Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/3ee969-98d1-481a-a487-9a895467da85/1/FaPK4dABXX1JUG-DgodpiiYFyXk.roa
File:                     FaPK4dABXX1JUG-DgodpiiYFyXk.roa (raw, json)
Hash identifier:          8EnGZIA4ScfpCaGufhHcnmIDRY1lMTTgXZqEJ9E7v2g=
Subject key identifier:   15:A3:CA:E1:D0:01:5D:7D:49:50:6F:83:82:87:69:8A:26:05:C9:79
Certificate issuer:       /CN=c2510a8a525dc9b1ec0b1560d090a64268d42ec4
Certificate serial:       019420D5BB145B8B90C065B1D00F94F15BB1
Authority key identifier: C2:51:0A:8A:52:5D:C9:B1:EC:0B:15:60:D0:90:A6:42:68:D4:2E:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wlEKilJdybHsCxVg0JCmQmjULsQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/3ee969-98d1-481a-a487-9a895467da85/1/FaPK4dABXX1JUG-DgodpiiYFyXk.roa
Signing time:             Wed 01 Jan 2025 07:47:45 +0000
ROA not before:           Wed 01 Jan 2025 07:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20892
IP address blocks:        91.198.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/3ee969-98d1-481a-a487-9a895467da85/1/wlEKilJdybHsCxVg0JCmQmjULsQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/3ee969-98d1-481a-a487-9a895467da85/1/wlEKilJdybHsCxVg0JCmQmjULsQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wlEKilJdybHsCxVg0JCmQmjULsQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:bb:14:5b:8b:90:c0:65:b1:d0:0f:94:f1:5b:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2510a8a525dc9b1ec0b1560d090a64268d42ec4
        Validity
            Not Before: Jan  1 07:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=15a3cae1d0015d7d49506f838287698a2605c979
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:c8:06:4f:9c:89:9f:98:9e:30:62:8b:f8:ce:
                    54:ae:36:e2:4c:ff:d1:3a:fd:77:52:c3:93:81:0a:
                    0f:37:1d:6f:4c:20:f0:d2:10:88:52:aa:84:12:60:
                    fd:35:6b:b4:98:b7:7e:27:6a:ca:f2:70:56:10:40:
                    2b:5e:08:bd:5c:16:15:bc:1d:77:10:d4:ce:44:aa:
                    30:e4:a4:09:ba:bf:31:ae:da:8f:24:a1:89:28:ca:
                    b9:2e:fa:6d:f8:13:6d:d5:45:64:59:90:d9:b2:ec:
                    6c:8e:27:ff:35:7f:11:dd:2b:7a:9a:19:d4:fc:f3:
                    f6:ba:97:22:90:44:37:5e:60:f2:f7:a7:1b:d9:29:
                    ba:e9:fd:58:13:f1:2e:5c:d3:9f:43:ac:1a:50:c7:
                    33:00:ff:66:51:c6:7c:62:5a:01:7a:a7:ff:fd:d0:
                    32:5f:f2:86:37:02:06:25:b1:04:c3:2a:8b:c7:4d:
                    e8:31:22:a4:6c:4b:a3:73:0a:c4:40:64:8e:cd:e7:
                    09:52:a1:2b:3b:73:36:39:73:ba:25:b6:54:6f:b6:
                    c4:21:7b:c7:f5:63:4b:64:2c:83:94:39:67:c3:84:
                    c9:0e:28:f9:ef:d0:25:1b:68:04:6b:10:c1:40:b3:
                    56:93:e4:71:b7:20:c6:ff:53:fd:a0:c3:1c:ea:e3:
                    5d:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:A3:CA:E1:D0:01:5D:7D:49:50:6F:83:82:87:69:8A:26:05:C9:79
            X509v3 Authority Key Identifier:
                keyid:C2:51:0A:8A:52:5D:C9:B1:EC:0B:15:60:D0:90:A6:42:68:D4:2E:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wlEKilJdybHsCxVg0JCmQmjULsQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/3ee969-98d1-481a-a487-9a895467da85/1/FaPK4dABXX1JUG-DgodpiiYFyXk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/3ee969-98d1-481a-a487-9a895467da85/1/wlEKilJdybHsCxVg0JCmQmjULsQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:10:c0:f3:b4:91:27:d8:cb:f5:3e:d5:7c:ba:a9:3e:22:bb:
         9c:50:1b:32:93:56:72:a1:90:64:44:f0:81:11:39:d4:83:36:
         69:6a:cf:14:2e:11:c2:79:c9:34:30:15:81:fb:8e:79:ce:77:
         f9:6a:5b:1e:09:2f:0d:ac:39:4a:90:23:86:c3:7d:98:b8:35:
         16:47:81:18:4f:82:5b:57:b9:b4:41:e3:72:dc:66:3f:ee:20:
         a8:97:14:14:7d:64:4d:ba:c7:86:d0:dd:0c:c3:05:93:bc:66:
         70:df:e1:f4:ee:3e:ec:22:b7:bc:1f:44:82:78:80:0d:55:4f:
         4e:51:f4:b5:bc:39:78:61:91:b3:79:b6:7b:dc:a1:9e:f4:20:
         9d:d5:76:78:60:61:db:fb:76:ce:5f:05:3e:76:2d:83:fa:af:
         ab:ad:e9:aa:5d:bc:c7:6c:84:63:c9:dc:3b:15:a1:cd:17:80:
         a8:2c:4c:ef:6a:41:5f:20:09:c1:1d:a0:fb:7c:22:12:8e:13:
         5a:09:17:d5:6e:e1:d6:8e:0a:5e:7f:9d:85:0b:5b:4f:1f:2a:
         a3:e2:31:9a:69:f6:42:6b:3b:04:81:0e:58:b2:1b:6d:74:f4:
         cd:cf:e2:46:dd:5d:31:e9:95:67:ea:4d:f8:03:57:66:fe:61:
         08:ee:80:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1bsUW4uQwGWx0A+U8VuxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNTEwYThhNTI1ZGM5YjFlYzBiMTU2MGQwOTBhNjQyNjhk
NDJlYzQwHhcNMjUwMTAxMDc0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWEzY2FlMWQwMDE1ZDdkNDk1MDZmODM4Mjg3Njk4YTI2MDVjOTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxcgGT5yJn5ieMGKL+M5UrjbiTP/R
Ov13UsOTgQoPNx1vTCDw0hCIUqqEEmD9NWu0mLd+J2rK8nBWEEArXgi9XBYVvB13
ENTORKow5KQJur8xrtqPJKGJKMq5Lvpt+BNt1UVkWZDZsuxsjif/NX8R3St6mhnU
/PP2upcikEQ3XmDy96cb2Sm66f1YE/EuXNOfQ6waUMczAP9mUcZ8YloBeqf//dAy
X/KGNwIGJbEEwyqLx03oMSKkbEujcwrEQGSOzecJUqErO3M2OXO6JbZUb7bEIXvH
9WNLZCyDlDlnw4TJDij579AlG2gEaxDBQLNWk+RxtyDG/1P9oMMc6uNdcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBWjyuHQAV19SVBvg4KHaYomBcl5MB8GA1UdIwQY
MBaAFMJRCopSXcmx7AsVYNCQpkJo1C7EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2xFS2lsSmR5YkhzQ3hWZzBKQ21RbWpVTHNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC8zZWU5NjktOThkMS00ODFhLWE0ODct
OWE4OTU0NjdkYTg1LzEvRmFQSzRkQUJYWDFKVUctRGdvZHBpaVlGeVhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC8zZWU5NjktOThkMS00ODFhLWE0ODctOWE4OTU0NjdkYTg1
LzEvd2xFS2lsSmR5YkhzQ3hWZzBKQ21RbWpVTHNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8bWMA0G
CSqGSIb3DQEBCwUAA4IBAQCzEMDztJEn2Mv1PtV8uqk+IrucUBsyk1ZyoZBkRPCB
ETnUgzZpas8ULhHCeck0MBWB+455znf5alseCS8NrDlKkCOGw32YuDUWR4EYT4Jb
V7m0QeNy3GY/7iColxQUfWRNuseG0N0MwwWTvGZw3+H07j7sIre8H0SCeIANVU9O
UfS1vDl4YZGzebZ73KGe9CCd1XZ4YGHb+3bOXwU+di2D+q+rremqXbzHbIRjydw7
FaHNF4CoLEzvakFfIAnBHaD7fCISjhNaCRfVbuHWjgpef52FC1tPHyqj4jGaafZC
azsEgQ5YshttdPTNz+JG3V0x6ZVn6k34A1dm/mEI7oDx
-----END CERTIFICATE-----