Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/52e997-6d9a-45ae-a7c2-0d205fb1ad05/1/FxN4UWoMVl2ePG5IloMvtMVcQ50.roa
File:                     FxN4UWoMVl2ePG5IloMvtMVcQ50.roa (raw, json)
Hash identifier:          aDgOka6bYZ6B+Q95lW022g/7zfNNWeWVOBq1WhwA3bY=
Subject key identifier:   17:13:78:51:6A:0C:56:5D:9E:3C:6E:48:96:83:2F:B4:C5:5C:43:9D
Certificate issuer:       /CN=2f18aa1f55d635c96204ca79a82993fbcec1512c
Certificate serial:       018DAF55F1C4DEEFF471ABD4E839C7EB357C
Authority key identifier: 2F:18:AA:1F:55:D6:35:C9:62:04:CA:79:A8:29:93:FB:CE:C1:51:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LxiqH1XWNcliBMp5qCmT-87BUSw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/52e997-6d9a-45ae-a7c2-0d205fb1ad05/1/FxN4UWoMVl2ePG5IloMvtMVcQ50.roa
Signing time:             Fri 16 Feb 2024 00:34:21 +0000
ROA not before:           Fri 16 Feb 2024 00:34:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3257
IP address blocks:        91.200.75.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/52e997-6d9a-45ae-a7c2-0d205fb1ad05/1/LxiqH1XWNcliBMp5qCmT-87BUSw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/52e997-6d9a-45ae-a7c2-0d205fb1ad05/1/LxiqH1XWNcliBMp5qCmT-87BUSw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LxiqH1XWNcliBMp5qCmT-87BUSw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:af:55:f1:c4:de:ef:f4:71:ab:d4:e8:39:c7:eb:35:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f18aa1f55d635c96204ca79a82993fbcec1512c
        Validity
            Not Before: Feb 16 00:34:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=171378516a0c565d9e3c6e4896832fb4c55c439d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:15:b1:16:9a:a1:16:b5:47:cc:25:e8:e2:75:
                    42:7d:2c:a0:7a:95:a9:2c:72:d2:69:18:be:8b:13:
                    1e:3f:85:69:05:1b:53:32:fa:4b:c3:1d:91:10:a5:
                    cb:4c:05:26:fe:fc:7b:25:55:43:95:e8:86:e2:37:
                    e8:e2:1e:0d:08:be:ab:e0:30:8f:20:66:2e:36:98:
                    a4:40:87:ee:74:7d:00:4c:39:ba:b3:20:e1:97:d2:
                    45:a9:67:3c:41:65:4a:2b:1d:90:a0:f7:90:b0:93:
                    25:d2:12:ae:62:5a:f4:83:82:4c:2b:c6:13:3e:25:
                    67:2c:53:59:eb:a5:f7:b1:a3:40:63:b0:2d:a8:af:
                    08:cd:2d:af:c3:18:04:af:5e:ba:9a:92:7b:10:11:
                    3e:5c:e7:19:2b:3d:4f:64:27:7a:9e:40:67:04:e4:
                    9e:ba:46:5e:8d:a6:45:6f:65:4c:a5:62:6d:76:5a:
                    1c:da:12:03:76:3d:df:fe:57:b4:81:ce:72:55:0f:
                    a4:ae:8d:14:1e:c9:40:f7:b7:84:f5:93:d1:3c:9f:
                    93:04:bf:b1:38:7c:ec:19:3d:40:f0:50:d3:41:11:
                    db:37:ab:95:48:bd:6c:55:51:e7:7d:50:70:2a:04:
                    11:62:af:98:95:5b:9f:3c:03:20:16:0c:63:73:fc:
                    f8:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:13:78:51:6A:0C:56:5D:9E:3C:6E:48:96:83:2F:B4:C5:5C:43:9D
            X509v3 Authority Key Identifier:
                keyid:2F:18:AA:1F:55:D6:35:C9:62:04:CA:79:A8:29:93:FB:CE:C1:51:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LxiqH1XWNcliBMp5qCmT-87BUSw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/52e997-6d9a-45ae-a7c2-0d205fb1ad05/1/FxN4UWoMVl2ePG5IloMvtMVcQ50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/52e997-6d9a-45ae-a7c2-0d205fb1ad05/1/LxiqH1XWNcliBMp5qCmT-87BUSw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.200.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:21:07:16:ca:c6:f1:4c:1e:45:c4:f2:82:68:26:fb:12:bc:
         c9:ab:e3:90:89:fb:02:9a:8b:26:a0:5a:83:3a:d3:c8:31:79:
         14:b9:77:3b:02:7f:df:f4:6f:b8:8e:86:b3:5a:2c:b4:ca:7d:
         8f:da:80:fb:7b:e7:89:b6:6e:bc:55:46:ec:63:32:6b:45:a9:
         2c:8f:e2:eb:c4:a6:15:18:fc:57:39:24:9f:34:83:11:e9:a3:
         35:cf:e3:9e:06:01:4e:8d:27:94:a0:be:bd:bb:ad:d2:f7:0b:
         4b:f5:b3:80:6e:43:3a:e6:ef:95:95:ae:c4:f6:a9:95:16:78:
         9b:76:8a:5d:8e:d6:2b:ae:a1:54:53:a6:e6:85:5c:76:7a:15:
         00:fc:04:94:60:be:a9:a4:f2:d1:43:61:03:85:e3:5a:a9:71:
         05:9b:0a:55:b0:6a:83:13:76:a7:ba:f7:e7:39:ad:42:e7:93:
         32:df:4e:5d:60:25:7c:22:d0:f1:d8:3d:e4:c0:1f:12:e4:31:
         66:fc:13:4f:f2:d5:8c:ec:5f:1d:d2:b2:9e:c1:38:ab:ca:c1:
         3a:34:e4:0a:cb:f7:1f:5d:84:e1:90:a4:4e:46:54:a4:62:87:
         cf:aa:7d:c2:4a:87:53:3a:ee:6c:44:d0:d4:75:c3:91:c1:0f:
         a1:2c:e1:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2vVfHE3u/0cavU6DnH6zV8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmMThhYTFmNTVkNjM1Yzk2MjA0Y2E3OWE4Mjk5M2ZiY2Vj
MTUxMmMwHhcNMjQwMjE2MDAzNDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzEzNzg1MTZhMGM1NjVkOWUzYzZlNDg5NjgzMmZiNGM1NWM0MzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjBWxFpqhFrVHzCXo4nVCfSygepWp
LHLSaRi+ixMeP4VpBRtTMvpLwx2REKXLTAUm/vx7JVVDleiG4jfo4h4NCL6r4DCP
IGYuNpikQIfudH0ATDm6syDhl9JFqWc8QWVKKx2QoPeQsJMl0hKuYlr0g4JMK8YT
PiVnLFNZ66X3saNAY7AtqK8IzS2vwxgEr166mpJ7EBE+XOcZKz1PZCd6nkBnBOSe
ukZejaZFb2VMpWJtdloc2hIDdj3f/le0gc5yVQ+kro0UHslA97eE9ZPRPJ+TBL+x
OHzsGT1A8FDTQRHbN6uVSL1sVVHnfVBwKgQRYq+YlVufPAMgFgxjc/z4IwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBcTeFFqDFZdnjxuSJaDL7TFXEOdMB8GA1UdIwQY
MBaAFC8Yqh9V1jXJYgTKeagpk/vOwVEsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHhpcUgxWFdOY2xpQk1wNXFDbVQtODdCVVN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS81MmU5OTctNmQ5YS00NWFlLWE3YzIt
MGQyMDVmYjFhZDA1LzEvRnhONFVXb01WbDJlUEc1SWxvTXZ0TVZjUTUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS81MmU5OTctNmQ5YS00NWFlLWE3YzItMGQyMDVmYjFhZDA1
LzEvTHhpcUgxWFdOY2xpQk1wNXFDbVQtODdCVVN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8hLMA0G
CSqGSIb3DQEBCwUAA4IBAQCfIQcWysbxTB5FxPKCaCb7ErzJq+OQifsCmosmoFqD
OtPIMXkUuXc7An/f9G+4joazWiy0yn2P2oD7e+eJtm68VUbsYzJrRaksj+LrxKYV
GPxXOSSfNIMR6aM1z+OeBgFOjSeUoL69u63S9wtL9bOAbkM65u+Vla7E9qmVFnib
dopdjtYrrqFUU6bmhVx2ehUA/ASUYL6ppPLRQ2EDheNaqXEFmwpVsGqDE3anuvfn
Oa1C55My305dYCV8ItDx2D3kwB8S5DFm/BNP8tWM7F8d0rKewTirysE6NOQKy/cf
XYThkKRORlSkYofPqn3CSodTOu5sRNDUdcORwQ+hLOHV
-----END CERTIFICATE-----