Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/cf0072-10d7-4759-80f6-4296937c9d94/1/FrNAxoOB0VGr4OYDmwJKfbeDxsg.roa
File:                     FrNAxoOB0VGr4OYDmwJKfbeDxsg.roa (raw, json)
Hash identifier:          qcgATYCRBCdLLkBAURyIlJAyfiXdkBjvhtUf/J0h1g4=
Subject key identifier:   16:B3:40:C6:83:81:D1:51:AB:E0:E6:03:9B:02:4A:7D:B7:83:C6:C8
Certificate issuer:       /CN=a5cce7916c7afa649532a7b829a459d6ee5e36bc
Certificate serial:       018CC801459E0B0BBD0E2F9863DD13FFB837
Authority key identifier: A5:CC:E7:91:6C:7A:FA:64:95:32:A7:B8:29:A4:59:D6:EE:5E:36:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pcznkWx6-mSVMqe4KaRZ1u5eNrw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/cf0072-10d7-4759-80f6-4296937c9d94/1/FrNAxoOB0VGr4OYDmwJKfbeDxsg.roa
Signing time:             Tue 02 Jan 2024 02:29:35 +0000
ROA not before:           Tue 02 Jan 2024 02:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208810
IP address blocks:        91.216.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/cf0072-10d7-4759-80f6-4296937c9d94/1/pcznkWx6-mSVMqe4KaRZ1u5eNrw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/cf0072-10d7-4759-80f6-4296937c9d94/1/pcznkWx6-mSVMqe4KaRZ1u5eNrw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pcznkWx6-mSVMqe4KaRZ1u5eNrw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:45:9e:0b:0b:bd:0e:2f:98:63:dd:13:ff:b8:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5cce7916c7afa649532a7b829a459d6ee5e36bc
        Validity
            Not Before: Jan  2 02:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16b340c68381d151abe0e6039b024a7db783c6c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:25:58:54:5b:35:62:11:6f:14:15:74:90:80:
                    76:3a:d7:a5:de:c3:a2:c3:95:52:4a:07:aa:26:64:
                    8c:b1:1e:19:1f:25:3c:fa:5e:ed:1d:b8:97:d2:ed:
                    98:13:85:ae:a6:fc:21:ee:a2:e1:65:f1:6a:3b:b3:
                    f8:27:dc:3e:17:6f:1e:07:f1:51:50:c5:ea:21:f2:
                    a9:c6:c6:a9:26:22:ca:77:c2:b6:87:2e:94:7a:67:
                    37:29:75:3e:ff:60:e8:95:4f:49:86:1b:57:d6:12:
                    13:a2:ef:88:88:3b:75:24:e9:3e:ea:9f:90:56:d9:
                    d9:a0:3f:80:71:dd:ac:66:1d:a7:ab:2b:2e:fa:95:
                    29:5c:54:bb:16:40:fa:2b:5a:e4:7c:00:ae:87:aa:
                    2a:3b:72:ac:f4:44:04:af:0f:83:ca:58:8c:64:dd:
                    3f:79:a5:6f:74:9b:44:3f:fa:4e:5a:c8:f9:6b:44:
                    b5:9e:06:8f:9e:79:18:5a:a5:18:48:3c:00:ef:ee:
                    13:7b:a4:3d:f7:48:fe:0f:6c:19:f9:5e:27:27:83:
                    52:94:5c:56:0e:ba:c4:1b:be:b7:60:59:40:f0:d1:
                    44:22:e3:b8:6e:57:ac:84:1b:3a:2a:3c:8b:87:3b:
                    c9:9b:53:4d:c1:02:bf:49:b3:99:ba:19:94:ea:56:
                    28:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:B3:40:C6:83:81:D1:51:AB:E0:E6:03:9B:02:4A:7D:B7:83:C6:C8
            X509v3 Authority Key Identifier:
                keyid:A5:CC:E7:91:6C:7A:FA:64:95:32:A7:B8:29:A4:59:D6:EE:5E:36:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pcznkWx6-mSVMqe4KaRZ1u5eNrw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/cf0072-10d7-4759-80f6-4296937c9d94/1/FrNAxoOB0VGr4OYDmwJKfbeDxsg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/cf0072-10d7-4759-80f6-4296937c9d94/1/pcznkWx6-mSVMqe4KaRZ1u5eNrw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:03:c7:0e:b8:7f:75:9c:24:2d:f5:ee:32:3c:bd:4e:18:57:
         e1:6b:6d:0b:fe:c1:51:56:25:20:c7:26:d4:38:ff:72:42:1b:
         f8:14:ce:67:76:e3:86:9b:ab:5e:a7:93:46:25:5e:23:3b:8f:
         2e:c8:4d:36:46:48:08:4c:8d:0b:b9:1a:ee:a0:2e:87:cb:0b:
         df:eb:b7:87:bf:e7:6a:04:95:b5:41:d1:0a:a0:11:1a:7f:5c:
         15:92:38:6f:18:04:80:2a:a6:cf:0e:40:34:f7:53:a3:e0:b5:
         51:8f:71:ac:41:25:f5:4e:ac:a6:dd:75:6a:01:20:95:50:c1:
         eb:6e:e5:8c:74:b0:b4:7d:62:5f:c7:0c:60:38:cb:3a:f8:59:
         18:cb:22:b7:ef:28:6e:29:36:2f:47:e1:30:9d:0f:a1:7b:60:
         c0:9c:15:e2:ab:20:67:7d:b1:5c:0e:08:e9:7d:1f:82:ae:b9:
         71:82:a5:07:b9:66:85:21:44:5f:90:5a:7f:3c:2c:36:1c:f9:
         e2:f5:b1:30:8d:aa:e8:af:63:c8:78:5c:57:51:6b:8e:9d:28:
         ea:b4:30:77:dd:65:27:af:d1:15:f1:44:f4:3e:87:d0:80:da:
         cf:24:1d:ef:ba:9a:31:ca:72:b4:32:df:ce:fa:65:24:e4:0f:
         bd:4c:15:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAUWeCwu9Di+YY90T/7g3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1Y2NlNzkxNmM3YWZhNjQ5NTMyYTdiODI5YTQ1OWQ2ZWU1
ZTM2YmMwHhcNMjQwMTAyMDIyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmIzNDBjNjgzODFkMTUxYWJlMGU2MDM5YjAyNGE3ZGI3ODNjNmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyyVYVFs1YhFvFBV0kIB2Otel3sOi
w5VSSgeqJmSMsR4ZHyU8+l7tHbiX0u2YE4Wupvwh7qLhZfFqO7P4J9w+F28eB/FR
UMXqIfKpxsapJiLKd8K2hy6Uemc3KXU+/2DolU9JhhtX1hITou+IiDt1JOk+6p+Q
VtnZoD+Acd2sZh2nqysu+pUpXFS7FkD6K1rkfACuh6oqO3Ks9EQErw+DyliMZN0/
eaVvdJtEP/pOWsj5a0S1ngaPnnkYWqUYSDwA7+4Te6Q990j+D2wZ+V4nJ4NSlFxW
DrrEG763YFlA8NFEIuO4bleshBs6KjyLhzvJm1NNwQK/SbOZuhmU6lYoWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBazQMaDgdFRq+DmA5sCSn23g8bIMB8GA1UdIwQY
MBaAFKXM55FsevpklTKnuCmkWdbuXja8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGN6bmtXeDYtbVNWTXFlNEthUloxdTVlTnJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9jZjAwNzItMTBkNy00NzU5LTgwZjYt
NDI5NjkzN2M5ZDk0LzEvRnJOQXhvT0IwVkdyNE9ZRG13SktmYmVEeHNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9jZjAwNzItMTBkNy00NzU5LTgwZjYtNDI5NjkzN2M5ZDk0
LzEvcGN6bmtXeDYtbVNWTXFlNEthUloxdTVlTnJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9j6MA0G
CSqGSIb3DQEBCwUAA4IBAQARA8cOuH91nCQt9e4yPL1OGFfha20L/sFRViUgxybU
OP9yQhv4FM5nduOGm6tep5NGJV4jO48uyE02RkgITI0LuRruoC6Hywvf67eHv+dq
BJW1QdEKoBEaf1wVkjhvGASAKqbPDkA091Oj4LVRj3GsQSX1Tqym3XVqASCVUMHr
buWMdLC0fWJfxwxgOMs6+FkYyyK37yhuKTYvR+EwnQ+he2DAnBXiqyBnfbFcDgjp
fR+CrrlxgqUHuWaFIURfkFp/PCw2HPni9bEwjaror2PIeFxXUWuOnSjqtDB33WUn
r9EV8UT0PofQgNrPJB3vupoxynK0Mt/O+mUk5A+9TBUv
-----END CERTIFICATE-----