Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/c59b61-9115-415f-81f2-a4c1bbcb8c97/1/fxlFgI3EysiECIF3mL-wg3P66gA.roa
File:                     fxlFgI3EysiECIF3mL-wg3P66gA.roa (raw, json)
Hash identifier:          WG+Wf/XaXu5fK/R90C0HW02K/9LIUpQXBf5GmZqFRDg=
Subject key identifier:   7F:19:45:80:8D:C4:CA:C8:84:08:81:77:98:BF:B0:83:73:FA:EA:00
Certificate issuer:       /CN=952ddcb35078267f4f3752e5b4ccc65a663a63e7
Certificate serial:       0194252202DF8190F6CD315D303149DD736F
Authority key identifier: 95:2D:DC:B3:50:78:26:7F:4F:37:52:E5:B4:CC:C6:5A:66:3A:63:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lS3cs1B4Jn9PN1LltMzGWmY6Y-c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/c59b61-9115-415f-81f2-a4c1bbcb8c97/1/fxlFgI3EysiECIF3mL-wg3P66gA.roa
Signing time:             Thu 02 Jan 2025 03:49:33 +0000
ROA not before:           Thu 02 Jan 2025 03:49:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202407
IP address blocks:        193.56.196.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/c59b61-9115-415f-81f2-a4c1bbcb8c97/1/lS3cs1B4Jn9PN1LltMzGWmY6Y-c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/c59b61-9115-415f-81f2-a4c1bbcb8c97/1/lS3cs1B4Jn9PN1LltMzGWmY6Y-c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lS3cs1B4Jn9PN1LltMzGWmY6Y-c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 09:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:02:df:81:90:f6:cd:31:5d:30:31:49:dd:73:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=952ddcb35078267f4f3752e5b4ccc65a663a63e7
        Validity
            Not Before: Jan  2 03:49:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7f1945808dc4cac88408817798bfb08373faea00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:77:41:02:7d:31:eb:3b:79:77:34:78:f4:dd:
                    e2:c9:67:1a:b3:6b:eb:ac:25:8f:55:a7:a3:ee:a5:
                    f6:dc:11:9f:c6:22:9d:8f:a2:c0:aa:e0:3e:e0:d5:
                    69:7f:e7:7a:dc:7b:46:e3:a3:8c:72:27:7b:5d:41:
                    a1:d3:7c:2e:72:9d:d5:98:33:c4:14:0f:6b:61:f1:
                    eb:e7:20:95:96:78:ff:50:4d:88:d2:98:2e:d1:a2:
                    46:71:24:f0:b8:a5:7b:62:3a:15:e4:61:84:39:a6:
                    61:6a:c5:e8:6f:ef:88:d5:c3:80:a7:46:84:c8:86:
                    fa:4b:c9:54:9e:06:f3:57:da:67:57:23:41:9c:2e:
                    0a:78:6f:61:3d:be:78:d0:f9:e6:0b:9e:2c:01:3b:
                    af:88:12:d4:c1:dc:d6:3c:a2:01:2b:60:6b:d3:74:
                    12:b8:a6:8b:c6:ee:3f:fc:5b:47:35:b4:3a:52:cd:
                    63:4e:7f:76:30:e1:93:3f:a4:2c:f1:77:0d:2e:ad:
                    d9:cf:ab:bd:32:b4:c8:2b:6f:43:88:13:6f:7f:be:
                    36:3e:e7:65:c8:08:31:2e:ca:be:d8:e8:ec:89:c3:
                    71:4c:35:ee:47:39:8c:96:44:0f:99:ed:2b:48:80:
                    91:26:ba:ff:fe:6a:a4:48:ad:48:c9:f5:46:92:9c:
                    c5:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:19:45:80:8D:C4:CA:C8:84:08:81:77:98:BF:B0:83:73:FA:EA:00
            X509v3 Authority Key Identifier:
                keyid:95:2D:DC:B3:50:78:26:7F:4F:37:52:E5:B4:CC:C6:5A:66:3A:63:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lS3cs1B4Jn9PN1LltMzGWmY6Y-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/c59b61-9115-415f-81f2-a4c1bbcb8c97/1/fxlFgI3EysiECIF3mL-wg3P66gA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/c59b61-9115-415f-81f2-a4c1bbcb8c97/1/lS3cs1B4Jn9PN1LltMzGWmY6Y-c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.56.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         47:05:9f:b1:a8:bd:ef:ce:b7:f3:71:00:69:4c:35:a5:55:d6:
         ef:6f:b4:79:96:21:9b:1d:33:e0:54:34:ee:47:4a:96:85:3e:
         05:99:48:dd:b7:e3:d9:a2:07:a6:e0:6c:0d:9f:cd:c2:f1:66:
         c4:90:1c:6c:37:aa:58:a2:ce:45:6c:37:d9:03:5c:8d:76:a0:
         25:05:50:36:b6:52:8b:94:ff:36:7f:1e:97:56:e7:c3:22:ae:
         fe:08:57:74:a6:02:5c:b1:54:32:93:45:14:68:6b:af:46:e4:
         6a:9c:6d:d1:9a:ff:9d:94:3a:f8:b2:bf:17:81:31:38:20:7a:
         2d:ef:fd:06:8b:1c:89:5d:43:93:49:3b:7e:a8:88:1d:b2:19:
         04:2c:b0:0d:94:35:d4:6f:c0:bd:cc:31:a5:99:87:91:2b:82:
         3b:ea:6e:bc:67:26:47:42:ed:11:15:d4:29:81:be:7b:05:94:
         04:ff:e6:64:c0:14:0f:6c:4d:51:78:ca:bb:e1:c3:26:89:1c:
         0f:c6:40:9d:b2:9f:1f:0d:9d:24:29:f4:2a:42:34:b4:5e:82:
         b6:40:44:e5:c8:d8:25:ee:3f:6d:39:19:04:7e:31:57:4b:25:
         35:ae:70:e4:4a:eb:a8:fe:0f:69:27:39:0f:6b:b6:ce:43:38:
         16:1c:2b:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIgLfgZD2zTFdMDFJ3XNvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MmRkY2IzNTA3ODI2N2Y0ZjM3NTJlNWI0Y2NjNjVhNjYz
YTYzZTcwHhcNMjUwMTAyMDM0OTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjE5NDU4MDhkYzRjYWM4ODQwODgxNzc5OGJmYjA4MzczZmFlYTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ndBAn0x6zt5dzR49N3iyWcas2vr
rCWPVaej7qX23BGfxiKdj6LAquA+4NVpf+d63HtG46OMcid7XUGh03wucp3VmDPE
FA9rYfHr5yCVlnj/UE2I0pgu0aJGcSTwuKV7YjoV5GGEOaZhasXob++I1cOAp0aE
yIb6S8lUngbzV9pnVyNBnC4KeG9hPb540PnmC54sATuviBLUwdzWPKIBK2Br03QS
uKaLxu4//FtHNbQ6Us1jTn92MOGTP6Qs8XcNLq3Zz6u9MrTIK29DiBNvf742Pudl
yAgxLsq+2OjsicNxTDXuRzmMlkQPme0rSICRJrr//mqkSK1IyfVGkpzFyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH8ZRYCNxMrIhAiBd5i/sINz+uoAMB8GA1UdIwQY
MBaAFJUt3LNQeCZ/TzdS5bTMxlpmOmPnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFMzY3MxQjRKbjlQTjFMbHRNekdXbVk2WS1jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9jNTliNjEtOTExNS00MTVmLTgxZjIt
YTRjMWJiY2I4Yzk3LzEvZnhsRmdJM0V5c2lFQ0lGM21MLXdnM1A2NmdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9jNTliNjEtOTExNS00MTVmLTgxZjItYTRjMWJiY2I4Yzk3
LzEvbFMzY3MxQjRKbjlQTjFMbHRNekdXbVk2WS1jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwTjEMA0G
CSqGSIb3DQEBCwUAA4IBAQBHBZ+xqL3vzrfzcQBpTDWlVdbvb7R5liGbHTPgVDTu
R0qWhT4FmUjdt+PZogem4GwNn83C8WbEkBxsN6pYos5FbDfZA1yNdqAlBVA2tlKL
lP82fx6XVufDIq7+CFd0pgJcsVQyk0UUaGuvRuRqnG3Rmv+dlDr4sr8XgTE4IHot
7/0GixyJXUOTSTt+qIgdshkELLANlDXUb8C9zDGlmYeRK4I76m68ZyZHQu0RFdQp
gb57BZQE/+ZkwBQPbE1ReMq74cMmiRwPxkCdsp8fDZ0kKfQqQjS0XoK2QETlyNgl
7j9tORkEfjFXSyU1rnDkSuuo/g9pJzkPa7bOQzgWHCtd
-----END CERTIFICATE-----