Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/9183d4-0779-49c4-96f7-8202a467d753/1/ffTNedAo1k_aUDDvHXkyQliR0W0.roa
File:                     ffTNedAo1k_aUDDvHXkyQliR0W0.roa (raw, json)
Hash identifier:          w6XBYRfWdW5Ffkmr0EBxtqzdmlwoZ4rCdGclxzW1gms=
Subject key identifier:   7D:F4:CD:79:D0:28:D6:4F:DA:50:30:EF:1D:79:32:42:58:91:D1:6D
Certificate issuer:       /CN=de9461c211bf3551c5507c930b4204c6ec43b322
Certificate serial:       018CC493594FDDD9FA73C8FD95525CA1B738
Authority key identifier: DE:94:61:C2:11:BF:35:51:C5:50:7C:93:0B:42:04:C6:EC:43:B3:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3pRhwhG_NVHFUHyTC0IExuxDsyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/9183d4-0779-49c4-96f7-8202a467d753/1/ffTNedAo1k_aUDDvHXkyQliR0W0.roa
Signing time:             Mon 01 Jan 2024 10:30:40 +0000
ROA not before:           Mon 01 Jan 2024 10:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209242
IP address blocks:        91.193.58.0/23 maxlen: 23
                          91.192.106.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/9183d4-0779-49c4-96f7-8202a467d753/1/3pRhwhG_NVHFUHyTC0IExuxDsyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/9183d4-0779-49c4-96f7-8202a467d753/1/3pRhwhG_NVHFUHyTC0IExuxDsyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3pRhwhG_NVHFUHyTC0IExuxDsyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:59:4f:dd:d9:fa:73:c8:fd:95:52:5c:a1:b7:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de9461c211bf3551c5507c930b4204c6ec43b322
        Validity
            Not Before: Jan  1 10:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7df4cd79d028d64fda5030ef1d7932425891d16d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:cb:dc:4b:9c:bc:98:b8:88:f3:65:df:f3:b1:
                    a9:ae:21:25:88:82:e9:8b:8c:02:7f:50:17:a6:db:
                    d9:81:d7:41:48:73:57:91:b8:2b:1c:e0:3e:18:6c:
                    17:88:5b:f8:a9:dc:ab:9b:3d:60:85:0e:f6:49:6a:
                    1f:48:94:22:01:64:4c:c2:1c:cd:34:fa:2d:5f:e3:
                    55:eb:c4:68:b2:3e:a9:70:89:3a:c6:ec:36:31:89:
                    38:b6:bc:2d:3d:ff:8c:3c:ee:0d:e0:ed:1b:51:3d:
                    f9:9b:cc:84:9b:3d:80:1f:ea:dd:b9:c3:3a:5a:bb:
                    bb:7c:aa:fb:a5:d7:52:7d:8d:af:6d:84:f0:c5:10:
                    db:71:94:85:18:0a:be:1b:0f:f5:2a:8a:f1:cc:fc:
                    4f:5f:de:e0:82:f6:2d:fd:fd:64:75:31:32:ce:53:
                    ca:97:b8:75:ac:83:ce:a0:d4:70:f4:c7:2e:6c:b6:
                    be:0e:e9:21:88:aa:76:cc:0b:79:9a:79:b8:cf:52:
                    23:8d:a0:59:00:0b:b7:46:5a:19:34:28:f2:e1:5e:
                    7e:b2:64:20:0d:ef:05:07:d1:a4:64:9b:ce:66:26:
                    8e:7a:be:50:0f:87:49:9b:0e:21:55:3e:f1:4a:f0:
                    8f:49:a5:20:76:65:4d:f0:7b:2c:6c:a7:72:00:79:
                    31:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:F4:CD:79:D0:28:D6:4F:DA:50:30:EF:1D:79:32:42:58:91:D1:6D
            X509v3 Authority Key Identifier:
                keyid:DE:94:61:C2:11:BF:35:51:C5:50:7C:93:0B:42:04:C6:EC:43:B3:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3pRhwhG_NVHFUHyTC0IExuxDsyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/9183d4-0779-49c4-96f7-8202a467d753/1/ffTNedAo1k_aUDDvHXkyQliR0W0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/9183d4-0779-49c4-96f7-8202a467d753/1/3pRhwhG_NVHFUHyTC0IExuxDsyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.192.106.0/23
                  91.193.58.0/23

    Signature Algorithm: sha256WithRSAEncryption
         94:92:f3:de:ef:ad:80:58:09:12:1d:fd:03:bb:ef:6c:cb:57:
         2d:d2:6e:49:5f:52:03:5b:72:fc:ec:6a:78:d8:c0:bf:33:f0:
         19:92:0a:0b:8a:c9:dc:92:9b:07:b3:9b:3b:94:0e:68:de:90:
         a1:3c:5b:06:96:1c:ce:b7:dc:d2:b1:20:80:65:48:44:8a:e4:
         50:d0:67:c8:6f:f7:6a:e1:00:c2:b8:33:d2:02:fb:07:17:03:
         00:8c:bf:53:7f:a2:1e:74:bd:2b:8a:2b:e0:64:b4:18:78:79:
         00:c9:fb:9c:91:68:11:11:18:ea:5e:24:c7:45:7b:e8:bf:a7:
         22:c5:f5:cb:0c:1e:3b:2b:21:cd:5b:d9:df:ab:22:98:d9:77:
         f0:39:93:aa:98:44:8f:ae:ed:d3:60:75:ec:59:ea:24:fc:cd:
         9d:c8:33:1a:e2:40:f3:06:0f:51:7b:cc:2e:d9:a9:3b:2c:c8:
         c3:2e:1e:e8:68:e0:4f:95:ba:41:8d:71:75:05:61:c8:6c:ab:
         c4:32:a9:7b:4e:96:3e:18:08:e1:8e:76:24:97:50:79:67:e7:
         26:08:d4:74:28:2f:5f:78:51:49:13:de:21:7d:63:cc:7c:39:
         62:06:52:8c:ba:6c:7d:ea:3a:57:19:34:06:ef:b6:8b:a5:ef:
         ff:2d:29:74
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEk1lP3dn6c8j9lVJcobc4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlOTQ2MWMyMTFiZjM1NTFjNTUwN2M5MzBiNDIwNGM2ZWM0
M2IzMjIwHhcNMjQwMTAxMTAzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGY0Y2Q3OWQwMjhkNjRmZGE1MDMwZWYxZDc5MzI0MjU4OTFkMTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs8vcS5y8mLiI82Xf87GpriEliILp
i4wCf1AXptvZgddBSHNXkbgrHOA+GGwXiFv4qdyrmz1ghQ72SWofSJQiAWRMwhzN
NPotX+NV68Rosj6pcIk6xuw2MYk4trwtPf+MPO4N4O0bUT35m8yEmz2AH+rducM6
Wru7fKr7pddSfY2vbYTwxRDbcZSFGAq+Gw/1KorxzPxPX97ggvYt/f1kdTEyzlPK
l7h1rIPOoNRw9McubLa+DukhiKp2zAt5mnm4z1IjjaBZAAu3RloZNCjy4V5+smQg
De8FB9GkZJvOZiaOer5QD4dJmw4hVT7xSvCPSaUgdmVN8HssbKdyAHkxsQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH30zXnQKNZP2lAw7x15MkJYkdFtMB8GA1UdIwQY
MBaAFN6UYcIRvzVRxVB8kwtCBMbsQ7MiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3BSaHdoR19OVkhGVUh5VEMwSUV4dXhEc3lJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy85MTgzZDQtMDc3OS00OWM0LTk2Zjct
ODIwMmE0NjdkNzUzLzEvZmZUTmVkQW8xa19hVUREdkhYa3lRbGlSMFcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy85MTgzZDQtMDc3OS00OWM0LTk2ZjctODIwMmE0NjdkNzUz
LzEvM3BSaHdoR19OVkhGVUh5VEMwSUV4dXhEc3lJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW8BqAwQB
W8E6MA0GCSqGSIb3DQEBCwUAA4IBAQCUkvPe762AWAkSHf0Du+9sy1ct0m5JX1ID
W3L87Gp42MC/M/AZkgoLisnckpsHs5s7lA5o3pChPFsGlhzOt9zSsSCAZUhEiuRQ
0GfIb/dq4QDCuDPSAvsHFwMAjL9Tf6IedL0riivgZLQYeHkAyfuckWgRERjqXiTH
RXvov6cixfXLDB47KyHNW9nfqyKY2XfwOZOqmESPru3TYHXsWeok/M2dyDMa4kDz
Bg9Re8wu2ak7LMjDLh7oaOBPlbpBjXF1BWHIbKvEMql7TpY+GAjhjnYkl1B5Z+cm
CNR0KC9feFFJE94hfWPMfDliBlKMumx96jpXGTQG77aLpe//LSl0
-----END CERTIFICATE-----