Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/9825a0-1fdc-4162-8372-b9dbdc8b439c/1/2ZO2YLcqrHoXknO7KSnbS96VCQA.roa
File:                     2ZO2YLcqrHoXknO7KSnbS96VCQA.roa (raw, json)
Hash identifier:          jviEAHqCVUKU6CZ+EkDs1G+dSb6SmspeSbbEXZEeLFE=
Subject key identifier:   D9:93:B6:60:B7:2A:AC:7A:17:92:73:BB:29:29:DB:4B:DE:95:09:00
Certificate issuer:       /CN=16979d37da016abd13279270ba55d6b3c2960578
Certificate serial:       018CCA2BDAEA8DF58CDE8B1896A208FED48A
Authority key identifier: 16:97:9D:37:DA:01:6A:BD:13:27:92:70:BA:55:D6:B3:C2:96:05:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FpedN9oBar0TJ5JwulXWs8KWBXg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/9825a0-1fdc-4162-8372-b9dbdc8b439c/1/2ZO2YLcqrHoXknO7KSnbS96VCQA.roa
Signing time:             Tue 02 Jan 2024 12:35:20 +0000
ROA not before:           Tue 02 Jan 2024 12:35:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43906
IP address blocks:        91.198.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/9825a0-1fdc-4162-8372-b9dbdc8b439c/1/FpedN9oBar0TJ5JwulXWs8KWBXg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/9825a0-1fdc-4162-8372-b9dbdc8b439c/1/FpedN9oBar0TJ5JwulXWs8KWBXg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FpedN9oBar0TJ5JwulXWs8KWBXg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:02:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:da:ea:8d:f5:8c:de:8b:18:96:a2:08:fe:d4:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16979d37da016abd13279270ba55d6b3c2960578
        Validity
            Not Before: Jan  2 12:35:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d993b660b72aac7a179273bb2929db4bde950900
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:df:50:78:b8:3c:d1:23:20:ce:37:5b:85:ee:
                    80:fe:2b:aa:be:b2:2c:4a:a2:45:95:c5:18:41:d8:
                    68:89:26:70:33:68:78:b7:ba:46:27:8f:9d:a8:df:
                    58:c7:8a:e1:bb:04:e4:9e:bb:6f:66:fa:79:57:3f:
                    5f:9a:43:90:5e:7d:9a:04:76:f0:78:1b:b7:d3:ef:
                    8d:8b:6c:d7:d5:ce:0a:4b:39:04:90:17:bb:39:b9:
                    c9:54:a9:81:67:09:94:26:4a:73:53:36:1c:6d:0f:
                    1b:ac:f2:bc:d3:a0:20:23:cf:95:a0:07:dc:3e:bb:
                    9b:6b:b8:24:63:ae:7c:cc:95:50:fc:5c:88:47:fd:
                    6c:aa:fc:9f:ff:d1:3d:ac:65:02:64:d1:06:21:fa:
                    64:d7:58:31:14:f1:a5:1c:f5:41:17:7e:b9:01:d3:
                    61:e9:36:ad:98:05:9f:fc:5c:af:22:7d:34:d0:11:
                    1c:5e:b4:0e:36:0d:22:2a:9e:88:b5:c5:78:20:35:
                    6e:9c:5a:e7:18:66:0b:f9:b8:70:a6:ad:0a:7b:52:
                    e1:29:2d:8f:39:27:ec:9f:c2:9f:1b:1f:d2:92:b3:
                    02:71:ac:74:fd:c1:79:7f:bc:9c:6f:49:3f:e9:e8:
                    2c:62:d5:2a:d2:1e:a9:b9:61:f9:c4:cb:c1:40:38:
                    bd:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:93:B6:60:B7:2A:AC:7A:17:92:73:BB:29:29:DB:4B:DE:95:09:00
            X509v3 Authority Key Identifier:
                keyid:16:97:9D:37:DA:01:6A:BD:13:27:92:70:BA:55:D6:B3:C2:96:05:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FpedN9oBar0TJ5JwulXWs8KWBXg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/9825a0-1fdc-4162-8372-b9dbdc8b439c/1/2ZO2YLcqrHoXknO7KSnbS96VCQA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/9825a0-1fdc-4162-8372-b9dbdc8b439c/1/FpedN9oBar0TJ5JwulXWs8KWBXg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:11:93:cd:80:e0:b7:af:20:e7:77:a1:f1:ff:2d:f0:14:4e:
         be:79:ee:36:f0:e5:e2:ef:c7:54:d7:31:48:7f:0a:02:1b:45:
         5f:a1:04:9f:e2:3e:43:e6:a4:d1:4d:b2:35:4e:3a:61:8a:8e:
         c1:40:4a:bd:06:8a:c1:c9:47:94:bd:00:05:bb:fe:25:4c:6e:
         af:20:54:56:ab:79:e0:c5:23:e6:59:76:ba:f8:d4:b7:8f:5b:
         ff:17:c4:40:62:e0:51:98:47:fe:a4:98:b2:b2:60:04:c0:32:
         3a:24:d1:d7:81:84:9f:9c:4e:d6:7a:c2:13:e2:a9:e6:44:fb:
         27:56:c6:59:fa:2d:89:a0:7c:c5:a7:b1:2d:af:21:d6:f0:57:
         16:1f:6a:bc:dd:d1:d6:2f:ae:19:98:8b:5f:ab:f1:1c:56:fc:
         6c:bf:6e:26:27:0e:4d:cc:d3:6e:2c:c3:18:a5:19:49:04:54:
         62:e7:84:20:25:7e:99:a2:b8:58:24:4c:89:a9:b2:5d:3e:d4:
         d9:ae:2b:d1:43:26:3c:b5:3c:77:cf:b3:de:18:58:38:5e:23:
         dc:95:c9:ab:bb:f0:2f:9e:cb:4f:03:02:25:ce:b8:93:c0:41:
         1b:6e:f6:d1:b6:6d:1a:bf:6f:39:bd:0a:b6:09:7b:2b:99:4e:
         32:a9:a5:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK9rqjfWM3osYlqII/tSKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2OTc5ZDM3ZGEwMTZhYmQxMzI3OTI3MGJhNTVkNmIzYzI5
NjA1NzgwHhcNMjQwMTAyMTIzNTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTkzYjY2MGI3MmFhYzdhMTc5MjczYmIyOTI5ZGI0YmRlOTUwOTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA599QeLg80SMgzjdbhe6A/iuqvrIs
SqJFlcUYQdhoiSZwM2h4t7pGJ4+dqN9Yx4rhuwTknrtvZvp5Vz9fmkOQXn2aBHbw
eBu30++Ni2zX1c4KSzkEkBe7ObnJVKmBZwmUJkpzUzYcbQ8brPK806AgI8+VoAfc
Pruba7gkY658zJVQ/FyIR/1sqvyf/9E9rGUCZNEGIfpk11gxFPGlHPVBF365AdNh
6TatmAWf/FyvIn000BEcXrQONg0iKp6ItcV4IDVunFrnGGYL+bhwpq0Ke1LhKS2P
OSfsn8KfGx/SkrMCcax0/cF5f7ycb0k/6egsYtUq0h6puWH5xMvBQDi99QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNmTtmC3Kqx6F5Jzuykp20velQkAMB8GA1UdIwQY
MBaAFBaXnTfaAWq9EyeScLpV1rPClgV4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnBlZE45b0JhcjBUSjVKd3VsWFdzOEtXQlhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS85ODI1YTAtMWZkYy00MTYyLTgzNzIt
YjlkYmRjOGI0MzljLzEvMlpPMllMY3FySG9Ya25PN0tTbmJTOTZWQ1FBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS85ODI1YTAtMWZkYy00MTYyLTgzNzItYjlkYmRjOGI0Mzlj
LzEvRnBlZE45b0JhcjBUSjVKd3VsWFdzOEtXQlhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8blMA0G
CSqGSIb3DQEBCwUAA4IBAQAXEZPNgOC3ryDnd6Hx/y3wFE6+ee428OXi78dU1zFI
fwoCG0VfoQSf4j5D5qTRTbI1Tjphio7BQEq9BorByUeUvQAFu/4lTG6vIFRWq3ng
xSPmWXa6+NS3j1v/F8RAYuBRmEf+pJiysmAEwDI6JNHXgYSfnE7WesIT4qnmRPsn
VsZZ+i2JoHzFp7EtryHW8FcWH2q83dHWL64ZmItfq/EcVvxsv24mJw5NzNNuLMMY
pRlJBFRi54QgJX6ZorhYJEyJqbJdPtTZrivRQyY8tTx3z7PeGFg4XiPclcmru/Av
nstPAwIlzriTwEEbbvbRtm0av285vQq2CXsrmU4yqaXI
-----END CERTIFICATE-----