Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/c04d99-de44-40ab-a2c0-08279455f941/1/L0iolrwbuvaMmyrFJBQRD6OWnaM.roa
File:                     L0iolrwbuvaMmyrFJBQRD6OWnaM.roa (raw, json)
Hash identifier:          FE4uF3AHljjXoDneX1c/3559a6pUl9uwUCsC3yY19eI=
Subject key identifier:   2F:48:A8:96:BC:1B:BA:F6:8C:9B:2A:C5:24:14:11:0F:A3:96:9D:A3
Certificate issuer:       /CN=faa6e5e86023c9b314ee651291fafe8c6dd69a83
Certificate serial:       018CC80160F06D157BE8D171BC52C0802D9C
Authority key identifier: FA:A6:E5:E8:60:23:C9:B3:14:EE:65:12:91:FA:FE:8C:6D:D6:9A:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-qbl6GAjybMU7mUSkfr-jG3WmoM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/c04d99-de44-40ab-a2c0-08279455f941/1/L0iolrwbuvaMmyrFJBQRD6OWnaM.roa
Signing time:             Tue 02 Jan 2024 02:29:42 +0000
ROA not before:           Tue 02 Jan 2024 02:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200736
IP address blocks:        91.211.212.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/c04d99-de44-40ab-a2c0-08279455f941/1/1-qbl6GAjybMU7mUSkfr-jG3WmoM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/c04d99-de44-40ab-a2c0-08279455f941/1/1-qbl6GAjybMU7mUSkfr-jG3WmoM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-qbl6GAjybMU7mUSkfr-jG3WmoM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:60:f0:6d:15:7b:e8:d1:71:bc:52:c0:80:2d:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=faa6e5e86023c9b314ee651291fafe8c6dd69a83
        Validity
            Not Before: Jan  2 02:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f48a896bc1bbaf68c9b2ac52414110fa3969da3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:85:a1:71:dc:35:55:7d:d8:d3:39:8b:c5:76:
                    2a:a5:4e:e6:e0:26:0c:47:d2:e0:5c:75:be:8b:66:
                    2c:18:56:89:4c:f4:c9:d4:6c:20:9a:94:d7:ed:0f:
                    c9:a4:6d:e0:2d:d3:1d:05:25:43:33:fd:42:08:7d:
                    42:5a:9f:13:8d:d5:4e:ba:f0:8e:3c:ad:0f:fc:ff:
                    18:8d:c8:2c:90:c0:3c:77:f7:0b:d8:53:16:e0:fc:
                    3a:34:97:74:ad:09:45:e6:0e:07:75:a8:a9:11:33:
                    b2:a3:dd:ee:fa:43:8b:b9:b1:53:2a:73:5f:53:94:
                    a1:ea:cd:83:75:bc:a3:4c:20:32:cf:32:24:47:12:
                    5d:4c:86:07:e1:23:bb:0b:12:38:75:74:78:de:44:
                    a2:f7:13:c5:0b:e5:2b:56:f2:cc:da:0a:b8:35:83:
                    dd:0a:b4:9f:4a:10:6f:17:76:95:b6:c6:a3:54:dc:
                    73:81:53:af:e1:04:49:8d:b2:90:0d:22:d2:17:7c:
                    8e:2b:a3:72:8b:fd:64:79:51:3e:f4:60:a1:2b:10:
                    25:37:60:d1:f3:3a:d6:03:16:06:44:43:22:05:ba:
                    30:48:7a:7e:bb:a4:a1:78:45:f0:19:f9:5d:7c:7c:
                    e5:6b:4e:16:d9:2f:9b:8c:2b:a9:27:3d:2a:5b:e4:
                    ca:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:48:A8:96:BC:1B:BA:F6:8C:9B:2A:C5:24:14:11:0F:A3:96:9D:A3
            X509v3 Authority Key Identifier:
                keyid:FA:A6:E5:E8:60:23:C9:B3:14:EE:65:12:91:FA:FE:8C:6D:D6:9A:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-qbl6GAjybMU7mUSkfr-jG3WmoM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/c04d99-de44-40ab-a2c0-08279455f941/1/L0iolrwbuvaMmyrFJBQRD6OWnaM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/c04d99-de44-40ab-a2c0-08279455f941/1/1-qbl6GAjybMU7mUSkfr-jG3WmoM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.211.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         21:a8:e1:f8:42:a2:0c:d6:1f:0d:ac:99:68:35:ad:4c:40:a8:
         fb:5e:ca:c3:6c:4d:4f:2c:86:69:15:77:b8:f0:11:d3:97:14:
         a8:cd:e6:72:bb:88:4d:0c:81:c5:3a:a5:9c:7f:7d:e1:94:7b:
         53:32:99:18:a7:f6:73:db:c2:b3:9c:14:83:76:a1:55:74:33:
         6f:11:97:23:ea:f9:c3:0c:9c:2c:1e:71:bd:3c:c5:a8:9f:2d:
         92:e2:d6:44:dc:f3:60:4c:c4:6f:f1:61:0e:aa:c8:e1:05:06:
         27:a5:66:eb:6c:27:a7:28:6a:9c:d1:58:2e:9c:ba:7b:74:82:
         6d:45:aa:38:4e:9f:43:a1:5b:54:78:a7:b8:a9:0b:24:ef:39:
         f4:d0:55:7c:73:6e:0b:bd:2f:6e:ea:51:a4:42:5e:3c:7d:25:
         e7:60:6a:f3:4e:54:31:15:e7:34:f6:2e:b7:d8:20:11:99:c3:
         52:26:96:a7:c3:09:a6:98:28:f8:40:11:c7:63:6a:be:17:34:
         85:c8:44:fe:b7:e9:95:b2:f0:57:a2:73:5b:be:9c:80:3c:d6:
         d8:8a:9b:e2:08:63:f2:01:13:5f:ca:34:e5:bd:b6:47:4c:19:
         01:09:76:a0:8d:db:e3:a1:17:7b:78:04:bc:6a:c7:40:e7:21:
         6b:27:ea:3a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzIAWDwbRV76NFxvFLAgC2cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhYTZlNWU4NjAyM2M5YjMxNGVlNjUxMjkxZmFmZThjNmRk
NjlhODMwHhcNMjQwMTAyMDIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjQ4YTg5NmJjMWJiYWY2OGM5YjJhYzUyNDE0MTEwZmEzOTY5ZGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAioWhcdw1VX3Y0zmLxXYqpU7m4CYM
R9LgXHW+i2YsGFaJTPTJ1GwgmpTX7Q/JpG3gLdMdBSVDM/1CCH1CWp8TjdVOuvCO
PK0P/P8YjcgskMA8d/cL2FMW4Pw6NJd0rQlF5g4HdaipETOyo93u+kOLubFTKnNf
U5Sh6s2DdbyjTCAyzzIkRxJdTIYH4SO7CxI4dXR43kSi9xPFC+UrVvLM2gq4NYPd
CrSfShBvF3aVtsajVNxzgVOv4QRJjbKQDSLSF3yOK6Nyi/1keVE+9GChKxAlN2DR
8zrWAxYGREMiBbowSHp+u6SheEXwGfldfHzla04W2S+bjCupJz0qW+TKhQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFC9IqJa8G7r2jJsqxSQUEQ+jlp2jMB8GA1UdIwQY
MBaAFPqm5ehgI8mzFO5lEpH6/oxt1pqDMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1xYmw2R0FqeWJNVTdtVVNrZnItakczV21vTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDAvYzA0ZDk5LWRlNDQtNDBhYi1hMmMw
LTA4Mjc5NDU1Zjk0MS8xL0wwaW9scndidXZhTW15ckZKQlFSRDZPV25hTS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDAvYzA0ZDk5LWRlNDQtNDBhYi1hMmMwLTA4Mjc5NDU1Zjk0
MS8xLzEtcWJsNkdBanliTVU3bVVTa2ZyLWpHM1dtb00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAJb09Qw
DQYJKoZIhvcNAQELBQADggEBACGo4fhCogzWHw2smWg1rUxAqPteysNsTU8shmkV
d7jwEdOXFKjN5nK7iE0MgcU6pZx/feGUe1MymRin9nPbwrOcFIN2oVV0M28RlyPq
+cMMnCwecb08xaifLZLi1kTc82BMxG/xYQ6qyOEFBielZutsJ6coapzRWC6cunt0
gm1FqjhOn0OhW1R4p7ipCyTvOfTQVXxzbgu9L27qUaRCXjx9JedgavNOVDEV5zT2
LrfYIBGZw1ImlqfDCaaYKPhAEcdjar4XNIXIRP636ZWy8Feic1u+nIA81tiKm+II
Y/IBE1/KNOW9tkdMGQEJdqCN2+OhF3t4BLxqx0DnIWsn6jo=
-----END CERTIFICATE-----