Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/44b2b2-b45a-4053-be29-2724f92bd56e/1/2_fq_sO4tenA-s5amyJbA8l4mqA.roa
File:                     2_fq_sO4tenA-s5amyJbA8l4mqA.roa (raw, json)
Hash identifier:          VVaux8KMN35jd13QoMgUJWmtgFh3B3LyZu2v6tEjzcY=
Subject key identifier:   DB:F7:EA:FE:C3:B8:B5:E9:C0:FA:CE:5A:9B:22:5B:03:C9:78:9A:A0
Certificate issuer:       /CN=201fe6981ebcbc923c8e49f48452441d080e66f0
Certificate serial:       018CC5007B4E126C99A447552F1422486004
Authority key identifier: 20:1F:E6:98:1E:BC:BC:92:3C:8E:49:F4:84:52:44:1D:08:0E:66:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IB_mmB68vJI8jkn0hFJEHQgOZvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/44b2b2-b45a-4053-be29-2724f92bd56e/1/2_fq_sO4tenA-s5amyJbA8l4mqA.roa
Signing time:             Mon 01 Jan 2024 12:29:52 +0000
ROA not before:           Mon 01 Jan 2024 12:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197796
IP address blocks:        91.227.43.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/44b2b2-b45a-4053-be29-2724f92bd56e/1/IB_mmB68vJI8jkn0hFJEHQgOZvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/44b2b2-b45a-4053-be29-2724f92bd56e/1/IB_mmB68vJI8jkn0hFJEHQgOZvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IB_mmB68vJI8jkn0hFJEHQgOZvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:7b:4e:12:6c:99:a4:47:55:2f:14:22:48:60:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=201fe6981ebcbc923c8e49f48452441d080e66f0
        Validity
            Not Before: Jan  1 12:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dbf7eafec3b8b5e9c0face5a9b225b03c9789aa0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:ed:04:3a:6c:98:4a:cc:d7:e4:1f:df:ab:ce:
                    0e:08:43:c7:62:e5:39:6f:0d:37:e5:35:57:b9:df:
                    58:44:9e:fb:e9:e8:f8:3f:5d:f7:af:3f:7a:3f:65:
                    02:6a:5f:8e:45:89:f7:2a:83:63:1e:e1:c9:6e:b9:
                    fa:db:b1:cf:2c:c9:28:45:41:52:eb:ff:d1:0b:28:
                    63:7d:e3:f0:4a:d7:7d:8e:ce:7d:9a:10:8f:d7:07:
                    34:91:e5:d4:e7:e2:80:31:76:65:1a:6c:24:a1:2d:
                    5a:b3:47:60:51:f2:84:52:79:5e:c8:36:a3:39:c7:
                    3d:b9:d1:97:6d:9a:7e:74:dc:29:7f:a5:9a:2d:18:
                    bb:27:9f:aa:f0:7c:32:9e:0b:ad:c7:e3:51:ef:24:
                    30:a0:4f:e8:df:6a:71:21:52:eb:4f:10:92:1f:1d:
                    9d:38:d6:1f:11:14:17:8c:4b:6b:a3:c9:92:32:0d:
                    eb:52:a6:a0:a9:ef:d8:03:53:a6:eb:ab:e4:4b:55:
                    a0:1d:ae:e2:e4:61:8f:4d:dd:bc:46:ae:0d:4d:68:
                    54:31:57:cb:50:dd:20:d2:08:52:1f:6b:e8:76:25:
                    69:bf:19:2f:fc:da:0a:1b:3f:77:5e:48:2a:9a:26:
                    7f:f3:be:88:a3:55:47:9c:ad:14:94:6b:ea:ae:5f:
                    a7:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:F7:EA:FE:C3:B8:B5:E9:C0:FA:CE:5A:9B:22:5B:03:C9:78:9A:A0
            X509v3 Authority Key Identifier:
                keyid:20:1F:E6:98:1E:BC:BC:92:3C:8E:49:F4:84:52:44:1D:08:0E:66:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IB_mmB68vJI8jkn0hFJEHQgOZvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/44b2b2-b45a-4053-be29-2724f92bd56e/1/2_fq_sO4tenA-s5amyJbA8l4mqA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/44b2b2-b45a-4053-be29-2724f92bd56e/1/IB_mmB68vJI8jkn0hFJEHQgOZvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:ae:52:57:91:9f:a1:6e:bd:6a:f4:9c:26:cc:5f:0b:64:c3:
         92:39:1c:51:4b:d2:db:06:6c:6d:61:19:6c:11:c5:2b:0d:ad:
         81:de:7f:53:d7:6a:e2:5e:d1:46:b8:52:1a:5e:62:ea:e1:28:
         af:11:ed:37:14:be:e1:6d:27:84:f6:aa:cd:91:14:c0:0f:cd:
         97:b5:dd:25:77:91:3f:95:10:39:10:a0:cc:c1:6a:3e:05:da:
         88:f1:ec:85:32:a9:e7:ea:37:d5:8e:70:43:c7:5f:d0:54:3d:
         52:4b:57:ae:e7:bd:49:ee:98:fb:e1:8e:f6:0f:41:c4:ab:46:
         74:9f:c2:6f:80:4c:df:ac:41:7d:d1:9a:e8:72:88:33:16:85:
         15:90:80:a4:6f:a8:17:12:6f:e5:94:64:3b:a5:cb:37:c0:30:
         ed:9d:74:ff:5e:87:65:74:ec:00:83:71:47:02:d5:9a:a1:e2:
         e5:4c:c6:a5:f8:2e:1a:7b:9d:bc:6c:f7:1f:34:ee:1c:4c:30:
         c3:b3:41:da:9c:8f:76:1c:74:64:7c:db:dc:a8:75:fe:5d:69:
         f1:25:9d:98:c2:ac:a1:dd:89:90:ca:aa:fd:4b:d6:76:81:f8:
         9a:cb:3e:a0:c0:dc:25:28:de:6a:89:67:f3:82:d0:b0:e4:f8:
         5c:2a:da:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAHtOEmyZpEdVLxQiSGAEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwMWZlNjk4MWViY2JjOTIzYzhlNDlmNDg0NTI0NDFkMDgw
ZTY2ZjAwHhcNMjQwMTAxMTIyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmY3ZWFmZWMzYjhiNWU5YzBmYWNlNWE5YjIyNWIwM2M5Nzg5YWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoO0EOmyYSszX5B/fq84OCEPHYuU5
bw035TVXud9YRJ776ej4P133rz96P2UCal+ORYn3KoNjHuHJbrn627HPLMkoRUFS
6//RCyhjfePwStd9js59mhCP1wc0keXU5+KAMXZlGmwkoS1as0dgUfKEUnleyDaj
Occ9udGXbZp+dNwpf6WaLRi7J5+q8Hwyngutx+NR7yQwoE/o32pxIVLrTxCSHx2d
ONYfERQXjEtro8mSMg3rUqagqe/YA1Om66vkS1WgHa7i5GGPTd28Rq4NTWhUMVfL
UN0g0ghSH2vodiVpvxkv/NoKGz93XkgqmiZ/876Io1VHnK0UlGvqrl+nAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNv36v7DuLXpwPrOWpsiWwPJeJqgMB8GA1UdIwQY
MBaAFCAf5pgevLySPI5J9IRSRB0IDmbwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUJfbW1CNjh2Skk4amtuMGhGSkVIUWdPWnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC80NGIyYjItYjQ1YS00MDUzLWJlMjkt
MjcyNGY5MmJkNTZlLzEvMl9mcV9zTzR0ZW5BLXM1YW15SmJBOGw0bXFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC80NGIyYjItYjQ1YS00MDUzLWJlMjktMjcyNGY5MmJkNTZl
LzEvSUJfbW1CNjh2Skk4amtuMGhGSkVIUWdPWnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+MrMA0G
CSqGSIb3DQEBCwUAA4IBAQATrlJXkZ+hbr1q9JwmzF8LZMOSORxRS9LbBmxtYRls
EcUrDa2B3n9T12riXtFGuFIaXmLq4SivEe03FL7hbSeE9qrNkRTAD82Xtd0ld5E/
lRA5EKDMwWo+BdqI8eyFMqnn6jfVjnBDx1/QVD1SS1eu571J7pj74Y72D0HEq0Z0
n8JvgEzfrEF90ZrocogzFoUVkICkb6gXEm/llGQ7pcs3wDDtnXT/XodldOwAg3FH
AtWaoeLlTMal+C4ae528bPcfNO4cTDDDs0HanI92HHRkfNvcqHX+XWnxJZ2Ywqyh
3YmQyqr9S9Z2gfiayz6gwNwlKN5qiWfzgtCw5PhcKtrA
-----END CERTIFICATE-----