Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/fXQ7LJ-oiQdEeE24BoB5cIAah18.roa
File:                     fXQ7LJ-oiQdEeE24BoB5cIAah18.roa (raw, json)
Hash identifier:          GV+QPlIIrE3poc86E8BmDsZ0wt4M76A5muZEsjR2tb4=
Subject key identifier:   7D:74:3B:2C:9F:A8:89:07:44:78:4D:B8:06:80:79:70:80:1A:87:5F
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       018CC9BA96BC716DA39650D06F78B6D4A09F
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/fXQ7LJ-oiQdEeE24BoB5cIAah18.roa
Signing time:             Tue 02 Jan 2024 10:31:37 +0000
ROA not before:           Tue 02 Jan 2024 10:31:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29119
IP address blocks:        91.186.212.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:ba:96:bc:71:6d:a3:96:50:d0:6f:78:b6:d4:a0:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Jan  2 10:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d743b2c9fa8890744784db806807970801a875f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:23:b4:b0:43:ad:7f:47:24:54:12:b9:f7:e8:
                    ec:df:c0:6b:c6:3c:61:2f:8c:e4:94:15:d2:1f:29:
                    f0:38:98:12:37:45:a4:83:f0:d1:67:25:04:48:88:
                    ca:90:af:e8:5c:08:9d:a2:3c:92:27:03:a7:fa:86:
                    6a:73:ff:1e:46:49:a6:91:da:a7:e2:a8:80:5e:34:
                    36:2a:58:56:1c:71:4b:d1:d9:b2:a7:d6:e1:fb:c2:
                    87:02:17:2b:d4:22:fd:fa:a5:51:0a:21:13:7e:16:
                    5e:aa:5d:1e:63:27:f4:82:62:9c:50:ef:c8:d1:2b:
                    28:f9:20:56:65:b6:19:76:b9:c9:8e:a3:33:b1:36:
                    14:ee:0b:59:11:a4:a0:49:5e:65:a3:bc:a6:14:dd:
                    a2:39:d6:93:82:78:94:9c:a6:c0:b0:09:a5:c3:b3:
                    3f:1e:d9:e1:6c:72:9e:30:eb:30:71:ec:93:00:35:
                    5a:49:6c:98:19:34:b7:f6:ca:76:63:55:35:3f:e2:
                    03:76:f2:6d:f1:85:70:29:f9:bb:01:d2:e7:0b:9a:
                    dc:e7:b5:75:9f:0d:ff:79:e2:d0:cb:0c:f8:a0:21:
                    82:8b:8e:cf:74:32:75:3a:44:84:96:a0:53:d8:5c:
                    e0:cc:99:5b:d6:54:79:2a:7f:13:2b:df:1b:6f:21:
                    e6:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:74:3B:2C:9F:A8:89:07:44:78:4D:B8:06:80:79:70:80:1A:87:5F
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/fXQ7LJ-oiQdEeE24BoB5cIAah18.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.186.212.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1b:44:d9:37:f1:f1:4f:a8:12:29:6b:47:78:94:b3:5b:d0:63:
         b5:fe:44:60:26:c1:b7:3c:64:b8:7d:6c:cd:b3:5a:a6:72:81:
         fc:ee:a9:f2:2e:f7:c8:e7:81:e6:ac:bc:16:6d:d5:1e:69:8a:
         2c:f7:d7:78:54:54:98:28:35:3d:92:9b:fd:56:11:67:b5:13:
         dc:9f:bb:c0:70:2d:cc:7b:2f:c2:3d:02:31:4a:6e:f7:ad:86:
         e6:97:4a:7e:c0:b2:74:2e:dd:e3:3b:4b:1d:b7:92:a3:ae:67:
         f6:5b:e5:8b:70:bd:70:d6:8b:97:b6:a3:d7:2a:c4:82:32:43:
         2e:58:ec:eb:3d:e6:61:54:1e:6a:82:8d:c8:d8:00:4b:5f:89:
         16:b0:0d:c0:1a:7b:2d:4d:9f:05:ce:59:76:71:85:31:5d:c8:
         44:b9:c8:f7:ec:28:cf:be:17:f9:9f:c7:f2:7a:57:2c:39:21:
         ee:f9:84:e4:21:94:0c:fb:fd:16:f0:79:93:bc:f3:87:4c:33:
         b9:19:1a:e0:08:b6:f4:9c:6d:39:62:23:37:4f:18:b5:69:98:
         3c:6c:4c:61:7e:fb:49:ec:4e:b1:33:2d:72:6e:8a:0f:03:da:
         9a:52:aa:3e:a1:10:ee:f4:61:7c:21:ee:81:b5:82:df:16:1d:
         d5:52:2d:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJupa8cW2jllDQb3i21KCfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQwMTAyMTAzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDc0M2IyYzlmYTg4OTA3NDQ3ODRkYjgwNjgwNzk3MDgwMWE4NzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgSO0sEOtf0ckVBK59+js38Brxjxh
L4zklBXSHynwOJgSN0Wkg/DRZyUESIjKkK/oXAidojySJwOn+oZqc/8eRkmmkdqn
4qiAXjQ2KlhWHHFL0dmyp9bh+8KHAhcr1CL9+qVRCiETfhZeql0eYyf0gmKcUO/I
0Sso+SBWZbYZdrnJjqMzsTYU7gtZEaSgSV5lo7ymFN2iOdaTgniUnKbAsAmlw7M/
HtnhbHKeMOswceyTADVaSWyYGTS39sp2Y1U1P+IDdvJt8YVwKfm7AdLnC5rc57V1
nw3/eeLQywz4oCGCi47PdDJ1OkSElqBT2FzgzJlb1lR5Kn8TK98bbyHmfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH10OyyfqIkHRHhNuAaAeXCAGodfMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvZlhRN0xKLW9pUWRFZUUyNEJvQjVjSUFhaDE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW7rUMA0G
CSqGSIb3DQEBCwUAA4IBAQAbRNk38fFPqBIpa0d4lLNb0GO1/kRgJsG3PGS4fWzN
s1qmcoH87qnyLvfI54HmrLwWbdUeaYos99d4VFSYKDU9kpv9VhFntRPcn7vAcC3M
ey/CPQIxSm73rYbml0p+wLJ0Lt3jO0sdt5Kjrmf2W+WLcL1w1ouXtqPXKsSCMkMu
WOzrPeZhVB5qgo3I2ABLX4kWsA3AGnstTZ8Fzll2cYUxXchEucj37CjPvhf5n8fy
elcsOSHu+YTkIZQM+/0W8HmTvPOHTDO5GRrgCLb0nG05YiM3Txi1aZg8bExhfvtJ
7E6xMy1ybooPA9qaUqo+oRDu9GF8Ie6BtYLfFh3VUi2o
-----END CERTIFICATE-----