Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/FloObdLt0SEjmDBNIX6yOb9DVXQ.roa
File:                     FloObdLt0SEjmDBNIX6yOb9DVXQ.roa (raw, json)
Hash identifier:          8X2vd+aDySye+n041Cp7ZpoDgBnLOfEPTy4mkRMpeoU=
Subject key identifier:   16:5A:0E:6D:D2:ED:D1:21:23:98:30:4D:21:7E:B2:39:BF:43:55:74
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       01942068432FCC2639CECD300F3DA212A262
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/FloObdLt0SEjmDBNIX6yOb9DVXQ.roa
Signing time:             Wed 01 Jan 2025 05:48:11 +0000
ROA not before:           Wed 01 Jan 2025 05:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49791
IP address blocks:        193.233.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 19:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:43:2f:cc:26:39:ce:cd:30:0f:3d:a2:12:a2:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  1 05:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=165a0e6dd2edd1212398304d217eb239bf435574
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:b5:45:ac:f9:70:c6:8f:be:1e:5a:8e:eb:ed:
                    fe:51:8d:2f:af:67:3e:b5:ae:62:55:bc:9f:40:14:
                    c6:d3:95:b2:76:54:26:fb:b5:ab:27:c1:f4:d6:f3:
                    a1:5e:a5:04:3b:37:9c:ae:3a:26:60:d8:46:ef:10:
                    ef:5e:c4:6e:e8:8e:46:12:2d:ce:38:c9:ab:52:df:
                    c6:e9:a1:36:33:f6:fa:64:1c:7e:e7:fa:c7:eb:7d:
                    bc:bb:ea:ca:f6:7f:83:86:54:b9:64:74:ad:8c:ad:
                    c1:d9:7f:90:70:55:8b:bc:3c:93:83:00:00:a6:13:
                    bd:7d:a5:82:53:5f:47:37:05:b9:be:f1:00:e3:77:
                    2e:ce:0f:1c:72:c7:ff:90:af:72:09:ad:cd:38:27:
                    5f:70:ed:de:c1:76:51:07:0d:d3:ee:20:6f:e1:42:
                    08:d4:f4:51:27:07:aa:49:82:25:b8:f6:27:e4:24:
                    dd:01:30:c0:a0:7a:77:48:cc:85:0b:52:6e:08:4a:
                    b9:0f:87:c7:12:de:63:16:37:a8:cd:f0:77:4b:1b:
                    1d:70:30:79:6a:da:25:7a:d2:c0:78:f8:6c:e7:5e:
                    88:f9:41:f6:71:21:0d:69:43:b2:04:49:97:34:30:
                    8e:33:99:c9:ef:d7:98:87:2d:42:06:95:48:2d:e7:
                    a9:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:5A:0E:6D:D2:ED:D1:21:23:98:30:4D:21:7E:B2:39:BF:43:55:74
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/FloObdLt0SEjmDBNIX6yOb9DVXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:70:eb:25:9c:7e:23:95:85:9d:5e:f0:10:e1:a5:8c:ba:60:
         ed:0a:50:97:57:79:15:68:9c:12:72:f3:02:e8:90:26:e0:f7:
         13:5f:4b:f5:b5:ea:20:91:2c:58:ea:3a:39:64:1f:e9:73:c1:
         11:5c:35:a6:f3:10:a1:70:d3:fe:b6:6e:9a:b6:ef:35:79:2a:
         ba:8e:15:59:24:60:92:9c:82:81:ec:de:d3:7b:58:bc:93:d1:
         d9:bd:2f:ff:86:ed:25:a6:49:d2:28:02:2b:a5:e1:46:75:27:
         8e:ed:93:ad:5e:41:32:ef:0f:7d:4d:0f:39:b9:bd:eb:49:8e:
         62:72:95:34:2e:c2:61:c1:89:d1:2d:a0:f1:0d:42:b0:cb:94:
         d6:3e:fd:0e:f1:a3:a5:47:61:88:05:d1:dc:76:2f:05:3b:f3:
         10:aa:33:97:a2:51:ec:7a:8a:54:56:ae:95:db:d4:43:e9:b4:
         fd:42:df:7d:cf:0d:c2:6a:48:78:df:d5:7a:a6:a8:20:2a:d5:
         ca:0b:f4:2f:30:24:c0:cf:18:4c:76:74:36:6a:2d:c5:3d:7e:
         f5:7c:a6:65:90:9b:1b:24:3b:83:4c:1e:ed:90:7e:77:19:c4:
         ac:44:8c:57:f5:d5:f1:a0:24:1b:b4:54:d9:e9:71:94:f9:b9:
         2c:88:db:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaEMvzCY5zs0wDz2iEqJiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUwMTAxMDU0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjVhMGU2ZGQyZWRkMTIxMjM5ODMwNGQyMTdlYjIzOWJmNDM1NTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwLVFrPlwxo++HlqO6+3+UY0vr2c+
ta5iVbyfQBTG05WydlQm+7WrJ8H01vOhXqUEOzecrjomYNhG7xDvXsRu6I5GEi3O
OMmrUt/G6aE2M/b6ZBx+5/rH6328u+rK9n+DhlS5ZHStjK3B2X+QcFWLvDyTgwAA
phO9faWCU19HNwW5vvEA43cuzg8ccsf/kK9yCa3NOCdfcO3ewXZRBw3T7iBv4UII
1PRRJweqSYIluPYn5CTdATDAoHp3SMyFC1JuCEq5D4fHEt5jFjeozfB3SxsdcDB5
atoletLAePhs516I+UH2cSENaUOyBEmXNDCOM5nJ79eYhy1CBpVILeepIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBZaDm3S7dEhI5gwTSF+sjm/Q1V0MB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvRmxvT2JkTHQwU0VqbURCTklYNnlPYjlEVlhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwelXMA0G
CSqGSIb3DQEBCwUAA4IBAQBKcOslnH4jlYWdXvAQ4aWMumDtClCXV3kVaJwScvMC
6JAm4PcTX0v1teogkSxY6jo5ZB/pc8ERXDWm8xChcNP+tm6atu81eSq6jhVZJGCS
nIKB7N7Te1i8k9HZvS//hu0lpknSKAIrpeFGdSeO7ZOtXkEy7w99TQ85ub3rSY5i
cpU0LsJhwYnRLaDxDUKwy5TWPv0O8aOlR2GIBdHcdi8FO/MQqjOXolHseopUVq6V
29RD6bT9Qt99zw3Cakh439V6pqggKtXKC/QvMCTAzxhMdnQ2ai3FPX71fKZlkJsb
JDuDTB7tkH53GcSsRIxX9dXxoCQbtFTZ6XGU+bksiNus
-----END CERTIFICATE-----