Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/77f532-398f-4ad8-b348-bdad7ef776c4/1/fcrIgsFTuq19FBKqvOpJqv38n8M.roa
File:                     fcrIgsFTuq19FBKqvOpJqv38n8M.roa (raw, json)
Hash identifier:          NL7GdVXSlx1fCyZ9yJikitlzZCSr51QpP5vN2zoZyfI=
Subject key identifier:   7D:CA:C8:82:C1:53:BA:AD:7D:14:12:AA:BC:EA:49:AA:FD:FC:9F:C3
Certificate issuer:       /CN=e847e88749704294552fef54886111ed0586ec24
Certificate serial:       01951F7EDD9B83A09359C3CBDE6B9CC60F89
Authority key identifier: E8:47:E8:87:49:70:42:94:55:2F:EF:54:88:61:11:ED:05:86:EC:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6Efoh0lwQpRVL-9UiGER7QWG7CQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/77f532-398f-4ad8-b348-bdad7ef776c4/1/fcrIgsFTuq19FBKqvOpJqv38n8M.roa
Signing time:             Wed 19 Feb 2025 18:36:02 +0000
ROA not before:           Wed 19 Feb 2025 18:36:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214379
IP address blocks:        91.231.182.0/24 maxlen: 24
                          195.137.244.0/23 maxlen: 24
                          2a01:f500::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/77f532-398f-4ad8-b348-bdad7ef776c4/1/6Efoh0lwQpRVL-9UiGER7QWG7CQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/77f532-398f-4ad8-b348-bdad7ef776c4/1/6Efoh0lwQpRVL-9UiGER7QWG7CQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6Efoh0lwQpRVL-9UiGER7QWG7CQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 12:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:1f:7e:dd:9b:83:a0:93:59:c3:cb:de:6b:9c:c6:0f:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e847e88749704294552fef54886111ed0586ec24
        Validity
            Not Before: Feb 19 18:36:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7dcac882c153baad7d1412aabcea49aafdfc9fc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:f5:c6:19:09:69:e8:a0:57:70:61:17:b7:5c:
                    3a:ca:9c:7f:a7:11:65:21:f3:79:d6:0f:43:1e:dc:
                    62:29:d3:b0:50:e0:2c:6b:e5:8a:e2:bb:a3:46:41:
                    c2:9f:02:98:35:23:d1:2d:35:ca:41:18:2d:5e:2f:
                    e2:5a:5a:ed:5d:a2:e5:35:e9:e2:ab:8f:29:cd:ff:
                    25:0a:ed:2b:8f:85:70:c1:cf:32:72:74:27:5f:41:
                    1e:73:52:88:21:40:d9:85:f3:ab:08:74:d0:dd:f5:
                    25:94:43:13:9c:9d:b9:f6:42:b0:d1:b7:86:30:c9:
                    43:09:a8:90:ff:5e:b2:74:61:be:c7:bd:c2:5d:ee:
                    54:b8:9c:b4:d3:a3:34:14:d9:e3:e7:9a:ed:fa:f8:
                    ee:13:09:fa:f0:23:88:8d:27:a2:a1:64:5e:d7:1a:
                    77:60:3a:28:f9:a2:e0:d9:06:d7:59:8e:3e:13:73:
                    2d:21:85:9c:79:ac:14:8c:6d:40:52:95:4b:fc:7c:
                    f1:a5:12:b9:bc:43:f8:d7:f3:e4:c9:09:f5:6f:3d:
                    25:06:d9:11:13:49:30:a8:9d:6d:35:db:fe:7e:09:
                    75:7a:9e:f9:73:ca:df:4c:17:f7:94:fa:58:36:98:
                    76:f2:1f:37:06:08:ce:d2:da:03:11:7a:d5:08:93:
                    12:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:CA:C8:82:C1:53:BA:AD:7D:14:12:AA:BC:EA:49:AA:FD:FC:9F:C3
            X509v3 Authority Key Identifier:
                keyid:E8:47:E8:87:49:70:42:94:55:2F:EF:54:88:61:11:ED:05:86:EC:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6Efoh0lwQpRVL-9UiGER7QWG7CQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/77f532-398f-4ad8-b348-bdad7ef776c4/1/fcrIgsFTuq19FBKqvOpJqv38n8M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/77f532-398f-4ad8-b348-bdad7ef776c4/1/6Efoh0lwQpRVL-9UiGER7QWG7CQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.182.0/24
                  195.137.244.0/23
                IPv6:
                  2a01:f500::/29

    Signature Algorithm: sha256WithRSAEncryption
         68:d2:b6:9b:dc:71:b9:12:cc:09:74:88:6c:83:3a:aa:6e:8d:
         8e:3d:4f:e0:fd:6d:53:26:2c:7a:b7:dd:5e:2a:51:68:67:37:
         a5:91:92:9b:d9:f8:f5:cf:50:4f:f3:14:03:28:f3:82:7f:0a:
         77:ac:6c:01:b3:73:44:c1:f7:81:ce:8c:c9:e4:67:be:e6:04:
         d6:9b:62:e6:27:9c:3b:c7:9b:df:dc:6c:54:ad:a5:76:fa:38:
         9e:d1:92:bd:d9:40:69:30:69:9e:f7:e1:80:c0:8c:d5:8f:69:
         91:37:9f:b6:bb:4c:ce:89:bb:e6:e4:84:8f:d4:50:15:34:fb:
         d2:5a:05:7b:7a:50:f9:5a:2d:c1:db:6f:bc:f1:0d:78:cf:6a:
         ac:4e:f7:8c:89:21:22:fa:7b:db:7e:3c:5b:02:de:25:bd:a8:
         43:2c:ab:fb:6e:1b:02:e4:b4:ed:a3:45:5b:58:d7:e6:d4:a2:
         af:16:17:34:20:6e:d6:d7:2d:23:49:6f:1c:a4:4d:53:ad:97:
         32:cc:12:56:3d:4a:f7:6d:08:a3:55:74:3b:8a:99:4c:b7:02:
         25:65:cc:81:ef:d9:98:14:4d:4a:af:e5:86:1d:fc:2a:49:94:
         3f:4e:58:1b:ec:22:8c:20:d1:f0:20:3d:e3:c0:e2:e2:6e:50:
         90:43:a8:b2
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZUfft2bg6CTWcPL3mucxg+JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4NDdlODg3NDk3MDQyOTQ1NTJmZWY1NDg4NjExMWVkMDU4
NmVjMjQwHhcNMjUwMjE5MTgzNjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGNhYzg4MmMxNTNiYWFkN2QxNDEyYWFiY2VhNDlhYWZkZmM5ZmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/XGGQlp6KBXcGEXt1w6ypx/pxFl
IfN51g9DHtxiKdOwUOAsa+WK4rujRkHCnwKYNSPRLTXKQRgtXi/iWlrtXaLlNeni
q48pzf8lCu0rj4Vwwc8ycnQnX0Eec1KIIUDZhfOrCHTQ3fUllEMTnJ259kKw0beG
MMlDCaiQ/16ydGG+x73CXe5UuJy006M0FNnj55rt+vjuEwn68COIjSeioWRe1xp3
YDoo+aLg2QbXWY4+E3MtIYWceawUjG1AUpVL/HzxpRK5vEP41/PkyQn1bz0lBtkR
E0kwqJ1tNdv+fgl1ep75c8rfTBf3lPpYNph28h83BgjO0toDEXrVCJMSRQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFH3KyILBU7qtfRQSqrzqSar9/J/DMB8GA1UdIwQY
MBaAFOhH6IdJcEKUVS/vVIhhEe0FhuwkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkVmb2gwbHdRcFJWTC05VWlHRVI3UVdHN0NRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS83N2Y1MzItMzk4Zi00YWQ4LWIzNDgt
YmRhZDdlZjc3NmM0LzEvZmNySWdzRlR1cTE5RkJLcXZPcEpxdjM4bjhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS83N2Y1MzItMzk4Zi00YWQ4LWIzNDgtYmRhZDdlZjc3NmM0
LzEvNkVmb2gwbHdRcFJWTC05VWlHRVI3UVdHN0NRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAW+e2AwQB
w4n0MA0EAgACMAcDBQMqAfUAMA0GCSqGSIb3DQEBCwUAA4IBAQBo0rab3HG5EswJ
dIhsgzqqbo2OPU/g/W1TJix6t91eKlFoZzelkZKb2fj1z1BP8xQDKPOCfwp3rGwB
s3NEwfeBzozJ5Ge+5gTWm2LmJ5w7x5vf3GxUraV2+jie0ZK92UBpMGme9+GAwIzV
j2mRN5+2u0zOibvm5ISP1FAVNPvSWgV7elD5Wi3B22+88Q14z2qsTveMiSEi+nvb
fjxbAt4lvahDLKv7bhsC5LTto0VbWNfm1KKvFhc0IG7W1y0jSW8cpE1TrZcyzBJW
PUr3bQijVXQ7iplMtwIlZcyB79mYFE1Kr+WGHfwqSZQ/Tlgb7CKMINHwID3jwOLi
blCQQ6iy
-----END CERTIFICATE-----