Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/FMlC2bQIHmI6q1i67H0e4J3xBhI.roa
File:                     FMlC2bQIHmI6q1i67H0e4J3xBhI.roa (raw, json)
Hash identifier:          wR3eUrgDw4elUFNli7H+RhqjlB1aGiO3M0NLPjU/0GQ=
Subject key identifier:   14:C9:42:D9:B4:08:1E:62:3A:AB:58:BA:EC:7D:1E:E0:9D:F1:06:12
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       0194206838EB5AAAE88618EAB374E33C382A
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/FMlC2bQIHmI6q1i67H0e4J3xBhI.roa
Signing time:             Wed 01 Jan 2025 05:48:08 +0000
ROA not before:           Wed 01 Jan 2025 05:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7029
IP address blocks:        193.233.108.0/22 maxlen: 24
                          193.233.116.0/23 maxlen: 23
                          193.233.118.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:38:eb:5a:aa:e8:86:18:ea:b3:74:e3:3c:38:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  1 05:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=14c942d9b4081e623aab58baec7d1ee09df10612
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:f1:b7:17:24:47:58:2c:a2:41:db:28:d5:c0:
                    9b:2a:f5:ca:b6:8f:4f:dc:38:ed:3b:33:55:f9:3a:
                    ca:c9:28:43:9e:73:bf:99:d6:b4:b5:c4:e4:f1:db:
                    fd:df:3e:bc:ae:c8:87:3c:41:6a:5a:1c:31:b7:46:
                    d4:d1:d9:a9:a2:8b:88:72:cd:b0:94:2b:01:14:68:
                    47:f5:93:db:9c:d7:6f:0c:2d:aa:51:bf:55:ed:5a:
                    cd:a0:a4:76:4b:86:b5:fd:77:f3:21:36:af:41:4d:
                    c8:1d:8f:20:6d:f5:d8:74:12:00:ac:41:4f:51:70:
                    0a:50:c7:46:f4:16:40:9b:29:ca:a5:03:96:03:63:
                    ed:e0:07:d6:be:10:db:84:cd:b1:33:de:9b:d0:5d:
                    78:1f:d7:5a:be:e9:dc:a3:83:ae:65:a7:cb:c5:14:
                    e5:97:02:5e:db:b5:bf:c1:12:28:38:52:94:28:5f:
                    73:51:f3:5e:97:5e:bf:f9:5a:77:ff:60:c3:a8:fd:
                    aa:00:f4:51:a9:88:77:17:fb:04:e1:ac:7d:36:a5:
                    2f:b8:ca:de:de:0b:dc:f6:8b:05:2b:a8:5f:17:d8:
                    3d:6e:e4:f5:21:7e:d9:2a:a3:bb:8d:d0:b5:2b:fc:
                    5e:7c:3f:61:ce:37:22:0c:74:90:4d:2d:b4:ea:dd:
                    1c:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:C9:42:D9:B4:08:1E:62:3A:AB:58:BA:EC:7D:1E:E0:9D:F1:06:12
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/FMlC2bQIHmI6q1i67H0e4J3xBhI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.108.0/22
                  193.233.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2c:e5:4f:92:1c:e0:94:3a:71:db:dc:fe:58:d2:13:d6:20:e2:
         18:0b:c5:ab:a7:aa:dd:c9:b8:d3:3e:b7:b9:32:46:1a:aa:7f:
         cf:57:8f:e9:ea:06:84:11:97:3f:3e:32:dd:80:f8:f1:e0:6c:
         fd:5f:4c:7d:51:b6:5d:09:a4:bc:a4:6d:a9:9f:ff:c4:68:06:
         8e:eb:eb:53:7a:72:3e:5e:2b:e6:84:41:18:39:17:d7:18:54:
         26:be:7f:e7:f9:29:dc:44:c9:0f:43:50:63:e4:b3:e4:03:18:
         0c:e4:c0:4b:f4:fd:9d:1a:6f:01:a0:55:51:54:90:bf:e2:f1:
         a7:64:7e:62:0b:85:64:98:99:da:5f:3b:29:7c:23:e5:b7:22:
         49:36:19:2f:77:3b:75:f7:4c:99:6b:05:bb:fb:38:9b:0f:13:
         d2:be:16:eb:63:4b:0d:86:dc:42:02:9e:cd:08:22:c4:7d:39:
         16:29:96:fd:28:64:61:b5:5c:70:0b:f7:44:db:e4:53:33:03:
         39:6e:24:e6:31:6a:fa:8e:05:01:7b:c1:30:49:e5:d3:80:f6:
         fb:32:ee:60:80:c6:e6:ef:3a:9b:72:37:20:09:86:d8:74:41:
         08:99:c8:5b:f1:0c:e3:63:33:1f:23:9e:31:b9:1d:5e:56:7d:
         dd:00:00:da
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQgaDjrWqrohhjqs3TjPDgqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUwMTAxMDU0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGM5NDJkOWI0MDgxZTYyM2FhYjU4YmFlYzdkMWVlMDlkZjEwNjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlPG3FyRHWCyiQdso1cCbKvXKto9P
3DjtOzNV+TrKyShDnnO/mda0tcTk8dv93z68rsiHPEFqWhwxt0bU0dmpoouIcs2w
lCsBFGhH9ZPbnNdvDC2qUb9V7VrNoKR2S4a1/XfzITavQU3IHY8gbfXYdBIArEFP
UXAKUMdG9BZAmynKpQOWA2Pt4AfWvhDbhM2xM96b0F14H9davunco4OuZafLxRTl
lwJe27W/wRIoOFKUKF9zUfNel16/+Vp3/2DDqP2qAPRRqYh3F/sE4ax9NqUvuMre
3gvc9osFK6hfF9g9buT1IX7ZKqO7jdC1K/xefD9hzjciDHSQTS206t0ccQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBTJQtm0CB5iOqtYuux9HuCd8QYSMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvRk1sQzJiUUlIbUk2cTFpNjdIMGU0SjN4QmhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCwelsAwQC
wel0MA0GCSqGSIb3DQEBCwUAA4IBAQAs5U+SHOCUOnHb3P5Y0hPWIOIYC8Wrp6rd
ybjTPre5MkYaqn/PV4/p6gaEEZc/PjLdgPjx4Gz9X0x9UbZdCaS8pG2pn//EaAaO
6+tTenI+XivmhEEYORfXGFQmvn/n+SncRMkPQ1Bj5LPkAxgM5MBL9P2dGm8BoFVR
VJC/4vGnZH5iC4VkmJnaXzspfCPltyJJNhkvdzt190yZawW7+zibDxPSvhbrY0sN
htxCAp7NCCLEfTkWKZb9KGRhtVxwC/dE2+RTMwM5biTmMWr6jgUBe8EwSeXTgPb7
Mu5ggMbm7zqbcjcgCYbYdEEImchb8QzjYzMfI54xuR1eVn3dAADa
-----END CERTIFICATE-----