Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/Fuhapjt--u_RuiATExw-8peDuno.roa
File:                     Fuhapjt--u_RuiATExw-8peDuno.roa (raw, json)
Hash identifier:          a9QHVGXMpPOvCHD5PMKNZiMBprgnFN3ytnzMrjxzGZI=
Subject key identifier:   16:E8:5A:A6:3B:7E:FA:EF:D1:BA:20:13:13:1C:3E:F2:97:83:BA:7A
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       01942747C9EC18E8C2207AD4BE04CC20AF50
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/Fuhapjt--u_RuiATExw-8peDuno.roa
Signing time:             Thu 02 Jan 2025 13:50:03 +0000
ROA not before:           Thu 02 Jan 2025 13:50:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57707
IP address blocks:        109.248.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 18:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:c9:ec:18:e8:c2:20:7a:d4:be:04:cc:20:af:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  2 13:50:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=16e85aa63b7efaefd1ba2013131c3ef29783ba7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:6f:80:25:6d:03:93:30:d6:cc:33:11:3b:ba:
                    bc:ff:80:66:08:4b:60:df:39:f5:d4:0f:e6:02:65:
                    36:5a:6d:d6:ef:4d:9d:18:b6:a0:51:22:70:3f:ba:
                    98:12:24:e2:a9:10:27:38:43:1a:76:e2:46:32:c4:
                    e7:bf:f4:01:c2:bc:53:d4:ea:56:35:73:51:29:4f:
                    65:4d:05:c8:7c:e3:3f:80:54:c2:46:2c:94:36:16:
                    e2:3f:46:4a:c1:7d:5c:f5:7f:9f:31:22:f6:73:15:
                    69:ec:6a:1e:98:06:16:10:4e:2a:48:e9:9a:1c:33:
                    ea:e4:cc:79:ba:d8:35:a7:12:f6:3e:bd:55:28:a2:
                    2c:fc:b0:fd:93:33:79:c7:b5:67:9d:19:5d:59:0f:
                    51:e8:72:dc:25:10:67:6a:7a:0e:86:ed:a8:fd:34:
                    d4:43:2a:4f:4d:f0:02:c0:ef:da:8d:e9:c3:e2:19:
                    3b:b2:06:17:3a:c9:ce:99:3b:28:7b:47:59:39:e0:
                    ab:07:6f:a9:f7:be:f8:ce:60:2c:2f:06:2a:37:5f:
                    64:c6:1f:ed:02:89:e2:50:d5:ae:2b:0d:07:9f:01:
                    aa:6b:b3:b3:8b:25:6f:a2:71:d6:f1:29:75:e1:50:
                    00:4f:d9:b4:9c:e2:64:98:fe:80:a6:60:3b:4d:fb:
                    af:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:E8:5A:A6:3B:7E:FA:EF:D1:BA:20:13:13:1C:3E:F2:97:83:BA:7A
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/Fuhapjt--u_RuiATExw-8peDuno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.248.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:cb:2a:d1:18:ef:b6:0a:c7:03:07:69:62:fa:73:4f:1d:9f:
         5f:1b:92:8d:f1:01:d6:cf:55:0f:66:b2:40:b1:b3:f1:b4:00:
         c5:a4:3c:0e:f3:c6:2a:c0:fd:5d:7e:f1:88:88:68:52:6f:68:
         6a:61:ec:eb:33:3f:70:b4:b0:85:57:0e:b6:46:25:7b:d2:6d:
         1a:36:53:b3:04:67:04:7e:dc:e9:e9:00:8f:35:9e:47:4a:72:
         de:9d:62:94:63:b6:b6:5f:34:45:e8:60:0b:44:05:33:3b:95:
         37:12:7a:3d:65:0c:5f:70:2c:ca:8d:83:e2:b0:9f:6f:e1:1e:
         29:02:39:f8:9c:42:7e:f2:43:55:47:e1:04:0f:74:e3:03:b9:
         86:a3:72:bc:4d:d2:de:71:27:dd:f0:5c:d5:f9:00:74:09:91:
         7b:96:fe:1b:50:aa:5a:4e:a8:ff:c9:ed:9b:43:89:19:ed:43:
         29:63:32:41:af:0f:10:10:bf:f2:0c:47:b6:58:a1:13:d7:ec:
         c9:74:fd:ea:78:de:f6:42:d0:95:dd:7e:32:92:d8:d7:b5:9c:
         9c:37:51:ee:46:1a:95:b6:31:4a:19:12:53:c9:c4:92:35:e0:
         a9:0c:88:e1:a5:da:66:67:91:53:95:3a:f2:ed:62:34:e5:62:
         4b:14:5f:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR8nsGOjCIHrUvgTMIK9QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjUwMTAyMTM1MDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmU4NWFhNjNiN2VmYWVmZDFiYTIwMTMxMzFjM2VmMjk3ODNiYTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlW+AJW0DkzDWzDMRO7q8/4BmCEtg
3zn11A/mAmU2Wm3W702dGLagUSJwP7qYEiTiqRAnOEMaduJGMsTnv/QBwrxT1OpW
NXNRKU9lTQXIfOM/gFTCRiyUNhbiP0ZKwX1c9X+fMSL2cxVp7GoemAYWEE4qSOma
HDPq5Mx5utg1pxL2Pr1VKKIs/LD9kzN5x7VnnRldWQ9R6HLcJRBnanoOhu2o/TTU
QypPTfACwO/ajenD4hk7sgYXOsnOmTsoe0dZOeCrB2+p9774zmAsLwYqN19kxh/t
AoniUNWuKw0HnwGqa7OziyVvonHW8Sl14VAAT9m0nOJkmP6ApmA7TfuvhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBboWqY7fvrv0bogExMcPvKXg7p6MB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvRnVoYXBqdC0tdV9SdWlBVEV4dy04cGVEdW5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbfj7MA0G
CSqGSIb3DQEBCwUAA4IBAQBEyyrRGO+2CscDB2li+nNPHZ9fG5KN8QHWz1UPZrJA
sbPxtADFpDwO88YqwP1dfvGIiGhSb2hqYezrMz9wtLCFVw62RiV70m0aNlOzBGcE
ftzp6QCPNZ5HSnLenWKUY7a2XzRF6GALRAUzO5U3Eno9ZQxfcCzKjYPisJ9v4R4p
Ajn4nEJ+8kNVR+EED3TjA7mGo3K8TdLecSfd8FzV+QB0CZF7lv4bUKpaTqj/ye2b
Q4kZ7UMpYzJBrw8QEL/yDEe2WKET1+zJdP3qeN72QtCV3X4yktjXtZycN1HuRhqV
tjFKGRJTycSSNeCpDIjhpdpmZ5FTlTry7WI05WJLFF/7
-----END CERTIFICATE-----