Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/3be865-5c79-47c0-aa4d-1c654e02d75d/1/8GTzP2K734ORtagvy-Fnz2Fc9co.roa
File:                     8GTzP2K734ORtagvy-Fnz2Fc9co.roa (raw, json)
Hash identifier:          WPSzSrhuU7yox2/YcNiJpMioeljolxmAMbRoBUAlJoA=
Subject key identifier:   F0:64:F3:3F:62:BB:DF:83:91:B5:A8:2F:CB:E1:67:CF:61:5C:F5:CA
Certificate issuer:       /CN=f5cf73b3e45f772fae1b915690b317344c3f442b
Certificate serial:       018E578125FC6B3125280030C10AC16CD0E0
Authority key identifier: F5:CF:73:B3:E4:5F:77:2F:AE:1B:91:56:90:B3:17:34:4C:3F:44:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9c9zs-Rfdy-uG5FWkLMXNEw_RCs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/3be865-5c79-47c0-aa4d-1c654e02d75d/1/8GTzP2K734ORtagvy-Fnz2Fc9co.roa
Signing time:             Tue 19 Mar 2024 16:17:45 +0000
ROA not before:           Tue 19 Mar 2024 16:17:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213166
IP address blocks:        91.194.110.0/24 maxlen: 24
                          2a0f:ea81::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/3be865-5c79-47c0-aa4d-1c654e02d75d/1/9c9zs-Rfdy-uG5FWkLMXNEw_RCs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/3be865-5c79-47c0-aa4d-1c654e02d75d/1/9c9zs-Rfdy-uG5FWkLMXNEw_RCs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9c9zs-Rfdy-uG5FWkLMXNEw_RCs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:57:81:25:fc:6b:31:25:28:00:30:c1:0a:c1:6c:d0:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5cf73b3e45f772fae1b915690b317344c3f442b
        Validity
            Not Before: Mar 19 16:17:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f064f33f62bbdf8391b5a82fcbe167cf615cf5ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:67:ca:4f:71:a2:91:2b:b4:5d:91:b4:dc:46:
                    0c:67:ae:35:45:bb:d2:ae:e2:f4:36:b4:fc:6f:2a:
                    c3:7c:26:00:a5:cd:81:d1:a6:8a:04:9f:97:af:ce:
                    26:04:f9:3c:ad:0d:02:3f:7d:31:1a:31:7b:29:61:
                    fd:cf:50:e6:ad:b3:29:ac:10:f7:3a:59:04:11:9c:
                    92:f8:2e:c5:eb:9b:7c:e3:eb:84:f0:35:8c:b3:c8:
                    e7:14:91:69:f5:76:2f:30:5c:1b:bb:db:dc:5f:07:
                    42:cb:46:d1:08:3b:53:68:d5:96:68:67:eb:89:55:
                    57:bb:ad:e5:63:a1:10:6f:70:71:b7:ad:da:3f:68:
                    3c:13:a9:27:f4:c6:5f:78:65:f6:df:12:b5:17:b5:
                    91:f8:e1:e5:20:f8:2b:bc:ca:96:60:28:e8:c6:c5:
                    50:d6:66:09:ff:9a:c2:ca:a8:2a:5a:af:0f:1e:eb:
                    07:0c:ce:5f:63:9c:2b:cd:7c:88:08:df:a9:c4:2a:
                    78:eb:69:15:12:79:40:68:88:f6:c9:47:42:58:e8:
                    0d:9d:cc:37:e3:7b:a9:1d:78:c8:ba:d2:6e:74:52:
                    92:f9:8a:a1:6a:71:ad:ce:3a:4a:5f:d4:7f:55:e9:
                    b3:6f:fe:c0:ea:10:34:1e:b9:d3:e2:89:bf:d1:80:
                    65:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:64:F3:3F:62:BB:DF:83:91:B5:A8:2F:CB:E1:67:CF:61:5C:F5:CA
            X509v3 Authority Key Identifier:
                keyid:F5:CF:73:B3:E4:5F:77:2F:AE:1B:91:56:90:B3:17:34:4C:3F:44:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c9zs-Rfdy-uG5FWkLMXNEw_RCs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/3be865-5c79-47c0-aa4d-1c654e02d75d/1/8GTzP2K734ORtagvy-Fnz2Fc9co.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/3be865-5c79-47c0-aa4d-1c654e02d75d/1/9c9zs-Rfdy-uG5FWkLMXNEw_RCs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.110.0/24
                IPv6:
                  2a0f:ea81::/32

    Signature Algorithm: sha256WithRSAEncryption
         1f:38:61:34:07:1a:fb:65:79:14:8f:9e:2f:da:f7:51:89:d5:
         27:39:84:c6:5f:6f:d9:e6:3b:54:bc:02:ae:e2:19:98:86:72:
         88:ca:0c:47:80:9e:61:03:ed:27:5c:f3:37:81:de:8d:72:38:
         76:65:e0:ee:1a:d3:d2:32:7a:b1:29:50:fa:98:89:b1:00:29:
         a7:4d:78:2c:0b:4d:dd:02:d1:0a:fe:96:6f:4b:62:dc:32:e3:
         11:ac:5d:c7:b7:a2:85:b2:ca:95:ab:62:a0:d0:b6:82:52:51:
         90:3f:f0:94:5f:4c:b0:b6:04:69:3b:47:af:53:98:30:8b:05:
         83:7c:c3:b2:c5:c8:e5:ba:77:f3:4d:dd:30:08:92:36:ec:3d:
         06:3e:e0:dc:a8:47:09:b8:b9:17:09:e3:d4:44:bb:16:72:8b:
         68:15:e3:77:37:4a:ed:02:81:60:57:0c:e8:de:ab:74:24:99:
         ef:13:18:cf:0c:92:ca:48:b7:f7:c6:27:69:04:1a:72:de:2a:
         42:0c:46:a2:0a:a1:39:81:97:c7:3d:bd:f8:81:5d:18:c3:15:
         63:02:b9:74:74:6a:83:c0:14:26:db:47:4e:cc:7e:23:33:d5:
         e9:3a:b8:46:e3:e1:15:ae:3d:7a:3c:da:b0:29:f5:6d:09:73:
         d1:d0:e8:c2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY5XgSX8azElKAAwwQrBbNDgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1Y2Y3M2IzZTQ1Zjc3MmZhZTFiOTE1NjkwYjMxNzM0NGMz
ZjQ0MmIwHhcNMjQwMzE5MTYxNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDY0ZjMzZjYyYmJkZjgzOTFiNWE4MmZjYmUxNjdjZjYxNWNmNWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2fKT3GikSu0XZG03EYMZ641RbvS
ruL0NrT8byrDfCYApc2B0aaKBJ+Xr84mBPk8rQ0CP30xGjF7KWH9z1DmrbMprBD3
OlkEEZyS+C7F65t84+uE8DWMs8jnFJFp9XYvMFwbu9vcXwdCy0bRCDtTaNWWaGfr
iVVXu63lY6EQb3Bxt63aP2g8E6kn9MZfeGX23xK1F7WR+OHlIPgrvMqWYCjoxsVQ
1mYJ/5rCyqgqWq8PHusHDM5fY5wrzXyICN+pxCp462kVEnlAaIj2yUdCWOgNncw3
43upHXjIutJudFKS+YqhanGtzjpKX9R/Vemzb/7A6hA0HrnT4om/0YBlqwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPBk8z9iu9+DkbWoL8vhZ89hXPXKMB8GA1UdIwQY
MBaAFPXPc7PkX3cvrhuRVpCzFzRMP0QrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWM5enMtUmZkeS11RzVGV2tMTVhORXdfUkNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS8zYmU4NjUtNWM3OS00N2MwLWFhNGQt
MWM2NTRlMDJkNzVkLzEvOEdUelAySzczNE9SdGFndnktRm56MkZjOWNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS8zYmU4NjUtNWM3OS00N2MwLWFhNGQtMWM2NTRlMDJkNzVk
LzEvOWM5enMtUmZkeS11RzVGV2tMTVhORXdfUkNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW8JuMA0E
AgACMAcDBQAqD+qBMA0GCSqGSIb3DQEBCwUAA4IBAQAfOGE0Bxr7ZXkUj54v2vdR
idUnOYTGX2/Z5jtUvAKu4hmYhnKIygxHgJ5hA+0nXPM3gd6Ncjh2ZeDuGtPSMnqx
KVD6mImxACmnTXgsC03dAtEK/pZvS2LcMuMRrF3Ht6KFssqVq2Kg0LaCUlGQP/CU
X0ywtgRpO0evU5gwiwWDfMOyxcjlunfzTd0wCJI27D0GPuDcqEcJuLkXCePURLsW
cotoFeN3N0rtAoFgVwzo3qt0JJnvExjPDJLKSLf3xidpBBpy3ipCDEaiCqE5gZfH
Pb34gV0YwxVjArl0dGqDwBQm20dOzH4jM9XpOrhG4+EVrj16PNqwKfVtCXPR0OjC
-----END CERTIFICATE-----