Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/0eb852-af34-4cb9-872e-4b5d5d5f8699/1/fzU99qCGkV_CIT5aPe-FRXxnYbQ.roa
File:                     fzU99qCGkV_CIT5aPe-FRXxnYbQ.roa (raw, json)
Hash identifier:          vzw9SWyMsFCc6IE8QjYq1it7590sCq4Ux6IdTNIF19M=
Subject key identifier:   7F:35:3D:F6:A0:86:91:5F:C2:21:3E:5A:3D:EF:85:45:7C:67:61:B4
Certificate issuer:       /CN=74d7da63929999603395877448ce50ac6e0213a9
Certificate serial:       01942746D9DE07EE11FA80E6683266393156
Authority key identifier: 74:D7:DA:63:92:99:99:60:33:95:87:74:48:CE:50:AC:6E:02:13:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dNfaY5KZmWAzlYd0SM5QrG4CE6k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/0eb852-af34-4cb9-872e-4b5d5d5f8699/1/fzU99qCGkV_CIT5aPe-FRXxnYbQ.roa
Signing time:             Thu 02 Jan 2025 13:49:02 +0000
ROA not before:           Thu 02 Jan 2025 13:49:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209242
IP address blocks:        193.16.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/0eb852-af34-4cb9-872e-4b5d5d5f8699/1/dNfaY5KZmWAzlYd0SM5QrG4CE6k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/0eb852-af34-4cb9-872e-4b5d5d5f8699/1/dNfaY5KZmWAzlYd0SM5QrG4CE6k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dNfaY5KZmWAzlYd0SM5QrG4CE6k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:46:d9:de:07:ee:11:fa:80:e6:68:32:66:39:31:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74d7da63929999603395877448ce50ac6e0213a9
        Validity
            Not Before: Jan  2 13:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7f353df6a086915fc2213e5a3def85457c6761b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:78:04:55:f0:85:53:a8:92:14:5e:a0:65:a2:
                    46:97:94:61:9d:a6:ce:25:e3:05:97:58:d7:ce:af:
                    52:02:8b:d5:f4:f1:b8:59:76:92:f0:5f:b5:d2:39:
                    ed:a6:29:27:01:7d:fb:61:c0:bc:89:f7:ff:bd:4b:
                    eb:04:68:e0:6d:f1:a1:06:1b:ba:ab:6e:d5:bc:99:
                    f8:14:f4:cb:f3:68:9b:5e:de:e3:52:38:f6:fc:72:
                    16:94:49:34:a4:f4:38:9e:bf:a1:ca:6f:76:ff:31:
                    8b:08:e9:8c:d6:54:48:41:4f:80:41:e1:b9:e1:08:
                    0b:07:46:24:35:af:d0:37:86:f5:54:31:17:ec:88:
                    ea:dc:9f:1f:b8:ec:15:49:31:57:b2:ea:0b:32:78:
                    4a:94:e2:b7:f1:69:39:b4:4e:01:38:ae:a1:02:bd:
                    f2:80:e2:ed:74:98:b5:b6:88:5b:b7:c0:82:0c:53:
                    77:9e:4c:a6:f7:58:ea:22:06:37:93:ef:66:81:a8:
                    85:0d:14:de:9a:69:04:c0:76:d8:fa:7a:8b:04:77:
                    b3:e7:d9:83:f0:b6:0d:a8:1f:e8:59:e6:a2:a2:59:
                    0b:e4:d6:f7:72:4e:60:2a:93:7d:3d:8b:05:f1:51:
                    f9:da:4b:b8:da:4c:fb:e6:e1:7c:49:d2:46:f3:bf:
                    88:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:35:3D:F6:A0:86:91:5F:C2:21:3E:5A:3D:EF:85:45:7C:67:61:B4
            X509v3 Authority Key Identifier:
                keyid:74:D7:DA:63:92:99:99:60:33:95:87:74:48:CE:50:AC:6E:02:13:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dNfaY5KZmWAzlYd0SM5QrG4CE6k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/0eb852-af34-4cb9-872e-4b5d5d5f8699/1/fzU99qCGkV_CIT5aPe-FRXxnYbQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/0eb852-af34-4cb9-872e-4b5d5d5f8699/1/dNfaY5KZmWAzlYd0SM5QrG4CE6k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.16.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:5f:f3:ba:e7:21:3f:02:7c:1a:07:28:4c:49:eb:21:8f:48:
         7d:52:86:77:1b:40:f1:99:b3:2a:df:03:15:03:36:f7:67:cf:
         36:ca:c0:54:b9:b6:49:30:62:e3:05:a5:cf:56:b5:f2:06:8f:
         de:4f:ec:ab:f0:e0:07:4e:4a:24:f5:b6:5b:70:c8:3d:d9:a5:
         3f:1d:d7:7e:9b:04:89:ff:2c:e6:90:75:72:99:13:be:1f:79:
         91:c8:44:c4:ad:99:77:b9:1d:78:bf:8c:73:62:26:c8:91:05:
         9a:f4:3e:2d:0c:14:3f:42:f5:b2:27:de:f8:a0:22:61:26:54:
         0c:6e:89:81:bd:ec:70:f3:f0:52:54:40:e6:62:81:f3:1a:ac:
         0f:70:ab:e3:fc:46:6c:1c:5e:48:14:2a:4b:ec:0b:98:59:06:
         b6:95:cc:7c:76:c0:25:3b:02:9c:b9:cd:f6:c5:90:b7:62:18:
         15:38:0a:a8:34:b9:0f:fa:16:fd:86:a2:59:72:49:a2:0b:24:
         79:bd:e7:72:04:fb:da:a6:90:86:d4:00:d6:0a:75:83:9b:4d:
         7b:28:2d:15:ee:cc:0e:0d:e0:6f:4f:9c:95:51:8f:87:f4:ea:
         f5:f9:74:bc:35:b0:8d:c0:b9:e7:c5:5f:bb:e4:4f:94:e5:f4:
         e6:e6:14:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnRtneB+4R+oDmaDJmOTFWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0ZDdkYTYzOTI5OTk5NjAzMzk1ODc3NDQ4Y2U1MGFjNmUw
MjEzYTkwHhcNMjUwMTAyMTM0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjM1M2RmNmEwODY5MTVmYzIyMTNlNWEzZGVmODU0NTdjNjc2MWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyXgEVfCFU6iSFF6gZaJGl5RhnabO
JeMFl1jXzq9SAovV9PG4WXaS8F+10jntpiknAX37YcC8iff/vUvrBGjgbfGhBhu6
q27VvJn4FPTL82ibXt7jUjj2/HIWlEk0pPQ4nr+hym92/zGLCOmM1lRIQU+AQeG5
4QgLB0YkNa/QN4b1VDEX7Ijq3J8fuOwVSTFXsuoLMnhKlOK38Wk5tE4BOK6hAr3y
gOLtdJi1tohbt8CCDFN3nkym91jqIgY3k+9mgaiFDRTemmkEwHbY+nqLBHez59mD
8LYNqB/oWeaiolkL5Nb3ck5gKpN9PYsF8VH52ku42kz75uF8SdJG87+I9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH81PfaghpFfwiE+Wj3vhUV8Z2G0MB8GA1UdIwQY
MBaAFHTX2mOSmZlgM5WHdEjOUKxuAhOpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZE5mYVk1S1ptV0F6bFlkMFNNNVFyRzRDRTZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC8wZWI4NTItYWYzNC00Y2I5LTg3MmUt
NGI1ZDVkNWY4Njk5LzEvZnpVOTlxQ0drVl9DSVQ1YVBlLUZSWHhuWWJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC8wZWI4NTItYWYzNC00Y2I5LTg3MmUtNGI1ZDVkNWY4Njk5
LzEvZE5mYVk1S1ptV0F6bFlkMFNNNVFyRzRDRTZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRA/MA0G
CSqGSIb3DQEBCwUAA4IBAQAHX/O65yE/AnwaByhMSeshj0h9UoZ3G0DxmbMq3wMV
Azb3Z882ysBUubZJMGLjBaXPVrXyBo/eT+yr8OAHTkok9bZbcMg92aU/Hdd+mwSJ
/yzmkHVymRO+H3mRyETErZl3uR14v4xzYibIkQWa9D4tDBQ/QvWyJ974oCJhJlQM
bomBvexw8/BSVEDmYoHzGqwPcKvj/EZsHF5IFCpL7AuYWQa2lcx8dsAlOwKcuc32
xZC3YhgVOAqoNLkP+hb9hqJZckmiCyR5vedyBPvappCG1ADWCnWDm017KC0V7swO
DeBvT5yVUY+H9Or1+XS8NbCNwLnnxV+75E+U5fTm5hTw
-----END CERTIFICATE-----