Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/FxmeyogJg7kyhz55FJQjgXJMGAI.roa
File:                     FxmeyogJg7kyhz55FJQjgXJMGAI.roa (raw, json)
Hash identifier:          tRWxtmEnVG3Ydiy8gL4MH51MbqCjgJpcJL2q3ymtcR8=
Subject key identifier:   17:19:9E:CA:88:09:83:B9:32:87:3E:79:14:94:23:81:72:4C:18:02
Certificate issuer:       /CN=2c71c96005e13a84a3f31ef1d991777f4b6e31a7
Certificate serial:       018FA94A7E6F50B59110AF78F8C599BE8036
Authority key identifier: 2C:71:C9:60:05:E1:3A:84:A3:F3:1E:F1:D9:91:77:7F:4B:6E:31:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/FxmeyogJg7kyhz55FJQjgXJMGAI.roa
Signing time:             Fri 24 May 2024 06:29:42 +0000
ROA not before:           Fri 24 May 2024 06:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57045
IP address blocks:        91.221.43.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a9:4a:7e:6f:50:b5:91:10:af:78:f8:c5:99:be:80:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c71c96005e13a84a3f31ef1d991777f4b6e31a7
        Validity
            Not Before: May 24 06:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=17199eca880983b932873e7914942381724c1802
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:12:b8:4d:ab:cf:5d:48:58:53:7d:61:7a:3d:
                    b0:12:f0:85:8b:17:26:54:a1:c0:e3:23:96:9c:4f:
                    5d:df:b5:9a:09:da:f0:dd:80:fd:04:fd:22:fc:1a:
                    7a:b5:99:86:41:6b:67:2c:86:6c:64:d9:f8:83:08:
                    4d:70:c1:ae:c2:be:5a:14:09:fb:fd:e7:a8:ef:35:
                    22:45:d2:04:7c:49:95:3a:32:ec:84:eb:8b:5a:87:
                    72:08:db:0e:ce:e4:40:ee:df:74:7b:98:dd:c6:56:
                    9f:8c:35:f8:21:ea:f3:2c:84:68:65:02:e0:bc:d8:
                    f3:b0:1d:07:2d:a8:29:7c:dd:ed:2d:b1:dc:65:a8:
                    1f:39:5d:04:b4:78:60:47:5c:df:1b:bd:71:f6:db:
                    d5:26:97:25:b9:2d:a6:0a:f8:6e:18:23:bf:60:2c:
                    be:e8:bb:a5:80:8a:18:ce:92:69:6c:63:90:50:58:
                    47:71:7f:79:56:d5:fc:7f:4b:f6:e1:11:1b:94:1e:
                    de:12:76:f3:36:bd:67:fe:2b:d4:71:43:01:4d:4f:
                    ac:48:96:b4:32:3c:28:28:ab:74:d4:06:60:49:f4:
                    6d:93:28:0b:f5:66:4d:4b:14:d7:51:7b:d2:48:bf:
                    2b:fc:0f:e0:e2:b0:4c:c5:51:f7:ca:61:10:4d:6a:
                    b8:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:19:9E:CA:88:09:83:B9:32:87:3E:79:14:94:23:81:72:4C:18:02
            X509v3 Authority Key Identifier:
                keyid:2C:71:C9:60:05:E1:3A:84:A3:F3:1E:F1:D9:91:77:7F:4B:6E:31:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/FxmeyogJg7kyhz55FJQjgXJMGAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:91:69:29:63:7a:d6:04:28:8b:7a:a4:67:3e:e6:d2:7f:fa:
         6f:dc:07:5f:6c:aa:67:c7:8c:3e:10:48:5e:57:04:9b:10:bc:
         5c:ba:af:46:81:e8:22:e1:3b:cf:f3:16:46:fe:e9:93:28:38:
         32:87:a4:67:6a:e7:d6:5f:1a:f8:f8:86:1e:7f:19:23:b2:f4:
         d5:06:d1:75:8c:17:31:6e:76:20:4c:39:ff:16:54:63:29:e8:
         4e:fd:63:c2:03:21:b0:a5:e0:02:bd:1d:dd:df:aa:c1:9d:2f:
         70:e6:f8:77:a7:13:f7:b8:cd:55:48:f2:4d:30:47:40:48:86:
         a0:9b:9e:cd:39:ae:e4:8b:0b:9b:bb:f9:0d:f2:c0:11:d9:05:
         ac:66:d2:fe:c9:92:62:68:5d:e9:07:07:45:a9:28:77:c3:2b:
         60:bc:2c:f9:b0:7d:ea:78:e2:8e:02:69:f9:9d:7f:b3:68:58:
         a1:da:7d:f7:d1:d3:dc:1a:c3:94:82:56:97:fb:9a:1d:54:43:
         8d:e5:f2:c8:95:9a:12:3d:bd:8b:ee:5d:f8:2a:64:68:e3:3e:
         0b:34:20:43:1f:c8:24:93:d2:85:f6:f0:18:7e:76:13:f7:a9:
         9a:2a:04:66:2b:97:e6:f9:96:3b:95:d9:14:76:8c:cf:2d:a6:
         ad:a2:02:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+pSn5vULWREK94+MWZvoA2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjNzFjOTYwMDVlMTNhODRhM2YzMWVmMWQ5OTE3NzdmNGI2
ZTMxYTcwHhcNMjQwNTI0MDYyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzE5OWVjYTg4MDk4M2I5MzI4NzNlNzkxNDk0MjM4MTcyNGMxODAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3RK4TavPXUhYU31hej2wEvCFixcm
VKHA4yOWnE9d37WaCdrw3YD9BP0i/Bp6tZmGQWtnLIZsZNn4gwhNcMGuwr5aFAn7
/eeo7zUiRdIEfEmVOjLshOuLWodyCNsOzuRA7t90e5jdxlafjDX4IerzLIRoZQLg
vNjzsB0HLagpfN3tLbHcZagfOV0EtHhgR1zfG71x9tvVJpcluS2mCvhuGCO/YCy+
6LulgIoYzpJpbGOQUFhHcX95VtX8f0v24REblB7eEnbzNr1n/ivUcUMBTU+sSJa0
MjwoKKt01AZgSfRtkygL9WZNSxTXUXvSSL8r/A/g4rBMxVH3ymEQTWq44QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBcZnsqICYO5Moc+eRSUI4FyTBgCMB8GA1UdIwQY
MBaAFCxxyWAF4TqEo/Me8dmRd39LbjGnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEhISllBWGhPb1NqOHg3eDJaRjNmMHR1TWFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9mYTM1NDQtMTAyNS00ZThmLWE4ZmUt
N2EyOGFmMjljZGMyLzEvRnhtZXlvZ0pnN2t5aHo1NUZKUWpnWEpNR0FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9mYTM1NDQtMTAyNS00ZThmLWE4ZmUtN2EyOGFmMjljZGMy
LzEvTEhISllBWGhPb1NqOHg3eDJaRjNmMHR1TWFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW90rMA0G
CSqGSIb3DQEBCwUAA4IBAQCikWkpY3rWBCiLeqRnPubSf/pv3AdfbKpnx4w+EEhe
VwSbELxcuq9Ggegi4TvP8xZG/umTKDgyh6RnaufWXxr4+IYefxkjsvTVBtF1jBcx
bnYgTDn/FlRjKehO/WPCAyGwpeACvR3d36rBnS9w5vh3pxP3uM1VSPJNMEdASIag
m57NOa7kiwubu/kN8sAR2QWsZtL+yZJiaF3pBwdFqSh3wytgvCz5sH3qeOKOAmn5
nX+zaFih2n330dPcGsOUglaX+5odVEON5fLIlZoSPb2L7l34KmRo4z4LNCBDH8gk
k9KF9vAYfnYT96maKgRmK5fm+ZY7ldkUdozPLaatogIR
-----END CERTIFICATE-----