Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/2f0a66-1634-40fb-99b0-931505ff41c5/1/v9Lt3fGaEcduUjlPyMTA0-TU3m4.roa
File:                     v9Lt3fGaEcduUjlPyMTA0-TU3m4.roa (raw, json)
Hash identifier:          I2UdTH3ckCCUc0ttLHdJWn9TsqIWijWeNc//Mt1750g=
Subject key identifier:   BF:D2:ED:DD:F1:9A:11:C7:6E:52:39:4F:C8:C4:C0:D3:E4:D4:DE:6E
Certificate issuer:       /CN=fd717f3ab63945a1be739c2b3a2589bea55ddb6e
Certificate serial:       018CC9BC15BBC1BEC216A17D4BC327B2E0B3
Authority key identifier: FD:71:7F:3A:B6:39:45:A1:BE:73:9C:2B:3A:25:89:BE:A5:5D:DB:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_XF_OrY5RaG-c5wrOiWJvqVd224.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/2f0a66-1634-40fb-99b0-931505ff41c5/1/v9Lt3fGaEcduUjlPyMTA0-TU3m4.roa
Signing time:             Tue 02 Jan 2024 10:33:15 +0000
ROA not before:           Tue 02 Jan 2024 10:33:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47505
IP address blocks:        91.206.78.0/23 maxlen: 23
                          193.142.208.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/2f0a66-1634-40fb-99b0-931505ff41c5/1/_XF_OrY5RaG-c5wrOiWJvqVd224.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/2f0a66-1634-40fb-99b0-931505ff41c5/1/_XF_OrY5RaG-c5wrOiWJvqVd224.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_XF_OrY5RaG-c5wrOiWJvqVd224.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 10:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:15:bb:c1:be:c2:16:a1:7d:4b:c3:27:b2:e0:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd717f3ab63945a1be739c2b3a2589bea55ddb6e
        Validity
            Not Before: Jan  2 10:33:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bfd2edddf19a11c76e52394fc8c4c0d3e4d4de6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:35:a4:d7:37:58:33:b7:43:db:1e:b0:23:16:
                    68:41:04:37:6e:95:0a:5c:18:ca:15:76:06:f9:57:
                    99:b1:30:f2:d7:69:fe:7f:54:17:1a:64:11:f4:35:
                    7c:b1:11:c7:2a:e9:29:c9:74:14:89:97:c4:77:a7:
                    5d:dd:d5:78:21:7d:96:fb:62:ea:24:7a:de:bd:51:
                    fc:51:2c:09:d8:fc:cb:f3:a1:f7:10:ff:3b:f0:4f:
                    6b:da:b5:89:ba:d1:fe:a3:87:a3:90:f1:15:d0:ac:
                    64:00:fd:f9:52:de:dd:21:87:51:aa:82:da:e8:a2:
                    f7:12:2c:41:65:d1:b3:03:4b:4b:2f:d1:f5:e6:00:
                    c5:ff:75:3d:94:bc:13:57:0d:f9:c0:36:16:e9:5e:
                    d9:34:c6:2d:87:31:73:28:d4:79:cb:2e:8a:48:30:
                    7b:e7:ae:d3:e5:c9:84:bb:3a:59:7d:2d:8b:fc:aa:
                    6c:ab:3b:a1:40:e4:8e:32:fa:6a:ce:74:65:b6:3d:
                    af:87:2d:3c:f0:3d:4d:4b:aa:c9:6a:52:4b:86:86:
                    38:bb:70:7c:32:eb:d3:9f:34:db:09:f9:32:48:6d:
                    0d:4e:a6:5b:c7:4a:06:21:71:3d:2c:53:0d:7a:a6:
                    64:5c:a8:eb:50:8d:26:60:7b:75:e2:4f:fa:0b:00:
                    90:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:D2:ED:DD:F1:9A:11:C7:6E:52:39:4F:C8:C4:C0:D3:E4:D4:DE:6E
            X509v3 Authority Key Identifier:
                keyid:FD:71:7F:3A:B6:39:45:A1:BE:73:9C:2B:3A:25:89:BE:A5:5D:DB:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_XF_OrY5RaG-c5wrOiWJvqVd224.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/2f0a66-1634-40fb-99b0-931505ff41c5/1/v9Lt3fGaEcduUjlPyMTA0-TU3m4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/2f0a66-1634-40fb-99b0-931505ff41c5/1/_XF_OrY5RaG-c5wrOiWJvqVd224.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.78.0/23
                  193.142.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:89:64:fe:cf:33:8c:42:4d:40:0e:d6:53:ed:bd:c1:f0:5c:
         dd:b5:d0:cd:0e:d1:94:2c:99:58:2f:62:d2:43:48:89:3d:ce:
         67:bf:fa:b9:9d:50:b2:99:74:a0:0b:e5:b6:13:db:97:cf:fc:
         d2:0f:59:fc:79:53:b9:f8:af:37:fb:60:13:c2:7e:f5:eb:a5:
         bb:b1:29:89:ed:97:70:41:79:01:b3:ec:a9:b3:61:52:b2:02:
         2e:88:a3:7e:f5:8b:c8:df:52:b0:23:31:31:37:e5:b8:fa:2a:
         b9:db:6b:88:c9:c6:cb:25:a8:68:68:ce:80:87:ce:6f:47:28:
         61:f0:fc:28:8c:b2:73:94:c4:75:2a:2f:9f:66:e8:a5:4a:45:
         b9:cf:03:69:0b:dc:15:cb:5b:03:20:28:f4:83:66:bc:26:2b:
         ca:f7:7f:76:bf:71:2a:77:fd:7d:29:0b:d1:80:0d:b1:bb:e4:
         b5:2d:68:db:49:9c:c7:1d:a0:53:1c:0b:50:cb:87:6d:99:08:
         57:f3:47:00:6f:e8:31:d4:f5:3f:46:94:bc:07:eb:9c:37:fd:
         c7:14:9d:ae:03:d2:6f:42:d9:cf:ae:1d:e7:b4:58:c8:d3:46:
         4c:89:47:43:3e:6b:84:98:8e:20:4e:50:eb:bf:41:15:7d:b1:
         3b:d9:30:99
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJvBW7wb7CFqF9S8MnsuCzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkNzE3ZjNhYjYzOTQ1YTFiZTczOWMyYjNhMjU4OWJlYTU1
ZGRiNmUwHhcNMjQwMTAyMTAzMzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmQyZWRkZGYxOWExMWM3NmU1MjM5NGZjOGM0YzBkM2U0ZDRkZTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmjWk1zdYM7dD2x6wIxZoQQQ3bpUK
XBjKFXYG+VeZsTDy12n+f1QXGmQR9DV8sRHHKukpyXQUiZfEd6dd3dV4IX2W+2Lq
JHrevVH8USwJ2PzL86H3EP878E9r2rWJutH+o4ejkPEV0KxkAP35Ut7dIYdRqoLa
6KL3EixBZdGzA0tLL9H15gDF/3U9lLwTVw35wDYW6V7ZNMYthzFzKNR5yy6KSDB7
567T5cmEuzpZfS2L/KpsqzuhQOSOMvpqznRltj2vhy088D1NS6rJalJLhoY4u3B8
MuvTnzTbCfkySG0NTqZbx0oGIXE9LFMNeqZkXKjrUI0mYHt14k/6CwCQ7QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL/S7d3xmhHHblI5T8jEwNPk1N5uMB8GA1UdIwQY
MBaAFP1xfzq2OUWhvnOcKzolib6lXdtuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1hGX09yWTVSYUctYzV3ck9pV0p2cVZkMjI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8yZjBhNjYtMTYzNC00MGZiLTk5YjAt
OTMxNTA1ZmY0MWM1LzEvdjlMdDNmR2FFY2R1VWpsUHlNVEEwLVRVM200LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8yZjBhNjYtMTYzNC00MGZiLTk5YjAtOTMxNTA1ZmY0MWM1
LzEvX1hGX09yWTVSYUctYzV3ck9pV0p2cVZkMjI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW85OAwQA
wY7QMA0GCSqGSIb3DQEBCwUAA4IBAQAtiWT+zzOMQk1ADtZT7b3B8FzdtdDNDtGU
LJlYL2LSQ0iJPc5nv/q5nVCymXSgC+W2E9uXz/zSD1n8eVO5+K83+2ATwn7166W7
sSmJ7ZdwQXkBs+yps2FSsgIuiKN+9YvI31KwIzExN+W4+iq522uIycbLJahoaM6A
h85vRyhh8PwojLJzlMR1Ki+fZuilSkW5zwNpC9wVy1sDICj0g2a8JivK9392v3Eq
d/19KQvRgA2xu+S1LWjbSZzHHaBTHAtQy4dtmQhX80cAb+gx1PU/RpS8B+ucN/3H
FJ2uA9JvQtnPrh3ntFjI00ZMiUdDPmuEmI4gTlDrv0EVfbE72TCZ
-----END CERTIFICATE-----