Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/101696-83dd-436f-b47c-3e1b8432fc70/1/Fuwpc4A-TRfgVPSV8ewciJSWczY.roa
File:                     Fuwpc4A-TRfgVPSV8ewciJSWczY.roa (raw, json)
Hash identifier:          Y0uk9yq3kYnde4ofaqo2ePCwnF8vYGybwjzGM4J+Glo=
Subject key identifier:   16:EC:29:73:80:3E:4D:17:E0:54:F4:95:F1:EC:1C:88:94:96:73:36
Certificate issuer:       /CN=bf5599c26755f4a4d4f540e2ffd7b74a39053da3
Certificate serial:       019420D625E0D5E73016E3D7553BAFFFFF0A
Authority key identifier: BF:55:99:C2:67:55:F4:A4:D4:F5:40:E2:FF:D7:B7:4A:39:05:3D:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v1WZwmdV9KTU9UDi_9e3SjkFPaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/101696-83dd-436f-b47c-3e1b8432fc70/1/Fuwpc4A-TRfgVPSV8ewciJSWczY.roa
Signing time:             Wed 01 Jan 2025 07:48:12 +0000
ROA not before:           Wed 01 Jan 2025 07:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13030
IP address blocks:        91.199.76.0/24 maxlen: 24
                          2001:67c:470::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/101696-83dd-436f-b47c-3e1b8432fc70/1/v1WZwmdV9KTU9UDi_9e3SjkFPaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/101696-83dd-436f-b47c-3e1b8432fc70/1/v1WZwmdV9KTU9UDi_9e3SjkFPaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v1WZwmdV9KTU9UDi_9e3SjkFPaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:25:e0:d5:e7:30:16:e3:d7:55:3b:af:ff:ff:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf5599c26755f4a4d4f540e2ffd7b74a39053da3
        Validity
            Not Before: Jan  1 07:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=16ec2973803e4d17e054f495f1ec1c8894967336
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:d6:d3:03:c4:6d:af:34:d3:52:46:82:59:0a:
                    2d:8d:2e:05:7a:24:60:90:40:7e:e7:09:e7:02:3c:
                    3f:11:c6:c5:23:5a:42:94:c7:38:a9:5b:f0:4f:ab:
                    5b:ea:0f:27:57:b8:23:a2:bc:b2:69:86:fe:97:d3:
                    27:10:83:14:34:1c:20:91:61:27:df:81:f6:2f:e3:
                    71:7c:b6:b5:74:90:91:8a:4a:67:82:f5:f8:72:6c:
                    89:31:9c:15:62:44:30:d3:46:6f:8b:e6:82:1b:65:
                    98:61:aa:dc:ee:46:e6:e8:91:c0:01:3b:0b:1b:ac:
                    01:1c:48:47:98:6a:ea:51:9d:df:11:9a:a2:c5:9b:
                    b4:e5:03:64:77:0b:fc:6f:8a:56:64:5c:a7:fa:8f:
                    fd:d4:75:52:86:c1:d7:03:4d:d1:23:80:60:e4:f6:
                    fd:3b:8f:4f:26:22:8b:71:e1:a2:6c:98:79:76:e8:
                    86:8c:4c:3e:75:a7:8c:83:f3:6b:7c:33:1e:0d:f6:
                    ba:3d:bf:b5:85:34:d1:d7:c4:5a:1f:52:e7:d1:55:
                    9e:d4:62:a8:eb:8e:b3:c9:cb:41:90:2a:83:45:32:
                    48:61:91:af:4f:6d:9e:6e:2b:53:4b:b9:60:a5:45:
                    d6:e2:c3:1f:ba:d8:4e:db:a4:16:53:af:38:97:3b:
                    fd:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:EC:29:73:80:3E:4D:17:E0:54:F4:95:F1:EC:1C:88:94:96:73:36
            X509v3 Authority Key Identifier:
                keyid:BF:55:99:C2:67:55:F4:A4:D4:F5:40:E2:FF:D7:B7:4A:39:05:3D:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v1WZwmdV9KTU9UDi_9e3SjkFPaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/101696-83dd-436f-b47c-3e1b8432fc70/1/Fuwpc4A-TRfgVPSV8ewciJSWczY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/101696-83dd-436f-b47c-3e1b8432fc70/1/v1WZwmdV9KTU9UDi_9e3SjkFPaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.76.0/24
                IPv6:
                  2001:67c:470::/48

    Signature Algorithm: sha256WithRSAEncryption
         59:a7:b5:12:15:64:82:fd:26:95:10:9a:e0:48:00:64:a9:47:
         8b:f0:7e:1d:09:0f:0a:1d:e1:b2:0e:a4:4f:66:87:66:ac:b9:
         1d:84:b7:10:4b:04:82:e4:3f:81:ca:f2:23:ff:7d:ee:4b:28:
         f3:cf:47:e0:69:5a:80:ca:ae:8e:01:9d:a1:85:d2:cc:eb:d8:
         ca:91:ca:54:bb:f7:7f:b6:b9:90:cc:1e:6f:fb:23:7c:e5:f4:
         85:2e:d8:1f:12:13:c6:c5:6c:67:22:73:e9:24:f5:ef:85:9e:
         5f:ff:c9:54:0f:a1:79:66:8c:7c:93:27:f5:96:51:ee:b8:5f:
         6c:8c:e9:4f:0b:1f:76:f5:79:ee:86:5f:16:e5:0f:55:b6:5b:
         12:e8:ca:57:f2:ae:49:33:93:c3:52:91:a6:e0:8c:15:bd:e7:
         2a:03:34:aa:af:43:9c:69:13:eb:4f:96:33:e4:4a:85:44:15:
         0e:0b:1b:d6:da:eb:bb:ad:4a:ef:ed:37:9f:06:d8:70:b4:eb:
         92:a5:85:23:ff:3b:d7:83:f2:de:f5:a3:80:f9:7a:5d:08:95:
         cf:02:ff:76:9c:bb:a4:d4:f5:3a:b6:43:21:c2:43:07:6c:60:
         ac:23:9d:09:f3:96:fb:83:d0:d3:aa:8b:4e:d0:28:80:d0:be:
         80:2c:c3:d5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQg1iXg1ecwFuPXVTuv//8KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmNTU5OWMyNjc1NWY0YTRkNGY1NDBlMmZmZDdiNzRhMzkw
NTNkYTMwHhcNMjUwMTAxMDc0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmVjMjk3MzgwM2U0ZDE3ZTA1NGY0OTVmMWVjMWM4ODk0OTY3MzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx9bTA8RtrzTTUkaCWQotjS4FeiRg
kEB+5wnnAjw/EcbFI1pClMc4qVvwT6tb6g8nV7gjoryyaYb+l9MnEIMUNBwgkWEn
34H2L+NxfLa1dJCRikpngvX4cmyJMZwVYkQw00Zvi+aCG2WYYarc7kbm6JHAATsL
G6wBHEhHmGrqUZ3fEZqixZu05QNkdwv8b4pWZFyn+o/91HVShsHXA03RI4Bg5Pb9
O49PJiKLceGibJh5duiGjEw+daeMg/NrfDMeDfa6Pb+1hTTR18RaH1Ln0VWe1GKo
646zyctBkCqDRTJIYZGvT22ebitTS7lgpUXW4sMfuthO26QWU684lzv96QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBbsKXOAPk0X4FT0lfHsHIiUlnM2MB8GA1UdIwQY
MBaAFL9VmcJnVfSk1PVA4v/Xt0o5BT2jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjFXWndtZFY5S1RVOVVEaV85ZTNTamtGUGFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS8xMDE2OTYtODNkZC00MzZmLWI0N2Mt
M2UxYjg0MzJmYzcwLzEvRnV3cGM0QS1UUmZnVlBTVjhld2NpSlNXY3pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS8xMDE2OTYtODNkZC00MzZmLWI0N2MtM2UxYjg0MzJmYzcw
LzEvdjFXWndtZFY5S1RVOVVEaV85ZTNTamtGUGFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW8dMMA8E
AgACMAkDBwAgAQZ8BHAwDQYJKoZIhvcNAQELBQADggEBAFmntRIVZIL9JpUQmuBI
AGSpR4vwfh0JDwod4bIOpE9mh2asuR2EtxBLBILkP4HK8iP/fe5LKPPPR+BpWoDK
ro4BnaGF0szr2MqRylS793+2uZDMHm/7I3zl9IUu2B8SE8bFbGcic+kk9e+Fnl//
yVQPoXlmjHyTJ/WWUe64X2yM6U8LH3b1ee6GXxblD1W2WxLoylfyrkkzk8NSkabg
jBW95yoDNKqvQ5xpE+tPljPkSoVEFQ4LG9ba67utSu/tN58G2HC065KlhSP/O9eD
8t71o4D5el0Ilc8C/3acu6TU9Tq2QyHCQwdsYKwjnQnzlvuD0NOqi07QKIDQvoAs
w9U=
-----END CERTIFICATE-----