Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/af31ab-2e34-47fb-9611-223a4d94709e/1/_LIBqziFSfuVNlQZGD0nEjo-rek.roa
File:                     _LIBqziFSfuVNlQZGD0nEjo-rek.roa (raw, json)
Hash identifier:          7OQUCJ2vajQFS+tSVITWfT1rHl+9oxMR5sEAhuiUT1I=
Subject key identifier:   FC:B2:01:AB:38:85:49:FB:95:36:54:19:18:3D:27:12:3A:3E:AD:E9
Certificate issuer:       /CN=b32bb7f2fa8c414c67188bdabbfb76215693ba87
Certificate serial:       01909BF3A5475713DC762F9E7D495A385906
Authority key identifier: B3:2B:B7:F2:FA:8C:41:4C:67:18:8B:DA:BB:FB:76:21:56:93:BA:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/syu38vqMQUxnGIvau_t2IVaTuoc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/af31ab-2e34-47fb-9611-223a4d94709e/1/_LIBqziFSfuVNlQZGD0nEjo-rek.roa
Signing time:             Wed 10 Jul 2024 09:22:34 +0000
ROA not before:           Wed 10 Jul 2024 09:22:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57550
IP address blocks:        91.232.236.0/23 maxlen: 23
                          91.232.236.0/24 maxlen: 24
                          91.232.237.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/af31ab-2e34-47fb-9611-223a4d94709e/1/syu38vqMQUxnGIvau_t2IVaTuoc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/af31ab-2e34-47fb-9611-223a4d94709e/1/syu38vqMQUxnGIvau_t2IVaTuoc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/syu38vqMQUxnGIvau_t2IVaTuoc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:19:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:9b:f3:a5:47:57:13:dc:76:2f:9e:7d:49:5a:38:59:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b32bb7f2fa8c414c67188bdabbfb76215693ba87
        Validity
            Not Before: Jul 10 09:22:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fcb201ab388549fb95365419183d27123a3eade9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:70:8a:e7:70:d6:03:b1:5f:bb:a9:a2:5a:f3:
                    0d:4b:98:4d:61:10:e0:85:cf:ca:cc:24:8e:ae:a5:
                    2e:07:b4:66:f8:49:00:cc:86:c8:6d:7f:7d:38:24:
                    06:a5:23:28:10:52:0c:b0:a4:97:ee:43:1a:8f:0f:
                    03:4d:44:79:1d:83:15:af:11:48:57:df:92:55:61:
                    5f:71:99:fc:74:a6:71:8f:23:2c:58:7c:34:cc:4d:
                    dc:52:cf:8a:a7:29:85:01:7f:d0:a8:52:06:01:7c:
                    a4:64:49:33:e4:a5:0d:50:90:a0:4e:27:c1:39:1c:
                    75:7c:5e:38:63:33:85:11:a0:a9:47:67:aa:a7:6f:
                    cd:57:ad:85:21:6d:49:d7:ba:e4:64:da:da:f4:86:
                    07:02:96:e8:64:0f:33:48:be:f6:9c:25:3e:64:34:
                    a5:b7:dc:e9:15:c0:e2:a6:e1:61:dc:27:fa:89:ae:
                    4b:40:f0:f7:78:e1:72:25:db:5a:ff:6d:6f:93:88:
                    6d:c4:12:dd:26:23:e2:35:2d:d7:78:a8:a4:d6:b3:
                    1c:20:13:4a:be:df:62:0f:f8:f5:24:f4:94:8f:4c:
                    c2:a4:8a:52:d4:bf:ab:5d:f4:8a:19:69:ff:86:75:
                    2b:04:4f:25:63:c8:e3:37:cf:17:3d:f9:27:cc:81:
                    fc:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:B2:01:AB:38:85:49:FB:95:36:54:19:18:3D:27:12:3A:3E:AD:E9
            X509v3 Authority Key Identifier:
                keyid:B3:2B:B7:F2:FA:8C:41:4C:67:18:8B:DA:BB:FB:76:21:56:93:BA:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/syu38vqMQUxnGIvau_t2IVaTuoc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/af31ab-2e34-47fb-9611-223a4d94709e/1/_LIBqziFSfuVNlQZGD0nEjo-rek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/af31ab-2e34-47fb-9611-223a4d94709e/1/syu38vqMQUxnGIvau_t2IVaTuoc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.232.236.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2a:ba:4e:9b:53:d5:fc:09:21:75:d5:81:0c:b5:ab:b6:fb:7b:
         5e:2b:bf:30:c8:6e:7b:48:f1:28:11:ae:da:6b:2e:1e:c2:4b:
         bf:52:07:5a:04:00:3a:81:18:31:df:79:de:93:ec:3b:9d:12:
         93:61:77:97:a8:43:d4:5f:43:a4:a0:68:82:a4:7e:58:68:d3:
         aa:2b:63:47:87:1f:dd:70:55:72:27:a6:45:42:e8:35:f8:40:
         1f:af:68:03:10:91:9c:89:a8:83:20:28:fb:96:4c:54:4d:bc:
         08:4f:fa:ef:eb:b7:5c:10:c8:0a:a0:20:dc:b9:ba:82:52:8c:
         bb:92:28:35:cf:ea:42:3e:1a:a3:27:98:83:6a:68:95:be:ab:
         2b:66:76:5c:9b:d4:d4:ba:10:58:bb:ef:31:6c:96:2b:81:90:
         48:6b:56:b3:4b:8f:71:2b:59:d9:24:22:21:c1:e1:d4:da:a6:
         67:fc:2e:b5:41:2a:82:f9:a1:50:8d:60:69:1d:a0:e6:b9:31:
         8f:07:76:a5:30:85:03:33:f1:f5:25:70:4f:54:b7:f6:47:f7:
         ad:91:e5:08:9c:57:0b:da:14:6d:2e:6e:97:62:c4:70:1c:06:
         a4:de:1d:ce:bd:56:65:de:3e:d6:64:97:d3:ba:1e:a0:b3:35:
         73:7c:b9:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCb86VHVxPcdi+efUlaOFkGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMmJiN2YyZmE4YzQxNGM2NzE4OGJkYWJiZmI3NjIxNTY5
M2JhODcwHhcNMjQwNzEwMDkyMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2IyMDFhYjM4ODU0OWZiOTUzNjU0MTkxODNkMjcxMjNhM2VhZGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqnCK53DWA7Ffu6miWvMNS5hNYRDg
hc/KzCSOrqUuB7Rm+EkAzIbIbX99OCQGpSMoEFIMsKSX7kMajw8DTUR5HYMVrxFI
V9+SVWFfcZn8dKZxjyMsWHw0zE3cUs+KpymFAX/QqFIGAXykZEkz5KUNUJCgTifB
ORx1fF44YzOFEaCpR2eqp2/NV62FIW1J17rkZNra9IYHApboZA8zSL72nCU+ZDSl
t9zpFcDipuFh3Cf6ia5LQPD3eOFyJdta/21vk4htxBLdJiPiNS3XeKik1rMcIBNK
vt9iD/j1JPSUj0zCpIpS1L+rXfSKGWn/hnUrBE8lY8jjN88XPfknzIH8IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPyyAas4hUn7lTZUGRg9JxI6Pq3pMB8GA1UdIwQY
MBaAFLMrt/L6jEFMZxiL2rv7diFWk7qHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3l1Mzh2cU1RVXhuR0l2YXVfdDJJVmFUdW9jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9hZjMxYWItMmUzNC00N2ZiLTk2MTEt
MjIzYTRkOTQ3MDllLzEvX0xJQnF6aUZTZnVWTmxRWkdEMG5Fam8tcmVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9hZjMxYWItMmUzNC00N2ZiLTk2MTEtMjIzYTRkOTQ3MDll
LzEvc3l1Mzh2cU1RVXhuR0l2YXVfdDJJVmFUdW9jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+jsMA0G
CSqGSIb3DQEBCwUAA4IBAQAquk6bU9X8CSF11YEMtau2+3teK78wyG57SPEoEa7a
ay4ewku/UgdaBAA6gRgx33nek+w7nRKTYXeXqEPUX0OkoGiCpH5YaNOqK2NHhx/d
cFVyJ6ZFQug1+EAfr2gDEJGciaiDICj7lkxUTbwIT/rv67dcEMgKoCDcubqCUoy7
kig1z+pCPhqjJ5iDamiVvqsrZnZcm9TUuhBYu+8xbJYrgZBIa1azS49xK1nZJCIh
weHU2qZn/C61QSqC+aFQjWBpHaDmuTGPB3alMIUDM/H1JXBPVLf2R/etkeUInFcL
2hRtLm6XYsRwHAak3h3OvVZl3j7WZJfTuh6gszVzfLnW
-----END CERTIFICATE-----