Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/6vtOetDdCiQ86p11LpeAjHmAPeM.roa
File:                     6vtOetDdCiQ86p11LpeAjHmAPeM.roa (raw, json)
Hash identifier:          vgX+W2qdJwmn0IqYHNqW2aJ7S0G9pw19lnpDwhy4t6s=
Subject key identifier:   EA:FB:4E:7A:D0:DD:0A:24:3C:EA:9D:75:2E:97:80:8C:79:80:3D:E3
Certificate issuer:       /CN=4fb2bb7bad50f1921810a028e78edd65f81f6a7d
Certificate serial:       018CC94D91ED6B48B90751F4A8FA4F3E1552
Authority key identifier: 4F:B2:BB:7B:AD:50:F1:92:18:10:A0:28:E7:8E:DD:65:F8:1F:6A:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T7K7e61Q8ZIYEKAo547dZfgfan0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/6vtOetDdCiQ86p11LpeAjHmAPeM.roa
Signing time:             Tue 02 Jan 2024 08:32:33 +0000
ROA not before:           Tue 02 Jan 2024 08:32:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64249
IP address blocks:        91.238.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/T7K7e61Q8ZIYEKAo547dZfgfan0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/T7K7e61Q8ZIYEKAo547dZfgfan0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T7K7e61Q8ZIYEKAo547dZfgfan0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 18:17:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:91:ed:6b:48:b9:07:51:f4:a8:fa:4f:3e:15:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fb2bb7bad50f1921810a028e78edd65f81f6a7d
        Validity
            Not Before: Jan  2 08:32:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eafb4e7ad0dd0a243cea9d752e97808c79803de3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:81:a9:a0:7d:83:69:6f:54:d7:90:1d:1a:57:
                    39:09:72:dc:8e:fd:67:33:c1:1e:e7:43:7b:d3:cd:
                    fc:d6:1d:dd:04:24:0c:af:40:f9:fe:98:ee:9a:51:
                    05:d2:15:56:38:aa:ea:69:77:c6:4d:f1:36:4f:3e:
                    77:f3:b7:83:8d:70:3b:a1:7a:20:0c:b7:05:5b:29:
                    d6:c7:ac:2e:90:c8:58:e1:2e:89:6d:fd:fc:7f:b4:
                    79:74:bf:22:bd:fe:24:15:88:67:d0:58:88:b0:bf:
                    74:f2:c0:6c:48:57:9e:53:3a:41:8d:9e:a9:c6:fd:
                    6f:03:91:32:64:bf:d9:ab:0b:e0:3e:37:2e:98:ae:
                    26:bc:bb:cb:b4:0c:ad:c1:b6:6a:1c:0c:d1:4b:c5:
                    52:f9:56:8a:22:1d:1c:44:57:58:c3:0a:bf:27:e3:
                    26:74:a3:cb:64:f1:c1:a0:d3:64:10:26:d0:90:7d:
                    70:91:d2:5a:82:d6:a5:ec:8a:4e:62:a1:18:6e:d8:
                    12:2c:6e:2a:5b:04:0a:2e:fd:41:74:e5:58:a6:68:
                    5e:6f:98:f4:5c:3a:20:f8:87:17:f5:ca:22:c9:3d:
                    53:cc:8f:26:ad:79:86:cb:c3:c9:8b:33:32:2b:e7:
                    b4:d0:03:40:39:08:e6:02:e7:5b:fe:c6:c2:cc:2e:
                    d6:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:FB:4E:7A:D0:DD:0A:24:3C:EA:9D:75:2E:97:80:8C:79:80:3D:E3
            X509v3 Authority Key Identifier:
                keyid:4F:B2:BB:7B:AD:50:F1:92:18:10:A0:28:E7:8E:DD:65:F8:1F:6A:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T7K7e61Q8ZIYEKAo547dZfgfan0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/6vtOetDdCiQ86p11LpeAjHmAPeM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/T7K7e61Q8ZIYEKAo547dZfgfan0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:27:be:6c:65:2d:48:92:f0:d8:c5:51:7a:eb:52:ab:f5:13:
         e6:69:02:ca:5f:16:ce:84:0b:83:98:9f:a8:05:37:00:6d:82:
         8a:67:0d:f0:4c:b2:43:a1:18:69:80:83:90:37:c9:1a:ad:1b:
         38:82:aa:0d:a3:cf:3b:d6:f6:1f:66:d7:71:c2:ae:65:23:75:
         14:a7:d0:c0:71:8c:c0:5e:5a:44:04:c6:89:0c:2f:4e:cb:a0:
         80:61:62:57:66:54:9f:e3:33:fe:c5:77:f3:ce:28:0e:b0:2d:
         a4:3e:47:cc:c0:69:14:0f:15:6a:ae:45:8d:f5:7a:a8:ae:b9:
         5c:ad:72:1e:2a:f6:11:eb:4d:d8:62:8e:fb:f3:29:39:05:ed:
         5e:47:53:21:34:ec:06:91:a9:62:43:a6:6c:c2:2f:fe:91:7d:
         b6:16:d4:c1:1e:67:96:49:1a:69:10:95:5f:ef:d4:63:ca:81:
         8b:60:a4:2b:83:5b:cf:a2:45:ec:ff:16:33:40:21:92:3c:7b:
         da:aa:fa:63:c7:65:fe:b8:e9:f9:7a:37:bc:7e:bd:8f:de:92:
         42:5a:d2:42:01:fd:16:d7:f5:ad:7e:9b:42:54:a1:2d:56:37:
         b0:2c:05:4a:25:cb:f3:a7:08:a0:7a:f1:da:ab:65:60:d3:84:
         ed:c6:17:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTZHta0i5B1H0qPpPPhVSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYjJiYjdiYWQ1MGYxOTIxODEwYTAyOGU3OGVkZDY1Zjgx
ZjZhN2QwHhcNMjQwMTAyMDgzMjMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWZiNGU3YWQwZGQwYTI0M2NlYTlkNzUyZTk3ODA4Yzc5ODAzZGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtoGpoH2DaW9U15AdGlc5CXLcjv1n
M8Ee50N708381h3dBCQMr0D5/pjumlEF0hVWOKrqaXfGTfE2Tz5387eDjXA7oXog
DLcFWynWx6wukMhY4S6Jbf38f7R5dL8ivf4kFYhn0FiIsL908sBsSFeeUzpBjZ6p
xv1vA5EyZL/ZqwvgPjcumK4mvLvLtAytwbZqHAzRS8VS+VaKIh0cRFdYwwq/J+Mm
dKPLZPHBoNNkECbQkH1wkdJagtal7IpOYqEYbtgSLG4qWwQKLv1BdOVYpmheb5j0
XDog+IcX9coiyT1TzI8mrXmGy8PJizMyK+e00ANAOQjmAudb/sbCzC7WcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOr7TnrQ3QokPOqddS6XgIx5gD3jMB8GA1UdIwQY
MBaAFE+yu3utUPGSGBCgKOeO3WX4H2p9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDdLN2U2MVE4WklZRUtBbzU0N2RaZmdmYW4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9mZGEzODItNDI1Ny00MWMzLThlYzYt
MjdmYmM5OWVhM2M2LzEvNnZ0T2V0RGRDaVE4NnAxMUxwZUFqSG1BUGVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9mZGEzODItNDI1Ny00MWMzLThlYzYtMjdmYmM5OWVhM2M2
LzEvVDdLN2U2MVE4WklZRUtBbzU0N2RaZmdmYW4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+5HMA0G
CSqGSIb3DQEBCwUAA4IBAQBEJ75sZS1IkvDYxVF661Kr9RPmaQLKXxbOhAuDmJ+o
BTcAbYKKZw3wTLJDoRhpgIOQN8karRs4gqoNo8871vYfZtdxwq5lI3UUp9DAcYzA
XlpEBMaJDC9Oy6CAYWJXZlSf4zP+xXfzzigOsC2kPkfMwGkUDxVqrkWN9Xqorrlc
rXIeKvYR603YYo778yk5Be1eR1MhNOwGkaliQ6Zswi/+kX22FtTBHmeWSRppEJVf
79RjyoGLYKQrg1vPokXs/xYzQCGSPHvaqvpjx2X+uOn5eje8fr2P3pJCWtJCAf0W
1/WtfptCVKEtVjewLAVKJcvzpwigevHaq2Vg04Ttxhe9
-----END CERTIFICATE-----