Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/6826f5-f97e-439e-b199-b7bd10e4489f/1/fNJzWMxwIRs-oxYj6gVLzdXlR9o.roa
File:                     fNJzWMxwIRs-oxYj6gVLzdXlR9o.roa (raw, json)
Hash identifier:          2scd04V5Cfx10HVTv5lVQAKj0cVcY+kOPgXcQil/rZU=
Subject key identifier:   7C:D2:73:58:CC:70:21:1B:3E:A3:16:23:EA:05:4B:CD:D5:E5:47:DA
Certificate issuer:       /CN=045010194440ee40f5de42f0c1b2b3d371bcd863
Certificate serial:       01941FFA1AC2688335820A85CA6AF7822FC9
Authority key identifier: 04:50:10:19:44:40:EE:40:F5:DE:42:F0:C1:B2:B3:D3:71:BC:D8:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BFAQGURA7kD13kLwwbKz03G82GM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/6826f5-f97e-439e-b199-b7bd10e4489f/1/fNJzWMxwIRs-oxYj6gVLzdXlR9o.roa
Signing time:             Wed 01 Jan 2025 03:47:52 +0000
ROA not before:           Wed 01 Jan 2025 03:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     394434
IP address blocks:        185.194.136.0/23 maxlen: 24
                          185.194.138.0/23 maxlen: 24
                          2a0a:4bc0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/6826f5-f97e-439e-b199-b7bd10e4489f/1/BFAQGURA7kD13kLwwbKz03G82GM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/6826f5-f97e-439e-b199-b7bd10e4489f/1/BFAQGURA7kD13kLwwbKz03G82GM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BFAQGURA7kD13kLwwbKz03G82GM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:01:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:1a:c2:68:83:35:82:0a:85:ca:6a:f7:82:2f:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=045010194440ee40f5de42f0c1b2b3d371bcd863
        Validity
            Not Before: Jan  1 03:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7cd27358cc70211b3ea31623ea054bcdd5e547da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:f9:10:7d:11:86:c8:98:ad:e1:0e:b4:a2:be:
                    ba:42:0e:5c:c7:8b:9d:df:d2:da:4c:f0:64:6d:b3:
                    08:18:ca:1a:32:a4:01:ac:15:d2:d8:05:83:ad:29:
                    49:42:71:94:11:cc:ef:02:32:7c:ca:ed:a1:62:bd:
                    d3:d6:9f:f9:97:19:c2:9e:5a:96:e9:cd:07:4f:d4:
                    49:6c:6c:e1:3b:d2:49:20:a0:36:c8:c9:25:3d:b3:
                    3d:a6:c4:42:90:a8:1f:71:d4:a9:28:f4:f9:4b:4b:
                    47:18:10:2e:df:dc:4c:05:57:dc:55:44:ce:03:24:
                    75:92:12:61:54:72:b4:e9:e8:d6:25:a5:9f:11:37:
                    48:d3:48:c7:a2:c2:53:87:99:a1:95:c2:42:5c:2f:
                    95:83:14:e2:f8:44:19:b4:b8:f5:ea:81:ed:2c:0c:
                    14:df:1f:a7:01:41:f3:f0:1b:31:21:51:98:7a:76:
                    8e:33:4e:f3:8e:33:5e:7e:dd:0e:6c:06:48:cd:98:
                    ac:82:c1:a5:07:35:8f:c4:c5:56:3e:34:29:1b:4e:
                    61:ae:67:70:00:a8:08:82:0e:57:bf:d6:40:ad:f4:
                    a1:2f:69:8c:8d:d9:4b:09:61:90:92:7c:b6:28:53:
                    7b:60:7b:eb:f4:f4:2a:92:24:2b:82:10:5d:be:5f:
                    24:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:D2:73:58:CC:70:21:1B:3E:A3:16:23:EA:05:4B:CD:D5:E5:47:DA
            X509v3 Authority Key Identifier:
                keyid:04:50:10:19:44:40:EE:40:F5:DE:42:F0:C1:B2:B3:D3:71:BC:D8:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BFAQGURA7kD13kLwwbKz03G82GM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/6826f5-f97e-439e-b199-b7bd10e4489f/1/fNJzWMxwIRs-oxYj6gVLzdXlR9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/6826f5-f97e-439e-b199-b7bd10e4489f/1/BFAQGURA7kD13kLwwbKz03G82GM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.136.0/22
                IPv6:
                  2a0a:4bc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         2f:a7:79:5b:1e:6e:03:6a:bd:1c:32:c2:cb:87:48:de:23:57:
         7b:29:53:36:f6:fd:9e:6e:9a:2a:4c:bd:b4:03:34:9c:ab:e0:
         57:a8:34:dd:40:36:65:65:ac:d2:7e:ef:69:cd:28:cf:07:44:
         d7:e4:d1:53:fc:07:d2:0f:46:70:cb:d0:d2:0c:37:1c:c9:e1:
         76:e9:c0:bd:5f:c2:99:d0:4a:bb:70:01:0d:1e:28:23:f2:58:
         ca:f6:a7:aa:cc:d3:84:22:3c:1b:20:8a:46:35:e8:a3:69:6c:
         8e:bc:c7:c5:9a:c7:70:3f:5a:e8:47:51:1e:73:d1:d3:ae:c9:
         3b:33:4f:e4:93:3d:76:85:64:e2:86:7d:64:07:6f:fb:b1:5f:
         80:e7:06:a7:0e:84:cf:09:fe:f5:73:79:d3:cf:2a:50:63:3e:
         6e:5e:4e:b9:46:5c:61:7d:00:2f:c3:4f:39:90:46:ad:c1:78:
         fd:92:3d:2a:a9:8c:88:63:bd:fd:b7:c4:00:c8:23:5b:d3:bd:
         d8:67:47:04:df:13:2c:06:7e:e1:f8:4a:f0:47:f8:0b:f6:2c:
         52:8e:a7:d0:99:d9:aa:0c:30:ed:69:ae:a4:5f:0f:73:07:84:
         a5:05:6a:9f:e9:94:b4:86:d2:27:26:77:71:37:83:72:4a:f3:
         d0:b3:f4:06
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQf+hrCaIM1ggqFymr3gi/JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0NTAxMDE5NDQ0MGVlNDBmNWRlNDJmMGMxYjJiM2QzNzFi
Y2Q4NjMwHhcNMjUwMTAxMDM0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2QyNzM1OGNjNzAyMTFiM2VhMzE2MjNlYTA1NGJjZGQ1ZTU0N2RhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/kQfRGGyJit4Q60or66Qg5cx4ud
39LaTPBkbbMIGMoaMqQBrBXS2AWDrSlJQnGUEczvAjJ8yu2hYr3T1p/5lxnCnlqW
6c0HT9RJbGzhO9JJIKA2yMklPbM9psRCkKgfcdSpKPT5S0tHGBAu39xMBVfcVUTO
AyR1khJhVHK06ejWJaWfETdI00jHosJTh5mhlcJCXC+VgxTi+EQZtLj16oHtLAwU
3x+nAUHz8BsxIVGYenaOM07zjjNeft0ObAZIzZisgsGlBzWPxMVWPjQpG05hrmdw
AKgIgg5Xv9ZArfShL2mMjdlLCWGQkny2KFN7YHvr9PQqkiQrghBdvl8kswIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHzSc1jMcCEbPqMWI+oFS83V5UfaMB8GA1UdIwQY
MBaAFARQEBlEQO5A9d5C8MGys9NxvNhjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkZBUUdVUkE3a0QxM2tMd3diS3owM0c4MkdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC82ODI2ZjUtZjk3ZS00MzllLWIxOTkt
YjdiZDEwZTQ0ODlmLzEvZk5KeldNeHdJUnMtb3hZajZnVkx6ZFhsUjlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC82ODI2ZjUtZjk3ZS00MzllLWIxOTktYjdiZDEwZTQ0ODlm
LzEvQkZBUUdVUkE3a0QxM2tMd3diS3owM0c4MkdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCucKIMA0E
AgACMAcDBQMqCkvAMA0GCSqGSIb3DQEBCwUAA4IBAQAvp3lbHm4Dar0cMsLLh0je
I1d7KVM29v2ebpoqTL20AzScq+BXqDTdQDZlZazSfu9pzSjPB0TX5NFT/AfSD0Zw
y9DSDDccyeF26cC9X8KZ0Eq7cAENHigj8ljK9qeqzNOEIjwbIIpGNeijaWyOvMfF
msdwP1roR1Eec9HTrsk7M0/kkz12hWTihn1kB2/7sV+A5wanDoTPCf71c3nTzypQ
Yz5uXk65RlxhfQAvw085kEatwXj9kj0qqYyIY739t8QAyCNb073YZ0cE3xMsBn7h
+ErwR/gL9ixSjqfQmdmqDDDtaa6kXw9zB4SlBWqf6ZS0htInJndxN4NySvPQs/QG
-----END CERTIFICATE-----