Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/_K57y8dAfTW_4za5nQ1yw_fKnZI.roa
File:                     _K57y8dAfTW_4za5nQ1yw_fKnZI.roa (raw, json)
Hash identifier:          Rymw72FXGoLgMvCj/WyEf1Es/Ms+t2XEE94XwkN2BgM=
Subject key identifier:   FC:AE:7B:CB:C7:40:7D:35:BF:E3:36:B9:9D:0D:72:C3:F7:CA:9D:92
Certificate issuer:       /CN=8e626c909eb4951154bcee8221e43951b4257624
Certificate serial:       01942825884CADD5246ABD2079812905B47E
Authority key identifier: 8E:62:6C:90:9E:B4:95:11:54:BC:EE:82:21:E4:39:51:B4:25:76:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/_K57y8dAfTW_4za5nQ1yw_fKnZI.roa
Signing time:             Thu 02 Jan 2025 17:52:15 +0000
ROA not before:           Thu 02 Jan 2025 17:52:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13335
IP address blocks:        77.246.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:88:4c:ad:d5:24:6a:bd:20:79:81:29:05:b4:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e626c909eb4951154bcee8221e43951b4257624
        Validity
            Not Before: Jan  2 17:52:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fcae7bcbc7407d35bfe336b99d0d72c3f7ca9d92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:34:6a:4e:15:67:ad:99:1b:a4:a4:e5:3e:6d:
                    bb:c0:12:8d:7d:d4:3c:ac:82:55:5b:db:13:6b:5d:
                    03:9f:91:32:a8:f1:ed:ef:97:c5:51:b3:a9:de:d8:
                    7b:42:57:75:b6:ca:2b:4a:d7:7b:90:60:ed:5f:3b:
                    5b:3b:24:da:55:85:04:72:58:2d:a2:f2:ff:37:b3:
                    f4:ff:1a:1c:d7:c1:b5:04:d4:3b:31:7f:de:22:48:
                    ce:6a:c5:71:79:9e:4a:4a:53:38:34:c6:9d:2d:d4:
                    fb:6e:fa:b9:8a:26:68:9e:30:85:1c:ca:09:7b:3c:
                    39:fc:4c:86:a6:22:43:3a:3b:bf:de:27:e1:9d:e0:
                    e8:ef:6b:0b:99:e7:2f:a2:ad:14:d2:8a:2a:45:5c:
                    bc:ab:b0:77:82:62:7c:08:ea:fd:b6:80:35:60:cb:
                    95:9a:1f:c7:e7:8a:1e:e0:30:98:0e:37:0d:4a:48:
                    98:8e:4c:63:2b:b0:9f:25:46:77:24:de:65:9c:54:
                    68:49:a4:42:64:66:be:87:4f:ce:0e:19:20:42:65:
                    59:ec:e8:ad:df:0b:98:d9:cf:1c:f2:0e:c5:6a:ea:
                    86:ea:d2:91:c9:fe:7f:49:c2:c4:c4:c0:03:99:0d:
                    00:ab:bc:87:09:87:f7:14:b9:c3:1b:31:e0:3e:82:
                    e1:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:AE:7B:CB:C7:40:7D:35:BF:E3:36:B9:9D:0D:72:C3:F7:CA:9D:92
            X509v3 Authority Key Identifier:
                keyid:8E:62:6C:90:9E:B4:95:11:54:BC:EE:82:21:E4:39:51:B4:25:76:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/_K57y8dAfTW_4za5nQ1yw_fKnZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.246.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:15:83:6d:1e:75:d7:e5:a4:8d:87:32:90:57:a8:13:31:92:
         42:17:59:11:f7:65:12:06:53:51:f1:bd:99:21:4d:75:6c:48:
         4b:4d:62:24:3f:41:a3:89:1d:68:b6:49:91:84:12:d3:29:9e:
         ee:7f:0a:4a:66:e7:29:9c:25:ca:45:d5:41:9f:84:b2:03:41:
         1e:10:2a:9d:24:0a:f1:4d:31:4c:c6:df:b9:9f:26:8c:0a:44:
         23:af:28:40:b4:8d:13:bb:c3:22:d3:8e:eb:90:9a:b6:f0:90:
         bd:a8:78:25:2f:11:48:e0:97:0a:6e:78:26:aa:59:e3:e8:96:
         cf:95:bb:05:36:e8:52:d9:f1:c2:b4:31:0a:75:ee:ed:ef:9e:
         c9:1c:bb:9a:f3:3a:0e:fa:02:57:89:8f:01:c4:ca:16:4a:c9:
         1b:07:37:b5:8c:5f:81:cc:18:c0:90:01:ef:a1:de:a5:bc:36:
         e4:fe:6f:e5:88:1f:91:01:24:1d:65:db:75:a4:c3:8c:c5:4e:
         f1:06:00:29:b0:77:ce:c2:ac:e2:3b:65:9d:4d:a5:dc:30:2f:
         d9:94:e5:d9:ea:3d:81:bd:83:a4:64:a1:37:93:1b:af:20:51:
         3a:f7:01:0c:b6:7e:8a:32:30:7c:47:80:75:1e:06:23:02:2a:
         a3:dc:71:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJYhMrdUkar0geYEpBbR+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlNjI2YzkwOWViNDk1MTE1NGJjZWU4MjIxZTQzOTUxYjQy
NTc2MjQwHhcNMjUwMTAyMTc1MjE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2FlN2JjYmM3NDA3ZDM1YmZlMzM2Yjk5ZDBkNzJjM2Y3Y2E5ZDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzRqThVnrZkbpKTlPm27wBKNfdQ8
rIJVW9sTa10Dn5EyqPHt75fFUbOp3th7Qld1tsorStd7kGDtXztbOyTaVYUEclgt
ovL/N7P0/xoc18G1BNQ7MX/eIkjOasVxeZ5KSlM4NMadLdT7bvq5iiZonjCFHMoJ
ezw5/EyGpiJDOju/3ifhneDo72sLmecvoq0U0ooqRVy8q7B3gmJ8COr9toA1YMuV
mh/H54oe4DCYDjcNSkiYjkxjK7CfJUZ3JN5lnFRoSaRCZGa+h0/ODhkgQmVZ7Oit
3wuY2c8c8g7FauqG6tKRyf5/ScLExMADmQ0Aq7yHCYf3FLnDGzHgPoLhTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPyue8vHQH01v+M2uZ0NcsP3yp2SMB8GA1UdIwQY
MBaAFI5ibJCetJURVLzugiHkOVG0JXYkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvam1Kc2tKNjBsUkZVdk82Q0llUTVVYlFsZGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9mZTQyNjYtN2Y1NC00ZmIzLWI4MTAt
ZTk3ZDFkMDIyMGFmLzEvX0s1N3k4ZEFmVFdfNHphNW5RMXl3X2ZLblpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9mZTQyNjYtN2Y1NC00ZmIzLWI4MTAtZTk3ZDFkMDIyMGFm
LzEvam1Kc2tKNjBsUkZVdk82Q0llUTVVYlFsZGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATfb1MA0G
CSqGSIb3DQEBCwUAA4IBAQAYFYNtHnXX5aSNhzKQV6gTMZJCF1kR92USBlNR8b2Z
IU11bEhLTWIkP0GjiR1otkmRhBLTKZ7ufwpKZucpnCXKRdVBn4SyA0EeECqdJArx
TTFMxt+5nyaMCkQjryhAtI0Tu8Mi047rkJq28JC9qHglLxFI4JcKbngmqlnj6JbP
lbsFNuhS2fHCtDEKde7t757JHLua8zoO+gJXiY8BxMoWSskbBze1jF+BzBjAkAHv
od6lvDbk/m/liB+RASQdZdt1pMOMxU7xBgApsHfOwqziO2WdTaXcMC/ZlOXZ6j2B
vYOkZKE3kxuvIFE69wEMtn6KMjB8R4B1HgYjAiqj3HGK
-----END CERTIFICATE-----