Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/8ff537-71e0-403b-979e-1ef7ef17fa43/1/_fI-7S9ZgiooZeexXWA41atmup8.roa
File:                     _fI-7S9ZgiooZeexXWA41atmup8.roa (raw, json)
Hash identifier:          T1iMhU4XK6ZiMWqF6/v1zioJ/PqjpqoZAKVM15IZG14=
Subject key identifier:   FD:F2:3E:ED:2F:59:82:2A:28:65:E7:B1:5D:60:38:D5:AB:66:BA:9F
Certificate issuer:       /CN=6dbd51576b4a93460a465af35e6bf550f5548894
Certificate serial:       018CC8DED903BE56FC86216A88F005019460
Authority key identifier: 6D:BD:51:57:6B:4A:93:46:0A:46:5A:F3:5E:6B:F5:50:F5:54:88:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bb1RV2tKk0YKRlrzXmv1UPVUiJQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/8ff537-71e0-403b-979e-1ef7ef17fa43/1/_fI-7S9ZgiooZeexXWA41atmup8.roa
Signing time:             Tue 02 Jan 2024 06:31:36 +0000
ROA not before:           Tue 02 Jan 2024 06:31:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39406
IP address blocks:        91.212.68.0/24 maxlen: 24
                          188.68.82.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/8ff537-71e0-403b-979e-1ef7ef17fa43/1/bb1RV2tKk0YKRlrzXmv1UPVUiJQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/8ff537-71e0-403b-979e-1ef7ef17fa43/1/bb1RV2tKk0YKRlrzXmv1UPVUiJQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bb1RV2tKk0YKRlrzXmv1UPVUiJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:d9:03:be:56:fc:86:21:6a:88:f0:05:01:94:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6dbd51576b4a93460a465af35e6bf550f5548894
        Validity
            Not Before: Jan  2 06:31:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fdf23eed2f59822a2865e7b15d6038d5ab66ba9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:31:1f:f9:e7:21:7c:d2:80:36:43:3f:68:03:
                    59:6b:be:3d:16:ea:93:b0:d7:f3:04:0e:5e:f6:b9:
                    28:b1:31:79:8c:8b:b0:2f:09:f8:83:84:b1:a0:ce:
                    de:d3:9a:03:bb:f7:e9:49:80:d2:df:e5:2c:a7:c1:
                    a1:cf:43:11:30:9b:67:0d:59:ec:19:bf:7a:df:96:
                    04:89:1e:69:d9:77:41:87:e1:65:90:b9:00:9c:7e:
                    89:3c:bd:9e:36:f1:35:b3:43:40:98:aa:8e:c0:44:
                    14:67:03:b5:23:02:40:37:a0:7b:17:57:bd:29:ec:
                    e1:d6:cd:45:b3:67:c6:41:8e:ba:59:53:d1:33:dc:
                    e7:d3:b8:9f:5e:e7:b0:6e:93:d2:6d:c4:87:5a:1c:
                    c5:c3:7e:e4:13:bc:15:8b:b9:95:1b:7b:48:4b:8e:
                    e0:c1:e6:87:f2:b3:7c:06:07:d3:3a:f1:c0:4f:9d:
                    62:7d:8a:0a:59:4d:44:18:19:c3:5c:31:ff:73:3c:
                    f7:32:ce:a5:45:c9:08:61:b6:fa:5b:04:ea:d9:8a:
                    3a:33:f2:12:80:d1:87:9b:a3:c1:68:6c:eb:d8:35:
                    86:c1:b0:23:50:43:8d:aa:3c:64:c1:8b:29:2a:4a:
                    c3:80:59:f2:4b:6c:12:60:f4:8e:74:e4:29:b1:94:
                    4f:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:F2:3E:ED:2F:59:82:2A:28:65:E7:B1:5D:60:38:D5:AB:66:BA:9F
            X509v3 Authority Key Identifier:
                keyid:6D:BD:51:57:6B:4A:93:46:0A:46:5A:F3:5E:6B:F5:50:F5:54:88:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb1RV2tKk0YKRlrzXmv1UPVUiJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/8ff537-71e0-403b-979e-1ef7ef17fa43/1/_fI-7S9ZgiooZeexXWA41atmup8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/8ff537-71e0-403b-979e-1ef7ef17fa43/1/bb1RV2tKk0YKRlrzXmv1UPVUiJQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.68.0/24
                  188.68.82.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a1:6a:31:07:5f:56:c6:c1:1f:10:3a:3f:99:15:4b:c9:44:73:
         cc:75:6e:06:05:59:7a:a3:2f:a9:bd:5f:87:0b:d8:b8:5c:2f:
         aa:23:34:99:a7:ec:ae:b4:65:4b:c6:78:52:77:9a:99:d7:ce:
         d2:7c:52:c0:56:c9:e2:f7:35:ee:23:a5:30:e1:aa:bc:b1:66:
         94:89:7e:53:1b:46:06:71:60:6d:6a:9d:6d:e5:02:b2:ce:e2:
         69:c3:b1:a7:9f:b5:4f:ea:58:88:1f:a3:24:64:30:9f:9d:fa:
         de:30:29:34:c8:f0:c6:96:26:a7:8d:fa:a6:3e:c2:4a:fa:c9:
         9e:54:a5:07:09:b2:d5:17:00:58:73:59:c0:19:73:81:cb:05:
         da:00:b1:8e:c2:67:26:f6:be:01:58:37:bb:41:ad:00:df:97:
         91:b5:f0:c1:cb:68:59:8a:42:16:ae:05:bd:ee:78:98:50:57:
         3e:e0:e7:d2:82:61:7a:14:59:64:66:a7:56:0e:58:8e:f9:b4:
         4f:eb:ef:03:27:fb:11:ce:d9:2d:7b:27:36:fc:2b:58:cc:35:
         e9:2f:28:af:8f:aa:c4:c5:53:9f:62:e4:02:e6:9f:28:6b:9d:
         0e:4d:8a:66:e6:90:d2:e8:33:f3:70:90:cf:25:50:f7:6e:80:
         2a:cf:ed:a6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3tkDvlb8hiFqiPAFAZRgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkYmQ1MTU3NmI0YTkzNDYwYTQ2NWFmMzVlNmJmNTUwZjU1
NDg4OTQwHhcNMjQwMTAyMDYzMTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGYyM2VlZDJmNTk4MjJhMjg2NWU3YjE1ZDYwMzhkNWFiNjZiYTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqjEf+echfNKANkM/aANZa749FuqT
sNfzBA5e9rkosTF5jIuwLwn4g4SxoM7e05oDu/fpSYDS3+Usp8Ghz0MRMJtnDVns
Gb9635YEiR5p2XdBh+FlkLkAnH6JPL2eNvE1s0NAmKqOwEQUZwO1IwJAN6B7F1e9
Kezh1s1Fs2fGQY66WVPRM9zn07ifXuewbpPSbcSHWhzFw37kE7wVi7mVG3tIS47g
weaH8rN8BgfTOvHAT51ifYoKWU1EGBnDXDH/czz3Ms6lRckIYbb6WwTq2Yo6M/IS
gNGHm6PBaGzr2DWGwbAjUEONqjxkwYspKkrDgFnyS2wSYPSOdOQpsZRPGwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP3yPu0vWYIqKGXnsV1gONWrZrqfMB8GA1UdIwQY
MBaAFG29UVdrSpNGCkZa815r9VD1VIiUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmIxUlYydEtrMFlLUmxyelhtdjFVUFZVaUpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS84ZmY1MzctNzFlMC00MDNiLTk3OWUt
MWVmN2VmMTdmYTQzLzEvX2ZJLTdTOVpnaW9vWmVleFhXQTQxYXRtdXA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS84ZmY1MzctNzFlMC00MDNiLTk3OWUtMWVmN2VmMTdmYTQz
LzEvYmIxUlYydEtrMFlLUmxyelhtdjFVUFZVaUpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9REAwQB
vERSMA0GCSqGSIb3DQEBCwUAA4IBAQChajEHX1bGwR8QOj+ZFUvJRHPMdW4GBVl6
oy+pvV+HC9i4XC+qIzSZp+yutGVLxnhSd5qZ187SfFLAVsni9zXuI6Uw4aq8sWaU
iX5TG0YGcWBtap1t5QKyzuJpw7Gnn7VP6liIH6MkZDCfnfreMCk0yPDGlianjfqm
PsJK+smeVKUHCbLVFwBYc1nAGXOBywXaALGOwmcm9r4BWDe7Qa0A35eRtfDBy2hZ
ikIWrgW97niYUFc+4OfSgmF6FFlkZqdWDliO+bRP6+8DJ/sRztkteyc2/CtYzDXp
Lyivj6rExVOfYuQC5p8oa50OTYpm5pDS6DPzcJDPJVD3boAqz+2m
-----END CERTIFICATE-----