Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/89c4ab-984b-4f6c-bdd0-33d7ac370979/1/FNCzHrm4Mhf_pUlLlpWPWnQnnOo.roa
File:                     FNCzHrm4Mhf_pUlLlpWPWnQnnOo.roa (raw, json)
Hash identifier:          m1dgFfAYSERrYZAtXBbjJ6qPJN5B/vD9qgbql5DrAM0=
Subject key identifier:   14:D0:B3:1E:B9:B8:32:17:FF:A5:49:4B:96:95:8F:5A:74:27:9C:EA
Certificate issuer:       /CN=53390b13c9ef4afcfd08124111e6f63dc30165aa
Certificate serial:       019424B374B4903C8F2562A0E9C47B3FEDEC
Authority key identifier: 53:39:0B:13:C9:EF:4A:FC:FD:08:12:41:11:E6:F6:3D:C3:01:65:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UzkLE8nvSvz9CBJBEeb2PcMBZao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/89c4ab-984b-4f6c-bdd0-33d7ac370979/1/FNCzHrm4Mhf_pUlLlpWPWnQnnOo.roa
Signing time:             Thu 02 Jan 2025 01:48:48 +0000
ROA not before:           Thu 02 Jan 2025 01:48:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31655
IP address blocks:        185.9.232.0/22 maxlen: 24
                          2a02:df80::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/89c4ab-984b-4f6c-bdd0-33d7ac370979/1/UzkLE8nvSvz9CBJBEeb2PcMBZao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/89c4ab-984b-4f6c-bdd0-33d7ac370979/1/UzkLE8nvSvz9CBJBEeb2PcMBZao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UzkLE8nvSvz9CBJBEeb2PcMBZao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 22:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:74:b4:90:3c:8f:25:62:a0:e9:c4:7b:3f:ed:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53390b13c9ef4afcfd08124111e6f63dc30165aa
        Validity
            Not Before: Jan  2 01:48:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=14d0b31eb9b83217ffa5494b96958f5a74279cea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:a5:bf:a8:64:a8:18:3c:37:c2:20:3c:e3:09:
                    d1:d9:8f:fd:26:13:cb:f3:e6:0a:21:fa:45:76:a7:
                    3e:36:3a:85:fa:6d:d7:4e:fb:5a:b3:bb:cf:ba:0b:
                    46:e4:37:60:1b:6e:bb:21:25:50:86:c0:1b:05:ad:
                    87:22:a6:5f:dd:46:6e:01:74:97:5e:01:5b:c0:d5:
                    a1:a3:3d:97:ed:8a:b1:a9:b3:8f:ad:c5:a1:22:9d:
                    42:6e:6c:2a:7a:a0:7d:2b:8e:be:09:a3:90:90:71:
                    4e:e1:5c:28:51:00:c0:bc:6b:f7:b5:22:cd:0b:b5:
                    50:cf:db:a6:6c:9e:14:fe:f2:6c:33:02:88:f5:1f:
                    d3:a7:3c:9a:87:4b:31:66:e8:f5:eb:be:d5:ae:14:
                    64:db:b3:42:87:d1:36:af:29:c1:1d:62:4d:eb:ad:
                    09:70:8c:4b:38:fc:43:ba:04:d5:fb:2f:6b:6b:cc:
                    45:12:20:ac:78:71:20:3c:d7:aa:a7:3f:3c:2c:1f:
                    b0:f1:06:de:57:7c:47:8f:02:90:aa:ef:b0:29:59:
                    3f:33:e2:26:b2:c8:ce:38:d2:08:a0:ae:0f:3d:cb:
                    b2:23:6e:25:51:66:e8:3b:5e:3e:e5:93:30:ad:0c:
                    93:93:ae:00:b2:2b:3d:ba:11:c7:fa:18:76:83:ab:
                    ef:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:D0:B3:1E:B9:B8:32:17:FF:A5:49:4B:96:95:8F:5A:74:27:9C:EA
            X509v3 Authority Key Identifier:
                keyid:53:39:0B:13:C9:EF:4A:FC:FD:08:12:41:11:E6:F6:3D:C3:01:65:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UzkLE8nvSvz9CBJBEeb2PcMBZao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/89c4ab-984b-4f6c-bdd0-33d7ac370979/1/FNCzHrm4Mhf_pUlLlpWPWnQnnOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/89c4ab-984b-4f6c-bdd0-33d7ac370979/1/UzkLE8nvSvz9CBJBEeb2PcMBZao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.9.232.0/22
                IPv6:
                  2a02:df80::/29

    Signature Algorithm: sha256WithRSAEncryption
         0f:6d:28:9e:73:97:17:72:97:d5:17:22:08:97:68:d7:41:16:
         a2:19:72:5c:54:78:a5:b7:be:6c:09:a3:1b:ee:16:2e:8c:e6:
         ef:94:ac:3b:cd:6a:52:74:34:b7:8e:fa:bd:1a:d8:5b:7b:2b:
         c4:50:af:14:c9:3a:e2:ea:0c:5f:15:b4:f0:cf:33:4e:7f:cb:
         2d:8d:27:43:09:6c:a0:20:0c:7b:c4:8c:c1:ec:e8:bb:76:de:
         a4:01:78:3f:1e:b5:ca:03:64:30:e1:9f:f1:2a:3f:c2:ba:d9:
         07:3f:7f:4a:0a:57:b4:51:c0:de:2f:59:af:4a:7d:a5:39:5c:
         ad:da:a7:54:ba:eb:49:90:4c:c8:07:35:2a:cf:9a:95:5b:c6:
         2c:79:8b:59:ac:bd:28:bb:1e:47:6e:52:d7:a6:f0:f3:7b:e5:
         2f:84:fd:5f:85:de:dd:40:e3:fb:28:5a:38:10:b0:d1:f0:71:
         0e:a2:d2:7f:b3:64:a0:f4:93:1e:37:23:fd:07:ec:9c:a3:c7:
         88:ad:a0:46:3c:a7:c5:b8:49:6a:2e:67:fb:86:59:8e:29:ed:
         31:92:fd:5a:b1:df:1a:a9:55:59:6c:c1:4f:82:a9:70:1a:a3:
         0a:03:03:69:f8:57:0e:eb:ee:fa:81:24:63:5d:97:7d:e3:2e:
         32:d4:8f:d1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQks3S0kDyPJWKg6cR7P+3sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzMzkwYjEzYzllZjRhZmNmZDA4MTI0MTExZTZmNjNkYzMw
MTY1YWEwHhcNMjUwMTAyMDE0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGQwYjMxZWI5YjgzMjE3ZmZhNTQ5NGI5Njk1OGY1YTc0Mjc5Y2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqW/qGSoGDw3wiA84wnR2Y/9JhPL
8+YKIfpFdqc+NjqF+m3XTvtas7vPugtG5DdgG267ISVQhsAbBa2HIqZf3UZuAXSX
XgFbwNWhoz2X7YqxqbOPrcWhIp1CbmwqeqB9K46+CaOQkHFO4VwoUQDAvGv3tSLN
C7VQz9umbJ4U/vJsMwKI9R/Tpzyah0sxZuj1677VrhRk27NCh9E2rynBHWJN660J
cIxLOPxDugTV+y9ra8xFEiCseHEgPNeqpz88LB+w8QbeV3xHjwKQqu+wKVk/M+Im
ssjOONIIoK4PPcuyI24lUWboO14+5ZMwrQyTk64Asis9uhHH+hh2g6vvawIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBTQsx65uDIX/6VJS5aVj1p0J5zqMB8GA1UdIwQY
MBaAFFM5CxPJ70r8/QgSQRHm9j3DAWWqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXprTEU4bnZTdno5Q0JKQkVlYjJQY01CWmFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi84OWM0YWItOTg0Yi00ZjZjLWJkZDAt
MzNkN2FjMzcwOTc5LzEvRk5DekhybTRNaGZfcFVsTGxwV1BXblFubk9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi84OWM0YWItOTg0Yi00ZjZjLWJkZDAtMzNkN2FjMzcwOTc5
LzEvVXprTEU4bnZTdno5Q0JKQkVlYjJQY01CWmFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuQnoMA0E
AgACMAcDBQMqAt+AMA0GCSqGSIb3DQEBCwUAA4IBAQAPbSiec5cXcpfVFyIIl2jX
QRaiGXJcVHilt75sCaMb7hYujObvlKw7zWpSdDS3jvq9GthbeyvEUK8UyTri6gxf
FbTwzzNOf8stjSdDCWygIAx7xIzB7Oi7dt6kAXg/HrXKA2Qw4Z/xKj/CutkHP39K
Cle0UcDeL1mvSn2lOVyt2qdUuutJkEzIBzUqz5qVW8YseYtZrL0oux5HblLXpvDz
e+UvhP1fhd7dQOP7KFo4ELDR8HEOotJ/s2Sg9JMeNyP9B+yco8eIraBGPKfFuElq
Lmf7hlmOKe0xkv1asd8aqVVZbMFPgqlwGqMKAwNp+FcO6+76gSRjXZd94y4y1I/R
-----END CERTIFICATE-----