Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/dd7beb-6f78-419b-957d-37a60c335a5d/1/F2X4-EdsFIP7Tnrxi4WIykzvmz8.roa
File:                     F2X4-EdsFIP7Tnrxi4WIykzvmz8.roa (raw, json)
Hash identifier:          2KVdUkvqGXgufFYwQdb4xntuReEvjTtqwf6NAGXHi3I=
Subject key identifier:   17:65:F8:F8:47:6C:14:83:FB:4E:7A:F1:8B:85:88:CA:4C:EF:9B:3F
Certificate issuer:       /CN=7e45a9a0353a33c6a4f93608f9d25f27c85948b7
Certificate serial:       018CC8024133C1228B2008CAAE655A64FE93
Authority key identifier: 7E:45:A9:A0:35:3A:33:C6:A4:F9:36:08:F9:D2:5F:27:C8:59:48:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fkWpoDU6M8ak-TYI-dJfJ8hZSLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/dd7beb-6f78-419b-957d-37a60c335a5d/1/F2X4-EdsFIP7Tnrxi4WIykzvmz8.roa
Signing time:             Tue 02 Jan 2024 02:30:40 +0000
ROA not before:           Tue 02 Jan 2024 02:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207120
IP address blocks:        91.209.142.0/24 maxlen: 24
                          185.113.0.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/dd7beb-6f78-419b-957d-37a60c335a5d/1/fkWpoDU6M8ak-TYI-dJfJ8hZSLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/dd7beb-6f78-419b-957d-37a60c335a5d/1/fkWpoDU6M8ak-TYI-dJfJ8hZSLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fkWpoDU6M8ak-TYI-dJfJ8hZSLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:41:33:c1:22:8b:20:08:ca:ae:65:5a:64:fe:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e45a9a0353a33c6a4f93608f9d25f27c85948b7
        Validity
            Not Before: Jan  2 02:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1765f8f8476c1483fb4e7af18b8588ca4cef9b3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:80:1f:c2:d5:e5:1f:42:9b:fc:ef:f8:9b:2a:
                    f0:97:47:b1:21:94:19:b4:67:55:66:1c:f9:7f:03:
                    58:68:d3:09:e5:e3:5b:c4:0e:70:8a:95:d9:5e:3c:
                    d8:06:52:2c:83:9f:e0:cc:f6:18:f3:77:de:01:00:
                    54:4e:a9:36:39:79:d0:e1:56:2f:c2:f5:44:3d:80:
                    eb:96:5b:8f:69:9e:e0:f9:e4:b4:db:9a:a5:f5:b0:
                    b8:ac:a3:15:00:38:e3:85:25:05:7a:71:16:c6:63:
                    4f:78:3c:00:d2:62:28:55:6f:bb:e2:cb:d3:ff:c8:
                    03:b3:af:a1:d0:8a:44:85:09:a6:63:ca:37:20:52:
                    4f:cb:d1:0a:3c:2c:7e:bc:7a:88:45:fd:7f:cf:f2:
                    85:a2:a1:45:b7:40:ec:3b:74:b0:b1:8d:9f:9b:91:
                    d6:e2:18:87:f6:74:a5:4b:93:da:ca:f7:bb:8e:7f:
                    67:f6:ff:56:43:61:a1:6a:e3:b4:bc:5f:e8:87:45:
                    da:85:5b:38:1a:cd:50:92:ab:87:25:71:4b:52:d0:
                    ea:1b:30:66:f3:aa:b6:a7:34:08:5c:29:70:72:4a:
                    bd:04:d8:3e:bd:3e:41:5f:85:38:32:bd:86:32:75:
                    ce:70:b6:03:ed:1d:b5:63:95:dd:c7:92:e3:25:12:
                    3f:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:65:F8:F8:47:6C:14:83:FB:4E:7A:F1:8B:85:88:CA:4C:EF:9B:3F
            X509v3 Authority Key Identifier:
                keyid:7E:45:A9:A0:35:3A:33:C6:A4:F9:36:08:F9:D2:5F:27:C8:59:48:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fkWpoDU6M8ak-TYI-dJfJ8hZSLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/dd7beb-6f78-419b-957d-37a60c335a5d/1/F2X4-EdsFIP7Tnrxi4WIykzvmz8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/dd7beb-6f78-419b-957d-37a60c335a5d/1/fkWpoDU6M8ak-TYI-dJfJ8hZSLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.142.0/24
                  185.113.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2b:ae:89:ae:0b:81:2f:00:c2:4e:3c:f1:86:8a:83:c7:7a:3e:
         18:5b:6b:65:14:3a:81:46:0d:b8:e0:d3:53:58:bd:d6:2f:8a:
         94:b8:08:a7:43:f8:47:4a:b9:62:db:1a:f1:33:e0:36:63:16:
         2a:0e:f6:ed:5c:cc:61:ef:e8:e1:59:e3:70:5f:32:77:80:75:
         59:de:ae:eb:6e:ea:1c:dc:2e:55:5d:e7:ec:be:ab:b4:63:f3:
         8e:b6:3c:d7:86:87:dc:cf:3d:38:55:43:1f:cf:35:cc:98:db:
         bf:08:a1:d0:e6:8c:ba:1e:26:43:d2:c2:e1:d6:9f:72:ba:01:
         d8:ed:5d:6c:67:7c:f3:0d:1f:98:da:48:05:d2:d9:5b:c3:96:
         f9:55:0b:57:26:20:ed:bc:a6:cf:fa:b6:dd:8d:2a:ec:16:50:
         76:f6:52:09:bd:89:ca:88:3c:89:3b:dc:a0:b8:c1:5c:87:cb:
         08:b8:ac:ef:99:3b:2f:bf:49:72:e3:b9:26:22:9f:c9:78:ee:
         33:4c:d5:d9:e5:b2:e6:ff:61:a9:e0:f3:56:36:5e:ff:4e:e8:
         a3:01:e8:c2:0c:7e:48:d2:4d:2e:91:d2:cd:d7:09:b8:93:31:
         19:58:cf:89:78:08:d0:66:e9:b6:10:b3:61:8d:de:f2:d0:fe:
         38:0b:5d:7a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAkEzwSKLIAjKrmVaZP6TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlNDVhOWEwMzUzYTMzYzZhNGY5MzYwOGY5ZDI1ZjI3Yzg1
OTQ4YjcwHhcNMjQwMTAyMDIzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzY1ZjhmODQ3NmMxNDgzZmI0ZTdhZjE4Yjg1ODhjYTRjZWY5YjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkYAfwtXlH0Kb/O/4myrwl0exIZQZ
tGdVZhz5fwNYaNMJ5eNbxA5wipXZXjzYBlIsg5/gzPYY83feAQBUTqk2OXnQ4VYv
wvVEPYDrlluPaZ7g+eS025ql9bC4rKMVADjjhSUFenEWxmNPeDwA0mIoVW+74svT
/8gDs6+h0IpEhQmmY8o3IFJPy9EKPCx+vHqIRf1/z/KFoqFFt0DsO3SwsY2fm5HW
4hiH9nSlS5Payve7jn9n9v9WQ2GhauO0vF/oh0XahVs4Gs1QkquHJXFLUtDqGzBm
86q2pzQIXClwckq9BNg+vT5BX4U4Mr2GMnXOcLYD7R21Y5Xdx5LjJRI/xQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBdl+PhHbBSD+0568YuFiMpM75s/MB8GA1UdIwQY
MBaAFH5FqaA1OjPGpPk2CPnSXyfIWUi3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmtXcG9EVTZNOGFrLVRZSS1kSmZKOGhaU0xjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9kZDdiZWItNmY3OC00MTliLTk1N2Qt
MzdhNjBjMzM1YTVkLzEvRjJYNC1FZHNGSVA3VG5yeGk0V0l5a3p2bXo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9kZDdiZWItNmY3OC00MTliLTk1N2QtMzdhNjBjMzM1YTVk
LzEvZmtXcG9EVTZNOGFrLVRZSS1kSmZKOGhaU0xjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9GOAwQC
uXEAMA0GCSqGSIb3DQEBCwUAA4IBAQArromuC4EvAMJOPPGGioPHej4YW2tlFDqB
Rg244NNTWL3WL4qUuAinQ/hHSrli2xrxM+A2YxYqDvbtXMxh7+jhWeNwXzJ3gHVZ
3q7rbuoc3C5VXefsvqu0Y/OOtjzXhofczz04VUMfzzXMmNu/CKHQ5oy6HiZD0sLh
1p9yugHY7V1sZ3zzDR+Y2kgF0tlbw5b5VQtXJiDtvKbP+rbdjSrsFlB29lIJvYnK
iDyJO9yguMFch8sIuKzvmTsvv0ly47kmIp/JeO4zTNXZ5bLm/2Gp4PNWNl7/Tuij
AejCDH5I0k0ukdLN1wm4kzEZWM+JeAjQZum2ELNhjd7y0P44C116
-----END CERTIFICATE-----