Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/f4dc76-dcd2-475b-9e68-c22395ce1be4/1/ZaU7bpahzsuyQql_dfM7JCHiYaA.roa
File:                     ZaU7bpahzsuyQql_dfM7JCHiYaA.roa (raw, json)
Hash identifier:          qz2/HgB+HBD+S0FC2LX1e2/55KnSpUAW7ydkzgcdbYk=
Subject key identifier:   65:A5:3B:6E:96:A1:CE:CB:B2:42:A9:7F:75:F3:3B:24:21:E2:61:A0
Certificate issuer:       /CN=38f746b81aec00e36b9bcb7a08642a64e913da5b
Certificate serial:       018CC26D680B01723AD9B8AB8C6103D00BDE
Authority key identifier: 38:F7:46:B8:1A:EC:00:E3:6B:9B:CB:7A:08:64:2A:64:E9:13:DA:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OPdGuBrsAONrm8t6CGQqZOkT2ls.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/f4dc76-dcd2-475b-9e68-c22395ce1be4/1/ZaU7bpahzsuyQql_dfM7JCHiYaA.roa
Signing time:             Mon 01 Jan 2024 00:29:59 +0000
ROA not before:           Mon 01 Jan 2024 00:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199117
IP address blocks:        91.240.241.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/f4dc76-dcd2-475b-9e68-c22395ce1be4/1/OPdGuBrsAONrm8t6CGQqZOkT2ls.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/f4dc76-dcd2-475b-9e68-c22395ce1be4/1/OPdGuBrsAONrm8t6CGQqZOkT2ls.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OPdGuBrsAONrm8t6CGQqZOkT2ls.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:68:0b:01:72:3a:d9:b8:ab:8c:61:03:d0:0b:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38f746b81aec00e36b9bcb7a08642a64e913da5b
        Validity
            Not Before: Jan  1 00:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=65a53b6e96a1cecbb242a97f75f33b2421e261a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:b5:41:fa:2a:2c:14:f4:56:a1:8d:94:f1:5f:
                    a9:99:c9:0a:56:10:82:83:a0:20:19:9e:bf:52:40:
                    a6:ef:99:84:53:64:9f:84:49:af:07:8d:d4:03:21:
                    ea:1b:61:3b:59:0f:32:aa:ac:5d:e4:5d:ad:81:61:
                    f6:94:f8:cd:e5:d6:78:aa:38:d3:dd:df:89:82:9f:
                    79:4f:fe:ab:8b:ed:7c:bc:19:e0:1c:cd:8a:d1:f8:
                    ae:a0:a9:56:0f:16:41:ca:57:55:23:8e:00:92:d8:
                    d7:0c:18:e9:c8:a5:4c:df:db:fd:0b:47:b3:2d:a2:
                    b0:b9:ab:d1:ca:00:f6:3c:e8:b1:1a:d1:17:58:dd:
                    5a:a8:d5:24:fb:08:76:c2:37:1a:f4:c7:a1:e4:50:
                    49:94:03:9e:27:45:ba:d8:0b:fd:2b:1d:b3:19:49:
                    82:fd:7b:e8:14:c1:a1:3a:01:01:72:d4:c8:d4:ca:
                    74:cf:3a:ea:6c:1b:99:49:eb:79:68:42:a3:5a:74:
                    05:68:70:f5:e2:17:8a:4c:cc:35:24:55:0c:a7:37:
                    ac:76:4a:d0:63:ca:ce:98:43:34:cc:eb:63:cd:67:
                    8e:50:15:b9:61:06:b1:bd:f3:7a:94:e6:8c:50:59:
                    03:fd:31:b3:85:21:c6:04:42:da:aa:56:24:ff:75:
                    9b:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:A5:3B:6E:96:A1:CE:CB:B2:42:A9:7F:75:F3:3B:24:21:E2:61:A0
            X509v3 Authority Key Identifier:
                keyid:38:F7:46:B8:1A:EC:00:E3:6B:9B:CB:7A:08:64:2A:64:E9:13:DA:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OPdGuBrsAONrm8t6CGQqZOkT2ls.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/f4dc76-dcd2-475b-9e68-c22395ce1be4/1/ZaU7bpahzsuyQql_dfM7JCHiYaA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/f4dc76-dcd2-475b-9e68-c22395ce1be4/1/OPdGuBrsAONrm8t6CGQqZOkT2ls.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:41:7c:3b:1e:80:57:3d:a4:44:35:c9:4f:a6:57:6e:f0:80:
         7e:29:3e:e5:16:7b:db:73:ed:97:a4:71:12:95:74:2f:e8:39:
         67:9d:b1:da:c1:ee:81:74:e8:df:3f:e3:ab:1e:1b:d0:c5:de:
         ca:ae:a9:01:b2:2c:9f:5c:50:b7:92:43:07:a8:bf:3e:da:e3:
         fa:a9:ca:26:bc:2e:14:ba:8f:c8:b5:00:8a:74:e2:8e:93:ac:
         72:71:49:cd:d7:1b:7c:45:18:56:fc:b9:4d:44:2d:95:fb:8b:
         1c:ac:39:b4:44:c4:2c:e9:e8:a8:81:c9:1b:46:68:6f:00:d4:
         7b:4d:b0:cf:b8:a6:2e:2f:a4:e3:57:85:e2:a4:6e:01:14:d9:
         48:9e:b1:a8:0b:5c:3d:63:d1:fe:2e:1c:7d:0e:8e:86:0b:52:
         61:69:1a:8d:3a:30:32:bc:b0:0a:1c:d7:75:b3:40:c8:63:46:
         e7:b1:a6:19:90:e9:ba:2f:3b:86:67:69:2e:20:fa:ae:8b:4a:
         22:e3:dc:40:3f:76:f4:f5:cb:03:6f:c1:ce:2c:f7:df:3f:ea:
         49:ee:36:24:d3:94:41:b2:b2:a7:2c:88:50:c4:97:7f:c9:75:
         d4:92:15:9d:54:7c:09:e9:17:c4:fc:d8:06:09:14:40:34:9a:
         47:0f:dc:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbWgLAXI62birjGED0AveMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4Zjc0NmI4MWFlYzAwZTM2YjliY2I3YTA4NjQyYTY0ZTkx
M2RhNWIwHhcNMjQwMTAxMDAyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWE1M2I2ZTk2YTFjZWNiYjI0MmE5N2Y3NWYzM2IyNDIxZTI2MWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgrVB+iosFPRWoY2U8V+pmckKVhCC
g6AgGZ6/UkCm75mEU2SfhEmvB43UAyHqG2E7WQ8yqqxd5F2tgWH2lPjN5dZ4qjjT
3d+Jgp95T/6ri+18vBngHM2K0fiuoKlWDxZByldVI44AktjXDBjpyKVM39v9C0ez
LaKwuavRygD2POixGtEXWN1aqNUk+wh2wjca9Meh5FBJlAOeJ0W62Av9Kx2zGUmC
/XvoFMGhOgEBctTI1Mp0zzrqbBuZSet5aEKjWnQFaHD14heKTMw1JFUMpzesdkrQ
Y8rOmEM0zOtjzWeOUBW5YQaxvfN6lOaMUFkD/TGzhSHGBELaqlYk/3WbOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGWlO26Woc7LskKpf3XzOyQh4mGgMB8GA1UdIwQY
MBaAFDj3Rrga7ADja5vLeghkKmTpE9pbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1BkR3VCcnNBT05ybTh0NkNHUXFaT2tUMmxzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9mNGRjNzYtZGNkMi00NzViLTllNjgt
YzIyMzk1Y2UxYmU0LzEvWmFVN2JwYWh6c3V5UXFsX2RmTTdKQ0hpWWFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9mNGRjNzYtZGNkMi00NzViLTllNjgtYzIyMzk1Y2UxYmU0
LzEvT1BkR3VCcnNBT05ybTh0NkNHUXFaT2tUMmxzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/DxMA0G
CSqGSIb3DQEBCwUAA4IBAQA1QXw7HoBXPaRENclPpldu8IB+KT7lFnvbc+2XpHES
lXQv6DlnnbHawe6BdOjfP+OrHhvQxd7KrqkBsiyfXFC3kkMHqL8+2uP6qcomvC4U
uo/ItQCKdOKOk6xycUnN1xt8RRhW/LlNRC2V+4scrDm0RMQs6eiogckbRmhvANR7
TbDPuKYuL6TjV4XipG4BFNlInrGoC1w9Y9H+Lhx9Do6GC1JhaRqNOjAyvLAKHNd1
s0DIY0bnsaYZkOm6LzuGZ2kuIPqui0oi49xAP3b09csDb8HOLPffP+pJ7jYk05RB
srKnLIhQxJd/yXXUkhWdVHwJ6RfE/NgGCRRANJpHD9xf
-----END CERTIFICATE-----