Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/8d9bb5-b4e5-4344-891b-0807f96ca4a2/1/FrgpiGySO2oWsL9iFngnI7PbElc.roa
File:                     FrgpiGySO2oWsL9iFngnI7PbElc.roa (raw, json)
Hash identifier:          K8ZOrdKMvikDUKQOk+LhYtaLYhJs3NNoQsJnp3Y9dfE=
Subject key identifier:   16:B8:29:88:6C:92:3B:6A:16:B0:BF:62:16:78:27:23:B3:DB:12:57
Certificate issuer:       /CN=cb20e9aabbb6191546110235cf76c48384b451d0
Certificate serial:       01951D59C8EB1B4E36215DD7E8DFCF46FF28
Authority key identifier: CB:20:E9:AA:BB:B6:19:15:46:11:02:35:CF:76:C4:83:84:B4:51:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yyDpqru2GRVGEQI1z3bEg4S0UdA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/8d9bb5-b4e5-4344-891b-0807f96ca4a2/1/FrgpiGySO2oWsL9iFngnI7PbElc.roa
Signing time:             Wed 19 Feb 2025 08:36:18 +0000
ROA not before:           Wed 19 Feb 2025 08:36:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47376
IP address blocks:        91.222.196.0/24 maxlen: 24
                          91.222.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/8d9bb5-b4e5-4344-891b-0807f96ca4a2/1/yyDpqru2GRVGEQI1z3bEg4S0UdA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/8d9bb5-b4e5-4344-891b-0807f96ca4a2/1/yyDpqru2GRVGEQI1z3bEg4S0UdA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yyDpqru2GRVGEQI1z3bEg4S0UdA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:1d:59:c8:eb:1b:4e:36:21:5d:d7:e8:df:cf:46:ff:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb20e9aabbb6191546110235cf76c48384b451d0
        Validity
            Not Before: Feb 19 08:36:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=16b829886c923b6a16b0bf6216782723b3db1257
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:bb:2c:88:04:75:e6:cb:c2:84:bb:ea:6b:a0:
                    ab:25:63:2c:93:94:31:a3:16:c0:6f:d2:a2:e5:57:
                    e6:a2:65:5d:94:dc:62:44:eb:40:3d:29:fb:b2:67:
                    69:1f:82:4d:26:69:f3:47:25:fb:ab:da:32:79:c7:
                    3a:dc:1b:cc:70:18:33:77:a8:57:6a:aa:85:c7:59:
                    6f:81:24:e1:01:c7:a2:87:f5:44:b9:a4:12:3e:bd:
                    82:d9:9b:34:8a:72:ee:74:9a:ec:7c:60:da:5e:14:
                    f6:c1:6b:5f:69:18:15:b4:77:ee:84:28:d3:40:04:
                    ce:2d:cc:72:c7:1c:3d:69:18:46:d4:b1:2e:7e:9e:
                    34:8c:f1:70:e5:55:fe:46:dd:b5:7e:3c:8f:35:66:
                    a7:53:55:ac:db:fa:a8:10:a1:46:71:3e:a4:47:8b:
                    08:3d:97:09:3c:04:26:fb:a7:31:28:bc:b7:49:1c:
                    cc:62:57:2c:43:09:9a:46:17:12:78:9f:08:b6:5b:
                    7e:c2:53:33:ee:bb:7b:c3:dd:9a:4d:b8:fe:da:bd:
                    1c:a3:88:f4:ab:ca:90:d0:0f:4d:0d:f7:c1:11:c0:
                    2f:d2:b3:8b:7e:c5:4e:76:6d:39:c0:6b:68:2b:ab:
                    e6:ca:fd:ca:80:74:00:8a:b6:f5:35:9d:e3:5b:b3:
                    be:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:B8:29:88:6C:92:3B:6A:16:B0:BF:62:16:78:27:23:B3:DB:12:57
            X509v3 Authority Key Identifier:
                keyid:CB:20:E9:AA:BB:B6:19:15:46:11:02:35:CF:76:C4:83:84:B4:51:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yyDpqru2GRVGEQI1z3bEg4S0UdA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/8d9bb5-b4e5-4344-891b-0807f96ca4a2/1/FrgpiGySO2oWsL9iFngnI7PbElc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/8d9bb5-b4e5-4344-891b-0807f96ca4a2/1/yyDpqru2GRVGEQI1z3bEg4S0UdA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.222.196.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b2:e5:62:92:1a:0b:83:29:9e:e8:3b:7a:b1:5d:4e:a1:7e:d0:
         d4:ea:19:5f:95:98:68:85:9f:db:98:0a:36:74:fa:8d:2f:8f:
         81:dc:b0:76:9c:df:7e:26:05:92:6b:20:46:2d:22:23:c4:e9:
         71:7a:59:0c:04:c6:03:29:9c:87:31:89:ed:ae:10:3c:c7:c2:
         6a:08:48:c1:33:89:2a:47:50:13:82:45:dd:a2:b8:d8:64:c9:
         5f:48:3b:70:b3:b8:29:89:0a:08:24:90:65:4f:f7:41:c7:cf:
         d3:71:75:0f:98:15:ea:40:5c:87:30:f2:18:12:11:cc:9c:13:
         be:2a:5d:49:94:51:1a:4c:1d:a2:91:55:b4:dd:bd:4e:db:93:
         97:f0:1e:6e:ce:79:83:8f:df:e6:8e:b8:dd:a4:3c:6f:30:66:
         53:6c:bc:fa:4a:d7:d6:36:88:ba:0b:71:fe:e2:4e:f9:96:d5:
         44:6f:af:06:99:25:d8:ca:7f:b6:76:0a:6e:d2:dc:1c:92:25:
         8f:68:b2:e8:5c:c8:7c:1e:ad:9e:9a:c0:93:ee:64:23:fc:06:
         2f:6b:50:63:d6:f6:10:69:83:23:da:13:96:4f:4f:87:a7:20:
         88:d6:2e:aa:4a:bc:bd:7e:5a:46:4a:e1:a7:bf:54:43:44:53:
         76:99:b7:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUdWcjrG042IV3X6N/PRv8oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiMjBlOWFhYmJiNjE5MTU0NjExMDIzNWNmNzZjNDgzODRi
NDUxZDAwHhcNMjUwMjE5MDgzNjE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmI4Mjk4ODZjOTIzYjZhMTZiMGJmNjIxNjc4MjcyM2IzZGIxMjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyrssiAR15svChLvqa6CrJWMsk5Qx
oxbAb9Ki5VfmomVdlNxiROtAPSn7smdpH4JNJmnzRyX7q9oyecc63BvMcBgzd6hX
aqqFx1lvgSThAceih/VEuaQSPr2C2Zs0inLudJrsfGDaXhT2wWtfaRgVtHfuhCjT
QATOLcxyxxw9aRhG1LEufp40jPFw5VX+Rt21fjyPNWanU1Ws2/qoEKFGcT6kR4sI
PZcJPAQm+6cxKLy3SRzMYlcsQwmaRhcSeJ8Itlt+wlMz7rt7w92aTbj+2r0co4j0
q8qQ0A9NDffBEcAv0rOLfsVOdm05wGtoK6vmyv3KgHQAirb1NZ3jW7O+9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBa4KYhskjtqFrC/YhZ4JyOz2xJXMB8GA1UdIwQY
MBaAFMsg6aq7thkVRhECNc92xIOEtFHQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXlEcHFydTJHUlZHRVFJMXozYkVnNFMwVWRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi84ZDliYjUtYjRlNS00MzQ0LTg5MWIt
MDgwN2Y5NmNhNGEyLzEvRnJncGlHeVNPMm9Xc0w5aUZuZ25JN1BiRWxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi84ZDliYjUtYjRlNS00MzQ0LTg5MWItMDgwN2Y5NmNhNGEy
LzEveXlEcHFydTJHUlZHRVFJMXozYkVnNFMwVWRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW97EMA0G
CSqGSIb3DQEBCwUAA4IBAQCy5WKSGguDKZ7oO3qxXU6hftDU6hlflZhohZ/bmAo2
dPqNL4+B3LB2nN9+JgWSayBGLSIjxOlxelkMBMYDKZyHMYntrhA8x8JqCEjBM4kq
R1ATgkXdorjYZMlfSDtws7gpiQoIJJBlT/dBx8/TcXUPmBXqQFyHMPIYEhHMnBO+
Kl1JlFEaTB2ikVW03b1O25OX8B5uznmDj9/mjrjdpDxvMGZTbLz6StfWNoi6C3H+
4k75ltVEb68GmSXYyn+2dgpu0twckiWPaLLoXMh8Hq2emsCT7mQj/AYva1Bj1vYQ
aYMj2hOWT0+HpyCI1i6qSry9flpGSuGnv1RDRFN2mbe2
-----END CERTIFICATE-----