Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/4dd169-8dcb-4653-8a03-571b6c612bec/1/FbbQ9dOXN04h0yA8RufdKetD_uE.roa
File:                     FbbQ9dOXN04h0yA8RufdKetD_uE.roa (raw, json)
Hash identifier:          /4kM/39HGCP5pgMRu9yAxJzRQOoWIa0uIRTZpA/Gyik=
Subject key identifier:   15:B6:D0:F5:D3:97:37:4E:21:D3:20:3C:46:E7:DD:29:EB:43:FE:E1
Certificate issuer:       /CN=b541558181f7863119bf4a1554c75dab1f6c5292
Certificate serial:       01918EDFAB07B2F6C46CD574C7C2D7CF5C88
Authority key identifier: B5:41:55:81:81:F7:86:31:19:BF:4A:15:54:C7:5D:AB:1F:6C:52:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tUFVgYH3hjEZv0oVVMddqx9sUpI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/4dd169-8dcb-4653-8a03-571b6c612bec/1/FbbQ9dOXN04h0yA8RufdKetD_uE.roa
Signing time:             Mon 26 Aug 2024 13:28:28 +0000
ROA not before:           Mon 26 Aug 2024 13:28:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215826
IP address blocks:        83.217.208.0/23 maxlen: 24
                          83.217.208.0/24 maxlen: 24
                          83.217.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/4dd169-8dcb-4653-8a03-571b6c612bec/1/tUFVgYH3hjEZv0oVVMddqx9sUpI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/4dd169-8dcb-4653-8a03-571b6c612bec/1/tUFVgYH3hjEZv0oVVMddqx9sUpI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tUFVgYH3hjEZv0oVVMddqx9sUpI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:8e:df:ab:07:b2:f6:c4:6c:d5:74:c7:c2:d7:cf:5c:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b541558181f7863119bf4a1554c75dab1f6c5292
        Validity
            Not Before: Aug 26 13:28:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15b6d0f5d397374e21d3203c46e7dd29eb43fee1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:3f:fb:19:3d:38:74:a6:06:65:07:43:f8:30:
                    ab:8d:1c:f1:e8:d8:b0:cd:3b:5f:32:b0:82:0a:a4:
                    39:bc:2f:07:bf:fc:7e:58:47:9b:2f:a0:05:ec:83:
                    49:25:cb:b4:98:4e:4b:bf:94:02:76:a0:57:85:2a:
                    66:21:92:37:d3:db:8e:6f:68:60:78:f5:4e:2a:7e:
                    30:68:5a:4b:27:08:6c:7f:51:ec:64:9b:1e:b0:81:
                    9b:0b:11:44:5c:46:5a:3f:41:1d:7b:4e:cd:b0:51:
                    3e:8b:27:df:75:28:47:f2:ef:04:e8:60:e3:3d:5b:
                    db:88:07:df:69:29:7d:73:cb:0c:e5:ca:a6:da:ff:
                    10:47:13:97:db:a7:63:b4:50:e0:bf:e8:9f:36:c6:
                    cd:01:4e:f9:c8:ca:99:56:1d:76:54:a1:ee:18:3f:
                    a6:47:e4:86:9e:e3:a7:34:bb:8e:dc:7f:50:13:6c:
                    bc:d1:f9:a6:9b:0c:cb:37:ad:17:d7:0c:35:8a:10:
                    c7:e2:7c:07:a5:21:04:98:49:f4:0b:62:89:a2:32:
                    0c:70:6e:7b:5c:55:93:8e:8d:42:24:59:28:10:00:
                    fb:2b:98:75:60:85:e4:5f:0a:34:a3:ec:df:b6:be:
                    00:e7:7f:71:30:c8:63:14:ff:ae:11:04:35:e3:3a:
                    2e:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:B6:D0:F5:D3:97:37:4E:21:D3:20:3C:46:E7:DD:29:EB:43:FE:E1
            X509v3 Authority Key Identifier:
                keyid:B5:41:55:81:81:F7:86:31:19:BF:4A:15:54:C7:5D:AB:1F:6C:52:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tUFVgYH3hjEZv0oVVMddqx9sUpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/4dd169-8dcb-4653-8a03-571b6c612bec/1/FbbQ9dOXN04h0yA8RufdKetD_uE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/4dd169-8dcb-4653-8a03-571b6c612bec/1/tUFVgYH3hjEZv0oVVMddqx9sUpI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.217.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         34:69:e3:23:11:18:8d:78:eb:7f:46:56:7f:86:0a:ce:f7:b0:
         58:16:5e:2b:bd:6a:e2:50:7f:97:e4:55:e9:18:ae:cf:1a:8a:
         ee:5e:bf:7e:58:99:51:9a:d1:fa:0e:0f:dd:6f:c5:b8:37:e5:
         d8:4b:67:60:c4:89:4b:09:35:45:c2:2f:fe:51:b3:77:f1:e1:
         e8:f7:39:35:c2:a8:1a:a8:48:0f:a8:57:cb:16:02:32:b8:76:
         c6:cb:3e:72:89:b4:ab:c9:7f:05:02:79:74:cf:33:a4:59:d5:
         18:90:e7:58:e4:5d:f8:b8:b4:32:7d:0d:e0:1e:41:5e:81:fd:
         69:63:08:a7:5f:b4:eb:a9:75:3b:5e:d0:41:68:3f:96:2f:6f:
         84:2b:88:30:83:e6:f6:eb:b7:8f:b3:0e:96:5a:22:e5:0e:0d:
         59:bf:0f:70:ce:c6:04:00:ba:ab:a0:db:58:41:5d:63:bd:36:
         c8:6c:e2:b2:5e:d5:11:36:15:47:d4:0f:f1:96:ae:ff:9a:e8:
         5d:be:17:26:a5:1c:e3:b4:fd:1d:57:c0:f4:ae:a8:24:bd:f5:
         d9:48:5f:a3:da:99:98:8c:8b:09:e6:69:1d:6a:1f:f1:1b:fc:
         2a:b2:4c:e7:a4:89:6e:19:46:aa:d1:a3:72:13:ad:46:35:21:
         65:c1:e2:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGO36sHsvbEbNV0x8LXz1yIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NDE1NTgxODFmNzg2MzExOWJmNGExNTU0Yzc1ZGFiMWY2
YzUyOTIwHhcNMjQwODI2MTMyODI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWI2ZDBmNWQzOTczNzRlMjFkMzIwM2M0NmU3ZGQyOWViNDNmZWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyz/7GT04dKYGZQdD+DCrjRzx6Niw
zTtfMrCCCqQ5vC8Hv/x+WEebL6AF7INJJcu0mE5Lv5QCdqBXhSpmIZI309uOb2hg
ePVOKn4waFpLJwhsf1HsZJsesIGbCxFEXEZaP0Ede07NsFE+iyffdShH8u8E6GDj
PVvbiAffaSl9c8sM5cqm2v8QRxOX26djtFDgv+ifNsbNAU75yMqZVh12VKHuGD+m
R+SGnuOnNLuO3H9QE2y80fmmmwzLN60X1ww1ihDH4nwHpSEEmEn0C2KJojIMcG57
XFWTjo1CJFkoEAD7K5h1YIXkXwo0o+zftr4A539xMMhjFP+uEQQ14zouWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBW20PXTlzdOIdMgPEbn3SnrQ/7hMB8GA1UdIwQY
MBaAFLVBVYGB94YxGb9KFVTHXasfbFKSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFVGVmdZSDNoakVadjBvVlZNZGRxeDlzVXBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi80ZGQxNjktOGRjYi00NjUzLThhMDMt
NTcxYjZjNjEyYmVjLzEvRmJiUTlkT1hOMDRoMHlBOFJ1ZmRLZXREX3VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi80ZGQxNjktOGRjYi00NjUzLThhMDMtNTcxYjZjNjEyYmVj
LzEvdFVGVmdZSDNoakVadjBvVlZNZGRxeDlzVXBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBU9nQMA0G
CSqGSIb3DQEBCwUAA4IBAQA0aeMjERiNeOt/RlZ/hgrO97BYFl4rvWriUH+X5FXp
GK7PGoruXr9+WJlRmtH6Dg/db8W4N+XYS2dgxIlLCTVFwi/+UbN38eHo9zk1wqga
qEgPqFfLFgIyuHbGyz5yibSryX8FAnl0zzOkWdUYkOdY5F34uLQyfQ3gHkFegf1p
YwinX7TrqXU7XtBBaD+WL2+EK4gwg+b267ePsw6WWiLlDg1Zvw9wzsYEALqroNtY
QV1jvTbIbOKyXtURNhVH1A/xlq7/muhdvhcmpRzjtP0dV8D0rqgkvfXZSF+j2pmY
jIsJ5mkdah/xG/wqskznpIluGUaq0aNyE61GNSFlweKL
-----END CERTIFICATE-----