Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/976597-659b-44e4-92b2-9d8ea234295b/1/fnzKoJIItFzpKqsa1DSC_YU9Oz0.roa
File:                     fnzKoJIItFzpKqsa1DSC_YU9Oz0.roa (raw, json)
Hash identifier:          VMMeskb+gseTxaGOSqruyC/TYUaQqqzUpJ/qPck/ehc=
Subject key identifier:   7E:7C:CA:A0:92:08:B4:5C:E9:2A:AB:1A:D4:34:82:FD:85:3D:3B:3D
Certificate issuer:       /CN=57f9c1fb22bce1ef241dd7ef892a518d0566a8ab
Certificate serial:       019427B5C0D4FC55773069A331A32189F8E7
Authority key identifier: 57:F9:C1:FB:22:BC:E1:EF:24:1D:D7:EF:89:2A:51:8D:05:66:A8:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V_nB-yK84e8kHdfviSpRjQVmqKs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/976597-659b-44e4-92b2-9d8ea234295b/1/fnzKoJIItFzpKqsa1DSC_YU9Oz0.roa
Signing time:             Thu 02 Jan 2025 15:50:10 +0000
ROA not before:           Thu 02 Jan 2025 15:50:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43355
IP address blocks:        193.111.180.0/22 maxlen: 24
                          2a0b:7240::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/976597-659b-44e4-92b2-9d8ea234295b/1/V_nB-yK84e8kHdfviSpRjQVmqKs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/976597-659b-44e4-92b2-9d8ea234295b/1/V_nB-yK84e8kHdfviSpRjQVmqKs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V_nB-yK84e8kHdfviSpRjQVmqKs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 03:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:c0:d4:fc:55:77:30:69:a3:31:a3:21:89:f8:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57f9c1fb22bce1ef241dd7ef892a518d0566a8ab
        Validity
            Not Before: Jan  2 15:50:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7e7ccaa09208b45ce92aab1ad43482fd853d3b3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:c0:79:b8:f2:23:e0:d4:fb:59:89:52:b0:76:
                    16:aa:14:e2:d2:b0:14:55:c7:34:c4:9d:4e:b5:40:
                    43:35:54:ab:3e:78:80:3b:8d:f2:9a:82:25:2c:70:
                    c3:9d:9b:d2:c1:c4:d0:f1:ec:0d:c0:dd:53:29:ae:
                    fc:31:66:0c:1b:02:82:15:08:f4:ea:bd:e5:f3:4c:
                    8b:8f:0e:36:fa:8a:d4:6c:de:0a:43:66:c2:7a:27:
                    a9:85:04:a4:d9:c0:09:e4:4f:dd:9b:20:c5:fe:cf:
                    5b:5c:f0:34:36:aa:59:0f:85:d4:4b:08:75:8a:25:
                    63:94:2f:d5:5e:34:6a:2d:fd:18:1e:84:a8:50:12:
                    27:3a:9a:a2:35:17:f4:f8:6d:a3:30:1a:1c:b2:cf:
                    45:62:1f:f9:bf:93:25:f3:70:85:6a:48:20:a6:87:
                    e3:ce:89:47:2f:ac:aa:33:49:c7:79:31:68:aa:37:
                    6a:15:bb:d8:9e:56:29:e1:51:b4:8e:e1:86:27:19:
                    e8:6e:0c:b9:7c:32:35:21:2f:d8:4c:2e:74:f8:b6:
                    b2:c0:e2:c9:38:19:7b:a9:f7:4d:9b:07:8c:bf:8c:
                    01:71:a4:f1:b4:b0:9d:a3:52:a7:fd:6e:96:72:d7:
                    a1:cb:3b:ab:10:c5:67:82:28:04:b7:25:6b:24:38:
                    b9:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:7C:CA:A0:92:08:B4:5C:E9:2A:AB:1A:D4:34:82:FD:85:3D:3B:3D
            X509v3 Authority Key Identifier:
                keyid:57:F9:C1:FB:22:BC:E1:EF:24:1D:D7:EF:89:2A:51:8D:05:66:A8:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V_nB-yK84e8kHdfviSpRjQVmqKs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/976597-659b-44e4-92b2-9d8ea234295b/1/fnzKoJIItFzpKqsa1DSC_YU9Oz0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/976597-659b-44e4-92b2-9d8ea234295b/1/V_nB-yK84e8kHdfviSpRjQVmqKs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.180.0/22
                IPv6:
                  2a0b:7240::/29

    Signature Algorithm: sha256WithRSAEncryption
         5a:d5:7d:e9:62:0e:39:3e:08:8a:6a:8b:d9:ca:7b:2a:1e:c4:
         4d:45:bb:b5:8f:cb:41:50:ad:46:3f:4c:3f:49:9a:54:17:ec:
         6e:74:11:45:2f:9a:17:5c:65:c6:da:c4:fe:5d:cc:ab:cb:3b:
         03:a4:72:2e:48:90:fc:96:3d:19:1e:63:c5:57:e2:4a:78:b8:
         da:46:cf:84:ea:4e:f4:3f:0c:84:e0:60:a5:1d:b4:17:29:49:
         fe:00:25:a8:d4:4e:4c:4d:e4:c0:24:07:47:d0:6e:2d:ed:d8:
         bc:4d:27:fd:7d:a4:c7:23:5b:4c:be:32:52:6b:7a:23:15:00:
         29:81:bd:2c:f4:63:e5:64:65:fc:88:16:ef:5d:2a:14:06:8d:
         a4:cd:b9:24:42:fd:80:f2:21:61:4e:ba:a9:61:06:6f:5d:dc:
         49:58:98:80:26:b9:20:a7:64:19:9e:73:ab:72:64:c2:95:3f:
         bd:4a:6d:33:a1:b2:e4:98:44:76:59:7d:11:02:ef:cf:c0:44:
         4f:6c:4f:6c:72:c3:4b:ac:26:84:3a:53:53:52:a8:4f:3b:b6:
         45:de:a9:a1:5d:6f:1f:26:1f:8c:d4:1d:24:5c:79:08:ad:73:
         e0:42:0b:01:5a:a1:c2:a1:1e:e4:4c:4e:ef:f1:ee:7e:36:37:
         0e:e4:9f:95
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQntcDU/FV3MGmjMaMhifjnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3ZjljMWZiMjJiY2UxZWYyNDFkZDdlZjg5MmE1MThkMDU2
NmE4YWIwHhcNMjUwMTAyMTU1MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTdjY2FhMDkyMDhiNDVjZTkyYWFiMWFkNDM0ODJmZDg1M2QzYjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA68B5uPIj4NT7WYlSsHYWqhTi0rAU
Vcc0xJ1OtUBDNVSrPniAO43ymoIlLHDDnZvSwcTQ8ewNwN1TKa78MWYMGwKCFQj0
6r3l80yLjw42+orUbN4KQ2bCeiephQSk2cAJ5E/dmyDF/s9bXPA0NqpZD4XUSwh1
iiVjlC/VXjRqLf0YHoSoUBInOpqiNRf0+G2jMBocss9FYh/5v5Ml83CFakggpofj
zolHL6yqM0nHeTFoqjdqFbvYnlYp4VG0juGGJxnobgy5fDI1IS/YTC50+LaywOLJ
OBl7qfdNmweMv4wBcaTxtLCdo1Kn/W6WctehyzurEMVngigEtyVrJDi5wQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFH58yqCSCLRc6SqrGtQ0gv2FPTs9MB8GA1UdIwQY
MBaAFFf5wfsivOHvJB3X74kqUY0FZqirMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVl9uQi15Szg0ZThrSGRmdmlTcFJqUVZtcUtzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS85NzY1OTctNjU5Yi00NGU0LTkyYjIt
OWQ4ZWEyMzQyOTViLzEvZm56S29KSUl0RnpwS3FzYTFEU0NfWVU5T3owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS85NzY1OTctNjU5Yi00NGU0LTkyYjItOWQ4ZWEyMzQyOTVi
LzEvVl9uQi15Szg0ZThrSGRmdmlTcFJqUVZtcUtzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwW+0MA0E
AgACMAcDBQMqC3JAMA0GCSqGSIb3DQEBCwUAA4IBAQBa1X3pYg45PgiKaovZynsq
HsRNRbu1j8tBUK1GP0w/SZpUF+xudBFFL5oXXGXG2sT+XcyryzsDpHIuSJD8lj0Z
HmPFV+JKeLjaRs+E6k70PwyE4GClHbQXKUn+ACWo1E5MTeTAJAdH0G4t7di8TSf9
faTHI1tMvjJSa3ojFQApgb0s9GPlZGX8iBbvXSoUBo2kzbkkQv2A8iFhTrqpYQZv
XdxJWJiAJrkgp2QZnnOrcmTClT+9Sm0zobLkmER2WX0RAu/PwERPbE9scsNLrCaE
OlNTUqhPO7ZF3qmhXW8fJh+M1B0kXHkIrXPgQgsBWqHCoR7kTE7v8e5+NjcO5J+V
-----END CERTIFICATE-----