Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/0d5f53-9653-47fb-a977-48f5e8767d02/1/zew6WeMmrhh8mjJyIN00IgvGsXI.roa
File:                     zew6WeMmrhh8mjJyIN00IgvGsXI.roa (raw, json)
Hash identifier:          h6/6dIomIV9kngzM8DzXEq2z2nasDY/TptCgvsxd39c=
Subject key identifier:   CD:EC:3A:59:E3:26:AE:18:7C:9A:32:72:20:DD:34:22:0B:C6:B1:72
Certificate issuer:       /CN=d1df4803e54b084a99cb7bb044bf791327594b73
Certificate serial:       0190D8DCFB6D5DF29594C72FC34F3DBFF6DE
Authority key identifier: D1:DF:48:03:E5:4B:08:4A:99:CB:7B:B0:44:BF:79:13:27:59:4B:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0d9IA-VLCEqZy3uwRL95EydZS3M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/0d5f53-9653-47fb-a977-48f5e8767d02/1/zew6WeMmrhh8mjJyIN00IgvGsXI.roa
Signing time:             Mon 22 Jul 2024 05:14:39 +0000
ROA not before:           Mon 22 Jul 2024 05:14:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48981
IP address blocks:        91.198.28.0/24 maxlen: 24
                          2a0f:5c40::/29 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/0d5f53-9653-47fb-a977-48f5e8767d02/1/0d9IA-VLCEqZy3uwRL95EydZS3M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/0d5f53-9653-47fb-a977-48f5e8767d02/1/0d9IA-VLCEqZy3uwRL95EydZS3M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0d9IA-VLCEqZy3uwRL95EydZS3M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:d8:dc:fb:6d:5d:f2:95:94:c7:2f:c3:4f:3d:bf:f6:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1df4803e54b084a99cb7bb044bf791327594b73
        Validity
            Not Before: Jul 22 05:14:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cdec3a59e326ae187c9a327220dd34220bc6b172
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:74:a0:7b:de:3a:9a:1d:c0:96:7e:bf:4a:3b:
                    41:ca:b1:e2:a9:0d:1b:99:da:56:44:a0:c5:af:fa:
                    69:2a:ac:24:07:7f:e6:1c:8b:a7:eb:8c:93:0c:80:
                    ee:7a:a3:09:23:e3:35:6a:70:f3:65:ca:39:de:01:
                    47:80:96:e3:0a:20:1a:04:cc:32:f1:d9:fe:67:d0:
                    18:95:9e:e4:50:0d:b8:f8:e6:33:19:d1:42:18:8f:
                    13:4b:30:56:e1:39:32:24:1d:84:19:bc:9c:c2:27:
                    4d:fe:35:eb:ba:3b:17:2c:2e:2b:eb:3d:24:7a:b1:
                    d4:80:8b:a7:15:bc:0a:ea:1b:8c:ca:99:4e:d0:91:
                    1e:60:e7:ed:d9:aa:45:96:1e:08:6c:37:2d:d9:76:
                    ed:9e:f2:7e:2e:31:8a:57:4f:33:90:e9:99:80:7e:
                    2d:42:d2:bf:91:ee:de:57:a0:e9:86:54:5d:82:d1:
                    ae:12:04:79:38:af:fd:c7:94:4c:86:26:02:e8:0a:
                    75:e4:a7:63:c6:ab:a9:ef:f0:6e:2f:cb:d4:11:bc:
                    14:41:a6:b5:d1:cc:82:30:58:47:97:fe:e8:c5:96:
                    b6:36:26:3f:4c:3e:2a:bd:83:42:a3:63:c2:0e:f0:
                    e1:4a:96:0f:fe:85:4e:be:a2:6c:e9:8c:32:3b:a5:
                    af:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:EC:3A:59:E3:26:AE:18:7C:9A:32:72:20:DD:34:22:0B:C6:B1:72
            X509v3 Authority Key Identifier:
                keyid:D1:DF:48:03:E5:4B:08:4A:99:CB:7B:B0:44:BF:79:13:27:59:4B:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d9IA-VLCEqZy3uwRL95EydZS3M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/0d5f53-9653-47fb-a977-48f5e8767d02/1/zew6WeMmrhh8mjJyIN00IgvGsXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/0d5f53-9653-47fb-a977-48f5e8767d02/1/0d9IA-VLCEqZy3uwRL95EydZS3M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.28.0/24
                IPv6:
                  2a0f:5c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         45:d8:5d:12:89:2c:1d:17:1f:7d:48:c5:4f:c3:a8:ba:8a:13:
         a7:58:d8:80:af:d5:0e:86:ed:dd:e9:80:da:ea:3d:7e:47:4f:
         69:cd:59:ef:c5:a1:2d:a5:13:cc:2f:98:81:f9:a6:f5:c0:65:
         74:9e:1a:21:f3:79:1f:40:1e:a1:a4:3f:f8:52:03:17:90:58:
         2b:0b:64:d0:4c:f4:a3:9a:5b:9e:b5:05:00:3b:1f:02:16:a6:
         35:f8:b2:d2:67:91:2c:36:d6:1e:92:c4:b9:52:03:99:2c:94:
         5a:23:bf:45:bd:ca:75:36:99:31:4a:74:f4:16:5a:30:c6:6e:
         09:36:40:e6:43:3f:4a:e3:4c:50:41:a9:f2:4c:eb:c1:a9:bd:
         91:ba:ee:33:66:9f:50:d9:91:c5:45:e1:a5:78:e0:b6:f1:e6:
         2e:b1:2f:96:8b:27:0d:0e:57:1b:f7:96:2c:ff:b1:8d:d6:07:
         e0:97:42:e4:fc:59:f6:8b:16:71:c7:11:18:74:81:eb:ce:0b:
         23:88:d1:11:40:d0:51:8e:c7:88:63:31:35:8e:40:91:b8:77:
         6a:61:b5:b0:7c:b6:d5:03:7d:63:bd:b8:1e:75:6a:da:5c:cd:
         cb:55:2d:e8:c9:d7:61:10:07:97:ee:94:d0:1e:9d:48:7c:81:
         7a:8e:ea:cd
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZDY3PttXfKVlMcvw089v/beMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxZGY0ODAzZTU0YjA4NGE5OWNiN2JiMDQ0YmY3OTEzMjc1
OTRiNzMwHhcNMjQwNzIyMDUxNDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGVjM2E1OWUzMjZhZTE4N2M5YTMyNzIyMGRkMzQyMjBiYzZiMTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHSge946mh3Aln6/SjtByrHiqQ0b
mdpWRKDFr/ppKqwkB3/mHIun64yTDIDueqMJI+M1anDzZco53gFHgJbjCiAaBMwy
8dn+Z9AYlZ7kUA24+OYzGdFCGI8TSzBW4TkyJB2EGbycwidN/jXrujsXLC4r6z0k
erHUgIunFbwK6huMyplO0JEeYOft2apFlh4IbDct2XbtnvJ+LjGKV08zkOmZgH4t
QtK/ke7eV6DphlRdgtGuEgR5OK/9x5RMhiYC6Ap15Kdjxqup7/BuL8vUEbwUQaa1
0cyCMFhHl/7oxZa2NiY/TD4qvYNCo2PCDvDhSpYP/oVOvqJs6YwyO6WvmQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFM3sOlnjJq4YfJoyciDdNCILxrFyMB8GA1UdIwQY
MBaAFNHfSAPlSwhKmct7sES/eRMnWUtzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGQ5SUEtVkxDRXFaeTN1d1JMOTVFeWRaUzNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi8wZDVmNTMtOTY1My00N2ZiLWE5Nzct
NDhmNWU4NzY3ZDAyLzEvemV3NldlTW1yaGg4bWpKeUlOMDBJZ3ZHc1hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi8wZDVmNTMtOTY1My00N2ZiLWE5NzctNDhmNWU4NzY3ZDAy
LzEvMGQ5SUEtVkxDRXFaeTN1d1JMOTVFeWRaUzNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW8YcMA0E
AgACMAcDBQMqD1xAMA0GCSqGSIb3DQEBCwUAA4IBAQBF2F0SiSwdFx99SMVPw6i6
ihOnWNiAr9UOhu3d6YDa6j1+R09pzVnvxaEtpRPML5iB+ab1wGV0nhoh83kfQB6h
pD/4UgMXkFgrC2TQTPSjmluetQUAOx8CFqY1+LLSZ5EsNtYeksS5UgOZLJRaI79F
vcp1NpkxSnT0Flowxm4JNkDmQz9K40xQQanyTOvBqb2Ruu4zZp9Q2ZHFReGleOC2
8eYusS+WiycNDlcb95Ys/7GN1gfgl0Lk/Fn2ixZxxxEYdIHrzgsjiNERQNBRjseI
YzE1jkCRuHdqYbWwfLbVA31jvbgedWraXM3LVS3oyddhEAeX7pTQHp1IfIF6jurN
-----END CERTIFICATE-----