Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/fi5aq6IMrHYx0xvqOLsMO1cD1Go.roa
File:                     fi5aq6IMrHYx0xvqOLsMO1cD1Go.roa (raw, json)
Hash identifier:          z8lVeFgUlbbAao68sltw9h1KUSjuNb0TJ1VMUv8/qC4=
Subject key identifier:   7E:2E:5A:AB:A2:0C:AC:76:31:D3:1B:EA:38:BB:0C:3B:57:03:D4:6A
Certificate issuer:       /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial:       018E85659645E1AD05701CB4AC1EA87ECB92
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/fi5aq6IMrHYx0xvqOLsMO1cD1Go.roa
Signing time:             Thu 28 Mar 2024 14:10:11 +0000
ROA not before:           Thu 28 Mar 2024 14:10:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34665
IP address blocks:        91.188.245.0/24 maxlen: 24
                          176.119.143.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:85:65:96:45:e1:ad:05:70:1c:b4:ac:1e:a8:7e:cb:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
        Validity
            Not Before: Mar 28 14:10:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e2e5aaba20cac7631d31bea38bb0c3b5703d46a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:46:64:f7:b2:2d:a9:a9:d3:59:0f:4c:77:8c:
                    3d:64:3e:8d:5c:78:71:bf:f1:65:58:9d:f4:72:3a:
                    67:a3:0f:4a:27:b2:28:95:86:7f:06:52:bc:93:70:
                    9d:19:76:5e:de:ec:47:f7:36:9a:42:e2:95:e7:ad:
                    0a:4f:9a:f4:05:e9:10:b7:11:c3:c9:42:83:3c:c6:
                    5e:e4:3c:0e:59:be:fd:ac:0f:94:9a:6f:cf:38:be:
                    6b:99:49:f8:36:83:24:32:83:c5:ad:24:7b:ae:56:
                    78:8a:8c:30:12:5e:80:2d:22:12:37:88:97:8b:f9:
                    87:32:4a:24:43:a5:9f:ac:39:7b:74:36:c1:7d:90:
                    5a:8d:8c:7a:4a:2e:d7:5e:7a:19:df:2d:a8:21:03:
                    7e:ff:52:66:f2:27:58:3d:50:35:9a:2d:74:e8:30:
                    89:27:b2:71:1f:50:ce:9f:66:2e:90:ac:dd:a7:83:
                    58:91:93:07:cd:e4:aa:45:82:bb:8e:b7:15:56:b9:
                    85:7e:ea:59:38:ea:80:d4:10:66:5c:53:8d:0e:d1:
                    46:cc:3d:33:f7:ad:07:d6:92:45:f5:a2:23:5b:62:
                    b0:b7:e3:20:b0:c4:45:14:4d:90:ef:05:ea:0f:60:
                    81:a2:dc:fd:bb:cf:15:70:a4:34:64:f0:84:0a:21:
                    ed:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:2E:5A:AB:A2:0C:AC:76:31:D3:1B:EA:38:BB:0C:3B:57:03:D4:6A
            X509v3 Authority Key Identifier:
                keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/fi5aq6IMrHYx0xvqOLsMO1cD1Go.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.188.245.0/24
                  176.119.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:83:c6:b7:9f:c8:66:11:83:7c:a5:23:71:d0:83:f1:35:b8:
         d7:15:e5:e6:0e:98:0e:8e:9b:48:d0:60:d6:da:80:ef:3b:f8:
         6a:46:2b:7d:b7:55:8f:f2:79:74:6a:14:ef:47:07:bf:4e:3a:
         9a:36:49:ec:86:6e:74:06:76:c0:7b:a3:c5:74:d9:a4:59:b6:
         52:be:72:30:f6:b6:69:40:71:43:82:75:37:6f:a4:62:49:9f:
         93:c8:f9:94:97:89:9a:6d:a5:23:5a:15:2a:21:27:f3:ca:32:
         65:dc:6e:fc:af:f5:cd:ae:fe:49:0b:76:53:e0:cc:9e:6c:7d:
         ac:ee:55:b7:de:d9:2a:e3:c5:ab:89:44:f4:a5:f5:b2:45:37:
         2f:eb:bc:bc:11:f4:d4:54:df:e3:4c:c2:69:f4:6a:57:87:69:
         d6:3f:bf:da:39:8c:b0:8f:7a:4e:7a:58:e2:56:04:19:2d:79:
         fc:b7:18:aa:d1:d3:5b:ed:8b:b1:72:1a:03:61:3a:82:99:fe:
         d8:54:a6:2c:33:54:0d:c4:7d:07:d4:9f:34:2f:ba:1a:e8:8d:
         a8:43:9c:dc:ca:d3:16:2f:87:36:e3:8b:ac:f5:8d:a7:e5:13:
         3d:bf:24:22:6d:c9:a1:26:08:61:3e:73:f0:82:ca:87:bb:87:
         a1:fc:4f:99
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY6FZZZF4a0FcBy0rB6ofsuSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjQwMzI4MTQxMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTJlNWFhYmEyMGNhYzc2MzFkMzFiZWEzOGJiMGMzYjU3MDNkNDZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz0Zk97ItqanTWQ9Md4w9ZD6NXHhx
v/FlWJ30cjpnow9KJ7IolYZ/BlK8k3CdGXZe3uxH9zaaQuKV560KT5r0BekQtxHD
yUKDPMZe5DwOWb79rA+Umm/POL5rmUn4NoMkMoPFrSR7rlZ4iowwEl6ALSISN4iX
i/mHMkokQ6WfrDl7dDbBfZBajYx6Si7XXnoZ3y2oIQN+/1Jm8idYPVA1mi106DCJ
J7JxH1DOn2YukKzdp4NYkZMHzeSqRYK7jrcVVrmFfupZOOqA1BBmXFONDtFGzD0z
960H1pJF9aIjW2Kwt+MgsMRFFE2Q7wXqD2CBotz9u88VcKQ0ZPCECiHtGQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH4uWquiDKx2MdMb6ji7DDtXA9RqMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvZmk1YXE2SU1ySFl4MHh2cU9Mc01PMWNEMUdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW7z1AwQA
sHePMA0GCSqGSIb3DQEBCwUAA4IBAQCag8a3n8hmEYN8pSNx0IPxNbjXFeXmDpgO
jptI0GDW2oDvO/hqRit9t1WP8nl0ahTvRwe/TjqaNknshm50BnbAe6PFdNmkWbZS
vnIw9rZpQHFDgnU3b6RiSZ+TyPmUl4mabaUjWhUqISfzyjJl3G78r/XNrv5JC3ZT
4MyebH2s7lW33tkq48WriUT0pfWyRTcv67y8EfTUVN/jTMJp9GpXh2nWP7/aOYyw
j3pOeljiVgQZLXn8txiq0dNb7YuxchoDYTqCmf7YVKYsM1QNxH0H1J80L7oa6I2o
Q5zcytMWL4c244us9Y2n5RM9vyQibcmhJghhPnPwgsqHu4eh/E+Z
-----END CERTIFICATE-----