeljO5stgfuJRy9-YA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oUEfVodbTLeljO5stgfuJRy9-YA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:1b:bc:e0:a3:d4:88:51:85:78:ae:65:56:bc:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1411f56875b4cb7a58cee6cb607ee251cbdf980
        Validity
            Not Before: Jan  1 06:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce6b7d787a5125aecfbb13e6d3ff39027f224550
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:fb:aa:b4:c1:38:14:33:21:4a:e0:ce:ab:83:
                    ea:d7:27:b9:00:42:28:92:01:ed:f4:fb:f2:6f:0e:
                    c4:67:39:ce:1c:9b:db:78:9d:6c:7a:fd:69:0c:e9:
                    03:5f:82:4f:07:2a:c3:38:a6:3c:d8:f8:b2:c9:9d:
                    05:75:11:48:53:b5:a2:79:06:94:39:78:dd:d7:b6:
                    c1:af:95:19:5a:1e:c3:1d:34:22:de:8a:13:8e:4c:
                    e9:68:a7:ac:08:f1:35:35:91:d5:4d:06:20:27:de:
                    4b:c6:86:92:45:1c:b4:ea:2a:03:ec:b5:10:c5:db:
                    ca:f3:ef:04:7e:b9:a7:ab:d0:dc:a5:72:52:60:b4:
                    0e:5b:b6:b7:54:29:e9:af:02:06:e1:42:2d:b6:54:
                    a8:31:e1:5f:9f:8a:ff:ea:6e:8e:6b:fe:ef:7b:8b:
                    44:a2:92:38:59:a0:78:3d:61:d9:29:35:84:80:74:
                    9b:11:dc:73:16:19:eb:fd:39:ea:e0:9d:cb:f6:d2:
                    54:02:de:4d:56:86:57:53:93:22:92:b7:28:d9:12:
                    82:ac:26:d3:8b:43:fd:5a:a7:09:30:2d:1b:0a:da:
                    88:8f:3d:1d:ff:02:a2:27:4c:bd:54:50:db:fa:1d:
                    92:63:45:7b:54:de:19:d4:94:34:60:36:7d:b9:6d:
                    38:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:6B:7D:78:7A:51:25:AE:CF:BB:13:E6:D3:FF:39:02:7F:22:45:50
            X509v3 Authority Key Identifier:
                keyid:A1:41:1F:56:87:5B:4C:B7:A5:8C:EE:6C:B6:07:EE:25:1C:BD:F9:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oUEfVodbTLeljO5stgfuJRy9-YA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/c98b87-1857-44bd-8b0c-78d833e4146a/1/zmt9eHpRJa7PuxPm0_85An8iRVA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/c98b87-1857-44bd-8b0c-78d833e4146a/1/oUEfVodbTLeljO5stgfuJRy9-YA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.162.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c0:3a:20:01:35:a3:6a:ac:f0:b5:7c:05:5d:1f:51:7b:63:3e:
         3b:42:2e:18:6b:2d:3b:ee:b3:5a:3e:c5:4f:39:33:07:f7:53:
         e3:f5:8e:d5:89:c8:01:91:d5:2f:1a:4c:8a:b2:fb:87:28:0a:
         fe:7a:3e:ad:73:30:de:66:4b:b8:c9:67:a1:46:f4:34:1a:c9:
         f3:bf:8e:f5:c5:f0:38:3a:2d:8a:53:93:0e:35:4d:88:f6:d7:
         14:7d:d7:30:0e:af:95:e0:76:1a:dd:a3:26:10:36:d2:bf:bf:
         ba:3a:84:47:73:dc:bb:bb:1b:68:4c:0e:b9:c4:a7:35:0e:67:
         61:86:88:08:b3:63:0b:cd:7d:1c:2e:0b:90:e0:74:eb:c2:44:
         17:8b:07:23:c1:a9:47:25:f4:b1:4d:74:97:e6:7e:44:48:b3:
         b3:11:ce:1b:83:75:c3:c1:aa:f1:49:e8:ec:84:68:e5:60:30:
         4d:f2:2a:25:5d:c8:33:33:c8:8e:dd:14:a8:c8:5b:cc:31:5c:
         69:58:0f:cc:34:7c:0c:2a:d5:48:e1:e6:18:b4:5e:5d:a4:9d:
         39:9a:4a:f1:42:09:39:36:50:6f:54:ab:d1:6a:f4:44:19:5a:
         07:a6:e9:c9:cb:05:1e:45:2f:e3:2e:00:35:61:78:66:d1:b6:
         64:ca:dd:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtxu84KPUiFGFeK5lVrzXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExNDExZjU2ODc1YjRjYjdhNThjZWU2Y2I2MDdlZTI1MWNi
ZGY5ODAwHhcNMjQwMTAxMDYzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTZiN2Q3ODdhNTEyNWFlY2ZiYjEzZTZkM2ZmMzkwMjdmMjI0NTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjvuqtME4FDMhSuDOq4Pq1ye5AEIo
kgHt9Pvybw7EZznOHJvbeJ1sev1pDOkDX4JPByrDOKY82PiyyZ0FdRFIU7WieQaU
OXjd17bBr5UZWh7DHTQi3ooTjkzpaKesCPE1NZHVTQYgJ95LxoaSRRy06ioD7LUQ
xdvK8+8Efrmnq9DcpXJSYLQOW7a3VCnprwIG4UIttlSoMeFfn4r/6m6Oa/7ve4tE
opI4WaB4PWHZKTWEgHSbEdxzFhnr/Tnq4J3L9tJUAt5NVoZXU5Mikrco2RKCrCbT
i0P9WqcJMC0bCtqIjz0d/wKiJ0y9VFDb+h2SY0V7VN4Z1JQ0YDZ9uW04fwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM5rfXh6USWuz7sT5tP/OQJ/IkVQMB8GA1UdIwQY
MBaAFKFBH1aHW0y3pYzubLYH7iUcvfmAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1VFZlZvZGJUTGVsak81c3RnZnVKUnk5LVlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9jOThiODctMTg1Ny00NGJkLThiMGMt
NzhkODMzZTQxNDZhLzEvem10OWVIcFJKYTdQdXhQbTBfODVBbjhpUlZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9jOThiODctMTg1Ny00NGJkLThiMGMtNzhkODMzZTQxNDZh
LzEvb1VFZlZvZGJUTGVsak81c3RnZnVKUnk5LVlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+qiMA0G
CSqGSIb3DQEBCwUAA4IBAQDAOiABNaNqrPC1fAVdH1F7Yz47Qi4Yay077rNaPsVP
OTMH91Pj9Y7VicgBkdUvGkyKsvuHKAr+ej6tczDeZku4yWehRvQ0Gsnzv471xfA4
Oi2KU5MONU2I9tcUfdcwDq+V4HYa3aMmEDbSv7+6OoRHc9y7uxtoTA65xKc1Dmdh
hogIs2MLzX0cLguQ4HTrwkQXiwcjwalHJfSxTXSX5n5ESLOzEc4bg3XDwarxSejs
hGjlYDBN8iolXcgzM8iO3RSoyFvMMVxpWA/MNHwMKtVI4eYYtF5dpJ05mkrxQgk5
NlBvVKvRavREGVoHpunJywUeRS/jLgA1YXhm0bZkyt3/
-----END CERTIFICATE-----