Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/d2dc9b-bcdc-42de-a1ae-42ce2d2be097/1/F5tZk92y2ccmuQLq16f1Iof-8FM.roa
File:                     F5tZk92y2ccmuQLq16f1Iof-8FM.roa (raw, json)
Hash identifier:          2Sp5TffaMBOuqqYtl2U65bxSDuEpxQvkv7NMsIFRA20=
Subject key identifier:   17:9B:59:93:DD:B2:D9:C7:26:B9:02:EA:D7:A7:F5:22:87:FE:F0:53
Certificate issuer:       /CN=fcd6dee0f8ba3c22293d62ec701ef250bcc8d2e7
Certificate serial:       018CFEE132CF5FA5F3F153F1D19CDC63CCB4
Authority key identifier: FC:D6:DE:E0:F8:BA:3C:22:29:3D:62:EC:70:1E:F2:50:BC:C8:D2:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_Nbe4Pi6PCIpPWLscB7yULzI0uc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/d2dc9b-bcdc-42de-a1ae-42ce2d2be097/1/F5tZk92y2ccmuQLq16f1Iof-8FM.roa
Signing time:             Fri 12 Jan 2024 18:13:40 +0000
ROA not before:           Fri 12 Jan 2024 18:13:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52003
IP address blocks:        91.221.178.0/24 maxlen: 24
                          91.221.179.0/24 maxlen: 24
                          2001:678:374::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/d2dc9b-bcdc-42de-a1ae-42ce2d2be097/1/_Nbe4Pi6PCIpPWLscB7yULzI0uc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/d2dc9b-bcdc-42de-a1ae-42ce2d2be097/1/_Nbe4Pi6PCIpPWLscB7yULzI0uc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_Nbe4Pi6PCIpPWLscB7yULzI0uc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:fe:e1:32:cf:5f:a5:f3:f1:53:f1:d1:9c:dc:63:cc:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fcd6dee0f8ba3c22293d62ec701ef250bcc8d2e7
        Validity
            Not Before: Jan 12 18:13:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=179b5993ddb2d9c726b902ead7a7f52287fef053
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:52:25:69:f6:e7:f0:9c:a3:38:66:c8:a3:81:
                    14:1b:f5:46:54:d8:22:ec:81:a3:73:be:f0:7c:84:
                    8a:7e:f5:9c:21:e4:1f:45:54:ee:a1:34:b1:b2:80:
                    cd:7f:0e:15:e6:3a:e0:9f:e6:75:ae:ec:01:86:4a:
                    63:aa:9d:74:13:15:d3:bf:f4:3c:de:0a:36:72:ea:
                    bb:80:ee:1a:39:6d:dc:1b:90:55:8f:4d:4b:08:bc:
                    02:79:ef:9f:46:cb:1c:c9:8a:0d:f9:ab:f8:fc:8a:
                    f0:74:a1:0e:27:c1:22:99:0e:6a:91:26:c8:10:cd:
                    5d:33:1d:6f:ef:eb:b2:e8:f1:3a:4d:a8:7b:09:d3:
                    69:54:72:35:3e:d6:d2:27:a9:9b:aa:a2:bf:2c:7d:
                    e3:47:b5:bf:26:96:02:6b:5a:f8:cf:1e:d9:90:0c:
                    fb:09:8f:4e:77:c7:21:d5:ec:46:83:c4:bf:15:9b:
                    1a:87:81:6e:14:07:b4:3f:79:3c:66:00:81:d6:9b:
                    40:a9:54:6e:9f:60:bf:ac:51:1a:da:30:01:76:73:
                    ca:b4:af:68:07:cc:e1:4a:6c:0b:9b:18:ac:9b:ce:
                    71:cf:5b:38:9d:80:46:b8:ef:6f:49:a1:cc:04:87:
                    83:c0:73:22:8a:85:1c:a3:e2:b7:51:bd:fa:74:43:
                    37:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:9B:59:93:DD:B2:D9:C7:26:B9:02:EA:D7:A7:F5:22:87:FE:F0:53
            X509v3 Authority Key Identifier:
                keyid:FC:D6:DE:E0:F8:BA:3C:22:29:3D:62:EC:70:1E:F2:50:BC:C8:D2:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_Nbe4Pi6PCIpPWLscB7yULzI0uc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/d2dc9b-bcdc-42de-a1ae-42ce2d2be097/1/F5tZk92y2ccmuQLq16f1Iof-8FM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/d2dc9b-bcdc-42de-a1ae-42ce2d2be097/1/_Nbe4Pi6PCIpPWLscB7yULzI0uc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.178.0/23
                IPv6:
                  2001:678:374::/48

    Signature Algorithm: sha256WithRSAEncryption
         09:96:67:a8:29:1c:da:2c:f2:8e:da:00:df:e6:47:1e:89:45:
         4b:32:d3:fb:f6:d0:50:bb:ac:5f:1c:e3:b1:bd:f4:3a:c8:87:
         29:33:44:80:43:2e:48:fe:7e:ed:4d:30:18:8f:82:12:b9:73:
         5c:b5:5a:7d:c9:8c:a7:52:8b:34:f7:44:7b:5f:3d:49:62:b6:
         49:fe:c4:70:a9:fc:a2:f1:c7:9a:fe:1a:fa:1f:91:6a:d8:d8:
         13:7c:76:5c:95:f8:85:72:55:53:0d:57:e3:55:dc:47:92:08:
         83:10:3f:fb:1a:ee:95:a5:d2:05:ca:2d:a3:b9:37:ec:2a:17:
         aa:1b:a3:d9:9e:40:76:07:5d:d0:b1:2d:e7:29:75:47:b0:ef:
         7d:c9:e6:e3:14:8c:c3:a9:d0:00:14:17:d4:2f:4e:e5:5b:e5:
         37:3c:ae:26:27:42:8e:f0:b4:34:6f:7a:48:51:70:4b:6c:c9:
         63:c1:ba:95:eb:0d:cb:f0:a8:2e:f6:51:5e:f3:80:89:1a:1d:
         9a:15:2c:d7:b3:a8:f0:b6:af:b8:24:76:47:2c:ab:ff:d8:bb:
         71:c1:69:ae:b5:53:ba:fc:68:84:24:01:38:07:20:61:63:07:
         01:a0:9b:7b:d6:3a:24:a7:9f:07:1c:79:cf:79:b5:ec:1c:e1:
         9f:59:72:95
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYz+4TLPX6Xz8VPx0ZzcY8y0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjZDZkZWUwZjhiYTNjMjIyOTNkNjJlYzcwMWVmMjUwYmNj
OGQyZTcwHhcNMjQwMTEyMTgxMzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzliNTk5M2RkYjJkOWM3MjZiOTAyZWFkN2E3ZjUyMjg3ZmVmMDUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlIlafbn8JyjOGbIo4EUG/VGVNgi
7IGjc77wfISKfvWcIeQfRVTuoTSxsoDNfw4V5jrgn+Z1ruwBhkpjqp10ExXTv/Q8
3go2cuq7gO4aOW3cG5BVj01LCLwCee+fRsscyYoN+av4/IrwdKEOJ8EimQ5qkSbI
EM1dMx1v7+uy6PE6Tah7CdNpVHI1PtbSJ6mbqqK/LH3jR7W/JpYCa1r4zx7ZkAz7
CY9Od8ch1exGg8S/FZsah4FuFAe0P3k8ZgCB1ptAqVRun2C/rFEa2jABdnPKtK9o
B8zhSmwLmxism85xz1s4nYBGuO9vSaHMBIeDwHMiioUco+K3Ub36dEM3gwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBebWZPdstnHJrkC6ten9SKH/vBTMB8GA1UdIwQY
MBaAFPzW3uD4ujwiKT1i7HAe8lC8yNLnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX05iZTRQaTZQQ0lwUFdMc2NCN3lVTHpJMHVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9kMmRjOWItYmNkYy00MmRlLWExYWUt
NDJjZTJkMmJlMDk3LzEvRjV0Wms5MnkyY2NtdVFMcTE2ZjFJb2YtOEZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9kMmRjOWItYmNkYy00MmRlLWExYWUtNDJjZTJkMmJlMDk3
LzEvX05iZTRQaTZQQ0lwUFdMc2NCN3lVTHpJMHVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBW92yMA8E
AgACMAkDBwAgAQZ4A3QwDQYJKoZIhvcNAQELBQADggEBAAmWZ6gpHNos8o7aAN/m
Rx6JRUsy0/v20FC7rF8c47G99DrIhykzRIBDLkj+fu1NMBiPghK5c1y1Wn3JjKdS
izT3RHtfPUlitkn+xHCp/KLxx5r+GvofkWrY2BN8dlyV+IVyVVMNV+NV3EeSCIMQ
P/sa7pWl0gXKLaO5N+wqF6obo9meQHYHXdCxLecpdUew733J5uMUjMOp0AAUF9Qv
TuVb5Tc8riYnQo7wtDRvekhRcEtsyWPBupXrDcvwqC72UV7zgIkaHZoVLNezqPC2
r7gkdkcsq//Yu3HBaa61U7r8aIQkATgHIGFjBwGgm3vWOiSnnwccec95tewc4Z9Z
cpU=
-----END CERTIFICATE-----