Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/bdbde0-1d97-4126-93e6-8e77173dc4bc/1/IYbiKXlQmjVmc2EBeJ1ZyhaFvEg.roa
File:                     IYbiKXlQmjVmc2EBeJ1ZyhaFvEg.roa (raw, json)
Hash identifier:          4Xy4cTbgeWofaNajn2cgHkph6DzzB6nqlaBQdJk6xLo=
Subject key identifier:   21:86:E2:29:79:50:9A:35:66:73:61:01:78:9D:59:CA:16:85:BC:48
Certificate issuer:       /CN=fccaed0f81e248daf332b80843d4a29e8d7d51e4
Certificate serial:       0194228E24D84959B98F11AA263E222E3C5F
Authority key identifier: FC:CA:ED:0F:81:E2:48:DA:F3:32:B8:08:43:D4:A2:9E:8D:7D:51:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_MrtD4HiSNrzMrgIQ9Sino19UeQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/bdbde0-1d97-4126-93e6-8e77173dc4bc/1/IYbiKXlQmjVmc2EBeJ1ZyhaFvEg.roa
Signing time:             Wed 01 Jan 2025 15:48:48 +0000
ROA not before:           Wed 01 Jan 2025 15:48:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35273
IP address blocks:        91.235.196.0/22 maxlen: 22
                          193.142.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/bdbde0-1d97-4126-93e6-8e77173dc4bc/1/_MrtD4HiSNrzMrgIQ9Sino19UeQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/bdbde0-1d97-4126-93e6-8e77173dc4bc/1/_MrtD4HiSNrzMrgIQ9Sino19UeQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_MrtD4HiSNrzMrgIQ9Sino19UeQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 15:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:24:d8:49:59:b9:8f:11:aa:26:3e:22:2e:3c:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fccaed0f81e248daf332b80843d4a29e8d7d51e4
        Validity
            Not Before: Jan  1 15:48:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2186e22979509a3566736101789d59ca1685bc48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:9c:86:5a:20:e2:fc:d2:c8:c5:62:2e:c5:44:
                    82:b6:11:86:b4:4b:e6:7c:61:c3:1b:56:d0:ac:ef:
                    c0:ac:10:ac:cb:fb:3d:68:4b:62:5c:f2:56:b2:e2:
                    d5:cb:8c:9d:95:52:5c:bd:6c:3b:1e:1d:40:5c:e8:
                    f8:5e:48:b7:49:af:af:9c:34:6e:63:52:2a:1e:89:
                    f0:2f:e8:a6:5c:b6:6a:d5:69:c7:2b:f5:98:fb:61:
                    de:f6:6f:1b:91:60:52:8d:3a:ec:5d:85:9e:74:4d:
                    3c:2c:6d:c8:0a:46:10:06:38:2e:b5:c1:8b:bd:d3:
                    da:5f:d7:61:ff:55:be:96:d1:3a:e7:a7:e2:54:23:
                    14:9f:9d:ba:71:51:15:1b:93:de:65:18:d5:0e:e8:
                    90:73:f6:c5:ce:a0:d7:df:a5:7e:df:cf:54:f9:63:
                    35:bd:4c:18:fa:a6:94:7e:d4:cb:e5:88:8a:42:07:
                    a7:b7:15:32:8b:32:38:0a:66:51:60:bb:82:ec:2a:
                    cd:8f:46:4f:7d:6a:5e:cf:75:63:a7:b1:b6:e6:df:
                    65:c4:f8:94:32:57:c8:55:a7:5d:38:44:07:01:e4:
                    ae:f1:16:05:43:da:e8:a0:24:47:6a:5f:5a:78:08:
                    a3:cf:2e:60:ec:e7:dd:61:66:8a:31:43:fe:c5:01:
                    c9:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:86:E2:29:79:50:9A:35:66:73:61:01:78:9D:59:CA:16:85:BC:48
            X509v3 Authority Key Identifier:
                keyid:FC:CA:ED:0F:81:E2:48:DA:F3:32:B8:08:43:D4:A2:9E:8D:7D:51:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_MrtD4HiSNrzMrgIQ9Sino19UeQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/bdbde0-1d97-4126-93e6-8e77173dc4bc/1/IYbiKXlQmjVmc2EBeJ1ZyhaFvEg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/bdbde0-1d97-4126-93e6-8e77173dc4bc/1/_MrtD4HiSNrzMrgIQ9Sino19UeQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.235.196.0/22
                  193.142.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:9c:83:9f:c6:10:52:eb:37:bb:79:7d:17:02:90:dd:4d:a0:
         a5:49:e4:e6:30:0a:29:40:d7:ae:e7:c2:2f:58:c1:dc:ce:d0:
         46:ee:ee:36:74:a2:ff:af:9a:7b:88:5d:a7:b9:51:a1:1a:fe:
         1e:2b:f3:af:6a:2f:a6:dd:12:11:0e:6e:ff:34:2e:a6:26:4b:
         cc:dd:bd:e7:3d:ab:1c:cc:97:3e:46:d2:6a:62:a5:0a:3f:d2:
         e8:3a:15:41:6c:9b:f0:28:6f:9b:0f:08:8b:7c:63:b5:5e:9e:
         94:6a:b0:fb:9d:b4:0c:d5:6c:3d:c1:75:00:b0:4c:72:13:f4:
         10:79:fb:16:0a:bb:35:a0:64:00:c1:53:8f:73:0c:99:f1:0a:
         df:b2:e9:d9:8e:f5:3f:0c:34:93:56:f6:83:e4:d2:6d:62:77:
         e6:17:d6:fe:5d:bd:2b:bf:6a:28:4e:71:d9:51:a3:78:3a:b2:
         5b:27:f8:99:cf:b2:0d:7d:0f:fa:26:de:2d:97:ad:88:7b:a1:
         09:36:4d:b4:65:a3:5f:61:a4:d4:a7:ed:73:85:92:28:84:40:
         09:81:ab:00:86:a6:65:af:ee:88:62:9a:1b:17:59:98:1a:4e:
         1e:bd:7a:4c:12:f2:77:6a:a3:89:45:62:45:4b:02:dc:8d:28:
         7a:ce:57:21
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQijiTYSVm5jxGqJj4iLjxfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjY2FlZDBmODFlMjQ4ZGFmMzMyYjgwODQzZDRhMjllOGQ3
ZDUxZTQwHhcNMjUwMTAxMTU0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTg2ZTIyOTc5NTA5YTM1NjY3MzYxMDE3ODlkNTljYTE2ODViYzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3pyGWiDi/NLIxWIuxUSCthGGtEvm
fGHDG1bQrO/ArBCsy/s9aEtiXPJWsuLVy4ydlVJcvWw7Hh1AXOj4Xki3Sa+vnDRu
Y1IqHonwL+imXLZq1WnHK/WY+2He9m8bkWBSjTrsXYWedE08LG3ICkYQBjgutcGL
vdPaX9dh/1W+ltE656fiVCMUn526cVEVG5PeZRjVDuiQc/bFzqDX36V+389U+WM1
vUwY+qaUftTL5YiKQgentxUyizI4CmZRYLuC7CrNj0ZPfWpez3Vjp7G25t9lxPiU
MlfIVaddOEQHAeSu8RYFQ9rooCRHal9aeAijzy5g7OfdYWaKMUP+xQHJsQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCGG4il5UJo1ZnNhAXidWcoWhbxIMB8GA1UdIwQY
MBaAFPzK7Q+B4kja8zK4CEPUop6NfVHkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX01ydEQ0SGlTTnJ6TXJnSVE5U2lubzE5VWVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9iZGJkZTAtMWQ5Ny00MTI2LTkzZTYt
OGU3NzE3M2RjNGJjLzEvSVliaUtYbFFtalZtYzJFQmVKMVp5aGFGdkVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9iZGJkZTAtMWQ5Ny00MTI2LTkzZTYtOGU3NzE3M2RjNGJj
LzEvX01ydEQ0SGlTTnJ6TXJnSVE5U2lubzE5VWVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW+vEAwQA
wY5yMA0GCSqGSIb3DQEBCwUAA4IBAQAanIOfxhBS6ze7eX0XApDdTaClSeTmMAop
QNeu58IvWMHcztBG7u42dKL/r5p7iF2nuVGhGv4eK/Ovai+m3RIRDm7/NC6mJkvM
3b3nPasczJc+RtJqYqUKP9LoOhVBbJvwKG+bDwiLfGO1Xp6UarD7nbQM1Ww9wXUA
sExyE/QQefsWCrs1oGQAwVOPcwyZ8QrfsunZjvU/DDSTVvaD5NJtYnfmF9b+Xb0r
v2ooTnHZUaN4OrJbJ/iZz7INfQ/6Jt4tl62Ie6EJNk20ZaNfYaTUp+1zhZIohEAJ
gasAhqZlr+6IYpobF1mYGk4evXpMEvJ3aqOJRWJFSwLcjSh6zlch
-----END CERTIFICATE-----