Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/ac3260-7069-44f2-9ea9-394ff928f570/1/FLJa1uRgHO4pR545s0EjhCR4g9I.roa
File:                     FLJa1uRgHO4pR545s0EjhCR4g9I.roa (raw, json)
Hash identifier:          5Qe+7lHXv9Hk16E4Tqlbe5q64TOWj9YSYqv2nWFzqeY=
Subject key identifier:   14:B2:5A:D6:E4:60:1C:EE:29:47:9E:39:B3:41:23:84:24:78:83:D2
Certificate issuer:       /CN=9e4fae6d2c25dd5f2fb16b4fbea284e6658c12ba
Certificate serial:       019423D7E54C5FB0B3511ACF0367B5214021
Authority key identifier: 9E:4F:AE:6D:2C:25:DD:5F:2F:B1:6B:4F:BE:A2:84:E6:65:8C:12:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nk-ubSwl3V8vsWtPvqKE5mWMEro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/ac3260-7069-44f2-9ea9-394ff928f570/1/FLJa1uRgHO4pR545s0EjhCR4g9I.roa
Signing time:             Wed 01 Jan 2025 21:48:59 +0000
ROA not before:           Wed 01 Jan 2025 21:48:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     196895
IP address blocks:        193.105.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/ac3260-7069-44f2-9ea9-394ff928f570/1/nk-ubSwl3V8vsWtPvqKE5mWMEro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/ac3260-7069-44f2-9ea9-394ff928f570/1/nk-ubSwl3V8vsWtPvqKE5mWMEro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nk-ubSwl3V8vsWtPvqKE5mWMEro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 03:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:e5:4c:5f:b0:b3:51:1a:cf:03:67:b5:21:40:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e4fae6d2c25dd5f2fb16b4fbea284e6658c12ba
        Validity
            Not Before: Jan  1 21:48:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=14b25ad6e4601cee29479e39b3412384247883d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:f5:0b:34:67:b3:54:32:ca:31:a4:e6:c0:62:
                    dd:2a:d0:13:23:7d:9a:4d:bc:79:b4:04:ae:66:1a:
                    7c:89:d8:18:a5:a1:78:e0:f9:7e:67:3c:e4:67:7d:
                    82:88:22:cb:00:95:83:ca:c9:b0:81:eb:3a:59:fb:
                    a3:56:11:7a:76:bd:c4:ad:22:14:8b:69:3e:a8:56:
                    87:13:9b:6c:d7:0f:a3:10:ed:8a:8c:bf:89:0d:c8:
                    88:96:e0:01:ef:7a:f5:58:d1:71:e5:8a:8f:44:4e:
                    19:1b:a2:d7:9e:35:38:0c:52:45:58:da:ca:59:40:
                    0a:28:0e:db:cd:5e:de:35:3c:b7:8c:e3:b9:2e:50:
                    99:57:91:38:3f:3f:b1:87:0f:86:0b:e7:91:02:b9:
                    04:94:ed:b6:3a:1b:79:63:66:29:b3:24:88:a4:24:
                    53:44:bb:ab:49:ed:b2:41:70:10:fc:20:f7:83:66:
                    37:73:4a:7c:17:19:b1:92:03:37:1b:82:5e:4a:9a:
                    cc:10:1d:5c:d5:91:18:7f:c5:8c:a7:48:41:1c:90:
                    b4:67:0c:ac:4b:ec:b4:11:ae:76:1c:95:63:28:de:
                    37:d9:0f:c4:6d:6c:ee:b1:15:bd:22:e9:f9:9e:c1:
                    bd:0a:14:3f:9e:0d:57:1b:22:d5:7d:71:da:8c:a0:
                    52:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:B2:5A:D6:E4:60:1C:EE:29:47:9E:39:B3:41:23:84:24:78:83:D2
            X509v3 Authority Key Identifier:
                keyid:9E:4F:AE:6D:2C:25:DD:5F:2F:B1:6B:4F:BE:A2:84:E6:65:8C:12:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nk-ubSwl3V8vsWtPvqKE5mWMEro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/ac3260-7069-44f2-9ea9-394ff928f570/1/FLJa1uRgHO4pR545s0EjhCR4g9I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/ac3260-7069-44f2-9ea9-394ff928f570/1/nk-ubSwl3V8vsWtPvqKE5mWMEro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:0f:63:d8:8a:5d:7f:19:fe:6e:ec:c2:0b:62:e0:e0:60:7d:
         d1:0e:c4:2d:22:00:88:a2:e4:d2:d4:59:90:a4:c9:18:0e:9b:
         d3:cc:72:01:65:41:58:be:41:ba:ae:96:f9:3a:bc:fe:95:a2:
         f6:c4:7f:1c:88:62:c2:80:85:9a:06:7b:64:0e:30:63:03:ee:
         ea:4a:75:c4:0f:8e:cc:d4:19:ab:82:97:37:cf:13:1c:47:67:
         6e:b6:04:e9:26:84:78:ec:41:97:69:91:5f:98:25:39:c2:8e:
         41:26:ef:6a:0d:c9:66:b0:0e:b6:f1:03:8a:48:fa:26:c0:7c:
         18:ef:c0:4f:e8:c4:6f:42:31:49:a3:c6:57:1d:42:6d:c9:db:
         55:e6:59:76:79:eb:1b:2b:0e:be:e4:c2:00:22:6e:c7:16:11:
         9a:76:e4:10:2b:63:78:e0:e9:65:6e:98:c3:7f:89:93:e2:ca:
         d2:55:e9:82:99:8f:6b:3c:44:02:93:e8:86:eb:2c:73:04:ff:
         9f:c5:b4:10:a8:ed:e2:e4:ca:17:d1:24:df:b6:11:bf:f4:06:
         4b:2a:0b:b0:7e:d9:1d:b5:b1:b0:79:b7:22:85:33:2c:0b:ef:
         43:17:18:c9:52:45:1b:9a:e0:83:67:21:f6:fb:20:a2:b0:79:
         fb:fe:e8:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1+VMX7CzURrPA2e1IUAhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNGZhZTZkMmMyNWRkNWYyZmIxNmI0ZmJlYTI4NGU2NjU4
YzEyYmEwHhcNMjUwMTAxMjE0ODU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGIyNWFkNmU0NjAxY2VlMjk0NzllMzliMzQxMjM4NDI0Nzg4M2QyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4fULNGezVDLKMaTmwGLdKtATI32a
Tbx5tASuZhp8idgYpaF44Pl+ZzzkZ32CiCLLAJWDysmwges6WfujVhF6dr3ErSIU
i2k+qFaHE5ts1w+jEO2KjL+JDciIluAB73r1WNFx5YqPRE4ZG6LXnjU4DFJFWNrK
WUAKKA7bzV7eNTy3jOO5LlCZV5E4Pz+xhw+GC+eRArkElO22Oht5Y2YpsySIpCRT
RLurSe2yQXAQ/CD3g2Y3c0p8FxmxkgM3G4JeSprMEB1c1ZEYf8WMp0hBHJC0Zwys
S+y0Ea52HJVjKN432Q/EbWzusRW9Iun5nsG9ChQ/ng1XGyLVfXHajKBS7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBSyWtbkYBzuKUeeObNBI4QkeIPSMB8GA1UdIwQY
MBaAFJ5Prm0sJd1fL7FrT76ihOZljBK6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmstdWJTd2wzVjh2c1d0UHZxS0U1bVdNRXJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9hYzMyNjAtNzA2OS00NGYyLTllYTkt
Mzk0ZmY5MjhmNTcwLzEvRkxKYTF1UmdITzRwUjU0NXMwRWpoQ1I0ZzlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9hYzMyNjAtNzA2OS00NGYyLTllYTktMzk0ZmY5MjhmNTcw
LzEvbmstdWJTd2wzVjh2c1d0UHZxS0U1bVdNRXJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWkWMA0G
CSqGSIb3DQEBCwUAA4IBAQBPD2PYil1/Gf5u7MILYuDgYH3RDsQtIgCIouTS1FmQ
pMkYDpvTzHIBZUFYvkG6rpb5Orz+laL2xH8ciGLCgIWaBntkDjBjA+7qSnXED47M
1Bmrgpc3zxMcR2dutgTpJoR47EGXaZFfmCU5wo5BJu9qDclmsA628QOKSPomwHwY
78BP6MRvQjFJo8ZXHUJtydtV5ll2eesbKw6+5MIAIm7HFhGaduQQK2N44OllbpjD
f4mT4srSVemCmY9rPEQCk+iG6yxzBP+fxbQQqO3i5MoX0STfthG/9AZLKguwftkd
tbGwebcihTMsC+9DFxjJUkUbmuCDZyH2+yCisHn7/ui7
-----END CERTIFICATE-----