Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/beca4d-70cc-4ca4-b452-0e514062c590/1/fM02RadjW_Nm8Z6j5sjLod_slkQ.roa
File:                     fM02RadjW_Nm8Z6j5sjLod_slkQ.roa (raw, json)
Hash identifier:          ICe15VjAma3vBziaK6Btam0vtXK9QenGFFZ1NlTxP58=
Subject key identifier:   7C:CD:36:45:A7:63:5B:F3:66:F1:9E:A3:E6:C8:CB:A1:DF:EC:96:44
Certificate issuer:       /CN=dd9c30399f638555f4c02e8d1b55bc927225cb51
Certificate serial:       018CC3B725B4C9E0D7AAAAEF17FE6294BF98
Authority key identifier: DD:9C:30:39:9F:63:85:55:F4:C0:2E:8D:1B:55:BC:92:72:25:CB:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3ZwwOZ9jhVX0wC6NG1W8knIly1E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/beca4d-70cc-4ca4-b452-0e514062c590/1/fM02RadjW_Nm8Z6j5sjLod_slkQ.roa
Signing time:             Mon 01 Jan 2024 06:30:09 +0000
ROA not before:           Mon 01 Jan 2024 06:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49773
IP address blocks:        91.218.80.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/beca4d-70cc-4ca4-b452-0e514062c590/1/3ZwwOZ9jhVX0wC6NG1W8knIly1E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/beca4d-70cc-4ca4-b452-0e514062c590/1/3ZwwOZ9jhVX0wC6NG1W8knIly1E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3ZwwOZ9jhVX0wC6NG1W8knIly1E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:25:b4:c9:e0:d7:aa:aa:ef:17:fe:62:94:bf:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd9c30399f638555f4c02e8d1b55bc927225cb51
        Validity
            Not Before: Jan  1 06:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ccd3645a7635bf366f19ea3e6c8cba1dfec9644
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:d9:a8:69:0d:47:71:29:39:8e:ad:7d:bf:17:
                    d7:fa:b1:9b:fd:a7:e1:5f:79:3d:be:62:ac:f6:37:
                    a9:73:9a:ad:fc:84:a4:27:6f:b3:0b:e0:b3:15:09:
                    01:f6:72:b6:f9:20:92:f6:32:51:d7:f0:fc:ab:32:
                    99:c0:6f:ff:5b:0a:32:29:d2:e0:11:a5:3f:33:5d:
                    44:89:67:f4:dc:1b:d6:4e:1d:d5:8e:50:2d:92:e7:
                    40:8e:cd:65:d9:e5:4e:6c:ee:ef:bb:b0:74:d2:9b:
                    1b:5c:3c:03:ae:65:cf:45:9e:5f:94:c2:81:3e:27:
                    d9:73:f4:d9:0c:3d:00:2e:2b:50:14:16:dd:21:aa:
                    76:5b:2d:41:99:e4:76:13:49:66:a0:df:42:57:20:
                    d2:5a:40:4c:b4:bb:2c:1b:31:a0:29:ce:17:1e:7d:
                    d1:a1:ed:54:32:16:57:2f:19:c0:36:06:4d:4c:0f:
                    c5:49:a9:70:60:b0:29:63:29:53:0f:f8:7e:df:0f:
                    8b:f8:3c:b5:65:db:59:06:b3:d3:8e:2c:3b:29:32:
                    77:06:32:ca:f9:af:85:2b:0a:bb:9c:9f:6f:7d:9c:
                    0f:a6:af:1d:79:0f:5e:b7:f6:30:6a:b2:3d:15:9f:
                    8f:59:71:d0:d3:e1:01:55:56:40:18:ab:f9:d2:5d:
                    94:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:CD:36:45:A7:63:5B:F3:66:F1:9E:A3:E6:C8:CB:A1:DF:EC:96:44
            X509v3 Authority Key Identifier:
                keyid:DD:9C:30:39:9F:63:85:55:F4:C0:2E:8D:1B:55:BC:92:72:25:CB:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3ZwwOZ9jhVX0wC6NG1W8knIly1E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/beca4d-70cc-4ca4-b452-0e514062c590/1/fM02RadjW_Nm8Z6j5sjLod_slkQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/beca4d-70cc-4ca4-b452-0e514062c590/1/3ZwwOZ9jhVX0wC6NG1W8knIly1E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.218.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c2:15:cb:cf:72:e9:27:89:7c:27:52:fe:34:fb:fb:a3:87:bb:
         08:7e:1d:3a:cf:4a:83:59:e6:05:82:1e:d5:14:1c:36:57:1a:
         05:c1:96:5d:c4:37:6d:51:91:f2:1f:99:18:30:21:a6:2b:67:
         62:d1:73:cd:1c:c1:a6:9d:26:13:c2:7a:1e:8f:1a:11:0c:1e:
         8e:7d:d6:47:73:6e:9e:14:7c:7c:40:9c:5d:a8:5e:58:0a:99:
         3c:27:7e:48:1b:23:0b:90:07:69:bd:83:08:89:55:87:4a:c6:
         7c:6c:1e:16:ef:8b:d6:39:33:8b:90:20:5a:4a:49:f7:1f:28:
         77:7b:fe:a2:e3:05:47:8f:26:f1:f5:66:f2:ec:9f:e8:c3:8b:
         6d:9e:47:83:e2:95:4e:b2:1d:00:86:62:e2:67:03:51:b7:bd:
         7d:a4:a9:4b:55:63:60:6d:37:63:4e:44:8c:86:dc:c1:7b:09:
         c7:ef:55:b6:dc:04:29:d7:29:92:e2:2a:f0:e0:a9:f6:9a:2e:
         0a:a9:8d:2f:7a:fe:7b:c9:cb:5f:d1:5e:5d:77:7c:65:ac:f4:
         0e:c8:b2:7c:8b:12:cd:25:e1:0b:6a:4c:5a:73:71:dd:c0:7d:
         c3:b9:5d:cb:10:9b:dd:f1:72:2a:fd:f5:0a:15:e2:bc:dd:d0:
         af:e0:05:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtyW0yeDXqqrvF/5ilL+YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkOWMzMDM5OWY2Mzg1NTVmNGMwMmU4ZDFiNTViYzkyNzIy
NWNiNTEwHhcNMjQwMTAxMDYzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2NkMzY0NWE3NjM1YmYzNjZmMTllYTNlNmM4Y2JhMWRmZWM5NjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNmoaQ1HcSk5jq19vxfX+rGb/afh
X3k9vmKs9jepc5qt/ISkJ2+zC+CzFQkB9nK2+SCS9jJR1/D8qzKZwG//WwoyKdLg
EaU/M11EiWf03BvWTh3VjlAtkudAjs1l2eVObO7vu7B00psbXDwDrmXPRZ5flMKB
PifZc/TZDD0ALitQFBbdIap2Wy1BmeR2E0lmoN9CVyDSWkBMtLssGzGgKc4XHn3R
oe1UMhZXLxnANgZNTA/FSalwYLApYylTD/h+3w+L+Dy1ZdtZBrPTjiw7KTJ3BjLK
+a+FKwq7nJ9vfZwPpq8deQ9et/YwarI9FZ+PWXHQ0+EBVVZAGKv50l2U6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHzNNkWnY1vzZvGeo+bIy6Hf7JZEMB8GA1UdIwQY
MBaAFN2cMDmfY4VV9MAujRtVvJJyJctRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1p3d09aOWpoVlgwd0M2TkcxVzhrbklseTFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi9iZWNhNGQtNzBjYy00Y2E0LWI0NTIt
MGU1MTQwNjJjNTkwLzEvZk0wMlJhZGpXX05tOFo2ajVzakxvZF9zbGtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi9iZWNhNGQtNzBjYy00Y2E0LWI0NTItMGU1MTQwNjJjNTkw
LzEvM1p3d09aOWpoVlgwd0M2TkcxVzhrbklseTFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW9pQMA0G
CSqGSIb3DQEBCwUAA4IBAQDCFcvPcukniXwnUv40+/ujh7sIfh06z0qDWeYFgh7V
FBw2VxoFwZZdxDdtUZHyH5kYMCGmK2di0XPNHMGmnSYTwnoejxoRDB6OfdZHc26e
FHx8QJxdqF5YCpk8J35IGyMLkAdpvYMIiVWHSsZ8bB4W74vWOTOLkCBaSkn3Hyh3
e/6i4wVHjybx9Wby7J/ow4ttnkeD4pVOsh0AhmLiZwNRt719pKlLVWNgbTdjTkSM
htzBewnH71W23AQp1ymS4irw4Kn2mi4KqY0vev57yctf0V5dd3xlrPQOyLJ8ixLN
JeELakxac3HdwH3DuV3LEJvd8XIq/fUKFeK83dCv4AW7
-----END CERTIFICATE-----