Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/a8c553-3b9e-4edd-a7bb-5237c03b8813/1/fcpRwY96aZV_OWd2jB5UepW7Pxk.roa
File:                     fcpRwY96aZV_OWd2jB5UepW7Pxk.roa (raw, json)
Hash identifier:          hfZ/LHjPDirYxz72ZiP/EKaEy3XxhWUEAXxdAQXEOjU=
Subject key identifier:   7D:CA:51:C1:8F:7A:69:95:7F:39:67:76:8C:1E:54:7A:95:BB:3F:19
Certificate issuer:       /CN=9c7ef2852d4cb2eabc978ec1c5a1a4d09e04afb5
Certificate serial:       018CC8015FC0FE4822289C56635016A6B6AD
Authority key identifier: 9C:7E:F2:85:2D:4C:B2:EA:BC:97:8E:C1:C5:A1:A4:D0:9E:04:AF:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nH7yhS1Msuq8l47BxaGk0J4Er7U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/a8c553-3b9e-4edd-a7bb-5237c03b8813/1/fcpRwY96aZV_OWd2jB5UepW7Pxk.roa
Signing time:             Tue 02 Jan 2024 02:29:42 +0000
ROA not before:           Tue 02 Jan 2024 02:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35913
IP address blocks:        91.199.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/a8c553-3b9e-4edd-a7bb-5237c03b8813/1/nH7yhS1Msuq8l47BxaGk0J4Er7U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/a8c553-3b9e-4edd-a7bb-5237c03b8813/1/nH7yhS1Msuq8l47BxaGk0J4Er7U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nH7yhS1Msuq8l47BxaGk0J4Er7U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:5f:c0:fe:48:22:28:9c:56:63:50:16:a6:b6:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c7ef2852d4cb2eabc978ec1c5a1a4d09e04afb5
        Validity
            Not Before: Jan  2 02:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7dca51c18f7a69957f3967768c1e547a95bb3f19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:0c:8e:50:71:12:31:56:a4:12:41:25:a5:f2:
                    af:cd:05:78:33:dc:08:be:e4:95:31:ae:8d:e8:cf:
                    86:44:04:d8:a4:52:c4:d4:f1:11:2b:3d:95:59:88:
                    21:0e:8f:a7:a8:24:f9:3a:b2:72:fd:1f:57:47:e4:
                    07:5e:d3:c9:a0:96:34:4b:a3:52:a3:5d:95:44:63:
                    c4:75:39:01:a4:fd:56:2a:be:13:42:4d:3a:12:ee:
                    85:65:e4:fb:ac:79:5b:e9:13:62:e4:e0:b1:e0:b9:
                    9b:a5:22:01:2c:51:20:7c:8f:ee:dc:c3:f3:c1:9e:
                    85:56:9d:ea:9c:3c:c3:b9:a9:3a:47:13:7b:78:f1:
                    09:f3:c8:c1:d9:f1:29:4d:ac:bb:90:34:1e:21:35:
                    22:a6:39:e9:26:7a:ed:e3:97:63:41:9c:5e:8d:cd:
                    16:0e:ee:fb:a2:51:73:c4:0a:7a:52:38:82:9d:3c:
                    a5:f5:22:68:94:0f:a5:7b:ba:71:15:87:ac:3f:15:
                    32:ec:3c:c1:ac:fa:9d:72:e6:18:47:17:df:27:d8:
                    e8:14:a5:0d:12:9c:f8:36:e7:ba:9b:00:28:6b:3a:
                    78:cb:91:11:43:7c:c0:a4:0d:f1:59:33:4d:2c:a3:
                    86:19:08:99:e3:2e:8f:7a:c2:c4:32:ef:85:97:7d:
                    5e:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:CA:51:C1:8F:7A:69:95:7F:39:67:76:8C:1E:54:7A:95:BB:3F:19
            X509v3 Authority Key Identifier:
                keyid:9C:7E:F2:85:2D:4C:B2:EA:BC:97:8E:C1:C5:A1:A4:D0:9E:04:AF:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nH7yhS1Msuq8l47BxaGk0J4Er7U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/a8c553-3b9e-4edd-a7bb-5237c03b8813/1/fcpRwY96aZV_OWd2jB5UepW7Pxk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/a8c553-3b9e-4edd-a7bb-5237c03b8813/1/nH7yhS1Msuq8l47BxaGk0J4Er7U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:d9:df:07:ed:3d:18:16:15:c9:36:6a:b4:01:1a:6d:49:de:
         cd:8b:58:4a:79:70:8c:91:b8:ab:54:10:c7:57:e0:f8:27:6f:
         0d:97:0e:ce:6b:11:bf:68:ba:3e:42:78:d3:d7:4e:00:6c:ad:
         12:cc:49:d2:2a:b7:22:1d:5c:48:9d:f2:da:3a:6e:79:8f:3a:
         bc:f1:87:dd:d0:13:db:c6:49:f2:87:c1:51:95:dd:e7:b3:18:
         a9:b2:be:d9:da:9a:c9:f1:62:59:f6:6b:a5:10:6e:b8:71:af:
         98:52:0b:2a:70:66:e4:c7:95:97:69:63:ba:26:d5:ef:40:6b:
         d8:e3:2c:32:a9:65:57:b4:b3:fc:73:0f:a3:ff:ff:89:f9:d4:
         b0:08:c0:aa:16:67:39:03:c9:73:cd:92:a0:a8:25:23:e1:23:
         5e:af:b4:84:e1:21:7b:0a:5e:a7:fe:97:e0:1b:34:3d:a3:16:
         59:47:ba:25:39:24:9c:9e:69:e3:a6:22:ca:05:64:7b:a2:1e:
         96:61:5f:d0:8b:58:68:6d:2f:0b:6f:b6:a7:ed:8c:f6:cd:93:
         bf:4a:da:4f:b5:f9:b3:37:6e:90:5c:c8:90:ee:e8:57:da:af:
         55:61:cc:d0:6d:d2:05:34:97:e9:28:78:09:c9:c0:3e:a4:ee:
         24:fc:81:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAV/A/kgiKJxWY1AWpratMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljN2VmMjg1MmQ0Y2IyZWFiYzk3OGVjMWM1YTFhNGQwOWUw
NGFmYjUwHhcNMjQwMTAyMDIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGNhNTFjMThmN2E2OTk1N2YzOTY3NzY4YzFlNTQ3YTk1YmIzZjE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7AyOUHESMVakEkElpfKvzQV4M9wI
vuSVMa6N6M+GRATYpFLE1PERKz2VWYghDo+nqCT5OrJy/R9XR+QHXtPJoJY0S6NS
o12VRGPEdTkBpP1WKr4TQk06Eu6FZeT7rHlb6RNi5OCx4LmbpSIBLFEgfI/u3MPz
wZ6FVp3qnDzDuak6RxN7ePEJ88jB2fEpTay7kDQeITUipjnpJnrt45djQZxejc0W
Du77olFzxAp6UjiCnTyl9SJolA+le7pxFYesPxUy7DzBrPqdcuYYRxffJ9joFKUN
Epz4Nue6mwAoazp4y5ERQ3zApA3xWTNNLKOGGQiZ4y6PesLEMu+Fl31eFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH3KUcGPemmVfzlndoweVHqVuz8ZMB8GA1UdIwQY
MBaAFJx+8oUtTLLqvJeOwcWhpNCeBK+1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkg3eWhTMU1zdXE4bDQ3QnhhR2swSjRFcjdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9hOGM1NTMtM2I5ZS00ZWRkLWE3YmIt
NTIzN2MwM2I4ODEzLzEvZmNwUndZOTZhWlZfT1dkMmpCNVVlcFc3UHhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9hOGM1NTMtM2I5ZS00ZWRkLWE3YmItNTIzN2MwM2I4ODEz
LzEvbkg3eWhTMU1zdXE4bDQ3QnhhR2swSjRFcjdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8eFMA0G
CSqGSIb3DQEBCwUAA4IBAQBv2d8H7T0YFhXJNmq0ARptSd7Ni1hKeXCMkbirVBDH
V+D4J28Nlw7OaxG/aLo+QnjT104AbK0SzEnSKrciHVxInfLaOm55jzq88Yfd0BPb
xknyh8FRld3nsxipsr7Z2prJ8WJZ9mulEG64ca+YUgsqcGbkx5WXaWO6JtXvQGvY
4ywyqWVXtLP8cw+j//+J+dSwCMCqFmc5A8lzzZKgqCUj4SNer7SE4SF7Cl6n/pfg
GzQ9oxZZR7olOSScnmnjpiLKBWR7oh6WYV/Qi1hobS8Lb7an7Yz2zZO/StpPtfmz
N26QXMiQ7uhX2q9VYczQbdIFNJfpKHgJycA+pO4k/IFd
-----END CERTIFICATE-----