Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/25d092-81a4-47f3-bdc6-19778c87fed5/1/fcfTb-KxX8grnScpAE65RL7lZDI.roa
File:                     fcfTb-KxX8grnScpAE65RL7lZDI.roa (raw, json)
Hash identifier:          OWZCebtRXOHXSwktsh5UuZpJp4YhRyyEyP5tZE5m/70=
Subject key identifier:   7D:C7:D3:6F:E2:B1:5F:C8:2B:9D:27:29:00:4E:B9:44:BE:E5:64:32
Certificate issuer:       /CN=f95918f76b2e04b175144e23cbe48a63cc9aaa8f
Certificate serial:       018CC8DF75F6CEBBC90AE27198AFE757F8DA
Authority key identifier: F9:59:18:F7:6B:2E:04:B1:75:14:4E:23:CB:E4:8A:63:CC:9A:AA:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-VkY92suBLF1FE4jy-SKY8yaqo8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/25d092-81a4-47f3-bdc6-19778c87fed5/1/fcfTb-KxX8grnScpAE65RL7lZDI.roa
Signing time:             Tue 02 Jan 2024 06:32:17 +0000
ROA not before:           Tue 02 Jan 2024 06:32:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31554
IP address blocks:        91.220.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/25d092-81a4-47f3-bdc6-19778c87fed5/1/1-VkY92suBLF1FE4jy-SKY8yaqo8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/25d092-81a4-47f3-bdc6-19778c87fed5/1/1-VkY92suBLF1FE4jy-SKY8yaqo8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-VkY92suBLF1FE4jy-SKY8yaqo8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:75:f6:ce:bb:c9:0a:e2:71:98:af:e7:57:f8:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f95918f76b2e04b175144e23cbe48a63cc9aaa8f
        Validity
            Not Before: Jan  2 06:32:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7dc7d36fe2b15fc82b9d2729004eb944bee56432
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:10:fd:34:4d:a6:32:78:f1:fb:d1:4e:2c:36:
                    88:6b:1b:f4:74:cd:fd:fe:af:14:38:32:82:88:fe:
                    ec:bd:17:be:33:42:f9:81:25:c8:00:37:63:0a:ca:
                    70:27:25:b5:a6:27:44:48:1c:8c:e0:72:23:43:4c:
                    fd:8a:0c:08:18:67:55:90:cb:98:6a:69:f1:2a:a9:
                    43:ba:34:65:7c:e4:b2:27:fa:22:7d:dd:76:4f:e2:
                    6e:63:9d:d0:a4:ce:ca:73:88:68:e6:ca:25:d6:a8:
                    06:0d:13:44:de:eb:ff:67:3a:dd:64:2f:62:3b:72:
                    99:9d:ea:64:43:c6:17:fd:f3:a2:17:11:61:49:31:
                    3e:4b:91:20:3f:bb:42:51:61:69:f7:d2:df:0b:6d:
                    33:50:01:3e:f3:a3:b7:3d:09:e7:c6:80:45:cf:c4:
                    16:7a:05:3d:a7:fc:b1:a9:25:92:f8:77:2f:45:7a:
                    7f:23:6c:52:65:43:8c:19:c8:31:b7:aa:03:4f:37:
                    31:4f:48:91:b9:9f:4e:27:59:85:7f:2d:72:74:6a:
                    89:43:85:23:a3:8f:fd:03:0e:5e:64:3f:d5:99:e2:
                    28:3a:09:30:ad:56:8d:51:c7:a2:9c:df:77:1f:de:
                    f8:d6:92:48:dd:30:0d:d5:54:64:99:44:18:08:5d:
                    4e:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:C7:D3:6F:E2:B1:5F:C8:2B:9D:27:29:00:4E:B9:44:BE:E5:64:32
            X509v3 Authority Key Identifier:
                keyid:F9:59:18:F7:6B:2E:04:B1:75:14:4E:23:CB:E4:8A:63:CC:9A:AA:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-VkY92suBLF1FE4jy-SKY8yaqo8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/25d092-81a4-47f3-bdc6-19778c87fed5/1/fcfTb-KxX8grnScpAE65RL7lZDI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/25d092-81a4-47f3-bdc6-19778c87fed5/1/1-VkY92suBLF1FE4jy-SKY8yaqo8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:fe:7a:7f:66:f7:60:90:c5:c5:e9:e2:82:85:5b:81:b0:48:
         dd:2c:66:de:7c:0a:a8:1e:05:e6:cf:dd:26:77:32:ce:12:ab:
         72:5f:41:16:1a:d8:60:28:5e:d9:93:83:96:13:01:23:77:65:
         78:3c:73:0c:9e:38:e4:15:c2:36:c9:a9:37:da:aa:85:1d:40:
         5e:23:ae:9f:0b:e7:dd:f1:c8:c5:3e:7c:a4:07:be:19:f6:50:
         32:f7:ee:d9:aa:9f:b2:90:fa:98:ca:a5:85:4d:cb:9b:11:e8:
         15:f5:4a:50:8e:b6:89:6a:4e:33:f0:da:ca:e6:bb:cf:f6:68:
         3f:a3:9e:bc:e3:cc:00:8d:e6:27:dc:be:2a:8b:12:1a:9c:9a:
         6b:00:e6:35:e3:41:d1:d5:0b:fd:04:1c:4d:d8:a0:bf:01:88:
         dc:d5:6d:3f:e8:25:5a:f1:5d:b5:5a:1b:c1:e6:1b:d6:39:2f:
         51:0c:cd:11:47:4d:41:27:2a:ae:26:66:1b:ce:3c:9f:6a:50:
         f1:77:2e:10:da:00:75:af:df:a0:c5:d3:80:f4:2d:04:ee:5b:
         3c:5e:25:b4:d0:4a:49:49:6d:94:8d:84:0f:36:0c:71:48:0e:
         d3:1b:f0:27:63:0b:84:94:fb:f5:10:e0:aa:49:84:cc:d2:80:
         6c:ca:bb:88
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzI33X2zrvJCuJxmK/nV/jaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5NTkxOGY3NmIyZTA0YjE3NTE0NGUyM2NiZTQ4YTYzY2M5
YWFhOGYwHhcNMjQwMTAyMDYzMjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGM3ZDM2ZmUyYjE1ZmM4MmI5ZDI3MjkwMDRlYjk0NGJlZTU2NDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoxD9NE2mMnjx+9FOLDaIaxv0dM39
/q8UODKCiP7svRe+M0L5gSXIADdjCspwJyW1pidESByM4HIjQ0z9igwIGGdVkMuY
amnxKqlDujRlfOSyJ/oifd12T+JuY53QpM7Kc4ho5sol1qgGDRNE3uv/ZzrdZC9i
O3KZnepkQ8YX/fOiFxFhSTE+S5EgP7tCUWFp99LfC20zUAE+86O3PQnnxoBFz8QW
egU9p/yxqSWS+HcvRXp/I2xSZUOMGcgxt6oDTzcxT0iRuZ9OJ1mFfy1ydGqJQ4Uj
o4/9Aw5eZD/VmeIoOgkwrVaNUceinN93H9741pJI3TAN1VRkmUQYCF1OYQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFH3H02/isV/IK50nKQBOuUS+5WQyMB8GA1UdIwQY
MBaAFPlZGPdrLgSxdRROI8vkimPMmqqPMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1Wa1k5MnN1QkxGMUZFNGp5LVNLWTh5YXFvOC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmEvMjVkMDkyLTgxYTQtNDdmMy1iZGM2
LTE5Nzc4Yzg3ZmVkNS8xL2ZjZlRiLUt4WDhncm5TY3BBRTY1Ukw3bFpESS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZmEvMjVkMDkyLTgxYTQtNDdmMy1iZGM2LTE5Nzc4Yzg3ZmVk
NS8xLzEtVmtZOTJzdUJMRjFGRTRqeS1TS1k4eWFxbzguY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABb3Ogw
DQYJKoZIhvcNAQELBQADggEBAAD+en9m92CQxcXp4oKFW4GwSN0sZt58CqgeBebP
3SZ3Ms4Sq3JfQRYa2GAoXtmTg5YTASN3ZXg8cwyeOOQVwjbJqTfaqoUdQF4jrp8L
593xyMU+fKQHvhn2UDL37tmqn7KQ+pjKpYVNy5sR6BX1SlCOtolqTjPw2srmu8/2
aD+jnrzjzACN5ifcviqLEhqcmmsA5jXjQdHVC/0EHE3YoL8BiNzVbT/oJVrxXbVa
G8HmG9Y5L1EMzRFHTUEnKq4mZhvOPJ9qUPF3LhDaAHWv36DF04D0LQTuWzxeJbTQ
SklJbZSNhA82DHFIDtMb8CdjC4SU+/UQ4KpJhMzSgGzKu4g=
-----END CERTIFICATE-----