Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/9770a1-59bd-415a-bade-b282dd674823/1/FJfX864pvFwf4qPxQ1uqI0bIaXg.roa
File:                     FJfX864pvFwf4qPxQ1uqI0bIaXg.roa (raw, json)
Hash identifier:          oKD/fS/LmM/Bugiaw6RKm+DzVLCUCTYs+LRezp4BQso=
Subject key identifier:   14:97:D7:F3:AE:29:BC:5C:1F:E2:A3:F1:43:5B:AA:23:46:C8:69:78
Certificate issuer:       /CN=d4d1f325bf8ae694a19f28fd407cd5bb500e1b3e
Certificate serial:       019421B20743F70366C5D6610C7CE20CF364
Authority key identifier: D4:D1:F3:25:BF:8A:E6:94:A1:9F:28:FD:40:7C:D5:BB:50:0E:1B:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1NHzJb-K5pShnyj9QHzVu1AOGz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/9770a1-59bd-415a-bade-b282dd674823/1/FJfX864pvFwf4qPxQ1uqI0bIaXg.roa
Signing time:             Wed 01 Jan 2025 11:48:22 +0000
ROA not before:           Wed 01 Jan 2025 11:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        185.1.116.0/24 maxlen: 24
                          2001:7f8:c7::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/9770a1-59bd-415a-bade-b282dd674823/1/1NHzJb-K5pShnyj9QHzVu1AOGz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/9770a1-59bd-415a-bade-b282dd674823/1/1NHzJb-K5pShnyj9QHzVu1AOGz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1NHzJb-K5pShnyj9QHzVu1AOGz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:07:43:f7:03:66:c5:d6:61:0c:7c:e2:0c:f3:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4d1f325bf8ae694a19f28fd407cd5bb500e1b3e
        Validity
            Not Before: Jan  1 11:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1497d7f3ae29bc5c1fe2a3f1435baa2346c86978
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:33:42:41:80:19:ab:33:a5:a6:6e:11:5c:32:
                    ef:f4:62:79:61:6e:2e:f9:bc:da:49:dc:d7:90:02:
                    01:df:63:5a:69:4e:bb:be:a0:ef:db:9f:d8:3b:c6:
                    fc:42:77:15:59:80:be:0b:aa:1f:5b:75:32:e9:4b:
                    57:e2:54:47:eb:de:d2:01:1c:e0:a7:f0:0c:9d:49:
                    ba:fc:ec:81:2a:b4:62:10:8e:4d:08:78:48:63:ec:
                    ae:47:91:19:c8:51:d5:b8:db:f0:ff:0f:6b:75:86:
                    15:77:48:b4:c1:80:44:45:c9:5b:d3:8e:4c:76:86:
                    3c:c3:ec:a9:f8:98:cb:09:a9:4a:39:77:fd:a7:17:
                    38:5f:ff:02:1a:99:38:35:fe:bc:87:4e:c4:50:b7:
                    85:22:7e:96:18:77:6e:87:3c:d1:bd:7a:d0:e7:57:
                    38:3d:07:fb:61:27:d7:9a:a7:ad:55:3c:46:b9:5c:
                    88:28:9a:a2:d1:d4:10:f4:a5:cd:f5:ee:25:df:30:
                    68:11:7b:87:25:aa:c3:bc:fa:8a:4f:99:2b:2a:55:
                    ac:f1:84:42:56:f2:b2:14:17:4b:d0:bf:c7:5b:1b:
                    35:ab:b9:1e:a2:fe:f4:12:bd:25:2c:4e:ab:6b:74:
                    e2:ff:a3:3d:2c:67:0f:b0:54:00:3e:ef:3e:2b:f4:
                    ab:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:97:D7:F3:AE:29:BC:5C:1F:E2:A3:F1:43:5B:AA:23:46:C8:69:78
            X509v3 Authority Key Identifier:
                keyid:D4:D1:F3:25:BF:8A:E6:94:A1:9F:28:FD:40:7C:D5:BB:50:0E:1B:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1NHzJb-K5pShnyj9QHzVu1AOGz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/9770a1-59bd-415a-bade-b282dd674823/1/FJfX864pvFwf4qPxQ1uqI0bIaXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/9770a1-59bd-415a-bade-b282dd674823/1/1NHzJb-K5pShnyj9QHzVu1AOGz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.116.0/24
                IPv6:
                  2001:7f8:c7::/48

    Signature Algorithm: sha256WithRSAEncryption
         56:ca:26:45:c7:c2:ad:6d:a1:cc:b2:c4:83:c3:2a:7a:56:03:
         8d:7f:b7:72:29:d2:d5:ee:e1:dd:34:84:cf:d2:03:b8:54:d0:
         f9:8c:69:18:10:ac:8e:a0:6b:f0:34:48:c5:19:91:ea:fc:b2:
         50:17:48:14:c4:f4:02:da:3d:f2:93:6b:e7:fa:4c:24:b8:23:
         b0:4a:75:59:9f:e3:75:3f:ab:20:85:56:99:ac:05:70:71:f7:
         78:af:95:20:97:0d:3d:f4:09:a3:89:c7:58:6b:95:cb:85:26:
         af:22:06:ae:d1:b4:20:35:26:5d:d9:4a:ac:b8:06:f3:9f:48:
         ab:d6:ea:5f:0b:7e:7f:e1:34:bc:81:57:9e:7f:f3:81:d1:6d:
         42:00:b5:88:d3:93:bd:01:be:b0:bd:2c:ef:a9:ac:0b:53:5c:
         db:64:43:19:28:22:2b:50:a8:1a:50:df:1e:ef:9c:31:7c:14:
         4c:3c:fa:fa:eb:6c:cf:1b:8a:7b:2d:e6:52:67:3f:6c:cd:b4:
         75:42:73:52:29:c9:2c:30:30:17:60:f2:ab:51:56:e1:79:cf:
         55:d2:d8:02:1b:14:6e:6a:b4:05:19:4b:22:80:15:58:0f:a3:
         d8:0c:7b:e0:21:43:15:46:fd:d0:15:3a:c8:04:38:d5:12:c6:
         e5:93:16:a4
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQhsgdD9wNmxdZhDHziDPNkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0ZDFmMzI1YmY4YWU2OTRhMTlmMjhmZDQwN2NkNWJiNTAw
ZTFiM2UwHhcNMjUwMTAxMTE0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDk3ZDdmM2FlMjliYzVjMWZlMmEzZjE0MzViYWEyMzQ2Yzg2OTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjjNCQYAZqzOlpm4RXDLv9GJ5YW4u
+bzaSdzXkAIB32NaaU67vqDv25/YO8b8QncVWYC+C6ofW3Uy6UtX4lRH697SARzg
p/AMnUm6/OyBKrRiEI5NCHhIY+yuR5EZyFHVuNvw/w9rdYYVd0i0wYBERclb045M
doY8w+yp+JjLCalKOXf9pxc4X/8CGpk4Nf68h07EULeFIn6WGHduhzzRvXrQ51c4
PQf7YSfXmqetVTxGuVyIKJqi0dQQ9KXN9e4l3zBoEXuHJarDvPqKT5krKlWs8YRC
VvKyFBdL0L/HWxs1q7keov70Er0lLE6ra3Ti/6M9LGcPsFQAPu8+K/SrAwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBSX1/OuKbxcH+Kj8UNbqiNGyGl4MB8GA1UdIwQY
MBaAFNTR8yW/iuaUoZ8o/UB81btQDhs+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMU5IekpiLUs1cFNobnlqOVFIelZ1MUFPR3o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi85NzcwYTEtNTliZC00MTVhLWJhZGUt
YjI4MmRkNjc0ODIzLzEvRkpmWDg2NHB2RndmNHFQeFExdXFJMGJJYVhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi85NzcwYTEtNTliZC00MTVhLWJhZGUtYjI4MmRkNjc0ODIz
LzEvMU5IekpiLUs1cFNobnlqOVFIelZ1MUFPR3o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuQF0MA8E
AgACMAkDBwAgAQf4AMcwDQYJKoZIhvcNAQELBQADggEBAFbKJkXHwq1tocyyxIPD
KnpWA41/t3Ip0tXu4d00hM/SA7hU0PmMaRgQrI6ga/A0SMUZker8slAXSBTE9ALa
PfKTa+f6TCS4I7BKdVmf43U/qyCFVpmsBXBx93ivlSCXDT30CaOJx1hrlcuFJq8i
Bq7RtCA1Jl3ZSqy4BvOfSKvW6l8Lfn/hNLyBV55/84HRbUIAtYjTk70BvrC9LO+p
rAtTXNtkQxkoIitQqBpQ3x7vnDF8FEw8+vrrbM8binst5lJnP2zNtHVCc1IpySww
MBdg8qtRVuF5z1XS2AIbFG5qtAUZSyKAFVgPo9gMe+AhQxVG/dAVOsgEONUSxuWT
FqQ=
-----END CERTIFICATE-----