Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/22ffcc-592a-4a1c-b515-c1aefed4d8f9/1/iZ_pzZy3rbfuLYmK_mUmFHNhoo8.roa
File:                     iZ_pzZy3rbfuLYmK_mUmFHNhoo8.roa (raw, json)
Hash identifier:          GBAA+q2Brv9ayOpHt3MF4JxA67XpyQEtJqMYRKC+S5k=
Subject key identifier:   89:9F:E9:CD:9C:B7:AD:B7:EE:2D:89:8A:FE:65:26:14:73:61:A2:8F
Certificate issuer:       /CN=2672a1b1a78ea1813599efea9c8e032e9ef42690
Certificate serial:       01901125499F0CF2B1DDE7DE1A462FAB4C2F
Authority key identifier: 26:72:A1:B1:A7:8E:A1:81:35:99:EF:EA:9C:8E:03:2E:9E:F4:26:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JnKhsaeOoYE1me_qnI4DLp70JpA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/22ffcc-592a-4a1c-b515-c1aefed4d8f9/1/iZ_pzZy3rbfuLYmK_mUmFHNhoo8.roa
Signing time:             Thu 13 Jun 2024 10:29:34 +0000
ROA not before:           Thu 13 Jun 2024 10:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51088
IP address blocks:        91.199.40.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/22ffcc-592a-4a1c-b515-c1aefed4d8f9/1/JnKhsaeOoYE1me_qnI4DLp70JpA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/22ffcc-592a-4a1c-b515-c1aefed4d8f9/1/JnKhsaeOoYE1me_qnI4DLp70JpA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JnKhsaeOoYE1me_qnI4DLp70JpA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:11:25:49:9f:0c:f2:b1:dd:e7:de:1a:46:2f:ab:4c:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2672a1b1a78ea1813599efea9c8e032e9ef42690
        Validity
            Not Before: Jun 13 10:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=899fe9cd9cb7adb7ee2d898afe6526147361a28f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:74:9b:78:a6:59:9a:1c:8c:a8:cd:55:87:6a:
                    a8:16:5d:aa:14:c3:d4:69:1d:90:29:93:fb:1e:4a:
                    2f:be:fc:91:b8:b4:b5:44:31:51:ae:4c:76:2f:9d:
                    a7:62:b4:dc:28:16:aa:97:43:73:24:9e:00:86:7c:
                    86:b5:60:27:f1:72:28:79:68:d0:e5:4c:f4:b5:40:
                    ba:9f:91:ce:8a:d6:94:8d:4c:62:77:73:ed:c6:4a:
                    e7:ab:cf:a7:bb:40:d3:d3:14:21:4b:28:f3:03:02:
                    3f:57:b5:26:94:65:cd:43:29:8a:e1:54:7c:e6:a6:
                    ad:f7:f5:2a:24:8e:63:07:92:b0:69:28:4a:b1:33:
                    ca:de:57:f4:d9:18:a3:bf:b3:d0:96:45:c5:82:16:
                    67:6d:16:d7:f1:7a:ee:81:db:96:e8:f3:d5:6e:d8:
                    f4:54:c9:eb:b9:cd:67:2d:36:2a:8c:5c:63:b6:60:
                    bd:72:11:42:4f:68:da:10:53:8d:39:65:37:81:a4:
                    b1:ce:0c:45:d7:42:c3:29:18:22:68:59:ef:77:c2:
                    37:2f:af:eb:23:66:da:8a:5e:62:e3:6d:a2:68:0c:
                    df:ce:7d:aa:6f:26:0a:2b:48:33:af:13:4c:75:f8:
                    11:b6:78:da:73:20:2b:2b:9a:2b:59:67:e7:7f:28:
                    f4:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:9F:E9:CD:9C:B7:AD:B7:EE:2D:89:8A:FE:65:26:14:73:61:A2:8F
            X509v3 Authority Key Identifier:
                keyid:26:72:A1:B1:A7:8E:A1:81:35:99:EF:EA:9C:8E:03:2E:9E:F4:26:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JnKhsaeOoYE1me_qnI4DLp70JpA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/22ffcc-592a-4a1c-b515-c1aefed4d8f9/1/iZ_pzZy3rbfuLYmK_mUmFHNhoo8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/22ffcc-592a-4a1c-b515-c1aefed4d8f9/1/JnKhsaeOoYE1me_qnI4DLp70JpA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:de:74:f9:d2:72:b2:be:f5:4e:f8:a9:74:5e:e4:4c:e8:94:
         19:a7:39:45:45:cc:7b:7e:03:ba:d5:23:f1:6a:c3:e3:3a:b5:
         ad:55:1a:98:c2:bc:f6:cf:4f:83:2c:43:83:e8:a6:6d:1a:f2:
         b6:73:0a:74:1f:34:4b:46:a1:13:43:ab:4f:f3:fe:98:2c:69:
         2d:ca:25:fe:c1:8a:e0:5b:3c:5b:71:af:3c:8a:b7:c1:9b:72:
         1b:22:0b:58:52:4c:40:0f:e5:1f:38:d8:1d:b6:69:bc:21:ee:
         71:52:86:2c:0d:6d:47:2c:0d:81:18:4a:89:e4:ab:3e:52:ad:
         0c:04:1d:5e:27:4f:e6:0d:d7:71:87:76:9c:19:ae:24:f3:ef:
         f5:bd:c3:1f:27:66:c2:8d:66:3b:f8:ba:71:2f:0c:e8:8b:e3:
         a6:3f:5f:ea:1c:53:25:49:5c:2f:3b:f1:a8:23:2c:45:79:4f:
         14:ab:3b:c2:87:8d:56:24:c6:e6:e5:55:c5:2e:a6:ed:41:de:
         25:72:ea:04:d8:02:bc:bd:d9:a6:08:82:8b:d5:2a:fc:f7:60:
         b5:98:03:5e:88:0a:d0:9d:62:f3:33:5d:cc:1d:1f:42:29:99:
         14:4f:bd:4b:50:0a:06:30:4a:59:60:ad:85:21:01:47:71:88:
         ca:34:78:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZARJUmfDPKx3efeGkYvq0wvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NzJhMWIxYTc4ZWExODEzNTk5ZWZlYTljOGUwMzJlOWVm
NDI2OTAwHhcNMjQwNjEzMTAyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTlmZTljZDljYjdhZGI3ZWUyZDg5OGFmZTY1MjYxNDczNjFhMjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxXSbeKZZmhyMqM1Vh2qoFl2qFMPU
aR2QKZP7HkovvvyRuLS1RDFRrkx2L52nYrTcKBaql0NzJJ4AhnyGtWAn8XIoeWjQ
5Uz0tUC6n5HOitaUjUxid3Ptxkrnq8+nu0DT0xQhSyjzAwI/V7UmlGXNQymK4VR8
5qat9/UqJI5jB5KwaShKsTPK3lf02Rijv7PQlkXFghZnbRbX8XrugduW6PPVbtj0
VMnruc1nLTYqjFxjtmC9chFCT2jaEFONOWU3gaSxzgxF10LDKRgiaFnvd8I3L6/r
I2bail5i422iaAzfzn2qbyYKK0gzrxNMdfgRtnjacyArK5orWWfnfyj0awIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFImf6c2ct6237i2Jiv5lJhRzYaKPMB8GA1UdIwQY
MBaAFCZyobGnjqGBNZnv6pyOAy6e9CaQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm5LaHNhZU9vWUUxbWVfcW5JNERMcDcwSnBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS8yMmZmY2MtNTkyYS00YTFjLWI1MTUt
YzFhZWZlZDRkOGY5LzEvaVpfcHpaeTNyYmZ1TFltS19tVW1GSE5ob284LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS8yMmZmY2MtNTkyYS00YTFjLWI1MTUtYzFhZWZlZDRkOGY5
LzEvSm5LaHNhZU9vWUUxbWVfcW5JNERMcDcwSnBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8coMA0G
CSqGSIb3DQEBCwUAA4IBAQAD3nT50nKyvvVO+Kl0XuRM6JQZpzlFRcx7fgO61SPx
asPjOrWtVRqYwrz2z0+DLEOD6KZtGvK2cwp0HzRLRqETQ6tP8/6YLGktyiX+wYrg
Wzxbca88irfBm3IbIgtYUkxAD+UfONgdtmm8Ie5xUoYsDW1HLA2BGEqJ5Ks+Uq0M
BB1eJ0/mDddxh3acGa4k8+/1vcMfJ2bCjWY7+LpxLwzoi+OmP1/qHFMlSVwvO/Go
IyxFeU8UqzvCh41WJMbm5VXFLqbtQd4lcuoE2AK8vdmmCIKL1Sr892C1mANeiArQ
nWLzM13MHR9CKZkUT71LUAoGMEpZYK2FIQFHcYjKNHgB
-----END CERTIFICATE-----