Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/FNWS6ZhAQrklPQDM-Bx6ZJ-eI-s.roa
File:                     FNWS6ZhAQrklPQDM-Bx6ZJ-eI-s.roa (raw, json)
Hash identifier:          BE05ag3VvmUiTsOeCpeJGwPoRh8aQ5XmFpPaP0zVi30=
Subject key identifier:   14:D5:92:E9:98:40:42:B9:25:3D:00:CC:F8:1C:7A:64:9F:9E:23:EB
Certificate issuer:       /CN=a87090c275c34c05c306f3b36063893a0d72782a
Certificate serial:       019809B28115131B73F7604C716C0B1055B8
Authority key identifier: A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/FNWS6ZhAQrklPQDM-Bx6ZJ-eI-s.roa
Signing time:             Mon 14 Jul 2025 16:09:10 +0000
ROA not before:           Mon 14 Jul 2025 16:09:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49444
IP address blocks:        45.86.44.0/24 maxlen: 24
                          45.86.45.0/24 maxlen: 24
                          45.86.46.0/24 maxlen: 24
                          45.86.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 12:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:b2:81:15:13:1b:73:f7:60:4c:71:6c:0b:10:55:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87090c275c34c05c306f3b36063893a0d72782a
        Validity
            Not Before: Jul 14 16:09:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=14d592e9984042b9253d00ccf81c7a649f9e23eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:be:a7:b4:9d:ba:c7:f0:6c:2e:61:51:68:11:
                    2a:c9:b8:15:a3:0b:33:62:21:6c:9f:6f:48:20:36:
                    1c:dc:f6:09:bc:77:ba:09:d0:df:6c:cf:97:f7:1a:
                    e7:84:00:5b:d6:66:d2:fb:df:29:3f:82:5b:b3:4d:
                    a2:85:60:93:5e:37:b8:57:c4:29:fb:a7:0b:b5:a4:
                    c3:7d:9a:ae:96:f4:5e:de:2b:41:e7:ad:d2:bb:5a:
                    e9:fd:14:5f:54:da:03:7a:f2:b5:88:56:44:ba:43:
                    ef:3f:53:36:2b:38:e2:0d:3a:7e:ed:94:98:c4:2f:
                    3e:02:78:43:3f:fd:a9:12:d7:3c:cb:4a:b8:e2:32:
                    0b:2c:2a:19:bf:cb:fe:8c:48:2a:d9:8a:b6:63:b8:
                    c2:a5:66:dd:52:26:9d:5f:29:b1:04:3c:df:c5:02:
                    83:e8:f3:5b:64:8e:b3:3e:ee:95:10:93:b8:fd:54:
                    38:7a:3a:c4:61:20:c4:4b:3c:24:97:31:35:8a:e0:
                    70:d8:22:3f:0d:23:8f:b2:63:10:0a:3d:e8:60:24:
                    90:e7:c0:ea:f5:f6:a8:b3:17:72:f8:9b:30:76:5e:
                    73:85:2f:e1:f2:4a:8f:95:f7:da:aa:57:24:68:1f:
                    d3:29:1a:92:45:3b:9a:06:62:a5:94:7d:bc:1b:dc:
                    be:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:D5:92:E9:98:40:42:B9:25:3D:00:CC:F8:1C:7A:64:9F:9E:23:EB
            X509v3 Authority Key Identifier:
                keyid:A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/FNWS6ZhAQrklPQDM-Bx6ZJ-eI-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         82:2d:60:5b:25:1d:8d:f9:5a:80:57:8f:ce:ce:be:71:8a:58:
         c4:d1:43:44:d3:4e:2d:1a:34:67:25:ed:c8:73:e0:9f:59:93:
         4e:f2:08:bf:1d:e6:09:d9:74:0c:9e:01:87:9f:91:3c:b3:32:
         e2:89:1a:05:ab:db:2e:e4:e2:d5:2f:bf:eb:e8:53:31:1e:f4:
         ef:fc:d3:30:03:3a:cd:33:ad:14:e0:44:20:77:fa:4c:0c:cf:
         83:58:0b:57:c1:f2:f2:80:29:02:d2:63:b8:68:07:31:db:ab:
         f7:24:40:eb:2f:25:49:36:24:29:2d:1a:23:80:73:68:d8:46:
         a0:44:2d:1e:1d:b6:bb:1c:49:3e:2a:1f:2d:e8:be:2b:e6:71:
         c4:f2:71:99:c8:e8:51:04:89:d9:27:98:a8:10:3a:1a:24:a2:
         27:d7:0e:e2:1a:a5:33:f5:68:91:ae:c3:15:d9:a6:c4:bb:23:
         9b:25:1f:c8:23:78:ad:fb:82:d1:76:24:28:e7:26:a3:68:5d:
         8a:20:6f:5c:7e:a1:31:e9:d3:63:44:69:3f:0e:b2:8c:9b:6a:
         22:79:3b:75:63:fd:05:1b:2d:54:75:87:c5:23:38:96:e5:3d:
         3a:5b:9f:0a:d5:b3:0b:c6:5b:e6:f4:21:4a:24:0a:0f:b7:65:
         25:a0:23:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgJsoEVExtz92BMcWwLEFW4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA5MGMyNzVjMzRjMDVjMzA2ZjNiMzYwNjM4OTNhMGQ3
Mjc4MmEwHhcNMjUwNzE0MTYwOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGQ1OTJlOTk4NDA0MmI5MjUzZDAwY2NmODFjN2E2NDlmOWUyM2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyb6ntJ26x/BsLmFRaBEqybgVowsz
YiFsn29IIDYc3PYJvHe6CdDfbM+X9xrnhABb1mbS+98pP4Jbs02ihWCTXje4V8Qp
+6cLtaTDfZqulvRe3itB563Su1rp/RRfVNoDevK1iFZEukPvP1M2KzjiDTp+7ZSY
xC8+AnhDP/2pEtc8y0q44jILLCoZv8v+jEgq2Yq2Y7jCpWbdUiadXymxBDzfxQKD
6PNbZI6zPu6VEJO4/VQ4ejrEYSDESzwklzE1iuBw2CI/DSOPsmMQCj3oYCSQ58Dq
9faosxdy+Jswdl5zhS/h8kqPlffaqlckaB/TKRqSRTuaBmKllH28G9y+mQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBTVkumYQEK5JT0AzPgcemSfniPrMB8GA1UdIwQY
MBaAFKhwkMJ1w0wFwwbzs2BjiToNcngqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEt
YjU3YTM2ZjJhZmNkLzEvRk5XUzZaaEFRcmtsUFFETS1CeDZaSi1lSS1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEtYjU3YTM2ZjJhZmNk
LzEvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVYsMA0G
CSqGSIb3DQEBCwUAA4IBAQCCLWBbJR2N+VqAV4/Ozr5xiljE0UNE004tGjRnJe3I
c+CfWZNO8gi/HeYJ2XQMngGHn5E8szLiiRoFq9su5OLVL7/r6FMxHvTv/NMwAzrN
M60U4EQgd/pMDM+DWAtXwfLygCkC0mO4aAcx26v3JEDrLyVJNiQpLRojgHNo2Eag
RC0eHba7HEk+Kh8t6L4r5nHE8nGZyOhRBInZJ5ioEDoaJKIn1w7iGqUz9WiRrsMV
2abEuyObJR/II3it+4LRdiQo5yajaF2KIG9cfqEx6dNjRGk/DrKMm2oieTt1Y/0F
Gy1UdYfFIziW5T06W58K1bMLxlvm9CFKJAoPt2UloCOq
-----END CERTIFICATE-----