Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/b08e6e-0822-4224-954b-a6b1ad34e08c/1/fkakWv9lvuW0vZXpb0wo-Da0lg4.roa
File:                     fkakWv9lvuW0vZXpb0wo-Da0lg4.roa (raw, json)
Hash identifier:          5jj3yHllrN1QTrjhs6veE6UcpXVIz/h5Ccul+UCzGUg=
Subject key identifier:   7E:46:A4:5A:FF:65:BE:E5:B4:BD:95:E9:6F:4C:28:F8:36:B4:96:0E
Certificate issuer:       /CN=91d7ecf17142b3b0935f8e37b8f7d9c253f0ee19
Certificate serial:       018CCA2B763025112790B2A4C4BDAE06AC53
Authority key identifier: 91:D7:EC:F1:71:42:B3:B0:93:5F:8E:37:B8:F7:D9:C2:53:F0:EE:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kdfs8XFCs7CTX443uPfZwlPw7hk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/b08e6e-0822-4224-954b-a6b1ad34e08c/1/fkakWv9lvuW0vZXpb0wo-Da0lg4.roa
Signing time:             Tue 02 Jan 2024 12:34:55 +0000
ROA not before:           Tue 02 Jan 2024 12:34:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25074
IP address blocks:        45.84.74.0/23 maxlen: 23
                          2a0e:a680:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/b08e6e-0822-4224-954b-a6b1ad34e08c/1/kdfs8XFCs7CTX443uPfZwlPw7hk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/b08e6e-0822-4224-954b-a6b1ad34e08c/1/kdfs8XFCs7CTX443uPfZwlPw7hk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kdfs8XFCs7CTX443uPfZwlPw7hk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:76:30:25:11:27:90:b2:a4:c4:bd:ae:06:ac:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91d7ecf17142b3b0935f8e37b8f7d9c253f0ee19
        Validity
            Not Before: Jan  2 12:34:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e46a45aff65bee5b4bd95e96f4c28f836b4960e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:40:92:fe:1b:58:09:31:1c:a4:7c:1b:52:57:
                    e3:02:5c:e8:af:76:dc:1c:68:e6:7e:17:71:2f:81:
                    ce:82:91:b4:60:dd:79:2f:12:57:21:79:ff:8c:3a:
                    54:1c:a3:6b:cb:f1:76:c8:2c:07:a7:89:4a:01:e7:
                    33:7a:f9:d8:37:27:20:00:44:f2:3f:4e:93:c7:ae:
                    c8:99:7e:e1:1f:43:18:c4:05:54:ad:4b:3b:57:fb:
                    54:4b:2f:b6:4e:10:25:22:64:aa:26:3e:3f:85:7d:
                    17:d9:12:78:bb:0e:e7:55:63:4f:cf:8e:af:c9:6d:
                    a9:73:3d:60:49:b5:bf:bc:f1:c0:90:10:30:3c:44:
                    d5:3f:fd:9c:39:b8:1c:11:e6:56:4f:8e:c6:d1:bd:
                    cd:67:4f:61:34:c5:6c:4c:0a:1f:e9:c3:29:aa:ec:
                    9d:96:22:86:66:b4:d9:04:f3:68:fb:bf:13:01:0c:
                    e3:19:51:4e:67:4a:fe:73:bf:fe:9a:ab:46:51:61:
                    fb:32:06:79:fd:ec:ea:28:1c:1e:95:32:ad:70:0b:
                    38:71:e7:e1:9c:a6:f9:f0:53:23:57:77:bf:18:8e:
                    a4:ad:e4:09:16:45:ab:a7:f9:31:80:bb:35:d6:30:
                    d5:6e:6c:ff:a5:a4:33:2f:aa:a1:90:63:df:31:98:
                    3d:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:46:A4:5A:FF:65:BE:E5:B4:BD:95:E9:6F:4C:28:F8:36:B4:96:0E
            X509v3 Authority Key Identifier:
                keyid:91:D7:EC:F1:71:42:B3:B0:93:5F:8E:37:B8:F7:D9:C2:53:F0:EE:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kdfs8XFCs7CTX443uPfZwlPw7hk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/b08e6e-0822-4224-954b-a6b1ad34e08c/1/fkakWv9lvuW0vZXpb0wo-Da0lg4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/b08e6e-0822-4224-954b-a6b1ad34e08c/1/kdfs8XFCs7CTX443uPfZwlPw7hk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.74.0/23
                IPv6:
                  2a0e:a680:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         1f:ff:a2:e3:d8:5f:43:ad:c9:dd:07:4b:32:96:75:74:11:ac:
         3d:a4:da:fa:45:da:8c:d3:80:eb:6e:02:b3:3e:41:8a:67:1f:
         5a:32:5c:41:ea:56:b5:b3:e5:75:d7:de:b0:d3:6b:98:a5:6e:
         f3:01:a8:15:ee:95:9a:d9:45:81:70:02:57:f9:8d:d6:21:66:
         68:49:d2:0d:9f:ec:ed:49:55:e4:ac:2d:01:11:35:c2:fb:03:
         4d:66:7c:52:7c:ef:86:e7:45:59:f5:99:6a:51:be:25:1d:aa:
         9d:ee:21:ab:fd:81:23:0d:0f:4c:1d:48:07:4c:38:bc:d1:2f:
         8c:5b:4f:84:6d:7c:88:0f:8e:0c:18:7a:7b:f3:45:5e:29:aa:
         a4:70:f0:0e:d9:ff:6e:76:8b:97:0c:29:e8:93:27:a3:85:87:
         af:6f:7e:92:77:ae:9a:7d:19:1f:eb:21:03:7a:ba:fa:46:20:
         8e:c0:c8:70:6f:bc:70:cf:80:2e:90:6a:c9:17:dd:72:fc:f1:
         60:db:48:88:28:38:51:04:7c:21:94:25:9e:61:d3:0f:dc:af:
         c1:15:c5:d7:44:5e:2f:dd:33:61:55:88:e5:7e:cf:b1:7c:bd:
         5f:97:d9:85:bd:8a:c7:15:da:e9:66:21:f6:3b:6c:f9:6b:93:
         3c:73:7a:db
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKK3YwJREnkLKkxL2uBqxTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxZDdlY2YxNzE0MmIzYjA5MzVmOGUzN2I4ZjdkOWMyNTNm
MGVlMTkwHhcNMjQwMTAyMTIzNDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTQ2YTQ1YWZmNjViZWU1YjRiZDk1ZTk2ZjRjMjhmODM2YjQ5NjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlECS/htYCTEcpHwbUlfjAlzor3bc
HGjmfhdxL4HOgpG0YN15LxJXIXn/jDpUHKNry/F2yCwHp4lKAeczevnYNycgAETy
P06Tx67ImX7hH0MYxAVUrUs7V/tUSy+2ThAlImSqJj4/hX0X2RJ4uw7nVWNPz46v
yW2pcz1gSbW/vPHAkBAwPETVP/2cObgcEeZWT47G0b3NZ09hNMVsTAof6cMpquyd
liKGZrTZBPNo+78TAQzjGVFOZ0r+c7/+mqtGUWH7MgZ5/ezqKBwelTKtcAs4cefh
nKb58FMjV3e/GI6kreQJFkWrp/kxgLs11jDVbmz/paQzL6qhkGPfMZg9aQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFH5GpFr/Zb7ltL2V6W9MKPg2tJYOMB8GA1UdIwQY
MBaAFJHX7PFxQrOwk1+ON7j32cJT8O4ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2RmczhYRkNzN0NUWDQ0M3VQZlp3bFB3N2hrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi9iMDhlNmUtMDgyMi00MjI0LTk1NGIt
YTZiMWFkMzRlMDhjLzEvZmtha1d2OWx2dVcwdlpYcGIwd28tRGEwbGc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi9iMDhlNmUtMDgyMi00MjI0LTk1NGItYTZiMWFkMzRlMDhj
LzEva2RmczhYRkNzN0NUWDQ0M3VQZlp3bFB3N2hrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBLVRKMA8E
AgACMAkDBwAqDqaAAAEwDQYJKoZIhvcNAQELBQADggEBAB//ouPYX0Otyd0HSzKW
dXQRrD2k2vpF2ozTgOtuArM+QYpnH1oyXEHqVrWz5XXX3rDTa5ilbvMBqBXulZrZ
RYFwAlf5jdYhZmhJ0g2f7O1JVeSsLQERNcL7A01mfFJ874bnRVn1mWpRviUdqp3u
Iav9gSMND0wdSAdMOLzRL4xbT4RtfIgPjgwYenvzRV4pqqRw8A7Z/252i5cMKeiT
J6OFh69vfpJ3rpp9GR/rIQN6uvpGII7AyHBvvHDPgC6QaskX3XL88WDbSIgoOFEE
fCGUJZ5h0w/cr8EVxddEXi/dM2FViOV+z7F8vV+X2YW9iscV2ulmIfY7bPlrkzxz
ets=
-----END CERTIFICATE-----