Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/9e5259-3d31-402d-b390-4c8fae529936/1/FI0vaC_-wS4Ctp40wQ6DLlcQC5Q.roa
File:                     FI0vaC_-wS4Ctp40wQ6DLlcQC5Q.roa (raw, json)
Hash identifier:          /18Wg9WgOUF/QfCmOwGmGVq/qijiG5C2ckmZROjPcZk=
Subject key identifier:   14:8D:2F:68:2F:FE:C1:2E:02:B6:9E:34:C1:0E:83:2E:57:10:0B:94
Certificate issuer:       /CN=e89f228577fa91b2709e70b819ff469c4cc2ea91
Certificate serial:       019427B406581F30AE996227551B43F7D280
Authority key identifier: E8:9F:22:85:77:FA:91:B2:70:9E:70:B8:19:FF:46:9C:4C:C2:EA:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6J8ihXf6kbJwnnC4Gf9GnEzC6pE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/9e5259-3d31-402d-b390-4c8fae529936/1/FI0vaC_-wS4Ctp40wQ6DLlcQC5Q.roa
Signing time:             Thu 02 Jan 2025 15:48:17 +0000
ROA not before:           Thu 02 Jan 2025 15:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42321
IP address blocks:        194.0.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/9e5259-3d31-402d-b390-4c8fae529936/1/6J8ihXf6kbJwnnC4Gf9GnEzC6pE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/9e5259-3d31-402d-b390-4c8fae529936/1/6J8ihXf6kbJwnnC4Gf9GnEzC6pE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6J8ihXf6kbJwnnC4Gf9GnEzC6pE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 12:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b4:06:58:1f:30:ae:99:62:27:55:1b:43:f7:d2:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e89f228577fa91b2709e70b819ff469c4cc2ea91
        Validity
            Not Before: Jan  2 15:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=148d2f682ffec12e02b69e34c10e832e57100b94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:40:4a:9d:62:7e:ee:67:76:8d:f9:e3:2b:b7:
                    2d:40:1c:7c:55:33:7f:b6:bb:69:7d:ba:dd:8c:40:
                    c8:13:f4:ab:80:bc:1c:5c:bb:6a:99:aa:72:55:be:
                    1b:82:bc:1c:ce:c4:63:14:47:68:30:24:3b:4f:15:
                    fe:ad:9b:df:58:a5:a7:71:75:ff:fd:12:29:20:f3:
                    4e:8b:b8:5e:5e:0f:e5:18:b7:b4:31:80:55:9b:3d:
                    13:11:a1:13:c9:68:76:71:e6:e0:85:f7:c2:df:2b:
                    b4:0d:9c:e8:ab:02:7b:de:65:0e:04:8a:3a:5e:f8:
                    4a:69:28:fb:53:15:58:d6:8f:62:f7:f4:90:7f:ba:
                    01:46:eb:68:1f:0b:72:8a:97:89:16:ab:64:9d:fd:
                    92:95:63:95:96:68:d0:c7:3f:77:fb:ad:15:0d:85:
                    76:6f:f0:47:22:3d:7b:19:f4:7a:32:ab:20:06:94:
                    7d:7d:60:7d:51:36:1d:38:c0:94:00:b2:87:b9:f2:
                    49:e8:d5:6e:57:90:10:c8:e8:c0:61:92:ef:cf:ba:
                    91:9c:f8:6b:04:30:33:0f:3b:4d:ab:da:49:6f:55:
                    06:df:21:31:75:35:59:23:bd:a0:c6:90:92:6c:05:
                    1a:82:53:44:35:f0:51:0c:4e:42:8e:20:7d:31:a0:
                    80:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:8D:2F:68:2F:FE:C1:2E:02:B6:9E:34:C1:0E:83:2E:57:10:0B:94
            X509v3 Authority Key Identifier:
                keyid:E8:9F:22:85:77:FA:91:B2:70:9E:70:B8:19:FF:46:9C:4C:C2:EA:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6J8ihXf6kbJwnnC4Gf9GnEzC6pE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/9e5259-3d31-402d-b390-4c8fae529936/1/FI0vaC_-wS4Ctp40wQ6DLlcQC5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/9e5259-3d31-402d-b390-4c8fae529936/1/6J8ihXf6kbJwnnC4Gf9GnEzC6pE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:9a:06:5e:bd:f5:10:2e:96:d8:d6:c5:96:27:7e:1d:74:74:
         d7:f5:51:97:0e:89:37:79:82:0a:fe:25:5a:06:af:a9:f7:88:
         43:ff:ac:cf:1b:6e:d4:9e:42:88:c6:98:c1:75:ce:8e:03:6f:
         41:59:d4:08:05:f6:b5:12:ea:1a:5f:9e:5b:8e:3d:2d:77:d2:
         d8:64:92:b9:8e:75:26:4f:a9:17:4a:29:e3:d1:37:30:bb:ad:
         90:55:99:f7:38:6d:f9:00:47:17:32:af:7d:7a:9f:b2:a5:cf:
         84:38:12:d3:b4:9b:c5:6f:d3:7e:7b:9c:52:4b:67:3d:5a:11:
         ee:58:ca:f1:6b:8a:99:54:da:56:ba:a2:f0:e3:aa:68:c0:54:
         96:3c:0c:ba:64:61:91:55:99:78:d6:12:7e:2b:74:b6:ce:df:
         e9:28:10:dc:21:27:d2:4b:c5:a7:98:21:3a:42:80:95:d9:e6:
         61:7d:86:9f:b4:0c:d1:01:54:ef:33:15:dc:81:b6:81:7b:cb:
         81:05:95:e6:56:a0:1e:49:a4:aa:3c:2a:6d:58:ad:bc:17:49:
         75:a3:4b:3a:57:bd:f1:db:7b:cc:51:76:8c:98:91:b0:62:bc:
         ea:50:fb:4e:3d:04:26:d4:46:6d:c2:d8:23:74:0b:c7:80:3c:
         59:47:3d:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntAZYHzCumWInVRtD99KAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4OWYyMjg1NzdmYTkxYjI3MDllNzBiODE5ZmY0NjljNGNj
MmVhOTEwHhcNMjUwMTAyMTU0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDhkMmY2ODJmZmVjMTJlMDJiNjllMzRjMTBlODMyZTU3MTAwYjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEBKnWJ+7md2jfnjK7ctQBx8VTN/
trtpfbrdjEDIE/SrgLwcXLtqmapyVb4bgrwczsRjFEdoMCQ7TxX+rZvfWKWncXX/
/RIpIPNOi7heXg/lGLe0MYBVmz0TEaETyWh2cebghffC3yu0DZzoqwJ73mUOBIo6
XvhKaSj7UxVY1o9i9/SQf7oBRutoHwtyipeJFqtknf2SlWOVlmjQxz93+60VDYV2
b/BHIj17GfR6MqsgBpR9fWB9UTYdOMCUALKHufJJ6NVuV5AQyOjAYZLvz7qRnPhr
BDAzDztNq9pJb1UG3yExdTVZI72gxpCSbAUaglNENfBRDE5CjiB9MaCAswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBSNL2gv/sEuAraeNMEOgy5XEAuUMB8GA1UdIwQY
MBaAFOifIoV3+pGycJ5wuBn/RpxMwuqRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNko4aWhYZjZrYkp3bm5DNEdmOUduRXpDNnBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy85ZTUyNTktM2QzMS00MDJkLWIzOTAt
NGM4ZmFlNTI5OTM2LzEvRkkwdmFDXy13UzRDdHA0MHdRNkRMbGNRQzVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy85ZTUyNTktM2QzMS00MDJkLWIzOTAtNGM4ZmFlNTI5OTM2
LzEvNko4aWhYZjZrYkp3bm5DNEdmOUduRXpDNnBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgDKMA0G
CSqGSIb3DQEBCwUAA4IBAQBVmgZevfUQLpbY1sWWJ34ddHTX9VGXDok3eYIK/iVa
Bq+p94hD/6zPG27UnkKIxpjBdc6OA29BWdQIBfa1EuoaX55bjj0td9LYZJK5jnUm
T6kXSinj0Tcwu62QVZn3OG35AEcXMq99ep+ypc+EOBLTtJvFb9N+e5xSS2c9WhHu
WMrxa4qZVNpWuqLw46powFSWPAy6ZGGRVZl41hJ+K3S2zt/pKBDcISfSS8WnmCE6
QoCV2eZhfYaftAzRAVTvMxXcgbaBe8uBBZXmVqAeSaSqPCptWK28F0l1o0s6V73x
23vMUXaMmJGwYrzqUPtOPQQm1EZtwtgjdAvHgDxZRz3g
-----END CERTIFICATE-----