Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/7bd68c-a036-4cfe-b763-af90362bd3ba/1/Fa-PsUVAo2LCYN6vvOHtJu-hRO8.roa
File:                     Fa-PsUVAo2LCYN6vvOHtJu-hRO8.roa (raw, json)
Hash identifier:          3PMn0wf5gDjVCAJoNNCoitD7qjf7aIRgLADbRD8hAB0=
Subject key identifier:   15:AF:8F:B1:45:40:A3:62:C2:60:DE:AF:BC:E1:ED:26:EF:A1:44:EF
Certificate issuer:       /CN=8b6e65b82fe4007e82fd2db134cf42c6aec4e0bc
Certificate serial:       018CC72721834ADF708171777678265F54CF
Authority key identifier: 8B:6E:65:B8:2F:E4:00:7E:82:FD:2D:B1:34:CF:42:C6:AE:C4:E0:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i25luC_kAH6C_S2xNM9Cxq7E4Lw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/7bd68c-a036-4cfe-b763-af90362bd3ba/1/Fa-PsUVAo2LCYN6vvOHtJu-hRO8.roa
Signing time:             Mon 01 Jan 2024 22:31:19 +0000
ROA not before:           Mon 01 Jan 2024 22:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42586
IP address blocks:        91.225.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/7bd68c-a036-4cfe-b763-af90362bd3ba/1/i25luC_kAH6C_S2xNM9Cxq7E4Lw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/7bd68c-a036-4cfe-b763-af90362bd3ba/1/i25luC_kAH6C_S2xNM9Cxq7E4Lw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i25luC_kAH6C_S2xNM9Cxq7E4Lw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 16 Nov 2024 17:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:21:83:4a:df:70:81:71:77:76:78:26:5f:54:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6e65b82fe4007e82fd2db134cf42c6aec4e0bc
        Validity
            Not Before: Jan  1 22:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15af8fb14540a362c260deafbce1ed26efa144ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:e1:fc:58:3b:31:f4:d6:68:81:3b:8f:5d:55:
                    3a:6a:73:0b:47:7b:2c:71:c5:94:48:4b:6c:ef:a2:
                    75:b5:64:84:26:06:c2:9f:9e:9c:bb:08:5b:5a:91:
                    9a:0a:dc:45:7a:0f:49:48:54:d3:3b:dc:bf:fc:8b:
                    75:36:8f:d0:d4:de:b7:27:47:78:53:00:12:86:1f:
                    02:a2:bb:0e:87:6a:bd:10:c7:bc:3e:d8:03:b2:37:
                    a8:a7:53:39:85:cf:41:cb:7b:f2:7a:f6:4d:78:ca:
                    4e:39:06:01:25:33:75:3c:a9:e4:d7:d4:c1:b0:81:
                    85:bc:62:ba:f5:a8:f0:41:e5:44:ae:a6:a9:32:32:
                    f6:a1:5a:f5:f5:b9:83:57:8a:27:f9:a4:d2:f2:c4:
                    71:f1:fb:04:16:4b:42:0d:66:c0:fd:84:45:24:f2:
                    34:6b:a3:db:0a:16:bb:19:27:3c:bc:8a:d7:77:54:
                    6e:32:fb:bb:29:97:d4:f3:f3:7d:b4:3b:94:1d:2f:
                    4e:d1:b8:ad:99:dd:52:5a:ac:0d:eb:ad:06:95:db:
                    f3:f3:3a:55:2f:c0:ab:35:63:df:9d:7b:d9:93:3e:
                    20:73:3f:6b:a5:a4:b7:fe:5b:ed:3d:d7:31:1f:41:
                    e0:10:4c:29:17:48:be:74:b9:9b:7a:10:ee:e8:92:
                    45:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:AF:8F:B1:45:40:A3:62:C2:60:DE:AF:BC:E1:ED:26:EF:A1:44:EF
            X509v3 Authority Key Identifier:
                keyid:8B:6E:65:B8:2F:E4:00:7E:82:FD:2D:B1:34:CF:42:C6:AE:C4:E0:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i25luC_kAH6C_S2xNM9Cxq7E4Lw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/7bd68c-a036-4cfe-b763-af90362bd3ba/1/Fa-PsUVAo2LCYN6vvOHtJu-hRO8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/7bd68c-a036-4cfe-b763-af90362bd3ba/1/i25luC_kAH6C_S2xNM9Cxq7E4Lw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.225.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:91:08:bf:99:f0:d0:fd:38:21:04:77:3e:5f:0e:b8:74:05:
         7e:86:e7:db:dc:ad:66:d5:fe:8b:83:6e:f6:70:b7:66:60:b3:
         75:92:b4:34:5c:f8:c5:79:4a:75:9f:3b:57:ab:f4:bb:73:cc:
         93:8d:71:08:2b:a7:76:1f:20:55:aa:92:b7:60:5b:44:fa:19:
         fa:06:38:54:82:02:5a:8a:2b:67:d9:eb:8c:9a:6e:f1:fe:4c:
         b3:95:dc:ad:7d:31:31:bf:90:78:a9:58:92:8b:59:a2:33:7d:
         ce:a7:c6:22:45:b6:33:83:74:0e:97:fb:3b:ba:94:42:f1:e6:
         06:02:05:30:88:cc:71:49:3c:d3:bd:19:30:c9:08:b3:d3:6f:
         a6:8a:84:d9:ad:f0:65:d0:90:e5:12:91:52:cf:ca:71:b0:09:
         42:8d:eb:ad:5e:92:39:05:eb:4a:80:0b:37:1e:68:00:e1:60:
         d7:e2:58:a2:e8:e2:7b:56:de:ae:7d:75:4f:ed:bf:6f:8d:75:
         41:9c:4d:4e:52:97:7f:ac:0b:63:5e:1c:65:15:cb:57:ae:45:
         c9:54:97:34:c0:b1:5f:04:d7:9d:9b:71:21:b5:48:5d:13:3b:
         dd:1d:9c:b6:4c:64:b2:61:a3:28:a8:ea:a5:99:28:d5:e5:89:
         8b:13:ed:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJyGDSt9wgXF3dngmX1TPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiNmU2NWI4MmZlNDAwN2U4MmZkMmRiMTM0Y2Y0MmM2YWVj
NGUwYmMwHhcNMjQwMTAxMjIzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWFmOGZiMTQ1NDBhMzYyYzI2MGRlYWZiY2UxZWQyNmVmYTE0NGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5+H8WDsx9NZogTuPXVU6anMLR3ss
ccWUSEts76J1tWSEJgbCn56cuwhbWpGaCtxFeg9JSFTTO9y//It1No/Q1N63J0d4
UwAShh8CorsOh2q9EMe8PtgDsjeop1M5hc9By3vyevZNeMpOOQYBJTN1PKnk19TB
sIGFvGK69ajwQeVErqapMjL2oVr19bmDV4on+aTS8sRx8fsEFktCDWbA/YRFJPI0
a6PbCha7GSc8vIrXd1RuMvu7KZfU8/N9tDuUHS9O0bitmd1SWqwN660Gldvz8zpV
L8CrNWPfnXvZkz4gcz9rpaS3/lvtPdcxH0HgEEwpF0i+dLmbehDu6JJFswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBWvj7FFQKNiwmDer7zh7SbvoUTvMB8GA1UdIwQY
MBaAFItuZbgv5AB+gv0tsTTPQsauxOC8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTI1bHVDX2tBSDZDX1MyeE5NOUN4cTdFNEx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS83YmQ2OGMtYTAzNi00Y2ZlLWI3NjMt
YWY5MDM2MmJkM2JhLzEvRmEtUHNVVkFvMkxDWU42dnZPSHRKdS1oUk84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS83YmQ2OGMtYTAzNi00Y2ZlLWI3NjMtYWY5MDM2MmJkM2Jh
LzEvaTI1bHVDX2tBSDZDX1MyeE5NOUN4cTdFNEx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+E0MA0G
CSqGSIb3DQEBCwUAA4IBAQBHkQi/mfDQ/TghBHc+Xw64dAV+hufb3K1m1f6Lg272
cLdmYLN1krQ0XPjFeUp1nztXq/S7c8yTjXEIK6d2HyBVqpK3YFtE+hn6BjhUggJa
iitn2euMmm7x/kyzldytfTExv5B4qViSi1miM33Op8YiRbYzg3QOl/s7upRC8eYG
AgUwiMxxSTzTvRkwyQiz02+mioTZrfBl0JDlEpFSz8pxsAlCjeutXpI5BetKgAs3
HmgA4WDX4lii6OJ7Vt6ufXVP7b9vjXVBnE1OUpd/rAtjXhxlFctXrkXJVJc0wLFf
BNedm3EhtUhdEzvdHZy2TGSyYaMoqOqlmSjV5YmLE+2S
-----END CERTIFICATE-----