Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/6ab93e-8563-4606-b19e-8c003c4a5456/1/FSsZO7tf2uyGI_GTm9rqM0qzwyo.roa
File:                     FSsZO7tf2uyGI_GTm9rqM0qzwyo.roa (raw, json)
Hash identifier:          +N02NDT8cxwi6khKovC14z/AE2KwVw5IVFU5XCAAiJs=
Subject key identifier:   15:2B:19:3B:BB:5F:DA:EC:86:23:F1:93:9B:DA:EA:33:4A:B3:C3:2A
Certificate issuer:       /CN=2389341e10e6b021fa847f555e5603def85d2c2b
Certificate serial:       019566305ADE368017CDE996E304243CB657
Authority key identifier: 23:89:34:1E:10:E6:B0:21:FA:84:7F:55:5E:56:03:DE:F8:5D:2C:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I4k0HhDmsCH6hH9VXlYD3vhdLCs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/6ab93e-8563-4606-b19e-8c003c4a5456/1/FSsZO7tf2uyGI_GTm9rqM0qzwyo.roa
Signing time:             Wed 05 Mar 2025 12:03:19 +0000
ROA not before:           Wed 05 Mar 2025 12:03:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200091
IP address blocks:        81.30.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/6ab93e-8563-4606-b19e-8c003c4a5456/1/I4k0HhDmsCH6hH9VXlYD3vhdLCs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/6ab93e-8563-4606-b19e-8c003c4a5456/1/I4k0HhDmsCH6hH9VXlYD3vhdLCs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I4k0HhDmsCH6hH9VXlYD3vhdLCs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 12:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:66:30:5a:de:36:80:17:cd:e9:96:e3:04:24:3c:b6:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2389341e10e6b021fa847f555e5603def85d2c2b
        Validity
            Not Before: Mar  5 12:03:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=152b193bbb5fdaec8623f1939bdaea334ab3c32a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:af:b4:26:70:f5:f3:6d:cc:96:cb:86:28:3b:
                    f6:c4:1b:3c:03:50:92:55:7e:46:9a:12:9c:14:6c:
                    16:0f:9c:61:d7:d6:53:7b:9e:8a:df:23:c0:e9:34:
                    96:d0:42:78:1e:c4:ae:e0:62:36:ad:42:3f:e9:39:
                    cc:ba:5e:95:5e:01:a8:72:a4:f1:1a:0a:c2:9e:fe:
                    6e:ef:f6:55:af:83:72:2a:3b:70:cb:96:b3:09:af:
                    b0:fd:97:aa:25:3f:44:12:39:43:5b:89:df:48:5c:
                    0d:07:b1:d0:88:0f:6f:60:80:76:7e:2d:3c:3d:02:
                    a1:5f:55:4a:ae:d9:e8:7d:c1:b8:ee:7f:11:4f:e0:
                    fc:9d:9f:aa:1f:6a:3b:ae:8b:06:be:bf:4d:1f:97:
                    63:30:41:ea:cc:d5:be:57:2e:6d:d5:7e:01:77:79:
                    8d:24:0c:54:5a:30:5f:e6:2d:87:b5:85:45:21:e4:
                    34:fe:af:fa:10:1d:8a:cd:15:0d:5f:91:26:5c:f0:
                    d4:64:44:24:ab:7c:21:0e:77:51:59:85:1d:3e:2a:
                    cf:f5:3a:b6:d0:1d:b3:06:0c:62:46:8c:e3:fe:e3:
                    d8:7d:30:1d:4c:c7:6a:ca:6f:79:93:5d:1e:d4:db:
                    46:92:1a:6e:0d:b4:bc:50:16:0e:7f:ff:ae:77:1d:
                    bc:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:2B:19:3B:BB:5F:DA:EC:86:23:F1:93:9B:DA:EA:33:4A:B3:C3:2A
            X509v3 Authority Key Identifier:
                keyid:23:89:34:1E:10:E6:B0:21:FA:84:7F:55:5E:56:03:DE:F8:5D:2C:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I4k0HhDmsCH6hH9VXlYD3vhdLCs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/6ab93e-8563-4606-b19e-8c003c4a5456/1/FSsZO7tf2uyGI_GTm9rqM0qzwyo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/6ab93e-8563-4606-b19e-8c003c4a5456/1/I4k0HhDmsCH6hH9VXlYD3vhdLCs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.30.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:8a:3d:f2:ee:e7:df:85:63:59:90:9e:ec:78:50:3f:41:db:
         3e:ff:df:90:bd:75:c9:47:56:87:55:01:45:a3:31:1a:7c:be:
         95:a3:4e:83:07:12:cf:63:b2:52:f8:1d:b8:37:e1:ea:57:64:
         28:b5:b0:f1:68:53:ee:27:26:68:4b:44:ed:54:1a:97:ea:03:
         5b:d3:ec:b5:7a:b5:27:aa:23:71:a5:f1:f3:7b:e2:78:46:7c:
         04:24:75:20:eb:7c:a7:92:bf:d2:8e:5a:c2:5a:32:0c:6a:6b:
         98:c6:1f:81:72:2c:db:13:f6:e3:f0:2f:99:0d:7c:84:0c:87:
         ca:c1:c4:c2:bf:87:54:d1:24:1b:32:fb:3b:06:29:b0:30:74:
         38:e4:6f:29:f2:97:34:70:77:aa:6e:52:28:64:fc:db:d3:3e:
         bd:f5:8c:e2:24:fb:17:32:01:03:ab:2e:b9:26:b6:b7:16:d2:
         50:0d:15:ed:c6:30:90:cf:8d:45:96:ac:09:f6:6e:3c:75:27:
         a4:f6:73:7d:4e:44:09:d6:de:9a:98:84:92:6c:f1:4a:99:b5:
         7b:93:fb:d7:cf:3a:07:e7:82:e5:fd:cb:e8:24:06:d0:36:b0:
         71:3f:b4:3e:92:f5:ee:5d:a6:92:4b:ad:05:12:00:13:8f:33:
         5f:96:cd:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVmMFreNoAXzemW4wQkPLZXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzODkzNDFlMTBlNmIwMjFmYTg0N2Y1NTVlNTYwM2RlZjg1
ZDJjMmIwHhcNMjUwMzA1MTIwMzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTJiMTkzYmJiNWZkYWVjODYyM2YxOTM5YmRhZWEzMzRhYjNjMzJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAma+0JnD1823MlsuGKDv2xBs8A1CS
VX5GmhKcFGwWD5xh19ZTe56K3yPA6TSW0EJ4HsSu4GI2rUI/6TnMul6VXgGocqTx
GgrCnv5u7/ZVr4NyKjtwy5azCa+w/ZeqJT9EEjlDW4nfSFwNB7HQiA9vYIB2fi08
PQKhX1VKrtnofcG47n8RT+D8nZ+qH2o7rosGvr9NH5djMEHqzNW+Vy5t1X4Bd3mN
JAxUWjBf5i2HtYVFIeQ0/q/6EB2KzRUNX5EmXPDUZEQkq3whDndRWYUdPirP9Tq2
0B2zBgxiRozj/uPYfTAdTMdqym95k10e1NtGkhpuDbS8UBYOf/+udx28KwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBUrGTu7X9rshiPxk5va6jNKs8MqMB8GA1UdIwQY
MBaAFCOJNB4Q5rAh+oR/VV5WA974XSwrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTRrMEhoRG1zQ0g2aEg5VlhsWUQzdmhkTENzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC82YWI5M2UtODU2My00NjA2LWIxOWUt
OGMwMDNjNGE1NDU2LzEvRlNzWk83dGYydXlHSV9HVG05cnFNMHF6d3lvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC82YWI5M2UtODU2My00NjA2LWIxOWUtOGMwMDNjNGE1NDU2
LzEvSTRrMEhoRG1zQ0g2aEg5VlhsWUQzdmhkTENzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUR5nMA0G
CSqGSIb3DQEBCwUAA4IBAQAyij3y7uffhWNZkJ7seFA/Qds+/9+QvXXJR1aHVQFF
ozEafL6Vo06DBxLPY7JS+B24N+HqV2QotbDxaFPuJyZoS0TtVBqX6gNb0+y1erUn
qiNxpfHze+J4RnwEJHUg63ynkr/SjlrCWjIMamuYxh+BcizbE/bj8C+ZDXyEDIfK
wcTCv4dU0SQbMvs7BimwMHQ45G8p8pc0cHeqblIoZPzb0z699YziJPsXMgEDqy65
Jra3FtJQDRXtxjCQz41FlqwJ9m48dSek9nN9TkQJ1t6amISSbPFKmbV7k/vXzzoH
54Ll/cvoJAbQNrBxP7Q+kvXuXaaSS60FEgATjzNfls2L
-----END CERTIFICATE-----