Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/1c6704-510a-4800-a890-32352f96a621/1/fSUBawtDEk3koG1uVd-JIafffoI.roa
File:                     fSUBawtDEk3koG1uVd-JIafffoI.roa (raw, json)
Hash identifier:          EfGsMdxRAARgXX7is7TDSKUMD/EqquaRDAfS6KY+yRM=
Subject key identifier:   7D:25:01:6B:0B:43:12:4D:E4:A0:6D:6E:55:DF:89:21:A7:DF:7E:82
Certificate issuer:       /CN=fae01464a695b0f6f52f511bcc1240fa284d3dcf
Certificate serial:       018CC2DB3AB215468E732502118645E54CE4
Authority key identifier: FA:E0:14:64:A6:95:B0:F6:F5:2F:51:1B:CC:12:40:FA:28:4D:3D:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-uAUZKaVsPb1L1EbzBJA-ihNPc8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/1c6704-510a-4800-a890-32352f96a621/1/fSUBawtDEk3koG1uVd-JIafffoI.roa
Signing time:             Mon 01 Jan 2024 02:29:56 +0000
ROA not before:           Mon 01 Jan 2024 02:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8412
IP address blocks:        91.220.2.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/1c6704-510a-4800-a890-32352f96a621/1/1-uAUZKaVsPb1L1EbzBJA-ihNPc8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/1c6704-510a-4800-a890-32352f96a621/1/1-uAUZKaVsPb1L1EbzBJA-ihNPc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-uAUZKaVsPb1L1EbzBJA-ihNPc8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:02:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:3a:b2:15:46:8e:73:25:02:11:86:45:e5:4c:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fae01464a695b0f6f52f511bcc1240fa284d3dcf
        Validity
            Not Before: Jan  1 02:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d25016b0b43124de4a06d6e55df8921a7df7e82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:c7:e5:0e:b9:0f:2a:df:04:06:44:61:d4:2a:
                    f7:8e:68:8b:15:80:02:51:a4:9c:d4:5e:82:0f:8b:
                    5a:e1:e8:c2:54:f4:15:4a:bc:b8:cd:66:70:6d:5f:
                    62:eb:57:f9:f8:8e:d3:7f:30:5d:71:7e:8a:d4:eb:
                    4c:46:a9:47:94:17:2d:54:d2:3e:e7:81:b4:99:b3:
                    4a:cd:50:de:5c:bf:84:03:c5:6a:e2:a9:f5:c3:a4:
                    8c:a9:7e:a7:16:a1:ee:e9:79:1e:66:60:a4:0f:e4:
                    8a:cf:ab:2f:1f:73:d3:ed:8a:bc:e4:07:43:75:c5:
                    21:5e:b3:97:c2:7e:ec:f6:7f:4e:72:cd:2f:9d:00:
                    be:4f:44:07:e5:e9:bc:8a:3c:2e:34:ca:e0:c2:83:
                    e9:ec:94:a3:ee:00:ea:e7:c4:d4:08:41:7b:04:0b:
                    ea:2e:81:d7:4c:f5:37:1a:e6:79:6a:12:81:5f:77:
                    b8:81:2e:27:0b:96:cf:c6:79:84:c1:48:3b:a9:f7:
                    5e:65:0d:7c:8c:e8:44:f8:22:ce:97:8f:67:88:58:
                    23:1b:80:33:5c:5b:fe:86:c0:28:c9:26:95:4a:1b:
                    7a:af:14:2d:17:27:1b:20:3d:a2:a1:ba:f8:5d:96:
                    6f:5b:5e:05:f1:fe:d7:81:48:b0:a6:ab:82:f9:82:
                    79:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:25:01:6B:0B:43:12:4D:E4:A0:6D:6E:55:DF:89:21:A7:DF:7E:82
            X509v3 Authority Key Identifier:
                keyid:FA:E0:14:64:A6:95:B0:F6:F5:2F:51:1B:CC:12:40:FA:28:4D:3D:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-uAUZKaVsPb1L1EbzBJA-ihNPc8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/1c6704-510a-4800-a890-32352f96a621/1/fSUBawtDEk3koG1uVd-JIafffoI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/1c6704-510a-4800-a890-32352f96a621/1/1-uAUZKaVsPb1L1EbzBJA-ihNPc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:56:45:7a:17:f0:d2:76:24:88:30:c7:c3:6c:81:a9:58:0e:
         8b:c6:ae:e1:ef:10:06:ab:00:e3:f5:93:8b:e9:bb:b8:da:97:
         d4:3b:d3:12:d9:36:45:a3:d0:53:9d:ce:b5:d9:25:30:8d:76:
         34:ba:6e:6c:78:28:53:ad:23:13:2e:2c:69:a4:74:0c:58:33:
         53:48:da:e7:d3:bb:d4:e3:7d:d1:6a:0d:53:ad:af:aa:02:88:
         86:1b:74:c0:2e:56:7c:5f:b9:fa:6f:73:f4:00:73:d4:7c:1e:
         9f:cc:72:45:86:f5:a8:4c:90:8c:94:13:85:b2:62:06:b3:fe:
         a8:39:03:8c:6c:43:da:e1:52:6b:fb:2a:6d:b2:58:72:e2:86:
         b9:2a:f6:8b:b5:cc:9d:b4:2c:c7:f2:22:30:f7:9c:42:c6:f2:
         77:91:19:f0:15:9b:d5:59:2d:64:ec:dc:19:e0:c4:c2:cc:b0:
         41:b5:56:98:dc:ac:df:3d:14:eb:ec:45:43:82:67:d6:1a:d0:
         a3:60:dd:1c:be:42:21:60:b5:c9:66:c7:8a:67:c7:0b:df:d7:
         36:75:6b:2a:c3:09:4f:2f:5b:b0:7c:7e:d0:70:70:f3:9a:11:
         d4:14:45:d8:f7:89:cc:f3:51:b9:5a:42:37:c8:b9:b6:bc:b0:
         59:2d:d1:89
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzC2zqyFUaOcyUCEYZF5UzkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhZTAxNDY0YTY5NWIwZjZmNTJmNTExYmNjMTI0MGZhMjg0
ZDNkY2YwHhcNMjQwMTAxMDIyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDI1MDE2YjBiNDMxMjRkZTRhMDZkNmU1NWRmODkyMWE3ZGY3ZTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs8flDrkPKt8EBkRh1Cr3jmiLFYAC
UaSc1F6CD4ta4ejCVPQVSry4zWZwbV9i61f5+I7TfzBdcX6K1OtMRqlHlBctVNI+
54G0mbNKzVDeXL+EA8Vq4qn1w6SMqX6nFqHu6XkeZmCkD+SKz6svH3PT7Yq85AdD
dcUhXrOXwn7s9n9Ocs0vnQC+T0QH5em8ijwuNMrgwoPp7JSj7gDq58TUCEF7BAvq
LoHXTPU3GuZ5ahKBX3e4gS4nC5bPxnmEwUg7qfdeZQ18jOhE+CLOl49niFgjG4Az
XFv+hsAoySaVSht6rxQtFycbID2iobr4XZZvW14F8f7XgUiwpquC+YJ5xQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFH0lAWsLQxJN5KBtblXfiSGn336CMB8GA1UdIwQY
MBaAFPrgFGSmlbD29S9RG8wSQPooTT3PMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS11QVVaS2FWc1BiMUwxRWJ6QkpBLWloTlBjOC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmMvMWM2NzA0LTUxMGEtNDgwMC1hODkw
LTMyMzUyZjk2YTYyMS8xL2ZTVUJhd3RERWsza29HMXVWZC1KSWFmZmZvSS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYmMvMWM2NzA0LTUxMGEtNDgwMC1hODkwLTMyMzUyZjk2YTYy
MS8xLzEtdUFVWkthVnNQYjFMMUViekJKQS1paE5QYzguY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABb3AIw
DQYJKoZIhvcNAQELBQADggEBAFxWRXoX8NJ2JIgwx8NsgalYDovGruHvEAarAOP1
k4vpu7jal9Q70xLZNkWj0FOdzrXZJTCNdjS6bmx4KFOtIxMuLGmkdAxYM1NI2ufT
u9TjfdFqDVOtr6oCiIYbdMAuVnxfufpvc/QAc9R8Hp/MckWG9ahMkIyUE4WyYgaz
/qg5A4xsQ9rhUmv7Km2yWHLihrkq9ou1zJ20LMfyIjD3nELG8neRGfAVm9VZLWTs
3BngxMLMsEG1VpjcrN89FOvsRUOCZ9Ya0KNg3Ry+QiFgtclmx4pnxwvf1zZ1ayrD
CU8vW7B8ftBwcPOaEdQURdj3iczzUblaQjfIuba8sFkt0Yk=
-----END CERTIFICATE-----