Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/48e976-3707-4685-a5f9-961b78d9d4bc/1/V9PW0vh9iZJvLb7aWmakaRKOgtE.roa
File:                     V9PW0vh9iZJvLb7aWmakaRKOgtE.roa (raw, json)
Hash identifier:          nIxnVqrV5cnezsDu8CVxbl3+jI7yYUo4P/Oy1z8MovM=
Subject key identifier:   57:D3:D6:D2:F8:7D:89:92:6F:2D:BE:DA:5A:66:A4:69:12:8E:82:D1
Certificate issuer:       /CN=fadbe65b28ff25667409cce635be096e3e6defca
Certificate serial:       018CCA98FBE46EF9F607CA2F7D650951984E
Authority key identifier: FA:DB:E6:5B:28:FF:25:66:74:09:CC:E6:35:BE:09:6E:3E:6D:EF:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-tvmWyj_JWZ0CczmNb4Jbj5t78o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/48e976-3707-4685-a5f9-961b78d9d4bc/1/V9PW0vh9iZJvLb7aWmakaRKOgtE.roa
Signing time:             Tue 02 Jan 2024 14:34:32 +0000
ROA not before:           Tue 02 Jan 2024 14:34:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20712
IP address blocks:        91.208.66.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/48e976-3707-4685-a5f9-961b78d9d4bc/1/1-tvmWyj_JWZ0CczmNb4Jbj5t78o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/48e976-3707-4685-a5f9-961b78d9d4bc/1/1-tvmWyj_JWZ0CczmNb4Jbj5t78o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-tvmWyj_JWZ0CczmNb4Jbj5t78o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:03:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:98:fb:e4:6e:f9:f6:07:ca:2f:7d:65:09:51:98:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fadbe65b28ff25667409cce635be096e3e6defca
        Validity
            Not Before: Jan  2 14:34:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57d3d6d2f87d89926f2dbeda5a66a469128e82d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:6b:95:fc:d9:94:83:56:e3:d2:34:0e:c9:5e:
                    54:57:2a:af:cc:85:a5:f0:4d:da:aa:45:83:24:bf:
                    16:1e:1a:9e:7c:57:a2:51:b3:7b:07:a1:ff:6f:99:
                    36:1a:44:ac:e3:83:eb:71:ac:e4:ab:25:44:e7:9b:
                    30:c9:8d:63:08:d4:2b:79:ee:33:bc:b1:73:e9:41:
                    34:c2:eb:83:61:09:a9:8f:0e:44:ca:b3:02:88:9b:
                    d8:30:26:6c:87:6e:d5:bf:03:d5:fc:d4:60:f8:ce:
                    ab:42:d0:5f:e7:81:9e:ea:1b:92:2f:a1:22:91:20:
                    e2:f3:f1:ed:c6:63:cd:85:b0:05:6b:35:d5:63:07:
                    4d:f0:b8:2d:05:8b:3b:d6:d2:00:ec:52:3b:d4:d1:
                    19:61:3a:3c:b3:35:2b:a7:f2:e3:df:3e:aa:97:ef:
                    78:d0:e4:c4:41:91:49:57:ac:0f:5c:c6:f8:6a:c0:
                    84:b1:2a:72:94:2a:29:6d:2e:07:0d:4b:66:bf:45:
                    89:80:f2:ce:76:d0:7a:ec:b5:c6:80:88:f0:d6:dc:
                    39:06:77:8f:c7:2d:a8:2a:86:18:74:bf:d6:a9:ab:
                    ee:9c:ae:7c:9d:62:a1:06:59:8a:7c:21:6b:48:93:
                    fa:40:7a:bb:73:8a:80:c7:28:2f:68:39:50:14:9a:
                    f4:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:D3:D6:D2:F8:7D:89:92:6F:2D:BE:DA:5A:66:A4:69:12:8E:82:D1
            X509v3 Authority Key Identifier:
                keyid:FA:DB:E6:5B:28:FF:25:66:74:09:CC:E6:35:BE:09:6E:3E:6D:EF:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-tvmWyj_JWZ0CczmNb4Jbj5t78o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/48e976-3707-4685-a5f9-961b78d9d4bc/1/V9PW0vh9iZJvLb7aWmakaRKOgtE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/48e976-3707-4685-a5f9-961b78d9d4bc/1/1-tvmWyj_JWZ0CczmNb4Jbj5t78o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:fd:5e:be:db:99:e5:f4:57:79:c5:d5:06:b4:8b:26:bc:89:
         af:16:f3:cc:10:71:53:4a:c1:4f:fe:eb:3c:09:2d:30:bf:bd:
         c1:23:b6:2b:14:26:d8:ae:0a:3b:19:e4:ea:2b:c9:72:6a:de:
         ec:ef:99:f7:a8:cb:3a:af:38:3f:96:c5:07:9b:48:8d:e3:72:
         16:8a:80:c0:4e:2a:2d:da:ef:6e:ae:0c:29:ef:31:fc:39:60:
         84:3f:25:b3:ba:85:0c:e4:f4:b9:5d:f1:f1:18:8b:d3:5b:0c:
         ef:4f:4d:12:35:c5:bb:9d:36:13:22:00:86:c3:53:b2:b9:22:
         6c:60:05:77:d3:83:10:71:6f:be:e5:6d:21:be:8e:ef:44:1d:
         2b:97:08:98:9d:aa:22:7e:65:58:18:92:8a:ca:9b:e7:dd:09:
         52:6c:3d:7a:88:52:91:39:87:5f:bf:dd:d6:e5:3b:60:bd:1a:
         3e:f7:05:a7:a8:70:fe:fc:a8:66:dd:60:a5:3e:eb:ea:26:b4:
         67:26:85:35:10:4f:a7:69:8e:8b:b6:00:73:38:6b:c3:d5:9f:
         91:74:42:88:ed:72:d0:0b:ba:ab:2b:50:8a:3d:4b:84:1b:1a:
         80:fc:cc:50:cf:6b:24:18:bc:e8:82:7d:0e:e3:97:a1:9b:fd:
         0c:e8:d0:87
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzKmPvkbvn2B8ovfWUJUZhOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhZGJlNjViMjhmZjI1NjY3NDA5Y2NlNjM1YmUwOTZlM2U2
ZGVmY2EwHhcNMjQwMTAyMTQzNDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2QzZDZkMmY4N2Q4OTkyNmYyZGJlZGE1YTY2YTQ2OTEyOGU4MmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl2uV/NmUg1bj0jQOyV5UVyqvzIWl
8E3aqkWDJL8WHhqefFeiUbN7B6H/b5k2GkSs44PrcazkqyVE55swyY1jCNQree4z
vLFz6UE0wuuDYQmpjw5EyrMCiJvYMCZsh27VvwPV/NRg+M6rQtBf54Ge6huSL6Ei
kSDi8/HtxmPNhbAFazXVYwdN8LgtBYs71tIA7FI71NEZYTo8szUrp/Lj3z6ql+94
0OTEQZFJV6wPXMb4asCEsSpylCopbS4HDUtmv0WJgPLOdtB67LXGgIjw1tw5BneP
xy2oKoYYdL/WqavunK58nWKhBlmKfCFrSJP6QHq7c4qAxygvaDlQFJr09QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFFfT1tL4fYmSby2+2lpmpGkSjoLRMB8GA1UdIwQY
MBaAFPrb5lso/yVmdAnM5jW+CW4+be/KMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS10dm1XeWpfSldaMENjem1OYjRKYmo1dDc4by5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2MvNDhlOTc2LTM3MDctNDY4NS1hNWY5
LTk2MWI3OGQ5ZDRiYy8xL1Y5UFcwdmg5aVpKdkxiN2FXbWFrYVJLT2d0RS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvN2MvNDhlOTc2LTM3MDctNDY4NS1hNWY5LTk2MWI3OGQ5ZDRi
Yy8xLzEtdHZtV3lqX0pXWjBDY3ptTmI0SmJqNXQ3OG8uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABb0EIw
DQYJKoZIhvcNAQELBQADggEBACj9Xr7bmeX0V3nF1Qa0iya8ia8W88wQcVNKwU/+
6zwJLTC/vcEjtisUJtiuCjsZ5OoryXJq3uzvmfeoyzqvOD+WxQebSI3jchaKgMBO
Ki3a726uDCnvMfw5YIQ/JbO6hQzk9Lld8fEYi9NbDO9PTRI1xbudNhMiAIbDU7K5
ImxgBXfTgxBxb77lbSG+ju9EHSuXCJidqiJ+ZVgYkorKm+fdCVJsPXqIUpE5h1+/
3dblO2C9Gj73BaeocP78qGbdYKU+6+omtGcmhTUQT6dpjou2AHM4a8PVn5F0Qojt
ctALuqsrUIo9S4QbGoD8zFDPayQYvOiCfQ7jl6Gb/Qzo0Ic=
-----END CERTIFICATE-----