Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/3cdd92-724a-4fd8-a5f8-370b3a87bf98/1/FmnHpZ9CH0axs1VGQuge-SIZhus.roa
File:                     FmnHpZ9CH0axs1VGQuge-SIZhus.roa (raw, json)
Hash identifier:          qKXosX2r81tVLH0vPQ1G1DSi1nyO7wboXBPAY5eyLxs=
Subject key identifier:   16:69:C7:A5:9F:42:1F:46:B1:B3:55:46:42:E8:1E:F9:22:19:86:EB
Certificate issuer:       /CN=76ad2abb73df96bcb1b1d1b8d99d35f5b9fd9828
Certificate serial:       018CC6B935C8D98361FCCD16F668CDD53EB4
Authority key identifier: 76:AD:2A:BB:73:DF:96:BC:B1:B1:D1:B8:D9:9D:35:F5:B9:FD:98:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dq0qu3PflryxsdG42Z019bn9mCg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/3cdd92-724a-4fd8-a5f8-370b3a87bf98/1/FmnHpZ9CH0axs1VGQuge-SIZhus.roa
Signing time:             Mon 01 Jan 2024 20:31:15 +0000
ROA not before:           Mon 01 Jan 2024 20:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215852
IP address blocks:        91.203.31.0/24 maxlen: 24
                          2001:67c:10bc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/3cdd92-724a-4fd8-a5f8-370b3a87bf98/1/dq0qu3PflryxsdG42Z019bn9mCg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/3cdd92-724a-4fd8-a5f8-370b3a87bf98/1/dq0qu3PflryxsdG42Z019bn9mCg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dq0qu3PflryxsdG42Z019bn9mCg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:35:c8:d9:83:61:fc:cd:16:f6:68:cd:d5:3e:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76ad2abb73df96bcb1b1d1b8d99d35f5b9fd9828
        Validity
            Not Before: Jan  1 20:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1669c7a59f421f46b1b3554642e81ef9221986eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:a2:a9:db:0c:f1:d8:81:c1:48:5a:02:41:4c:
                    54:ae:b5:23:78:df:c2:5c:d7:07:e7:2d:7b:77:0d:
                    cf:99:10:bb:bc:7c:70:ad:c3:c5:e3:b7:5c:92:5e:
                    ed:d1:a3:3b:3f:c5:7f:df:fa:fe:ce:18:19:05:f9:
                    2b:70:bc:c1:70:57:40:ca:63:ee:9b:08:53:6a:5c:
                    41:83:f7:de:9d:a7:ad:17:54:28:f4:4e:04:6c:b0:
                    53:0c:5a:8a:f7:eb:7e:5b:63:bf:04:9d:56:7c:f1:
                    52:36:b1:3c:08:4a:a2:f2:a4:1b:a1:93:1c:e8:93:
                    83:b7:a4:48:69:81:bc:d9:98:a3:ed:d5:f5:89:fc:
                    d8:ca:03:3a:0c:3d:ac:39:45:c6:18:f6:e8:41:85:
                    ec:c7:5f:99:24:14:1f:04:46:a2:17:31:3a:9d:19:
                    aa:43:83:a9:fb:ca:55:aa:39:cf:23:ab:ae:71:19:
                    5c:d0:39:ee:7e:e4:36:6c:ea:6a:14:82:ff:4b:92:
                    e1:95:4d:14:c4:45:86:d2:8f:7e:1e:09:38:8a:ae:
                    a1:01:0e:85:17:07:7f:4f:48:e2:96:51:f0:e4:0c:
                    c8:36:36:44:c7:c9:54:ff:cb:3f:67:55:7f:54:d2:
                    bf:74:67:94:9b:5a:11:8e:96:45:c0:e9:df:26:d2:
                    92:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:69:C7:A5:9F:42:1F:46:B1:B3:55:46:42:E8:1E:F9:22:19:86:EB
            X509v3 Authority Key Identifier:
                keyid:76:AD:2A:BB:73:DF:96:BC:B1:B1:D1:B8:D9:9D:35:F5:B9:FD:98:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dq0qu3PflryxsdG42Z019bn9mCg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/3cdd92-724a-4fd8-a5f8-370b3a87bf98/1/FmnHpZ9CH0axs1VGQuge-SIZhus.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/3cdd92-724a-4fd8-a5f8-370b3a87bf98/1/dq0qu3PflryxsdG42Z019bn9mCg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.203.31.0/24
                IPv6:
                  2001:67c:10bc::/48

    Signature Algorithm: sha256WithRSAEncryption
         42:f9:ea:52:b1:e1:8d:d9:9a:8a:3f:97:93:99:64:c8:d4:7c:
         04:ca:19:4e:64:7e:64:1f:32:92:d6:98:b1:01:04:c5:0b:e1:
         5c:bf:5f:72:28:17:51:a4:52:a1:af:4a:20:d8:cc:ce:95:d0:
         ac:4e:11:53:a8:9e:5a:8f:58:53:cb:66:dc:8e:28:66:6b:07:
         a4:29:dd:2f:18:1b:46:79:76:cd:eb:fa:a2:cc:74:53:4f:90:
         28:a2:df:70:66:1e:6d:18:24:ba:f8:6d:93:01:fa:f5:08:ba:
         bb:f7:c9:e7:7c:d6:05:dd:4b:a1:0a:22:bd:2d:7b:7d:cf:15:
         8d:45:cd:ac:71:8f:02:a1:b6:4e:e8:18:9c:65:5d:a2:23:cb:
         00:2d:ae:7c:97:df:ac:2e:4b:10:6f:4f:f6:0d:c3:24:b0:58:
         49:ca:52:49:91:46:e2:91:4d:92:fa:ea:43:49:c5:cc:3a:d0:
         3f:c7:77:3b:5e:64:27:96:87:d4:fe:bf:ae:08:3f:b7:c6:76:
         f1:e3:90:f7:95:f8:3c:3b:da:b5:4e:81:7b:f8:02:12:08:4c:
         45:32:7d:88:42:88:bb:4b:28:00:cc:22:67:9d:5a:fb:ec:94:
         1d:84:cd:4d:e7:21:3a:9a:27:db:4b:26:62:89:83:45:a2:57:
         b9:57:a7:26
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzGuTXI2YNh/M0W9mjN1T60MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2YWQyYWJiNzNkZjk2YmNiMWIxZDFiOGQ5OWQzNWY1Yjlm
ZDk4MjgwHhcNMjQwMTAxMjAzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjY5YzdhNTlmNDIxZjQ2YjFiMzU1NDY0MmU4MWVmOTIyMTk4NmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgKKp2wzx2IHBSFoCQUxUrrUjeN/C
XNcH5y17dw3PmRC7vHxwrcPF47dckl7t0aM7P8V/3/r+zhgZBfkrcLzBcFdAymPu
mwhTalxBg/fenaetF1Qo9E4EbLBTDFqK9+t+W2O/BJ1WfPFSNrE8CEqi8qQboZMc
6JODt6RIaYG82Zij7dX1ifzYygM6DD2sOUXGGPboQYXsx1+ZJBQfBEaiFzE6nRmq
Q4Op+8pVqjnPI6uucRlc0DnufuQ2bOpqFIL/S5LhlU0UxEWG0o9+Hgk4iq6hAQ6F
Fwd/T0jillHw5AzINjZEx8lU/8s/Z1V/VNK/dGeUm1oRjpZFwOnfJtKSHwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBZpx6WfQh9GsbNVRkLoHvkiGYbrMB8GA1UdIwQY
MBaAFHatKrtz35a8sbHRuNmdNfW5/ZgoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHEwcXUzUGZscnl4c2RHNDJaMDE5Ym45bUNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8zY2RkOTItNzI0YS00ZmQ4LWE1Zjgt
MzcwYjNhODdiZjk4LzEvRm1uSHBaOUNIMGF4czFWR1F1Z2UtU0laaHVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8zY2RkOTItNzI0YS00ZmQ4LWE1ZjgtMzcwYjNhODdiZjk4
LzEvZHEwcXUzUGZscnl4c2RHNDJaMDE5Ym45bUNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW8sfMA8E
AgACMAkDBwAgAQZ8ELwwDQYJKoZIhvcNAQELBQADggEBAEL56lKx4Y3Zmoo/l5OZ
ZMjUfATKGU5kfmQfMpLWmLEBBMUL4Vy/X3IoF1GkUqGvSiDYzM6V0KxOEVOonlqP
WFPLZtyOKGZrB6Qp3S8YG0Z5ds3r+qLMdFNPkCii33BmHm0YJLr4bZMB+vUIurv3
yed81gXdS6EKIr0te33PFY1FzaxxjwKhtk7oGJxlXaIjywAtrnyX36wuSxBvT/YN
wySwWEnKUkmRRuKRTZL66kNJxcw60D/HdzteZCeWh9T+v64IP7fGdvHjkPeV+Dw7
2rVOgXv4AhIITEUyfYhCiLtLKADMImedWvvslB2EzU3nITqaJ9tLJmKJg0WiV7lX
pyY=
-----END CERTIFICATE-----