Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/1c6704-510a-4800-a890-32352f96a621/1/V3GGR6tZOX8NXj-Nj8u0fPOASnM.roa
File:                     V3GGR6tZOX8NXj-Nj8u0fPOASnM.roa (raw, json)
Hash identifier:          fnJsN5ItuitKZWqq5Moq534O7yJjjzxAogwkbaeTNUc=
Subject key identifier:   57:71:86:47:AB:59:39:7F:0D:5E:3F:8D:8F:CB:B4:7C:F3:80:4A:73
Certificate issuer:       /CN=fae01464a695b0f6f52f511bcc1240fa284d3dcf
Certificate serial:       0194274868C4580EAE58C10BE5DD1A80CFDB
Authority key identifier: FA:E0:14:64:A6:95:B0:F6:F5:2F:51:1B:CC:12:40:FA:28:4D:3D:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-uAUZKaVsPb1L1EbzBJA-ihNPc8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/1c6704-510a-4800-a890-32352f96a621/1/V3GGR6tZOX8NXj-Nj8u0fPOASnM.roa
Signing time:             Thu 02 Jan 2025 13:50:44 +0000
ROA not before:           Thu 02 Jan 2025 13:50:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8447
IP address blocks:        91.220.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/1c6704-510a-4800-a890-32352f96a621/1/1-uAUZKaVsPb1L1EbzBJA-ihNPc8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/1c6704-510a-4800-a890-32352f96a621/1/1-uAUZKaVsPb1L1EbzBJA-ihNPc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-uAUZKaVsPb1L1EbzBJA-ihNPc8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:68:c4:58:0e:ae:58:c1:0b:e5:dd:1a:80:cf:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fae01464a695b0f6f52f511bcc1240fa284d3dcf
        Validity
            Not Before: Jan  2 13:50:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=57718647ab59397f0d5e3f8d8fcbb47cf3804a73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:85:4b:f2:a2:09:aa:b3:e1:79:ee:2b:83:b1:
                    a3:63:ec:bc:77:79:72:be:37:f1:2d:d4:98:cb:83:
                    06:69:ba:30:d6:0f:5c:0a:c1:56:cd:2f:7b:0d:34:
                    26:71:2f:3e:4a:c1:19:cd:91:c2:f7:4e:ad:9d:3d:
                    4a:8d:5c:43:53:01:f6:71:7b:52:b7:a4:c1:a1:ae:
                    fe:b3:05:b6:92:95:ef:c5:7a:b7:64:05:65:ed:a8:
                    8c:7a:ee:78:4b:b5:c6:7f:b9:35:4f:11:9c:d3:c6:
                    c6:0a:eb:15:d3:ed:12:5a:82:e5:37:ea:5b:22:4e:
                    be:09:27:73:1b:5c:9d:6d:fa:33:6e:de:61:98:1c:
                    c5:27:1b:4d:7b:36:d3:92:dc:66:a7:e0:30:43:59:
                    0a:b1:d5:bf:c8:b5:d1:ad:10:95:08:35:19:f0:f2:
                    fd:39:b6:e6:1b:4c:9b:d4:04:3d:25:24:87:7e:94:
                    56:cc:03:05:95:c8:1e:86:e2:4b:69:29:89:d5:9b:
                    f2:c9:bd:69:0a:3a:41:f8:b4:2f:33:dd:1d:38:d1:
                    f8:55:46:16:b3:ba:18:7c:cd:41:c1:81:63:75:10:
                    a4:26:af:ac:46:90:fc:26:49:2c:14:96:69:c4:d3:
                    c6:9a:25:0d:ea:42:ac:53:da:0b:32:e1:01:52:8f:
                    27:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:71:86:47:AB:59:39:7F:0D:5E:3F:8D:8F:CB:B4:7C:F3:80:4A:73
            X509v3 Authority Key Identifier:
                keyid:FA:E0:14:64:A6:95:B0:F6:F5:2F:51:1B:CC:12:40:FA:28:4D:3D:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-uAUZKaVsPb1L1EbzBJA-ihNPc8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/1c6704-510a-4800-a890-32352f96a621/1/V3GGR6tZOX8NXj-Nj8u0fPOASnM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/1c6704-510a-4800-a890-32352f96a621/1/1-uAUZKaVsPb1L1EbzBJA-ihNPc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:82:05:4a:ff:83:8c:bd:ab:5a:16:52:17:cf:43:1b:f6:4d:
         57:07:ba:85:db:b5:8f:39:72:3f:9d:8e:84:11:f6:60:f3:d0:
         45:56:be:6a:6e:27:0a:60:97:36:8f:94:75:6d:ae:1a:31:f8:
         30:70:91:0a:58:99:83:13:ae:c3:3e:7c:60:00:ef:bd:87:d1:
         26:f3:4f:74:ed:93:da:37:00:f5:1c:1d:f7:d1:59:20:32:d3:
         b0:25:77:e4:57:ad:81:2d:c5:e1:e6:13:bb:34:d6:6e:08:f1:
         57:98:c7:e4:8d:cb:6b:4f:cc:8e:2d:7c:39:98:81:ea:6f:ef:
         f6:0f:14:67:f2:38:32:5b:b5:a5:4c:52:24:aa:ce:a8:a9:99:
         04:12:93:32:61:53:c5:c6:dc:2d:86:33:ad:94:b9:29:bc:09:
         5d:be:06:f7:34:36:1a:f0:8c:5b:e5:c2:c7:fe:be:77:89:47:
         c2:65:03:76:17:ee:7d:e2:d1:16:1c:2a:4d:b2:20:c3:6e:1a:
         81:b0:c4:63:30:19:4c:e1:57:6b:0f:65:1a:b1:4e:96:c2:c6:
         a3:8b:fc:9a:59:98:31:78:fe:e2:ca:fa:0b:9a:30:12:10:80:
         a2:a8:ef:f7:43:77:b0:9a:a3:89:ae:ed:d1:9e:01:7f:49:cc:
         1b:78:e2:65
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQnSGjEWA6uWMEL5d0agM/bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhZTAxNDY0YTY5NWIwZjZmNTJmNTExYmNjMTI0MGZhMjg0
ZDNkY2YwHhcNMjUwMTAyMTM1MDQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzcxODY0N2FiNTkzOTdmMGQ1ZTNmOGQ4ZmNiYjQ3Y2YzODA0YTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsIVL8qIJqrPhee4rg7GjY+y8d3ly
vjfxLdSYy4MGabow1g9cCsFWzS97DTQmcS8+SsEZzZHC906tnT1KjVxDUwH2cXtS
t6TBoa7+swW2kpXvxXq3ZAVl7aiMeu54S7XGf7k1TxGc08bGCusV0+0SWoLlN+pb
Ik6+CSdzG1ydbfozbt5hmBzFJxtNezbTktxmp+AwQ1kKsdW/yLXRrRCVCDUZ8PL9
ObbmG0yb1AQ9JSSHfpRWzAMFlcgehuJLaSmJ1Zvyyb1pCjpB+LQvM90dONH4VUYW
s7oYfM1BwYFjdRCkJq+sRpD8JkksFJZpxNPGmiUN6kKsU9oLMuEBUo8npwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFFdxhkerWTl/DV4/jY/LtHzzgEpzMB8GA1UdIwQY
MBaAFPrgFGSmlbD29S9RG8wSQPooTT3PMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS11QVVaS2FWc1BiMUwxRWJ6QkpBLWloTlBjOC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmMvMWM2NzA0LTUxMGEtNDgwMC1hODkw
LTMyMzUyZjk2YTYyMS8xL1YzR0dSNnRaT1g4TlhqLU5qOHUwZlBPQVNuTS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYmMvMWM2NzA0LTUxMGEtNDgwMC1hODkwLTMyMzUyZjk2YTYy
MS8xLzEtdUFVWkthVnNQYjFMMUViekJKQS1paE5QYzguY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABb3AIw
DQYJKoZIhvcNAQELBQADggEBAJyCBUr/g4y9q1oWUhfPQxv2TVcHuoXbtY85cj+d
joQR9mDz0EVWvmpuJwpglzaPlHVtrhox+DBwkQpYmYMTrsM+fGAA772H0SbzT3Tt
k9o3APUcHffRWSAy07Ald+RXrYEtxeHmE7s01m4I8VeYx+SNy2tPzI4tfDmYgepv
7/YPFGfyODJbtaVMUiSqzqipmQQSkzJhU8XG3C2GM62UuSm8CV2+Bvc0NhrwjFvl
wsf+vneJR8JlA3YX7n3i0RYcKk2yIMNuGoGwxGMwGUzhV2sPZRqxTpbCxqOL/JpZ
mDF4/uLK+guaMBIQgKKo7/dDd7Cao4mu7dGeAX9JzBt44mU=
-----END CERTIFICATE-----