Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/fcea50-fe47-4664-9267-c0dccdb7a905/1/F3DOLE5K3SRI-yftGoL776n2Pc8.roa
File:                     F3DOLE5K3SRI-yftGoL776n2Pc8.roa (raw, json)
Hash identifier:          Co0i7Guux1tIvlPJLEcDQZQenNX80PwFKntZNjYzEKI=
Subject key identifier:   17:70:CE:2C:4E:4A:DD:24:48:FB:27:ED:1A:82:FB:EF:A9:F6:3D:CF
Certificate issuer:       /CN=fc157d396ed992843daeef7b9cca73b043966c08
Certificate serial:       01965308D6FC36C606C59D74B97B4F49F3AA
Authority key identifier: FC:15:7D:39:6E:D9:92:84:3D:AE:EF:7B:9C:CA:73:B0:43:96:6C:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_BV9OW7ZkoQ9ru97nMpzsEOWbAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/fcea50-fe47-4664-9267-c0dccdb7a905/1/F3DOLE5K3SRI-yftGoL776n2Pc8.roa
Signing time:             Sun 20 Apr 2025 11:50:10 +0000
ROA not before:           Sun 20 Apr 2025 11:50:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49556
IP address blocks:        217.18.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/fcea50-fe47-4664-9267-c0dccdb7a905/1/_BV9OW7ZkoQ9ru97nMpzsEOWbAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/fcea50-fe47-4664-9267-c0dccdb7a905/1/_BV9OW7ZkoQ9ru97nMpzsEOWbAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_BV9OW7ZkoQ9ru97nMpzsEOWbAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:53:08:d6:fc:36:c6:06:c5:9d:74:b9:7b:4f:49:f3:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc157d396ed992843daeef7b9cca73b043966c08
        Validity
            Not Before: Apr 20 11:50:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1770ce2c4e4add2448fb27ed1a82fbefa9f63dcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:fa:7b:7d:78:31:7b:b3:55:31:72:6c:ae:05:
                    9d:aa:6a:59:24:91:65:e6:ed:b3:e8:ca:63:61:32:
                    d9:6c:85:53:db:32:62:b8:ac:cd:65:09:de:9b:6c:
                    aa:64:00:0a:db:3d:df:37:70:32:1d:5f:74:c4:0a:
                    45:b3:85:d4:fa:c3:e8:8b:25:7a:87:79:c5:c7:24:
                    8c:0a:86:d3:e0:14:8c:b7:f6:c6:5f:f3:28:be:30:
                    68:af:94:85:b0:da:04:64:f6:90:8f:27:2a:74:71:
                    ba:5d:ff:b0:f3:2e:a1:4d:ee:58:7a:f7:e9:54:c5:
                    a9:28:11:c1:6f:23:42:3b:11:20:75:71:d9:4c:68:
                    98:8e:ef:3b:a6:65:04:80:4f:9e:44:f9:8a:98:cd:
                    53:b4:c8:e6:a5:df:c4:2f:0f:5d:40:53:38:e4:7a:
                    82:f4:07:45:eb:82:ec:ba:ae:4a:9f:7f:5e:a5:58:
                    4b:97:b2:8c:b1:d4:6b:7b:6d:1b:48:c7:0b:bb:34:
                    9d:20:12:02:d3:2d:7b:a4:0e:c8:7d:f5:60:45:76:
                    ce:cf:28:b8:22:66:ce:f0:8d:a2:2f:4f:b7:4f:92:
                    aa:99:46:eb:f0:14:50:d8:ee:20:82:79:ff:b1:ae:
                    49:ef:5c:29:96:65:bd:83:71:3b:10:41:3d:ff:41:
                    93:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:70:CE:2C:4E:4A:DD:24:48:FB:27:ED:1A:82:FB:EF:A9:F6:3D:CF
            X509v3 Authority Key Identifier:
                keyid:FC:15:7D:39:6E:D9:92:84:3D:AE:EF:7B:9C:CA:73:B0:43:96:6C:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_BV9OW7ZkoQ9ru97nMpzsEOWbAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/fcea50-fe47-4664-9267-c0dccdb7a905/1/F3DOLE5K3SRI-yftGoL776n2Pc8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/fcea50-fe47-4664-9267-c0dccdb7a905/1/_BV9OW7ZkoQ9ru97nMpzsEOWbAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.18.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:2b:56:1c:14:d2:3e:0f:19:99:c7:48:8d:72:6a:c1:5f:a1:
         0b:03:1b:23:5d:c2:22:8a:79:51:49:d0:d4:98:4a:49:e4:1e:
         fb:7e:f3:fa:d7:3e:cb:f6:c8:99:bd:9d:17:ff:3e:b3:5f:a2:
         bb:83:d9:7c:c1:36:09:32:2c:9c:db:49:10:40:46:a4:a3:00:
         46:b7:df:db:c3:fc:f8:90:93:7b:a3:05:29:c5:ed:f9:4e:f4:
         be:34:7b:5b:a0:02:81:4e:e5:bd:e8:7b:b7:d5:ca:0c:ee:b7:
         36:dc:ea:a6:fb:4b:b3:ab:9d:d7:f3:09:6f:51:26:84:92:59:
         a2:7d:e2:9a:f4:33:73:86:3d:fd:c1:b9:ef:f3:b9:ae:a1:fa:
         96:51:41:64:b0:a9:86:66:f6:df:b8:d2:9c:73:2a:27:14:3e:
         b9:cd:09:04:0c:08:71:95:b7:11:73:d7:af:7b:a0:bf:01:02:
         5a:85:aa:69:4d:05:95:c6:73:5a:3c:2d:f8:e8:d9:21:6a:67:
         83:79:09:b6:be:7e:22:cc:25:7b:72:92:e2:94:5a:aa:8f:1e:
         85:27:64:26:41:3f:38:bb:c9:8b:a6:bb:65:99:67:bc:55:b7:
         48:00:bf:fb:7e:58:9b:87:9a:6b:1b:78:c8:05:39:d5:5c:2a:
         27:b5:ab:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZTCNb8NsYGxZ10uXtPSfOqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjMTU3ZDM5NmVkOTkyODQzZGFlZWY3YjljY2E3M2IwNDM5
NjZjMDgwHhcNMjUwNDIwMTE1MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzcwY2UyYzRlNGFkZDI0NDhmYjI3ZWQxYTgyZmJlZmE5ZjYzZGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvp7fXgxe7NVMXJsrgWdqmpZJJFl
5u2z6MpjYTLZbIVT2zJiuKzNZQnem2yqZAAK2z3fN3AyHV90xApFs4XU+sPoiyV6
h3nFxySMCobT4BSMt/bGX/MovjBor5SFsNoEZPaQjycqdHG6Xf+w8y6hTe5Yevfp
VMWpKBHBbyNCOxEgdXHZTGiYju87pmUEgE+eRPmKmM1TtMjmpd/ELw9dQFM45HqC
9AdF64Lsuq5Kn39epVhLl7KMsdRre20bSMcLuzSdIBIC0y17pA7IffVgRXbOzyi4
ImbO8I2iL0+3T5KqmUbr8BRQ2O4ggnn/sa5J71wplmW9g3E7EEE9/0GTLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBdwzixOSt0kSPsn7RqC+++p9j3PMB8GA1UdIwQY
MBaAFPwVfTlu2ZKEPa7ve5zKc7BDlmwIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0JWOU9XN1prb1E5cnU5N25NcHpzRU9XYkFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9mY2VhNTAtZmU0Ny00NjY0LTkyNjct
YzBkY2NkYjdhOTA1LzEvRjNET0xFNUszU1JJLXlmdEdvTDc3Nm4yUGM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9mY2VhNTAtZmU0Ny00NjY0LTkyNjctYzBkY2NkYjdhOTA1
LzEvX0JWOU9XN1prb1E5cnU5N25NcHpzRU9XYkFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RJeMA0G
CSqGSIb3DQEBCwUAA4IBAQArK1YcFNI+DxmZx0iNcmrBX6ELAxsjXcIiinlRSdDU
mEpJ5B77fvP61z7L9siZvZ0X/z6zX6K7g9l8wTYJMiyc20kQQEakowBGt9/bw/z4
kJN7owUpxe35TvS+NHtboAKBTuW96Hu31coM7rc23Oqm+0uzq53X8wlvUSaEklmi
feKa9DNzhj39wbnv87muofqWUUFksKmGZvbfuNKccyonFD65zQkEDAhxlbcRc9ev
e6C/AQJahappTQWVxnNaPC346NkhameDeQm2vn4izCV7cpLilFqqjx6FJ2QmQT84
u8mLprtlmWe8VbdIAL/7flibh5prG3jIBTnVXContau8
-----END CERTIFICATE-----