Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/1c8b69-4b7b-4bfd-bce5-37afbdf4d847/1/4FgyXjSTtWGyFOXdnX2-aAmOOA8.roa
File:                     4FgyXjSTtWGyFOXdnX2-aAmOOA8.roa (raw, json)
Hash identifier:          InpaFw/32Nb/Zr2vPmUWS5J9SJuIWTtmwm6Og2V6cjc=
Subject key identifier:   E0:58:32:5E:34:93:B5:61:B2:14:E5:DD:9D:7D:BE:68:09:8E:38:0F
Certificate issuer:       /CN=fcbeb9b302ceb6f58d327b494d81459433be738d
Certificate serial:       0194258ED1E1156B652551958C7B6A4AC241
Authority key identifier: FC:BE:B9:B3:02:CE:B6:F5:8D:32:7B:49:4D:81:45:94:33:BE:73:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_L65swLOtvWNMntJTYFFlDO-c40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/1c8b69-4b7b-4bfd-bce5-37afbdf4d847/1/4FgyXjSTtWGyFOXdnX2-aAmOOA8.roa
Signing time:             Thu 02 Jan 2025 05:48:24 +0000
ROA not before:           Thu 02 Jan 2025 05:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25318
IP address blocks:        193.47.162.0/24 maxlen: 24
                          195.234.177.0/24 maxlen: 24
                          2001:67c:154::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/1c8b69-4b7b-4bfd-bce5-37afbdf4d847/1/_L65swLOtvWNMntJTYFFlDO-c40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/1c8b69-4b7b-4bfd-bce5-37afbdf4d847/1/_L65swLOtvWNMntJTYFFlDO-c40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_L65swLOtvWNMntJTYFFlDO-c40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 11:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:d1:e1:15:6b:65:25:51:95:8c:7b:6a:4a:c2:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fcbeb9b302ceb6f58d327b494d81459433be738d
        Validity
            Not Before: Jan  2 05:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e058325e3493b561b214e5dd9d7dbe68098e380f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:55:0b:ba:ab:68:6c:9c:3b:5d:82:31:1e:74:
                    b9:2d:fc:4c:0a:a1:81:1d:cf:12:86:cc:f0:58:19:
                    93:eb:7a:4e:aa:d5:81:1b:51:cf:f3:0f:23:25:b1:
                    be:1a:30:68:0f:04:8a:f3:8d:00:70:26:d7:48:61:
                    a4:da:5f:78:a7:65:f5:c8:b3:3c:b3:35:79:c2:7e:
                    e3:ec:5f:96:d9:83:20:6f:e3:3d:9b:4c:2e:35:6d:
                    8f:8f:1a:47:b0:b7:e7:ea:e2:c8:f2:aa:68:df:f8:
                    18:9b:61:0f:43:a8:c1:bb:3f:6f:6f:15:14:69:da:
                    06:a7:81:e8:67:60:6c:1f:e9:94:8a:24:75:75:c4:
                    5b:d5:e0:d9:04:0c:b5:b0:4f:ef:1c:35:ff:36:88:
                    67:61:47:da:c0:cb:6a:dc:2c:22:dc:56:2b:24:06:
                    9c:5b:f8:22:25:1a:3b:05:05:bf:7d:9b:ff:3d:2a:
                    d6:65:02:65:7c:0b:16:59:ae:06:51:12:e0:e1:9b:
                    b9:ad:58:1e:3f:e6:a4:bc:e5:35:b1:15:0f:b1:7d:
                    b3:06:30:90:6e:9a:76:73:07:68:09:94:35:f1:ef:
                    4c:e1:a3:fb:72:ff:7b:c8:0c:5c:ae:01:e3:4e:17:
                    14:f4:3c:99:f9:c2:fd:83:f5:df:bc:85:d7:b2:49:
                    7e:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:58:32:5E:34:93:B5:61:B2:14:E5:DD:9D:7D:BE:68:09:8E:38:0F
            X509v3 Authority Key Identifier:
                keyid:FC:BE:B9:B3:02:CE:B6:F5:8D:32:7B:49:4D:81:45:94:33:BE:73:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_L65swLOtvWNMntJTYFFlDO-c40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/1c8b69-4b7b-4bfd-bce5-37afbdf4d847/1/4FgyXjSTtWGyFOXdnX2-aAmOOA8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/1c8b69-4b7b-4bfd-bce5-37afbdf4d847/1/_L65swLOtvWNMntJTYFFlDO-c40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.47.162.0/24
                  195.234.177.0/24
                IPv6:
                  2001:67c:154::/48

    Signature Algorithm: sha256WithRSAEncryption
         8e:93:d8:59:dc:bf:35:8c:3d:1f:d5:7b:6c:5e:77:cf:8b:46:
         7e:4b:e8:8d:40:30:cf:8b:64:d3:1d:5f:33:05:cc:16:c0:c4:
         57:49:e2:59:1a:e9:66:bb:c6:4f:d1:5d:60:06:46:15:3e:a5:
         b5:d9:07:41:4b:73:58:2e:2a:ae:51:0a:50:06:8f:78:4b:07:
         a1:27:3b:6b:19:e4:53:1d:89:e3:b5:10:e8:1a:78:b7:f4:d8:
         65:a6:27:b6:57:7e:79:3c:48:8c:0b:c1:3c:f9:a7:70:22:fb:
         31:b0:6a:28:fe:dc:42:c1:7f:5c:f7:cf:f4:a0:e0:57:c9:ff:
         2d:dc:72:f7:dd:51:ed:9d:94:8d:c4:ce:ad:57:b5:87:90:d4:
         f5:9b:32:ce:8b:26:69:6b:ff:a0:a6:89:e6:30:ac:af:db:16:
         45:94:af:4e:dc:b0:11:bf:c8:3f:dc:4c:ca:c2:1b:a7:33:41:
         c6:8d:cc:60:a6:cc:81:a9:a5:e3:d7:89:f4:99:31:b1:29:96:
         1c:eb:c8:6a:ec:3f:a7:49:18:5d:c1:92:82:b3:dc:52:1f:cf:
         fd:85:e7:fa:df:9a:ec:bf:53:f4:6d:b6:13:37:12:3d:55:65:
         9c:dc:60:b4:a7:f1:37:64:1a:40:a8:a8:b5:02:ed:5a:24:9c:
         b2:75:03:b9
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZQljtHhFWtlJVGVjHtqSsJBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjYmViOWIzMDJjZWI2ZjU4ZDMyN2I0OTRkODE0NTk0MzNi
ZTczOGQwHhcNMjUwMTAyMDU0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDU4MzI1ZTM0OTNiNTYxYjIxNGU1ZGQ5ZDdkYmU2ODA5OGUzODBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsVULuqtobJw7XYIxHnS5LfxMCqGB
Hc8ShszwWBmT63pOqtWBG1HP8w8jJbG+GjBoDwSK840AcCbXSGGk2l94p2X1yLM8
szV5wn7j7F+W2YMgb+M9m0wuNW2PjxpHsLfn6uLI8qpo3/gYm2EPQ6jBuz9vbxUU
adoGp4HoZ2BsH+mUiiR1dcRb1eDZBAy1sE/vHDX/NohnYUfawMtq3Cwi3FYrJAac
W/giJRo7BQW/fZv/PSrWZQJlfAsWWa4GURLg4Zu5rVgeP+akvOU1sRUPsX2zBjCQ
bpp2cwdoCZQ18e9M4aP7cv97yAxcrgHjThcU9DyZ+cL9g/XfvIXXskl+IwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFOBYMl40k7VhshTl3Z19vmgJjjgPMB8GA1UdIwQY
MBaAFPy+ubMCzrb1jTJ7SU2BRZQzvnONMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0w2NXN3TE90dldOTW50SlRZRkZsRE8tYzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC8xYzhiNjktNGI3Yi00YmZkLWJjZTUt
MzdhZmJkZjRkODQ3LzEvNEZneVhqU1R0V0d5Rk9YZG5YMi1hQW1PT0E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC8xYzhiNjktNGI3Yi00YmZkLWJjZTUtMzdhZmJkZjRkODQ3
LzEvX0w2NXN3TE90dldOTW50SlRZRkZsRE8tYzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAwS+iAwQA
w+qxMA8EAgACMAkDBwAgAQZ8AVQwDQYJKoZIhvcNAQELBQADggEBAI6T2FncvzWM
PR/Ve2xed8+LRn5L6I1AMM+LZNMdXzMFzBbAxFdJ4lka6Wa7xk/RXWAGRhU+pbXZ
B0FLc1guKq5RClAGj3hLB6EnO2sZ5FMdieO1EOgaeLf02GWmJ7ZXfnk8SIwLwTz5
p3Ai+zGwaij+3ELBf1z3z/Sg4FfJ/y3ccvfdUe2dlI3Ezq1XtYeQ1PWbMs6LJmlr
/6CmieYwrK/bFkWUr07csBG/yD/cTMrCG6czQcaNzGCmzIGppePXifSZMbEplhzr
yGrsP6dJGF3BkoKz3FIfz/2F5/rfmuy/U/RtthM3Ej1VZZzcYLSn8TdkGkCoqLUC
7VoknLJ1A7k=
-----END CERTIFICATE-----