Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/f9f773-121e-450d-b606-98bf4289df3b/1/FXr_S2B4fxLM9qAbLsO0vh-M550.roa
File:                     FXr_S2B4fxLM9qAbLsO0vh-M550.roa (raw, json)
Hash identifier:          XI0iDABL8ODtA8iq4rY+TAYyWpnlmsL+6qt8rzYOd/w=
Subject key identifier:   15:7A:FF:4B:60:78:7F:12:CC:F6:A0:1B:2E:C3:B4:BE:1F:8C:E7:9D
Certificate issuer:       /CN=e6a4cb74cf524c18121d53b532c03c06f4ad6be6
Certificate serial:       019425FC82D5A7405197013289F7C5685051
Authority key identifier: E6:A4:CB:74:CF:52:4C:18:12:1D:53:B5:32:C0:3C:06:F4:AD:6B:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5qTLdM9STBgSHVO1MsA8BvSta-Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/f9f773-121e-450d-b606-98bf4289df3b/1/FXr_S2B4fxLM9qAbLsO0vh-M550.roa
Signing time:             Thu 02 Jan 2025 07:48:12 +0000
ROA not before:           Thu 02 Jan 2025 07:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48388
IP address blocks:        91.209.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/f9f773-121e-450d-b606-98bf4289df3b/1/5qTLdM9STBgSHVO1MsA8BvSta-Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/f9f773-121e-450d-b606-98bf4289df3b/1/5qTLdM9STBgSHVO1MsA8BvSta-Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5qTLdM9STBgSHVO1MsA8BvSta-Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 03:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:82:d5:a7:40:51:97:01:32:89:f7:c5:68:50:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e6a4cb74cf524c18121d53b532c03c06f4ad6be6
        Validity
            Not Before: Jan  2 07:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=157aff4b60787f12ccf6a01b2ec3b4be1f8ce79d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:ef:89:9d:0e:a3:95:c3:15:65:41:4f:ef:cd:
                    f4:f1:fb:ff:35:90:5f:e5:3c:5e:29:df:f4:33:2e:
                    a3:02:1d:b5:33:03:5e:2a:8d:c0:b4:3d:ca:27:9c:
                    05:41:e7:3f:de:79:39:6e:01:bc:09:99:d4:92:1a:
                    2e:b5:20:35:d9:e8:a4:eb:78:dd:cd:59:34:ca:54:
                    bd:36:3b:b7:d7:14:2d:b7:c7:e1:fc:8a:ad:c7:5f:
                    d9:47:68:07:c9:fc:98:6c:ac:97:40:cf:1f:88:2d:
                    7d:93:3b:32:36:bc:59:9b:12:ec:ed:85:22:75:f3:
                    2f:d8:01:d8:33:d1:ff:fe:cc:95:05:01:f1:b5:8f:
                    4e:c7:69:3c:2d:70:6d:5f:44:87:6b:a0:9f:60:8c:
                    0b:31:62:02:02:7f:dd:06:47:fe:02:8d:91:a3:4f:
                    29:37:5a:96:9e:8c:ba:b9:85:2a:4f:48:03:8c:d9:
                    cd:d6:dd:03:d4:f2:23:6f:03:dd:d4:e5:38:08:2e:
                    67:d4:74:66:15:4d:40:f0:29:f6:5b:9b:9e:f8:5b:
                    86:b8:90:eb:8d:36:24:b6:b6:12:ab:5b:10:f4:61:
                    cb:8b:ea:ca:31:2e:19:58:f1:0b:ad:07:41:89:79:
                    51:7a:93:b3:78:5a:27:ad:68:13:52:d4:e8:8d:62:
                    06:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:7A:FF:4B:60:78:7F:12:CC:F6:A0:1B:2E:C3:B4:BE:1F:8C:E7:9D
            X509v3 Authority Key Identifier:
                keyid:E6:A4:CB:74:CF:52:4C:18:12:1D:53:B5:32:C0:3C:06:F4:AD:6B:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5qTLdM9STBgSHVO1MsA8BvSta-Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/f9f773-121e-450d-b606-98bf4289df3b/1/FXr_S2B4fxLM9qAbLsO0vh-M550.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/f9f773-121e-450d-b606-98bf4289df3b/1/5qTLdM9STBgSHVO1MsA8BvSta-Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:b7:8a:3f:e4:8c:39:aa:a0:3d:2a:23:84:38:61:2c:89:c9:
         c7:f2:a8:81:df:eb:f3:57:b3:92:30:d5:e7:7d:78:bf:be:4c:
         77:54:f9:6e:cf:e2:f5:95:3c:e4:7f:80:5f:27:2a:a3:10:b1:
         bf:99:40:bf:cc:fe:f4:54:3b:20:0a:1a:fd:3f:a6:95:4d:e7:
         52:48:09:41:f7:5b:03:7b:be:f9:0f:df:22:c4:2e:08:8b:f2:
         9a:d3:78:4d:c7:78:64:a0:97:79:4f:10:24:1a:15:e8:fb:81:
         2c:8a:cf:72:09:22:ab:a8:06:9b:97:fc:50:13:66:e6:68:13:
         a6:0c:64:da:56:d8:2e:bb:3b:90:3d:52:6a:ba:09:ac:5f:88:
         09:01:56:b9:cc:3c:d0:0d:05:db:5e:2e:21:69:3e:a4:1c:fb:
         2e:4e:33:7a:1c:42:6d:81:a2:32:43:9b:b9:d0:be:04:7a:ef:
         0b:49:37:03:7a:47:44:25:ab:50:6f:2a:02:95:ef:4f:ec:a6:
         4c:be:b3:56:e2:c8:12:70:54:ce:f1:c7:47:ea:39:e8:f8:e2:
         ad:44:10:7f:8a:a1:c7:74:47:c2:52:be:2d:b3:06:5d:0e:78:
         8d:96:1e:78:1e:d6:9b:53:5b:4b:dc:f3:91:f1:e9:71:a9:b8:
         14:6b:00:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/ILVp0BRlwEyiffFaFBRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2YTRjYjc0Y2Y1MjRjMTgxMjFkNTNiNTMyYzAzYzA2ZjRh
ZDZiZTYwHhcNMjUwMTAyMDc0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTdhZmY0YjYwNzg3ZjEyY2NmNmEwMWIyZWMzYjRiZTFmOGNlNzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlO+JnQ6jlcMVZUFP78308fv/NZBf
5TxeKd/0My6jAh21MwNeKo3AtD3KJ5wFQec/3nk5bgG8CZnUkhoutSA12eik63jd
zVk0ylS9Nju31xQtt8fh/Iqtx1/ZR2gHyfyYbKyXQM8fiC19kzsyNrxZmxLs7YUi
dfMv2AHYM9H//syVBQHxtY9Ox2k8LXBtX0SHa6CfYIwLMWICAn/dBkf+Ao2Ro08p
N1qWnoy6uYUqT0gDjNnN1t0D1PIjbwPd1OU4CC5n1HRmFU1A8Cn2W5ue+FuGuJDr
jTYktrYSq1sQ9GHLi+rKMS4ZWPELrQdBiXlRepOzeFonrWgTUtTojWIGGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBV6/0tgeH8SzPagGy7DtL4fjOedMB8GA1UdIwQY
MBaAFOaky3TPUkwYEh1TtTLAPAb0rWvmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXFUTGRNOVNUQmdTSFZPMU1zQThCdlN0YS1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mOWY3NzMtMTIxZS00NTBkLWI2MDYt
OThiZjQyODlkZjNiLzEvRlhyX1MyQjRmeExNOXFBYkxzTzB2aC1NNTUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mOWY3NzMtMTIxZS00NTBkLWI2MDYtOThiZjQyODlkZjNi
LzEvNXFUTGRNOVNUQmdTSFZPMU1zQThCdlN0YS1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9GEMA0G
CSqGSIb3DQEBCwUAA4IBAQB3t4o/5Iw5qqA9KiOEOGEsicnH8qiB3+vzV7OSMNXn
fXi/vkx3VPluz+L1lTzkf4BfJyqjELG/mUC/zP70VDsgChr9P6aVTedSSAlB91sD
e775D98ixC4Ii/Ka03hNx3hkoJd5TxAkGhXo+4Esis9yCSKrqAabl/xQE2bmaBOm
DGTaVtguuzuQPVJqugmsX4gJAVa5zDzQDQXbXi4haT6kHPsuTjN6HEJtgaIyQ5u5
0L4Eeu8LSTcDekdEJatQbyoCle9P7KZMvrNW4sgScFTO8cdH6jno+OKtRBB/iqHH
dEfCUr4tswZdDniNlh54HtabU1tL3POR8elxqbgUawC9
-----END CERTIFICATE-----