Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/F6zbrzBlyC67MrZUSwba1px5z_g.roa
File:                     F6zbrzBlyC67MrZUSwba1px5z_g.roa (raw, json)
Hash identifier:          T4dWGvwSQE4/gFTGFhbs68pKgMQwx+f3jum/vphzhQQ=
Subject key identifier:   17:AC:DB:AF:30:65:C8:2E:BB:32:B6:54:4B:06:DA:D6:9C:79:CF:F8
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018CC2DB3F60CDC23157B00F59DD9274B5D2
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/F6zbrzBlyC67MrZUSwba1px5z_g.roa
Signing time:             Mon 01 Jan 2024 02:29:57 +0000
ROA not before:           Mon 01 Jan 2024 02:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     399091
IP address blocks:        91.242.100.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 03:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:3f:60:cd:c2:31:57:b0:0f:59:dd:92:74:b5:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 02:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=17acdbaf3065c82ebb32b6544b06dad69c79cff8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:ee:c9:b9:e7:16:4b:9a:39:4a:87:64:53:0c:
                    93:01:8c:fe:ba:14:e8:36:d4:d0:f1:75:ff:1b:c9:
                    58:70:05:c6:0d:11:ec:7d:b8:90:17:69:7b:9d:43:
                    a1:6e:75:ad:9d:ec:64:ef:a0:ab:d5:bd:da:79:05:
                    dc:0f:65:e6:d7:0f:84:05:29:77:98:ec:e7:c2:cb:
                    a4:ea:4c:15:1a:90:92:19:fc:95:c8:f7:e8:d9:3b:
                    73:4b:73:e2:83:d5:ad:cf:fa:66:84:5f:19:24:70:
                    fc:ca:af:11:57:f0:28:62:33:b5:01:a0:21:2a:b8:
                    81:ab:55:60:30:c4:73:93:7f:a6:9f:a6:57:7a:c6:
                    80:43:34:61:64:35:81:b5:70:3b:c0:59:28:a4:fb:
                    67:90:9b:ab:7c:b4:bc:00:69:0d:8c:04:02:b0:fa:
                    d0:ac:b4:86:ed:75:e4:7d:90:09:0e:be:14:30:5b:
                    e2:84:01:f7:c6:db:dc:f6:30:6a:c4:a3:33:19:4a:
                    df:a4:7a:88:3a:1f:41:3a:7c:6f:2e:79:62:46:82:
                    09:80:80:ef:40:57:99:08:e5:02:7c:25:dd:20:e9:
                    e8:cf:e6:43:eb:85:c0:cd:c6:99:d5:47:d9:1f:9f:
                    ba:03:b8:de:12:b0:50:54:89:32:84:9a:3b:ff:14:
                    10:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:AC:DB:AF:30:65:C8:2E:BB:32:B6:54:4B:06:DA:D6:9C:79:CF:F8
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/F6zbrzBlyC67MrZUSwba1px5z_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.242.100.0/23

    Signature Algorithm: sha256WithRSAEncryption
         23:3f:9c:6c:69:54:34:eb:8f:b7:6f:16:6b:65:38:54:5c:bb:
         07:75:b0:d0:11:ba:23:cc:1d:24:12:69:54:f3:f0:32:82:22:
         37:5f:3b:1f:27:4e:9e:57:06:42:bf:3a:b4:dc:15:3e:c4:da:
         0b:59:47:ac:7e:16:2c:de:fb:e5:ae:8c:97:a2:48:3b:47:06:
         29:d5:a2:e8:d3:ed:62:d9:cd:58:e7:90:74:04:6e:a1:4d:b0:
         d9:a2:0f:e4:4a:40:e5:9d:86:d7:c9:3c:f4:99:35:43:af:d2:
         de:bd:9a:bc:b4:fa:00:6c:04:a3:13:cf:55:6c:74:bd:be:fa:
         cf:ff:6a:6f:d3:f9:78:70:8f:84:b4:9c:94:cc:e0:42:be:3f:
         0f:0e:b0:a3:b7:72:4b:3e:60:65:fd:29:16:85:53:8d:8c:f1:
         c5:51:85:34:ea:71:df:b3:31:b7:51:37:c0:ad:22:f1:a0:b8:
         40:65:38:10:dd:1a:b5:77:60:e9:97:ce:74:77:b2:aa:45:53:
         ed:48:ff:69:83:07:78:6c:70:57:f0:b2:ea:5e:3d:6f:a6:47:
         e3:f5:9b:70:49:10:23:f9:45:16:f6:f4:18:91:30:77:e7:a6:
         54:62:42:88:87:30:b6:98:db:01:c0:0a:7a:60:12:05:10:09:
         69:95:3c:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2z9gzcIxV7APWd2SdLXSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMTAxMDIyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2FjZGJhZjMwNjVjODJlYmIzMmI2NTQ0YjA2ZGFkNjljNzljZmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0+7JuecWS5o5SodkUwyTAYz+uhTo
NtTQ8XX/G8lYcAXGDRHsfbiQF2l7nUOhbnWtnexk76Cr1b3aeQXcD2Xm1w+EBSl3
mOznwsuk6kwVGpCSGfyVyPfo2TtzS3Pig9Wtz/pmhF8ZJHD8yq8RV/AoYjO1AaAh
KriBq1VgMMRzk3+mn6ZXesaAQzRhZDWBtXA7wFkopPtnkJurfLS8AGkNjAQCsPrQ
rLSG7XXkfZAJDr4UMFvihAH3xtvc9jBqxKMzGUrfpHqIOh9BOnxvLnliRoIJgIDv
QFeZCOUCfCXdIOnoz+ZD64XAzcaZ1UfZH5+6A7jeErBQVIkyhJo7/xQQRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBes268wZcguuzK2VEsG2tacec/4MB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvRjZ6YnJ6Qmx5QzY3TXJaVVN3YmExcHg1el9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW/JkMA0G
CSqGSIb3DQEBCwUAA4IBAQAjP5xsaVQ064+3bxZrZThUXLsHdbDQEbojzB0kEmlU
8/AygiI3XzsfJ06eVwZCvzq03BU+xNoLWUesfhYs3vvlroyXokg7RwYp1aLo0+1i
2c1Y55B0BG6hTbDZog/kSkDlnYbXyTz0mTVDr9LevZq8tPoAbASjE89VbHS9vvrP
/2pv0/l4cI+EtJyUzOBCvj8PDrCjt3JLPmBl/SkWhVONjPHFUYU06nHfszG3UTfA
rSLxoLhAZTgQ3Rq1d2Dpl850d7KqRVPtSP9pgwd4bHBX8LLqXj1vpkfj9ZtwSRAj
+UUW9vQYkTB356ZUYkKIhzC2mNsBwAp6YBIFEAlplTyk
-----END CERTIFICATE-----