Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/74d876-05a8-4b10-90e2-c9da030af326/1/fGCUlOMlBP8K3I5MqRytg9TA9tA.roa
File:                     fGCUlOMlBP8K3I5MqRytg9TA9tA.roa (raw, json)
Hash identifier:          uY/Mi67C2PnabRM8yuYDzkVVd46fDPgisXNEt7G1IeE=
Subject key identifier:   7C:60:94:94:E3:25:04:FF:0A:DC:8E:4C:A9:1C:AD:83:D4:C0:F6:D0
Certificate issuer:       /CN=6bcbdb6fd39e76f00484012e13146b218755c3fb
Certificate serial:       018CC349173EE16D8009C3821E12AF88EA43
Authority key identifier: 6B:CB:DB:6F:D3:9E:76:F0:04:84:01:2E:13:14:6B:21:87:55:C3:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a8vbb9OedvAEhAEuExRrIYdVw_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/74d876-05a8-4b10-90e2-c9da030af326/1/fGCUlOMlBP8K3I5MqRytg9TA9tA.roa
Signing time:             Mon 01 Jan 2024 04:29:56 +0000
ROA not before:           Mon 01 Jan 2024 04:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57136
IP address blocks:        91.212.192.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/74d876-05a8-4b10-90e2-c9da030af326/1/a8vbb9OedvAEhAEuExRrIYdVw_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/74d876-05a8-4b10-90e2-c9da030af326/1/a8vbb9OedvAEhAEuExRrIYdVw_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a8vbb9OedvAEhAEuExRrIYdVw_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:17:3e:e1:6d:80:09:c3:82:1e:12:af:88:ea:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6bcbdb6fd39e76f00484012e13146b218755c3fb
        Validity
            Not Before: Jan  1 04:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c609494e32504ff0adc8e4ca91cad83d4c0f6d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:44:43:58:32:4d:fa:b4:34:9b:27:d4:61:c3:
                    58:a8:f3:f2:57:f8:32:c5:3b:e3:b0:d3:87:76:92:
                    a3:38:79:6d:8f:10:3d:8e:aa:74:94:62:a9:3a:83:
                    ba:f9:e7:5b:a5:24:96:e8:8a:3a:d8:13:4b:fe:aa:
                    c1:4d:d0:ab:a8:cd:2d:01:42:6a:0f:23:54:99:11:
                    78:d5:61:be:32:c8:a6:a6:25:10:f3:ec:30:2e:87:
                    5d:ad:4c:01:87:e8:10:19:0f:5e:e4:43:d7:b3:b9:
                    ab:91:51:b9:96:0f:dd:fc:fd:0e:db:19:a6:e8:20:
                    ac:cd:d9:dd:49:96:5d:70:e9:5b:f6:19:5f:2f:81:
                    b0:0c:65:c5:44:80:17:99:75:91:4a:96:cc:8f:7e:
                    2f:55:37:cb:ea:45:02:cd:f5:fd:e9:f5:e7:38:57:
                    9d:66:9e:19:a7:39:95:e6:6d:2a:b6:90:1b:ee:8e:
                    06:b5:50:05:a3:46:ab:69:6e:ed:4d:f7:22:04:bf:
                    dc:7c:d8:37:10:9a:49:19:45:45:e1:74:fd:64:f8:
                    28:1c:e0:75:c4:46:a9:47:35:23:26:e1:50:e0:9e:
                    b4:e1:87:80:51:e2:18:85:2e:36:cc:35:aa:b6:de:
                    32:34:4b:76:35:7f:fc:4a:35:fd:08:2a:59:4b:6b:
                    43:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:60:94:94:E3:25:04:FF:0A:DC:8E:4C:A9:1C:AD:83:D4:C0:F6:D0
            X509v3 Authority Key Identifier:
                keyid:6B:CB:DB:6F:D3:9E:76:F0:04:84:01:2E:13:14:6B:21:87:55:C3:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8vbb9OedvAEhAEuExRrIYdVw_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/74d876-05a8-4b10-90e2-c9da030af326/1/fGCUlOMlBP8K3I5MqRytg9TA9tA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/74d876-05a8-4b10-90e2-c9da030af326/1/a8vbb9OedvAEhAEuExRrIYdVw_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:5e:c5:ef:a5:f6:ea:72:fb:ec:6b:d3:7b:7f:36:ea:5b:ec:
         0f:5d:7b:2f:03:c2:09:05:31:a3:bc:ec:74:1e:28:f3:d5:80:
         80:85:ed:d7:42:a9:09:15:de:01:fe:e1:5f:f2:f0:69:81:d2:
         c0:23:77:79:38:59:3c:f3:44:2e:2c:da:51:94:89:88:52:22:
         a3:d0:02:31:e1:e6:12:b2:90:23:5c:35:0d:5d:c5:2a:b1:01:
         cb:ac:da:ce:0d:d7:e9:38:a8:10:5a:a3:44:c5:be:65:43:6c:
         1b:7c:d0:54:0e:f5:23:65:ea:c0:84:24:6b:81:cc:da:6b:52:
         96:7c:b1:97:0b:3e:7f:b3:fb:32:7b:af:8c:74:cf:8d:8d:62:
         26:23:85:07:de:cc:93:02:7e:52:01:a8:f7:05:c5:6f:ba:08:
         b6:32:33:4d:e6:bd:14:42:9e:e3:f7:c4:1e:67:5e:b1:04:a1:
         ab:7b:bf:24:0e:ed:2a:c4:46:c4:38:c5:03:9e:6e:12:fb:49:
         07:5a:8a:50:85:9f:6f:85:d5:b8:c0:49:50:71:f6:71:14:4d:
         d7:a6:77:9a:7a:e9:d5:6a:17:55:a1:95:16:da:38:5e:02:e8:
         95:80:50:cc:d4:fc:b2:fb:c0:64:ff:73:a0:14:9c:4e:90:4b:
         1e:b3:23:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSRc+4W2ACcOCHhKviOpDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiY2JkYjZmZDM5ZTc2ZjAwNDg0MDEyZTEzMTQ2YjIxODc1
NWMzZmIwHhcNMjQwMTAxMDQyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzYwOTQ5NGUzMjUwNGZmMGFkYzhlNGNhOTFjYWQ4M2Q0YzBmNmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0RDWDJN+rQ0myfUYcNYqPPyV/gy
xTvjsNOHdpKjOHltjxA9jqp0lGKpOoO6+edbpSSW6Io62BNL/qrBTdCrqM0tAUJq
DyNUmRF41WG+MsimpiUQ8+wwLoddrUwBh+gQGQ9e5EPXs7mrkVG5lg/d/P0O2xmm
6CCszdndSZZdcOlb9hlfL4GwDGXFRIAXmXWRSpbMj34vVTfL6kUCzfX96fXnOFed
Zp4ZpzmV5m0qtpAb7o4GtVAFo0araW7tTfciBL/cfNg3EJpJGUVF4XT9ZPgoHOB1
xEapRzUjJuFQ4J604YeAUeIYhS42zDWqtt4yNEt2NX/8SjX9CCpZS2tDkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHxglJTjJQT/CtyOTKkcrYPUwPbQMB8GA1UdIwQY
MBaAFGvL22/TnnbwBIQBLhMUayGHVcP7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTh2YmI5T2VkdkFFaEFFdUV4UnJJWWRWd19zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83NGQ4NzYtMDVhOC00YjEwLTkwZTIt
YzlkYTAzMGFmMzI2LzEvZkdDVWxPTWxCUDhLM0k1TXFSeXRnOVRBOXRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83NGQ4NzYtMDVhOC00YjEwLTkwZTItYzlkYTAzMGFmMzI2
LzEvYTh2YmI5T2VkdkFFaEFFdUV4UnJJWWRWd19zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9TAMA0G
CSqGSIb3DQEBCwUAA4IBAQB8XsXvpfbqcvvsa9N7fzbqW+wPXXsvA8IJBTGjvOx0
Hijz1YCAhe3XQqkJFd4B/uFf8vBpgdLAI3d5OFk880QuLNpRlImIUiKj0AIx4eYS
spAjXDUNXcUqsQHLrNrODdfpOKgQWqNExb5lQ2wbfNBUDvUjZerAhCRrgczaa1KW
fLGXCz5/s/sye6+MdM+NjWImI4UH3syTAn5SAaj3BcVvugi2MjNN5r0UQp7j98Qe
Z16xBKGre78kDu0qxEbEOMUDnm4S+0kHWopQhZ9vhdW4wElQcfZxFE3XpneaeunV
ahdVoZUW2jheAuiVgFDM1Pyy+8Bk/3OgFJxOkEsesyNA
-----END CERTIFICATE-----