Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/fk9it40M-2RQGR7NTq2hjOBLIqM.roa
File:                     fk9it40M-2RQGR7NTq2hjOBLIqM.roa (raw, json)
Hash identifier:          +iC8xTpeOe/OUqD72MK8NMkaK8V+82IrpBGyj/f2tms=
Subject key identifier:   7E:4F:62:B7:8D:0C:FB:64:50:19:1E:CD:4E:AD:A1:8C:E0:4B:22:A3
Certificate issuer:       /CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
Certificate serial:       018CC86F2619282C8C001FDBEAC75437A767
Authority key identifier: 2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/fk9it40M-2RQGR7NTq2hjOBLIqM.roa
Signing time:             Tue 02 Jan 2024 04:29:36 +0000
ROA not before:           Tue 02 Jan 2024 04:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29582
IP address blocks:        91.92.48.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:26:19:28:2c:8c:00:1f:db:ea:c7:54:37:a7:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
        Validity
            Not Before: Jan  2 04:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e4f62b78d0cfb6450191ecd4eada18ce04b22a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:cc:f0:54:e0:fa:1c:1a:18:1a:8d:0e:35:ae:
                    cd:22:71:57:5a:b7:e0:84:28:10:04:2b:60:e2:6e:
                    56:f3:89:ea:c0:f5:79:0b:46:14:f7:2e:fb:0e:6c:
                    e9:08:a7:a4:b6:4f:bb:93:e5:f8:37:cb:3b:6d:43:
                    18:86:69:26:fa:be:62:39:e7:ff:0e:a4:de:48:e8:
                    0a:ef:ee:44:0a:28:46:1c:3d:ec:e4:6d:20:c3:f1:
                    e8:f8:ab:87:06:6e:41:3a:ea:a6:b4:9e:5a:4f:0c:
                    3f:4f:09:9b:98:79:9f:7d:b2:90:37:65:48:09:62:
                    de:2f:26:f8:47:48:10:87:dd:49:09:9a:19:51:33:
                    8f:d2:78:7e:26:19:11:76:ef:cc:1a:d2:42:82:92:
                    a3:21:da:06:08:1a:3c:c0:d6:59:fe:b9:97:a9:3b:
                    a0:a2:c6:12:a5:9a:95:87:99:b5:25:b7:98:aa:0e:
                    cc:82:bd:77:29:3f:d0:77:34:45:26:32:49:c0:ba:
                    cd:78:ab:01:d9:bc:6b:97:aa:44:44:88:be:27:64:
                    a9:3c:c0:05:88:fd:d6:09:08:39:ae:7b:d9:6f:48:
                    dd:b9:be:b9:5b:70:3c:24:5c:4d:ab:8c:ec:cc:d5:
                    a4:2d:f2:47:3e:8b:4b:ec:82:d7:00:7a:98:3c:be:
                    2d:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:4F:62:B7:8D:0C:FB:64:50:19:1E:CD:4E:AD:A1:8C:E0:4B:22:A3
            X509v3 Authority Key Identifier:
                keyid:2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/fk9it40M-2RQGR7NTq2hjOBLIqM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.92.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:8c:2c:af:73:d9:c9:85:a2:63:35:a7:30:23:c0:ac:25:f5:
         f5:e3:46:77:55:c2:fa:69:6a:1c:3b:c3:83:35:b4:c9:72:18:
         42:af:d1:63:7a:34:cc:d0:b7:2c:27:3f:ce:55:c9:97:3b:73:
         85:a6:a2:9b:79:d2:68:3d:8d:5f:47:4f:7b:6e:a9:90:18:98:
         16:a4:b0:1e:02:c3:e8:6f:e0:e4:7f:cc:5b:41:a9:e6:48:9f:
         e9:5e:54:81:5a:87:36:40:9d:c7:c4:8c:20:a2:b6:94:e2:fc:
         be:5e:ae:1f:91:8d:4b:2d:0b:9b:31:82:34:fd:f8:db:3f:d4:
         fc:8e:f1:6c:2d:31:ff:69:bc:bb:ff:b4:4a:9c:22:62:45:16:
         5b:63:e0:99:e8:47:88:02:6a:9b:68:93:c4:c7:c8:ac:1b:fa:
         f5:45:3d:f3:c0:52:a1:2b:c9:39:3a:5a:a3:24:41:7b:9a:52:
         3f:34:01:56:3e:f9:eb:75:43:f1:35:64:d2:10:b0:dc:8f:77:
         92:8c:d3:1d:9e:c4:b5:00:1b:c7:44:d1:14:b6:87:fb:75:f3:
         6c:48:0d:26:84:de:4b:6f:b1:3f:b2:27:4a:de:e9:50:57:2e:
         fb:cf:8e:a4:14:b1:5b:f1:f0:e4:10:97:c4:fe:c9:45:b5:d9:
         43:f2:46:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbyYZKCyMAB/b6sdUN6dnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMWNhYTY5MzU4ZjhjOThmN2E3MTlmMjU5N2Q1ZGFkZGJk
MDAxOGMwHhcNMjQwMTAyMDQyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTRmNjJiNzhkMGNmYjY0NTAxOTFlY2Q0ZWFkYTE4Y2UwNGIyMmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjczwVOD6HBoYGo0ONa7NInFXWrfg
hCgQBCtg4m5W84nqwPV5C0YU9y77DmzpCKektk+7k+X4N8s7bUMYhmkm+r5iOef/
DqTeSOgK7+5ECihGHD3s5G0gw/Ho+KuHBm5BOuqmtJ5aTww/TwmbmHmffbKQN2VI
CWLeLyb4R0gQh91JCZoZUTOP0nh+JhkRdu/MGtJCgpKjIdoGCBo8wNZZ/rmXqTug
osYSpZqVh5m1JbeYqg7Mgr13KT/QdzRFJjJJwLrNeKsB2bxrl6pERIi+J2SpPMAF
iP3WCQg5rnvZb0jdub65W3A8JFxNq4zszNWkLfJHPotL7ILXAHqYPL4towIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH5PYreNDPtkUBkezU6toYzgSyKjMB8GA1UdIwQY
MBaAFC0cqmk1j4yY96cZ8ll9Xa3b0AGMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2Yjct
MjliMDg1ZGQyM2FkLzEvZms5aXQ0ME0tMlJRR1I3TlRxMmhqT0JMSXFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2YjctMjliMDg1ZGQyM2Fk
LzEvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW1wwMA0G
CSqGSIb3DQEBCwUAA4IBAQA0jCyvc9nJhaJjNacwI8CsJfX140Z3VcL6aWocO8OD
NbTJchhCr9FjejTM0LcsJz/OVcmXO3OFpqKbedJoPY1fR097bqmQGJgWpLAeAsPo
b+Dkf8xbQanmSJ/pXlSBWoc2QJ3HxIwgoraU4vy+Xq4fkY1LLQubMYI0/fjbP9T8
jvFsLTH/aby7/7RKnCJiRRZbY+CZ6EeIAmqbaJPEx8isG/r1RT3zwFKhK8k5Olqj
JEF7mlI/NAFWPvnrdUPxNWTSELDcj3eSjNMdnsS1ABvHRNEUtof7dfNsSA0mhN5L
b7E/sidK3ulQVy77z46kFLFb8fDkEJfE/slFtdlD8ka1
-----END CERTIFICATE-----