Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/2fe112-d63e-40ce-a8bc-f3f7bd31a0fe/1/1-8h05c-wk97m9L81JVVxwTFysFo.roa
File:                     1-8h05c-wk97m9L81JVVxwTFysFo.roa (raw, json)
Hash identifier:          sb+xxScH5wWLmO3vHL/BOTPZQlitly/UgGDyT5pggJM=
Subject key identifier:   FB:C8:74:E5:CF:B0:93:DE:E6:F4:BF:35:25:55:71:C1:31:72:B0:5A
Certificate issuer:       /CN=cc81d54dc0fd16ac92534b9a780e26764b2f8f7b
Certificate serial:       018CC64B6052275C74B234AF7E220CBFE2B4
Authority key identifier: CC:81:D5:4D:C0:FD:16:AC:92:53:4B:9A:78:0E:26:76:4B:2F:8F:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zIHVTcD9FqySU0uaeA4mdksvj3s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/2fe112-d63e-40ce-a8bc-f3f7bd31a0fe/1/1-8h05c-wk97m9L81JVVxwTFysFo.roa
Signing time:             Mon 01 Jan 2024 18:31:17 +0000
ROA not before:           Mon 01 Jan 2024 18:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51434
IP address blocks:        91.217.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/2fe112-d63e-40ce-a8bc-f3f7bd31a0fe/1/zIHVTcD9FqySU0uaeA4mdksvj3s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/2fe112-d63e-40ce-a8bc-f3f7bd31a0fe/1/zIHVTcD9FqySU0uaeA4mdksvj3s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zIHVTcD9FqySU0uaeA4mdksvj3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:60:52:27:5c:74:b2:34:af:7e:22:0c:bf:e2:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc81d54dc0fd16ac92534b9a780e26764b2f8f7b
        Validity
            Not Before: Jan  1 18:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fbc874e5cfb093dee6f4bf35255571c13172b05a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:a8:45:aa:f5:67:bf:17:dd:bb:de:6f:1a:3a:
                    b7:01:b4:9e:f2:8f:9f:f7:cb:db:3f:4c:27:3d:3b:
                    7f:d9:76:b0:7f:36:0e:95:73:33:e3:5f:60:f6:7b:
                    d0:89:82:93:1e:46:cf:ef:47:24:70:16:d6:f3:70:
                    17:60:30:f3:8b:4d:23:14:42:06:9a:17:1f:2a:58:
                    38:c8:1d:cb:3d:8d:7c:7c:01:2f:1e:fc:73:eb:dc:
                    69:42:24:ce:85:85:8f:61:77:19:7f:74:38:03:0b:
                    85:b7:68:9c:bb:28:5e:d0:f2:a1:3c:45:ea:c9:91:
                    d5:f4:c9:17:92:fc:c6:77:2f:80:81:7e:29:1f:04:
                    12:4c:64:4f:c4:ff:01:41:7f:bd:ce:b4:0e:15:81:
                    81:2c:96:e9:6b:95:22:1e:4d:7b:63:c8:c4:3f:6b:
                    7c:fc:53:28:e2:a1:91:06:5d:00:53:fc:e0:1a:a2:
                    92:07:a3:64:d4:ac:f5:26:48:e9:52:f1:f3:fe:c9:
                    81:fd:77:20:41:55:0c:d1:b1:0e:c5:a1:aa:a0:4d:
                    15:7e:00:3a:e6:d6:1e:49:20:dd:57:b3:cd:8c:f9:
                    06:ea:19:ba:dd:48:0c:da:93:ca:c3:7b:bd:3f:a0:
                    ec:b4:a3:7f:f3:f9:cf:22:dc:83:18:b4:45:2e:bd:
                    b8:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:C8:74:E5:CF:B0:93:DE:E6:F4:BF:35:25:55:71:C1:31:72:B0:5A
            X509v3 Authority Key Identifier:
                keyid:CC:81:D5:4D:C0:FD:16:AC:92:53:4B:9A:78:0E:26:76:4B:2F:8F:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zIHVTcD9FqySU0uaeA4mdksvj3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/2fe112-d63e-40ce-a8bc-f3f7bd31a0fe/1/1-8h05c-wk97m9L81JVVxwTFysFo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/2fe112-d63e-40ce-a8bc-f3f7bd31a0fe/1/zIHVTcD9FqySU0uaeA4mdksvj3s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:02:d4:06:7b:28:25:44:7c:bd:80:c5:0c:42:99:0a:96:ea:
         4e:e6:b3:11:bb:15:79:a1:21:39:6a:be:eb:3e:2b:23:25:28:
         dd:1e:9f:0c:ec:f2:36:ae:c8:69:24:5f:e7:7b:89:89:61:7b:
         8a:19:5f:e7:f9:5a:02:79:9e:94:50:b8:8a:7f:ca:25:88:5e:
         50:52:5a:81:e2:d1:6f:a3:59:ec:8a:3b:e4:54:67:ee:4f:07:
         b7:b2:44:f6:47:b3:8e:00:d5:2b:c3:cd:15:4c:b7:46:96:7b:
         b1:54:79:40:4e:5b:ee:ee:0d:ae:db:e5:1b:e2:23:d5:9e:c2:
         91:b4:14:63:b1:27:22:81:1f:02:f0:2a:5a:03:7b:6a:8a:99:
         80:2a:fd:b0:29:73:36:8a:2e:d3:43:6a:0c:53:ce:18:40:f3:
         99:56:2a:1e:e0:8e:00:0d:82:86:98:f8:d7:22:41:27:76:6d:
         2f:4b:7f:f6:70:01:f8:71:fd:2c:08:38:88:5e:cd:06:67:7a:
         f0:31:0a:e3:6a:6e:b2:97:aa:5b:a3:a6:d2:48:c0:8b:80:f9:
         63:78:78:86:0b:7c:cb:93:1d:85:11:1c:5e:d6:27:b1:3c:cc:
         28:92:4c:90:50:a6:95:b2:bb:dd:8f:ff:b5:08:74:19:6e:1e:
         4b:48:dc:d9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzGS2BSJ1x0sjSvfiIMv+K0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjODFkNTRkYzBmZDE2YWM5MjUzNGI5YTc4MGUyNjc2NGIy
ZjhmN2IwHhcNMjQwMTAxMTgzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmM4NzRlNWNmYjA5M2RlZTZmNGJmMzUyNTU1NzFjMTMxNzJiMDVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqKhFqvVnvxfdu95vGjq3AbSe8o+f
98vbP0wnPTt/2XawfzYOlXMz419g9nvQiYKTHkbP70ckcBbW83AXYDDzi00jFEIG
mhcfKlg4yB3LPY18fAEvHvxz69xpQiTOhYWPYXcZf3Q4AwuFt2icuyhe0PKhPEXq
yZHV9MkXkvzGdy+AgX4pHwQSTGRPxP8BQX+9zrQOFYGBLJbpa5UiHk17Y8jEP2t8
/FMo4qGRBl0AU/zgGqKSB6Nk1Kz1JkjpUvHz/smB/XcgQVUM0bEOxaGqoE0VfgA6
5tYeSSDdV7PNjPkG6hm63UgM2pPKw3u9P6DstKN/8/nPItyDGLRFLr24JwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPvIdOXPsJPe5vS/NSVVccExcrBaMB8GA1UdIwQY
MBaAFMyB1U3A/RasklNLmngOJnZLL497MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveklIVlRjRDlGcXlTVTB1YWVBNG1ka3N2ajNzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy8yZmUxMTItZDYzZS00MGNlLWE4YmMt
ZjNmN2JkMzFhMGZlLzEvMS04aDA1Yy13azk3bTlMODFKVlZ4d1RGeXNGby5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZjcvMmZlMTEyLWQ2M2UtNDBjZS1hOGJjLWYzZjdiZDMxYTBm
ZS8xL3pJSFZUY0Q5RnF5U1UwdWFlQTRtZGtzdmozcy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvZijAN
BgkqhkiG9w0BAQsFAAOCAQEAtgLUBnsoJUR8vYDFDEKZCpbqTuazEbsVeaEhOWq+
6z4rIyUo3R6fDOzyNq7IaSRf53uJiWF7ihlf5/laAnmelFC4in/KJYheUFJageLR
b6NZ7Io75FRn7k8Ht7JE9kezjgDVK8PNFUy3RpZ7sVR5QE5b7u4NrtvlG+Ij1Z7C
kbQUY7EnIoEfAvAqWgN7aoqZgCr9sClzNoou00NqDFPOGEDzmVYqHuCOAA2Chpj4
1yJBJ3ZtL0t/9nAB+HH9LAg4iF7NBmd68DEK42puspeqW6Om0kjAi4D5Y3h4hgt8
y5MdhREcXtYnsTzMKJJMkFCmlbK73Y//tQh0GW4eS0jc2Q==
-----END CERTIFICATE-----