Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/4a54fd-bbea-415a-b969-d69ef422c167/1/fcrjA77Rjtd3qiNk2eZGX2SFvxQ.roa
File:                     fcrjA77Rjtd3qiNk2eZGX2SFvxQ.roa (raw, json)
Hash identifier:          hltEPcBt9T94ZcNpv7aNsyaK+WPqLkLNnJYM269S4uM=
Subject key identifier:   7D:CA:E3:03:BE:D1:8E:D7:77:AA:23:64:D9:E6:46:5F:64:85:BF:14
Certificate issuer:       /CN=169ea0275c765e17603eb59eef39e2fab5380ef0
Certificate serial:       018CC94D8E0E73FE4E52D1BEA9085EDC3B33
Authority key identifier: 16:9E:A0:27:5C:76:5E:17:60:3E:B5:9E:EF:39:E2:FA:B5:38:0E:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fp6gJ1x2XhdgPrWe7zni-rU4DvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/4a54fd-bbea-415a-b969-d69ef422c167/1/fcrjA77Rjtd3qiNk2eZGX2SFvxQ.roa
Signing time:             Tue 02 Jan 2024 08:32:32 +0000
ROA not before:           Tue 02 Jan 2024 08:32:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44309
IP address blocks:        91.201.172.0/22 maxlen: 24
                          91.237.56.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/4a54fd-bbea-415a-b969-d69ef422c167/1/Fp6gJ1x2XhdgPrWe7zni-rU4DvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/4a54fd-bbea-415a-b969-d69ef422c167/1/Fp6gJ1x2XhdgPrWe7zni-rU4DvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fp6gJ1x2XhdgPrWe7zni-rU4DvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:8e:0e:73:fe:4e:52:d1:be:a9:08:5e:dc:3b:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=169ea0275c765e17603eb59eef39e2fab5380ef0
        Validity
            Not Before: Jan  2 08:32:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7dcae303bed18ed777aa2364d9e6465f6485bf14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:ec:fd:29:57:5c:c1:49:ab:57:4c:ae:cb:01:
                    27:d1:69:2f:1c:75:34:5e:89:be:58:7c:f5:fc:0b:
                    5c:a2:51:79:c8:e8:b4:55:69:d9:19:2a:a2:ff:7b:
                    e6:11:13:d3:76:84:70:0b:ba:05:22:ed:23:3e:fe:
                    29:82:d3:1a:cf:1c:f4:46:b7:50:c9:26:36:3b:6f:
                    96:2f:47:d1:00:16:a7:05:70:7e:2f:a7:f5:15:df:
                    97:f1:68:7a:1a:ed:52:f2:ea:b4:e0:d5:b2:94:9b:
                    52:fa:d3:0d:6f:ce:1f:0f:5c:0d:3f:3f:52:2d:37:
                    5b:4f:e1:0e:8a:1c:ca:73:9e:1a:b0:93:d6:4f:e0:
                    2a:4a:11:14:97:9f:43:b5:ff:12:a9:6a:b3:6b:25:
                    42:cc:31:ce:ea:51:90:5e:1a:a8:cf:7c:56:3c:d3:
                    08:89:e9:6f:c1:3e:6b:78:0b:01:1c:ae:a6:60:93:
                    95:d6:84:fa:1c:bf:f1:9d:d7:2b:ec:68:95:0b:70:
                    94:59:50:a6:8e:f6:d5:a5:78:32:73:31:17:04:5f:
                    9d:34:4e:76:ac:01:db:e3:2d:2a:5e:9a:11:c1:69:
                    dc:e9:5e:62:72:9d:e3:82:c7:15:dc:1d:00:79:8c:
                    69:ed:8d:f7:36:1a:19:72:d2:25:4a:4e:45:73:c8:
                    bd:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:CA:E3:03:BE:D1:8E:D7:77:AA:23:64:D9:E6:46:5F:64:85:BF:14
            X509v3 Authority Key Identifier:
                keyid:16:9E:A0:27:5C:76:5E:17:60:3E:B5:9E:EF:39:E2:FA:B5:38:0E:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fp6gJ1x2XhdgPrWe7zni-rU4DvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/4a54fd-bbea-415a-b969-d69ef422c167/1/fcrjA77Rjtd3qiNk2eZGX2SFvxQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/4a54fd-bbea-415a-b969-d69ef422c167/1/Fp6gJ1x2XhdgPrWe7zni-rU4DvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.201.172.0/22
                  91.237.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b0:55:8f:43:a4:30:ea:a6:4c:60:7b:74:f5:b4:87:d7:fb:50:
         99:25:2b:a0:7a:79:6d:d2:52:a0:c3:8f:e9:66:70:e7:87:90:
         e5:c3:26:d4:b2:1c:6a:bd:40:ec:a3:b5:4e:96:9d:e3:a6:6d:
         30:fb:a5:9e:91:c0:7d:19:af:e6:d5:62:a2:20:41:d9:3d:7f:
         ca:e1:2c:fb:14:f6:f0:1a:8c:a2:dc:0b:78:d7:2c:55:f4:f2:
         91:86:2c:6c:29:2f:4f:9e:69:37:6d:ae:a7:9e:b5:8d:2a:6b:
         62:61:86:1b:c5:6b:f5:3d:45:99:2d:9c:d9:e2:da:e4:86:5c:
         3d:4d:33:4c:50:6d:81:fb:59:3f:07:53:17:79:c9:3b:98:d5:
         4a:25:81:98:29:19:5a:18:97:ee:9d:be:9d:e9:e4:7d:8f:ff:
         6f:56:b9:09:f4:19:94:0f:c5:9d:3d:74:8d:63:44:de:4c:0b:
         24:d4:f3:ab:88:29:34:b4:fa:a1:b3:af:c0:88:e3:7f:52:fe:
         9d:b3:b5:86:d5:9c:0d:27:6a:f8:4a:9d:47:c7:e8:61:e3:93:
         bd:98:1d:39:cc:fa:48:60:37:8f:fe:dd:e9:b2:2f:fe:9e:e0:
         26:fc:ae:9c:16:a2:65:fa:4a:f3:ed:25:65:5b:d8:47:d0:82:
         ed:8c:46:4a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJTY4Oc/5OUtG+qQhe3DszMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2OWVhMDI3NWM3NjVlMTc2MDNlYjU5ZWVmMzllMmZhYjUz
ODBlZjAwHhcNMjQwMTAyMDgzMjMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGNhZTMwM2JlZDE4ZWQ3NzdhYTIzNjRkOWU2NDY1ZjY0ODViZjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArOz9KVdcwUmrV0yuywEn0WkvHHU0
Xom+WHz1/AtcolF5yOi0VWnZGSqi/3vmERPTdoRwC7oFIu0jPv4pgtMazxz0RrdQ
ySY2O2+WL0fRABanBXB+L6f1Fd+X8Wh6Gu1S8uq04NWylJtS+tMNb84fD1wNPz9S
LTdbT+EOihzKc54asJPWT+AqShEUl59Dtf8SqWqzayVCzDHO6lGQXhqoz3xWPNMI
ielvwT5reAsBHK6mYJOV1oT6HL/xndcr7GiVC3CUWVCmjvbVpXgyczEXBF+dNE52
rAHb4y0qXpoRwWnc6V5icp3jgscV3B0AeYxp7Y33NhoZctIlSk5Fc8i96wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH3K4wO+0Y7Xd6ojZNnmRl9khb8UMB8GA1UdIwQY
MBaAFBaeoCdcdl4XYD61nu854vq1OA7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnA2Z0oxeDJYaGRnUHJXZTd6bmktclU0RHZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi80YTU0ZmQtYmJlYS00MTVhLWI5Njkt
ZDY5ZWY0MjJjMTY3LzEvZmNyakE3N1JqdGQzcWlOazJlWkdYMlNGdnhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi80YTU0ZmQtYmJlYS00MTVhLWI5NjktZDY5ZWY0MjJjMTY3
LzEvRnA2Z0oxeDJYaGRnUHJXZTd6bmktclU0RHZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW8msAwQC
W+04MA0GCSqGSIb3DQEBCwUAA4IBAQCwVY9DpDDqpkxge3T1tIfX+1CZJSugenlt
0lKgw4/pZnDnh5DlwybUshxqvUDso7VOlp3jpm0w+6WekcB9Ga/m1WKiIEHZPX/K
4Sz7FPbwGoyi3At41yxV9PKRhixsKS9Pnmk3ba6nnrWNKmtiYYYbxWv1PUWZLZzZ
4trkhlw9TTNMUG2B+1k/B1MXeck7mNVKJYGYKRlaGJfunb6d6eR9j/9vVrkJ9BmU
D8WdPXSNY0TeTAsk1POriCk0tPqhs6/AiON/Uv6ds7WG1ZwNJ2r4Sp1Hx+hh45O9
mB05zPpIYDeP/t3psi/+nuAm/K6cFqJl+krz7SVlW9hH0ILtjEZK
-----END CERTIFICATE-----