Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/e8667a-b7fd-4ea8-bae9-6007bbad86d6/1/1-giUKEnD3u3FwkxXomLY8KfRUEE.roa
File:                     1-giUKEnD3u3FwkxXomLY8KfRUEE.roa (raw, json)
Hash identifier:          gPXC75XyxcVCUJtsqqf7+gpTJ3eIocttFSEgDJ9QlWo=
Subject key identifier:   FA:08:94:28:49:C3:DE:ED:C5:C2:4C:57:A2:62:D8:F0:A7:D1:50:41
Certificate issuer:       /CN=f16ea3f0330b2132d0df752f51f0e0bfef3d1bae
Certificate serial:       018CC725DA71E9F7F8B3524C365D5AD18513
Authority key identifier: F1:6E:A3:F0:33:0B:21:32:D0:DF:75:2F:51:F0:E0:BF:EF:3D:1B:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8W6j8DMLITLQ33UvUfDgv-89G64.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/e8667a-b7fd-4ea8-bae9-6007bbad86d6/1/1-giUKEnD3u3FwkxXomLY8KfRUEE.roa
Signing time:             Mon 01 Jan 2024 22:29:55 +0000
ROA not before:           Mon 01 Jan 2024 22:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25352
IP address blocks:        91.212.48.0/24 maxlen: 24
                          195.190.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/e8667a-b7fd-4ea8-bae9-6007bbad86d6/1/8W6j8DMLITLQ33UvUfDgv-89G64.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/e8667a-b7fd-4ea8-bae9-6007bbad86d6/1/8W6j8DMLITLQ33UvUfDgv-89G64.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8W6j8DMLITLQ33UvUfDgv-89G64.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 19:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:da:71:e9:f7:f8:b3:52:4c:36:5d:5a:d1:85:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f16ea3f0330b2132d0df752f51f0e0bfef3d1bae
        Validity
            Not Before: Jan  1 22:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa08942849c3deedc5c24c57a262d8f0a7d15041
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:62:3c:26:96:50:5b:eb:cf:66:3a:6e:f3:96:
                    27:de:60:83:14:ae:d2:5e:b8:6a:a8:8b:99:dd:b2:
                    33:27:c6:f6:bd:b5:1a:96:0a:89:ff:4c:46:8a:4a:
                    b6:d5:22:82:e1:47:32:a4:d2:20:2f:61:c9:f5:b2:
                    ce:3e:42:d4:08:1c:ff:ec:d5:a8:7f:1f:27:11:29:
                    c8:69:65:34:f8:ec:14:d4:1f:6f:89:1a:05:9f:5b:
                    e3:53:29:d7:b9:c6:38:aa:33:8c:ea:16:77:ed:35:
                    6b:b0:90:51:7b:96:c0:d0:da:ae:e7:01:4c:aa:37:
                    12:67:f4:93:e3:cc:1d:d2:99:9a:f6:be:fe:70:6a:
                    c8:19:f8:55:c3:40:10:c5:95:86:79:a2:49:4d:06:
                    d2:7f:55:e8:c5:2c:f5:13:a7:2a:60:56:94:05:76:
                    6e:16:8d:51:82:b0:3d:02:af:4f:03:99:c6:09:26:
                    95:15:64:a9:21:78:01:ca:69:01:c3:fe:39:3d:61:
                    fc:47:2c:b4:7d:3f:95:9f:c5:2a:5d:4e:41:a5:94:
                    ac:c1:4d:f9:9e:3b:5a:39:b9:69:64:b9:d4:f5:9c:
                    f5:c0:fb:d6:2a:1d:cd:ac:fd:cd:03:b4:16:e0:de:
                    cc:df:f3:bd:6b:e7:63:72:95:70:7c:82:36:53:92:
                    af:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:08:94:28:49:C3:DE:ED:C5:C2:4C:57:A2:62:D8:F0:A7:D1:50:41
            X509v3 Authority Key Identifier:
                keyid:F1:6E:A3:F0:33:0B:21:32:D0:DF:75:2F:51:F0:E0:BF:EF:3D:1B:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8W6j8DMLITLQ33UvUfDgv-89G64.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/e8667a-b7fd-4ea8-bae9-6007bbad86d6/1/1-giUKEnD3u3FwkxXomLY8KfRUEE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/e8667a-b7fd-4ea8-bae9-6007bbad86d6/1/8W6j8DMLITLQ33UvUfDgv-89G64.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.48.0/24
                  195.190.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:97:84:da:c9:21:49:0b:2b:ed:16:fb:c2:93:21:f9:7c:4a:
         3c:07:00:79:41:d1:c6:a3:0a:34:c0:dc:3e:80:d3:1a:96:73:
         a8:d4:a8:50:0e:ee:a0:fb:bb:60:29:30:a9:89:83:97:50:e3:
         9f:1e:3d:8b:e0:ab:97:89:ab:78:a9:74:71:2f:39:2e:48:21:
         b2:50:44:5a:6e:ae:88:fd:88:f5:2d:cb:8e:1b:23:b0:92:e8:
         e8:fa:10:38:4c:cd:44:2d:5e:51:a9:1e:7f:9e:91:71:18:88:
         de:55:c6:d9:45:1c:70:7d:38:05:52:c7:9a:13:15:65:8c:e7:
         d0:bd:d5:18:5d:25:95:c3:2d:2b:8b:ed:49:c1:d6:be:c2:9d:
         04:3d:89:2f:2b:c8:46:54:78:87:b5:a0:7f:ae:34:94:6c:32:
         13:f7:12:2f:20:fe:dc:55:f8:58:dd:37:32:7e:74:af:a7:d0:
         85:f6:5b:25:02:f8:5f:96:0d:96:14:0f:c0:9a:65:5c:dd:16:
         12:9f:d6:66:f2:93:0d:aa:81:62:48:a8:fd:05:27:07:b1:b7:
         58:87:16:94:69:0c:a1:83:90:d2:e0:29:bf:82:a4:56:25:e0:
         53:eb:ba:4a:96:e0:65:eb:13:f6:4e:01:5c:08:32:1c:ce:10:
         5b:c0:9f:11
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAYzHJdpx6ff4s1JMNl1a0YUTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxNmVhM2YwMzMwYjIxMzJkMGRmNzUyZjUxZjBlMGJmZWYz
ZDFiYWUwHhcNMjQwMTAxMjIyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTA4OTQyODQ5YzNkZWVkYzVjMjRjNTdhMjYyZDhmMGE3ZDE1MDQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjWI8JpZQW+vPZjpu85Yn3mCDFK7S
XrhqqIuZ3bIzJ8b2vbUalgqJ/0xGikq21SKC4UcypNIgL2HJ9bLOPkLUCBz/7NWo
fx8nESnIaWU0+OwU1B9viRoFn1vjUynXucY4qjOM6hZ37TVrsJBRe5bA0Nqu5wFM
qjcSZ/ST48wd0pma9r7+cGrIGfhVw0AQxZWGeaJJTQbSf1XoxSz1E6cqYFaUBXZu
Fo1RgrA9Aq9PA5nGCSaVFWSpIXgBymkBw/45PWH8Ryy0fT+Vn8UqXU5BpZSswU35
njtaOblpZLnU9Zz1wPvWKh3NrP3NA7QW4N7M3/O9a+djcpVwfII2U5KvSQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPoIlChJw97txcJMV6Ji2PCn0VBBMB8GA1UdIwQY
MBaAFPFuo/AzCyEy0N91L1Hw4L/vPRuuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFc2ajhETUxJVExRMzNVdlVmRGd2LTg5RzY0LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9lODY2N2EtYjdmZC00ZWE4LWJhZTkt
NjAwN2JiYWQ4NmQ2LzEvMS1naVVLRW5EM3UzRndreFhvbUxZOEtmUlVFRS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNWMvZTg2NjdhLWI3ZmQtNGVhOC1iYWU5LTYwMDdiYmFkODZk
Ni8xLzhXNmo4RE1MSVRMUTMzVXZVZkRndi04OUc2NC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAFvUMAME
AMO+gDANBgkqhkiG9w0BAQsFAAOCAQEAR5eE2skhSQsr7Rb7wpMh+XxKPAcAeUHR
xqMKNMDcPoDTGpZzqNSoUA7uoPu7YCkwqYmDl1Djnx49i+Crl4mreKl0cS85Lkgh
slBEWm6uiP2I9S3LjhsjsJLo6PoQOEzNRC1eUakef56RcRiI3lXG2UUccH04BVLH
mhMVZYzn0L3VGF0llcMtK4vtScHWvsKdBD2JLyvIRlR4h7Wgf640lGwyE/cSLyD+
3FX4WN03Mn50r6fQhfZbJQL4X5YNlhQPwJplXN0WEp/WZvKTDaqBYkio/QUnB7G3
WIcWlGkMoYOQ0uApv4KkViXgU+u6SpbgZesT9k4BXAgyHM4QW8CfEQ==
-----END CERTIFICATE-----