Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/1efbe6-a014-417c-9685-583920f5f05b/1/TzZ1NsMjSVSygE31-jdFyjCgU7g.roa
File:                     TzZ1NsMjSVSygE31-jdFyjCgU7g.roa (raw, json)
Hash identifier:          EU2rmLN+m21gQ5C8s9Vvf+lDRGKaRJKmF030N/AcTIM=
Subject key identifier:   4F:36:75:36:C3:23:49:54:B2:80:4D:F5:FA:37:45:CA:30:A0:53:B8
Certificate issuer:       /CN=473469a966f4df3cf28171d87c74780fc472f979
Certificate serial:       018CC94E5185FAEE630E08435206D9EE0434
Authority key identifier: 47:34:69:A9:66:F4:DF:3C:F2:81:71:D8:7C:74:78:0F:C4:72:F9:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RzRpqWb03zzygXHYfHR4D8Ry-Xk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/1efbe6-a014-417c-9685-583920f5f05b/1/TzZ1NsMjSVSygE31-jdFyjCgU7g.roa
Signing time:             Tue 02 Jan 2024 08:33:22 +0000
ROA not before:           Tue 02 Jan 2024 08:33:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43310
IP address blocks:        91.197.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/1efbe6-a014-417c-9685-583920f5f05b/1/RzRpqWb03zzygXHYfHR4D8Ry-Xk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/1efbe6-a014-417c-9685-583920f5f05b/1/RzRpqWb03zzygXHYfHR4D8Ry-Xk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RzRpqWb03zzygXHYfHR4D8Ry-Xk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:51:85:fa:ee:63:0e:08:43:52:06:d9:ee:04:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=473469a966f4df3cf28171d87c74780fc472f979
        Validity
            Not Before: Jan  2 08:33:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f367536c3234954b2804df5fa3745ca30a053b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:03:5e:db:14:e1:5e:54:49:45:e8:3c:fb:8f:
                    bc:2a:82:9c:0b:b6:e8:5d:e3:b2:af:c9:d3:ee:70:
                    5a:63:67:75:e8:0d:30:68:81:58:b5:da:03:f2:9d:
                    be:1e:b0:9e:2f:c8:3d:4c:75:00:60:4e:57:16:51:
                    7f:5b:43:ac:bf:c4:c8:ab:00:46:12:f9:40:80:05:
                    39:11:14:43:66:69:ad:88:28:08:09:b6:cd:a9:44:
                    fc:d9:a0:49:16:63:70:83:88:c9:8a:0a:12:66:f9:
                    ba:10:db:2c:3e:7e:12:5d:d7:dd:e7:10:84:2e:85:
                    87:e6:50:d0:52:0a:46:be:90:be:4f:dc:8b:f2:bb:
                    f7:b9:1d:5f:29:69:1a:c1:7e:28:30:26:7d:b4:88:
                    5a:0e:cb:0a:b3:9a:37:c1:ae:c2:7b:ae:db:d3:07:
                    84:ea:3a:08:36:11:b5:f8:cd:f4:4a:d8:0a:29:9c:
                    c1:f7:3b:8a:8d:0f:88:f0:ba:62:c7:72:26:9f:11:
                    c3:d1:f2:69:3a:a2:a5:e7:c7:e2:12:b6:16:99:3c:
                    43:96:a0:74:33:67:4e:07:8b:5e:ea:70:d0:d5:cf:
                    2b:1f:df:7a:9c:41:11:d5:5f:2e:0c:6d:89:cc:64:
                    4f:52:97:86:68:3f:cb:75:31:82:9a:d5:60:ab:96:
                    eb:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:36:75:36:C3:23:49:54:B2:80:4D:F5:FA:37:45:CA:30:A0:53:B8
            X509v3 Authority Key Identifier:
                keyid:47:34:69:A9:66:F4:DF:3C:F2:81:71:D8:7C:74:78:0F:C4:72:F9:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RzRpqWb03zzygXHYfHR4D8Ry-Xk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/1efbe6-a014-417c-9685-583920f5f05b/1/TzZ1NsMjSVSygE31-jdFyjCgU7g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/1efbe6-a014-417c-9685-583920f5f05b/1/RzRpqWb03zzygXHYfHR4D8Ry-Xk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:ee:71:0d:4e:14:a6:cb:e9:51:cf:48:8b:bc:2c:49:85:97:
         04:cb:ef:b0:e2:d2:ca:13:bd:b6:83:a5:85:b9:58:23:12:75:
         a9:aa:03:b1:ac:2d:cd:a3:b4:be:b1:69:a0:5e:99:7e:04:ab:
         41:50:ca:2e:26:06:6a:90:66:b8:1b:20:8b:f5:48:4e:ae:00:
         17:88:02:64:97:26:a9:ba:5d:2d:8a:88:28:d5:07:f4:40:82:
         78:ce:11:b3:3d:ca:5e:4b:53:0e:a8:4c:74:00:9f:76:b9:21:
         8c:f2:e8:35:d3:c5:3e:6f:0d:6b:a2:55:53:34:b7:46:0d:d4:
         35:ef:19:0e:29:01:a3:d2:95:55:7e:ae:f8:90:63:da:81:a1:
         98:97:99:f6:2b:a2:27:81:a9:b2:ea:38:b2:65:9e:5b:e8:d6:
         1d:97:a4:f8:03:1f:6f:9c:4f:9e:b5:4e:9e:e0:ff:b0:c5:90:
         39:06:85:9d:9b:e0:87:d7:00:5b:8c:40:8e:ac:c6:98:a2:8a:
         61:7d:fa:06:c8:c8:7f:55:eb:f0:14:80:93:af:02:61:f6:8f:
         4d:7c:d6:31:97:4a:a8:2d:6c:ec:36:b8:15:eb:3b:18:87:93:
         7f:f3:e8:18:a9:f0:33:ec:80:04:94:5b:79:3c:13:b4:e7:c6:
         ce:bb:0d:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTlGF+u5jDghDUgbZ7gQ0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3MzQ2OWE5NjZmNGRmM2NmMjgxNzFkODdjNzQ3ODBmYzQ3
MmY5NzkwHhcNMjQwMTAyMDgzMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjM2NzUzNmMzMjM0OTU0YjI4MDRkZjVmYTM3NDVjYTMwYTA1M2I4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhANe2xThXlRJReg8+4+8KoKcC7bo
XeOyr8nT7nBaY2d16A0waIFYtdoD8p2+HrCeL8g9THUAYE5XFlF/W0Osv8TIqwBG
EvlAgAU5ERRDZmmtiCgICbbNqUT82aBJFmNwg4jJigoSZvm6ENssPn4SXdfd5xCE
LoWH5lDQUgpGvpC+T9yL8rv3uR1fKWkawX4oMCZ9tIhaDssKs5o3wa7Ce67b0weE
6joINhG1+M30StgKKZzB9zuKjQ+I8Lpix3ImnxHD0fJpOqKl58fiErYWmTxDlqB0
M2dOB4te6nDQ1c8rH996nEER1V8uDG2JzGRPUpeGaD/LdTGCmtVgq5brkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE82dTbDI0lUsoBN9fo3RcowoFO4MB8GA1UdIwQY
MBaAFEc0aalm9N888oFx2Hx0eA/Ecvl5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnpScHFXYjAzenp5Z1hIWWZIUjREOFJ5LVhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy8xZWZiZTYtYTAxNC00MTdjLTk2ODUt
NTgzOTIwZjVmMDViLzEvVHpaMU5zTWpTVlN5Z0UzMS1qZEZ5akNnVTdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy8xZWZiZTYtYTAxNC00MTdjLTk2ODUtNTgzOTIwZjVmMDVi
LzEvUnpScHFXYjAzenp5Z1hIWWZIUjREOFJ5LVhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8UHMA0G
CSqGSIb3DQEBCwUAA4IBAQBm7nENThSmy+lRz0iLvCxJhZcEy++w4tLKE722g6WF
uVgjEnWpqgOxrC3No7S+sWmgXpl+BKtBUMouJgZqkGa4GyCL9UhOrgAXiAJklyap
ul0tiogo1Qf0QIJ4zhGzPcpeS1MOqEx0AJ92uSGM8ug108U+bw1rolVTNLdGDdQ1
7xkOKQGj0pVVfq74kGPagaGYl5n2K6Ingamy6jiyZZ5b6NYdl6T4Ax9vnE+etU6e
4P+wxZA5BoWdm+CH1wBbjECOrMaYoophffoGyMh/VevwFICTrwJh9o9NfNYxl0qo
LWzsNrgV6zsYh5N/8+gYqfAz7IAElFt5PBO058bOuw3g
-----END CERTIFICATE-----