Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/02610f-6913-4049-97f0-a2eda946ed29/1/fBcfXEjOBGbI5ioH2sW2sEgAjsM.roa
File:                     fBcfXEjOBGbI5ioH2sW2sEgAjsM.roa (raw, json)
Hash identifier:          3h8mYNIN7y1mNjA7QCdeaKUIkHPpeN+9yoBixyFePs0=
Subject key identifier:   7C:17:1F:5C:48:CE:04:66:C8:E6:2A:07:DA:C5:B6:B0:48:00:8E:C3
Certificate issuer:       /CN=6951d4551d26a51c0f92b77c2d378fb34758b877
Certificate serial:       018CC56E1A7CDCFEF4ED2CA37079D594C213
Authority key identifier: 69:51:D4:55:1D:26:A5:1C:0F:92:B7:7C:2D:37:8F:B3:47:58:B8:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aVHUVR0mpRwPkrd8LTePs0dYuHc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/02610f-6913-4049-97f0-a2eda946ed29/1/fBcfXEjOBGbI5ioH2sW2sEgAjsM.roa
Signing time:             Mon 01 Jan 2024 14:29:36 +0000
ROA not before:           Mon 01 Jan 2024 14:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196658
IP address blocks:        91.213.102.0/24 maxlen: 24
                          146.0.88.0/21 maxlen: 21
                          185.195.88.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/02610f-6913-4049-97f0-a2eda946ed29/1/aVHUVR0mpRwPkrd8LTePs0dYuHc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/02610f-6913-4049-97f0-a2eda946ed29/1/aVHUVR0mpRwPkrd8LTePs0dYuHc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aVHUVR0mpRwPkrd8LTePs0dYuHc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:1a:7c:dc:fe:f4:ed:2c:a3:70:79:d5:94:c2:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6951d4551d26a51c0f92b77c2d378fb34758b877
        Validity
            Not Before: Jan  1 14:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c171f5c48ce0466c8e62a07dac5b6b048008ec3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:85:56:47:b2:50:02:ad:e5:69:cd:c3:02:02:
                    7c:a8:ce:f3:46:b9:58:f1:c3:40:d4:ac:f1:8e:a2:
                    71:f0:c6:d3:25:9f:4c:c0:08:cd:0b:58:b1:98:0a:
                    c1:0d:8d:f3:28:d1:d0:cc:4f:a3:3a:e6:5c:b2:00:
                    03:98:a8:f3:98:a4:9f:63:f3:34:fe:7f:2f:b6:8c:
                    97:64:00:0c:61:36:0b:2e:5e:b8:c3:59:f7:ba:ba:
                    91:2f:f1:77:6a:97:0b:2c:94:0d:89:c1:5e:d3:83:
                    af:4e:49:51:08:17:5c:1e:c3:ec:99:61:be:cd:3a:
                    39:15:ef:cd:0e:0a:d5:cb:ab:02:28:6f:e1:2b:aa:
                    0a:74:32:cc:6b:ce:7f:79:0e:9c:6e:9b:15:35:83:
                    db:45:9d:97:50:9f:ae:79:ca:3d:ac:e2:94:ca:fa:
                    d5:91:8a:64:91:cd:19:0e:5a:ea:4a:d2:62:1b:27:
                    ff:0e:ba:79:51:79:75:f3:c2:98:8e:35:f5:83:e9:
                    75:99:2f:0c:48:33:5b:30:10:f8:47:24:c9:fa:e0:
                    d5:01:63:58:2e:44:ec:f4:b6:4e:30:9f:d2:ab:b4:
                    45:8a:aa:59:e6:55:aa:d1:98:a8:00:c5:60:db:49:
                    79:28:36:00:86:c3:5d:a3:62:f4:4b:ef:df:48:61:
                    66:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:17:1F:5C:48:CE:04:66:C8:E6:2A:07:DA:C5:B6:B0:48:00:8E:C3
            X509v3 Authority Key Identifier:
                keyid:69:51:D4:55:1D:26:A5:1C:0F:92:B7:7C:2D:37:8F:B3:47:58:B8:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aVHUVR0mpRwPkrd8LTePs0dYuHc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/02610f-6913-4049-97f0-a2eda946ed29/1/fBcfXEjOBGbI5ioH2sW2sEgAjsM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/02610f-6913-4049-97f0-a2eda946ed29/1/aVHUVR0mpRwPkrd8LTePs0dYuHc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.102.0/24
                  146.0.88.0/21
                  185.195.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         95:cc:60:6e:39:bd:51:cd:c0:03:9f:1d:09:95:98:56:fe:0c:
         05:dd:91:5a:29:62:94:b9:7e:33:72:ba:66:9d:76:68:64:89:
         95:29:66:2f:fa:f2:b0:ba:b1:00:d1:cc:6d:51:f3:01:6e:48:
         eb:2c:ae:a6:e3:a0:f2:86:7e:34:98:06:0f:e6:2d:cb:de:9d:
         32:03:e1:3c:14:68:d4:db:5a:63:1a:c0:7f:5a:fd:c7:cf:87:
         91:63:fa:72:25:2c:d2:99:51:85:91:a2:01:d4:dd:1f:45:59:
         e1:d7:4f:97:7a:28:98:14:35:e0:f2:2a:19:9d:7e:7f:a4:d4:
         59:01:f5:0e:7a:12:b6:54:4d:02:f9:69:a6:14:2c:b3:2a:fe:
         25:0a:e9:32:ad:f4:09:56:76:be:f4:8d:7a:16:fd:2f:71:f8:
         f6:ce:76:eb:47:3d:7f:a6:77:14:d1:7c:fa:31:93:aa:c3:c1:
         6d:37:91:c2:c0:48:94:2a:72:fe:a2:aa:32:59:63:7f:13:1b:
         d0:e5:ec:8b:3d:15:75:b9:68:a1:cb:bf:d3:59:58:b1:e4:cb:
         4f:09:dd:57:06:85:07:0b:43:d9:8c:3e:a4:c6:82:b1:e2:6d:
         e0:d3:57:90:31:67:89:7b:ee:2b:9c:11:21:0a:c1:ee:7a:82:
         15:b8:cd:b9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzFbhp83P707SyjcHnVlMITMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5NTFkNDU1MWQyNmE1MWMwZjkyYjc3YzJkMzc4ZmIzNDc1
OGI4NzcwHhcNMjQwMTAxMTQyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzE3MWY1YzQ4Y2UwNDY2YzhlNjJhMDdkYWM1YjZiMDQ4MDA4ZWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqIVWR7JQAq3lac3DAgJ8qM7zRrlY
8cNA1KzxjqJx8MbTJZ9MwAjNC1ixmArBDY3zKNHQzE+jOuZcsgADmKjzmKSfY/M0
/n8vtoyXZAAMYTYLLl64w1n3urqRL/F3apcLLJQNicFe04OvTklRCBdcHsPsmWG+
zTo5Fe/NDgrVy6sCKG/hK6oKdDLMa85/eQ6cbpsVNYPbRZ2XUJ+ueco9rOKUyvrV
kYpkkc0ZDlrqStJiGyf/Drp5UXl188KYjjX1g+l1mS8MSDNbMBD4RyTJ+uDVAWNY
LkTs9LZOMJ/Sq7RFiqpZ5lWq0ZioAMVg20l5KDYAhsNdo2L0S+/fSGFmtQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHwXH1xIzgRmyOYqB9rFtrBIAI7DMB8GA1UdIwQY
MBaAFGlR1FUdJqUcD5K3fC03j7NHWLh3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVZIVVZSMG1wUndQa3JkOExUZVBzMGRZdUhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8wMjYxMGYtNjkxMy00MDQ5LTk3ZjAt
YTJlZGE5NDZlZDI5LzEvZkJjZlhFak9CR2JJNWlvSDJzVzJzRWdBanNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8wMjYxMGYtNjkxMy00MDQ5LTk3ZjAtYTJlZGE5NDZlZDI5
LzEvYVZIVVZSMG1wUndQa3JkOExUZVBzMGRZdUhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW9VmAwQD
kgBYAwQCucNYMA0GCSqGSIb3DQEBCwUAA4IBAQCVzGBuOb1RzcADnx0JlZhW/gwF
3ZFaKWKUuX4zcrpmnXZoZImVKWYv+vKwurEA0cxtUfMBbkjrLK6m46Dyhn40mAYP
5i3L3p0yA+E8FGjU21pjGsB/Wv3Hz4eRY/pyJSzSmVGFkaIB1N0fRVnh10+XeiiY
FDXg8ioZnX5/pNRZAfUOehK2VE0C+WmmFCyzKv4lCukyrfQJVna+9I16Fv0vcfj2
znbrRz1/pncU0Xz6MZOqw8FtN5HCwEiUKnL+oqoyWWN/ExvQ5eyLPRV1uWihy7/T
WVix5MtPCd1XBoUHC0PZjD6kxoKx4m3g01eQMWeJe+4rnBEhCsHueoIVuM25
-----END CERTIFICATE-----