Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/fpZVpVos_kxzIDGYSqNyyRQDttQ.roa
File:                     fpZVpVos_kxzIDGYSqNyyRQDttQ.roa (raw, json)
Hash identifier:          uV1KfcwolyVJ1mOs8l65+H0qhjLwiOsobMQn9rorxTU=
Subject key identifier:   7E:96:55:A5:5A:2C:FE:4C:73:20:31:98:4A:A3:72:C9:14:03:B6:D4
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       019711AF5E70EFEEECA02F4D99FDEFAF4CB4
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/fpZVpVos_kxzIDGYSqNyyRQDttQ.roa
Signing time:             Tue 27 May 2025 12:19:55 +0000
ROA not before:           Tue 27 May 2025 12:19:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208949
IP address blocks:        93.113.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Jun 2025 21:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:11:af:5e:70:ef:ee:ec:a0:2f:4d:99:fd:ef:af:4c:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: May 27 12:19:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7e9655a55a2cfe4c732031984aa372c91403b6d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:59:ac:b0:97:02:74:18:61:18:86:c7:67:ad:
                    53:15:f6:f8:41:c4:ce:a1:77:16:63:d1:5d:ae:0c:
                    08:f4:f7:d0:f1:fa:55:06:60:6d:86:d8:31:b7:a2:
                    8f:6b:fb:d7:8b:58:73:ef:75:4b:ea:27:94:d6:72:
                    c9:1d:f6:43:14:3b:ed:3d:35:15:df:d4:1b:ee:fa:
                    a7:b8:4b:06:5b:d0:dd:57:34:51:00:8d:53:27:0f:
                    f6:74:2f:7d:6d:11:26:9e:27:7e:25:e6:1e:3a:bb:
                    d0:b8:7c:7b:c1:43:61:ce:b9:74:81:e5:6d:d9:be:
                    32:60:60:3f:2f:8b:64:16:91:70:1d:77:e4:be:ce:
                    ee:4c:fa:46:cc:31:02:05:59:a7:b1:c7:2f:2d:3f:
                    e1:03:95:90:86:c8:ac:fb:7b:87:14:08:36:8d:de:
                    90:a6:9c:03:38:d6:47:04:73:b1:f0:4e:37:15:81:
                    5d:6b:c0:53:e7:1b:c1:e3:22:fe:66:b3:87:db:b5:
                    74:8e:88:77:53:19:e9:9b:c6:e4:71:87:2d:b6:db:
                    69:3f:48:63:a1:f4:c9:32:b0:17:3f:0e:d1:47:f2:
                    eb:25:57:56:b9:15:3c:bc:b1:c6:46:93:09:7a:ba:
                    25:f8:c7:33:0a:cd:11:85:47:bd:ad:76:28:0f:30:
                    12:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:96:55:A5:5A:2C:FE:4C:73:20:31:98:4A:A3:72:C9:14:03:B6:D4
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/fpZVpVos_kxzIDGYSqNyyRQDttQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.113.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:03:18:43:61:ba:0a:98:fc:b3:44:16:d6:b5:f9:41:50:16:
         ec:df:6e:e2:cf:63:2b:8f:fc:b5:44:47:1b:1f:29:66:73:26:
         74:b9:2a:fd:c8:f6:cf:b2:03:39:4a:02:a4:df:3f:94:3c:43:
         fd:67:25:0a:cc:37:85:e8:85:cb:70:3a:cd:8c:35:a1:ab:3a:
         f8:84:cd:e4:03:51:a0:81:5f:d6:3a:df:48:c4:6a:54:c8:9d:
         5b:75:8e:b5:be:d6:ea:26:a9:e5:0c:c6:4e:a8:8f:97:59:2d:
         1b:be:47:cf:23:e0:a0:87:3c:02:4c:a5:ce:4d:ed:d6:de:6e:
         ff:84:80:8c:49:b1:7f:48:ea:c5:56:bc:44:c5:8e:71:dc:86:
         8a:ad:b2:2a:f7:4b:40:f5:7e:31:5e:92:9e:10:e2:52:8f:2c:
         38:77:8f:76:24:71:34:56:ff:a9:ed:80:5c:35:6b:54:1d:1e:
         69:c5:30:d3:17:f3:c1:bb:3e:8a:8c:2a:a1:65:64:e2:6d:4b:
         58:23:e6:0f:8a:7c:ed:37:11:4c:00:b2:b9:8a:8f:1a:05:42:
         6c:19:a5:92:34:6c:44:16:c3:7c:fc:39:6e:fe:1e:70:ae:47:
         69:ed:29:73:91:6f:b8:23:99:97:4e:37:7a:2d:fa:49:99:c8:
         49:d0:df:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcRr15w7+7soC9Nmf3vr0y0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjUwNTI3MTIxOTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTk2NTVhNTVhMmNmZTRjNzMyMDMxOTg0YWEzNzJjOTE0MDNiNmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoFmssJcCdBhhGIbHZ61TFfb4QcTO
oXcWY9FdrgwI9PfQ8fpVBmBthtgxt6KPa/vXi1hz73VL6ieU1nLJHfZDFDvtPTUV
39Qb7vqnuEsGW9DdVzRRAI1TJw/2dC99bREmnid+JeYeOrvQuHx7wUNhzrl0geVt
2b4yYGA/L4tkFpFwHXfkvs7uTPpGzDECBVmnsccvLT/hA5WQhsis+3uHFAg2jd6Q
ppwDONZHBHOx8E43FYFda8BT5xvB4yL+ZrOH27V0joh3Uxnpm8bkcYcttttpP0hj
ofTJMrAXPw7RR/LrJVdWuRU8vLHGRpMJerol+MczCs0RhUe9rXYoDzASVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH6WVaVaLP5McyAxmEqjcskUA7bUMB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvZnBaVnBWb3Nfa3h6SURHWVNxTnl5UlFEdHRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXXHLMA0G
CSqGSIb3DQEBCwUAA4IBAQBlAxhDYboKmPyzRBbWtflBUBbs327iz2Mrj/y1REcb
HylmcyZ0uSr9yPbPsgM5SgKk3z+UPEP9ZyUKzDeF6IXLcDrNjDWhqzr4hM3kA1Gg
gV/WOt9IxGpUyJ1bdY61vtbqJqnlDMZOqI+XWS0bvkfPI+CghzwCTKXOTe3W3m7/
hICMSbF/SOrFVrxExY5x3IaKrbIq90tA9X4xXpKeEOJSjyw4d492JHE0Vv+p7YBc
NWtUHR5pxTDTF/PBuz6KjCqhZWTibUtYI+YPinztNxFMALK5io8aBUJsGaWSNGxE
FsN8/Dlu/h5wrkdp7SlzkW+4I5mXTjd6LfpJmchJ0N/4
-----END CERTIFICATE-----