Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/fkyBusPn3viSoM6Rke2nsMlQfm0.roa
File:                     fkyBusPn3viSoM6Rke2nsMlQfm0.roa (raw, json)
Hash identifier:          /FiAcoNfd0urVFDXx0IVn++teLxCeDdPPGkpMq338Sg=
Subject key identifier:   7E:4C:81:BA:C3:E7:DE:F8:92:A0:CE:91:91:ED:A7:B0:C9:50:7E:6D
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       0194244512C1A50E499C3B118B7213D0B169
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/fkyBusPn3viSoM6Rke2nsMlQfm0.roa
Signing time:             Wed 01 Jan 2025 23:48:14 +0000
ROA not before:           Wed 01 Jan 2025 23:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35682
IP address blocks:        45.138.158.0/24 maxlen: 24
                          185.217.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 08:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:12:c1:a5:0e:49:9c:3b:11:8b:72:13:d0:b1:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Jan  1 23:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7e4c81bac3e7def892a0ce9191eda7b0c9507e6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:52:16:69:6b:4d:e2:bd:81:35:c3:e9:79:75:
                    cd:6d:bf:eb:e9:33:0c:1b:5a:47:83:0b:9e:49:5f:
                    39:b2:a2:95:91:9b:02:f2:78:fd:4e:77:90:35:d8:
                    6a:41:37:fe:3e:16:e3:8a:11:24:ed:bc:63:a6:37:
                    ba:76:9a:dd:c9:9e:af:07:01:32:a0:26:8d:03:b8:
                    8a:2f:7c:56:6a:e1:dd:9e:9a:85:c1:1a:db:56:50:
                    e9:a3:42:75:5a:08:5f:04:d2:aa:8b:05:a0:ff:0d:
                    0d:2a:3c:5a:d6:bb:c0:fc:52:41:ed:21:d2:93:32:
                    84:a5:c7:c4:f1:e3:2c:4c:51:7d:dc:e3:10:ba:2c:
                    2d:40:79:ad:f1:34:a2:63:85:e5:e5:d7:2f:e4:f7:
                    0d:41:ab:a7:21:71:64:11:3e:8b:2c:77:06:84:e7:
                    54:69:7a:18:ae:21:3a:ae:44:58:41:76:64:64:6e:
                    e1:2c:08:cc:ea:de:d1:3a:c3:74:b1:5b:10:2d:30:
                    20:c1:e0:a0:17:11:0b:e2:a2:f6:22:f3:cc:a9:fa:
                    8d:46:80:0f:8f:01:49:c3:59:e0:ee:f6:89:b0:be:
                    17:56:da:89:bd:bf:2b:a1:bc:5c:e9:36:40:71:1e:
                    95:ea:18:45:40:6d:dc:8d:9d:02:33:ec:86:79:d9:
                    01:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:4C:81:BA:C3:E7:DE:F8:92:A0:CE:91:91:ED:A7:B0:C9:50:7E:6D
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/fkyBusPn3viSoM6Rke2nsMlQfm0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.138.158.0/24
                  185.217.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:34:81:d5:99:04:5e:37:da:d5:5e:20:6c:b8:4e:37:ef:8a:
         b3:fa:4e:b6:e9:94:89:14:75:1d:b5:44:39:ea:b1:bf:4b:a5:
         be:ac:be:eb:da:96:7c:d4:c8:0f:5d:ed:76:22:e5:a6:fc:a3:
         f6:af:f8:7c:ca:d7:73:8c:c3:cc:b1:cd:50:d6:b5:63:7d:19:
         4c:99:5b:38:39:70:84:5f:ba:74:15:7b:e6:77:b1:cb:90:ac:
         b4:62:69:24:ea:21:6c:a3:c6:2c:1b:a1:50:33:b9:14:b5:f5:
         ee:17:c5:a0:17:24:30:2e:c5:f2:d8:9e:d5:2a:b1:ef:1b:b7:
         10:03:ef:fb:71:16:3c:54:7b:4f:a4:df:2b:eb:a1:d9:51:9d:
         5a:3f:ca:de:ce:ff:b3:57:26:7c:92:f1:c6:5e:e0:66:5e:ee:
         c2:9d:6e:8c:f4:c9:f4:20:f1:73:5d:e1:5d:eb:e0:6d:af:32:
         c8:b2:4d:f8:fe:ce:d4:2c:2f:b7:12:2f:bc:d9:65:40:f0:3e:
         b1:4d:b7:b3:1c:cd:7f:87:88:7f:71:25:b7:e2:74:e4:5f:ce:
         d8:62:47:d1:30:c4:b4:18:ec:96:47:dd:8a:a3:66:47:b0:6c:
         2f:22:9b:84:56:b2:8b:6c:95:32:48:32:79:54:fc:b8:ab:d6:
         d2:fc:90:24
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQkRRLBpQ5JnDsRi3IT0LFpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjUwMTAxMjM0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTRjODFiYWMzZTdkZWY4OTJhMGNlOTE5MWVkYTdiMGM5NTA3ZTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwFIWaWtN4r2BNcPpeXXNbb/r6TMM
G1pHgwueSV85sqKVkZsC8nj9TneQNdhqQTf+PhbjihEk7bxjpje6dprdyZ6vBwEy
oCaNA7iKL3xWauHdnpqFwRrbVlDpo0J1WghfBNKqiwWg/w0NKjxa1rvA/FJB7SHS
kzKEpcfE8eMsTFF93OMQuiwtQHmt8TSiY4Xl5dcv5PcNQaunIXFkET6LLHcGhOdU
aXoYriE6rkRYQXZkZG7hLAjM6t7ROsN0sVsQLTAgweCgFxEL4qL2IvPMqfqNRoAP
jwFJw1ng7vaJsL4XVtqJvb8robxc6TZAcR6V6hhFQG3cjZ0CM+yGedkBoQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH5MgbrD5974kqDOkZHtp7DJUH5tMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvZmt5QnVzUG4zdmlTb002UmtlMm5zTWxRZm0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYqeAwQA
udmDMA0GCSqGSIb3DQEBCwUAA4IBAQAcNIHVmQReN9rVXiBsuE4374qz+k626ZSJ
FHUdtUQ56rG/S6W+rL7r2pZ81MgPXe12IuWm/KP2r/h8ytdzjMPMsc1Q1rVjfRlM
mVs4OXCEX7p0FXvmd7HLkKy0Ymkk6iFso8YsG6FQM7kUtfXuF8WgFyQwLsXy2J7V
KrHvG7cQA+/7cRY8VHtPpN8r66HZUZ1aP8rezv+zVyZ8kvHGXuBmXu7CnW6M9Mn0
IPFzXeFd6+BtrzLIsk34/s7ULC+3Ei+82WVA8D6xTbezHM1/h4h/cSW34nTkX87Y
YkfRMMS0GOyWR92Ko2ZHsGwvIpuEVrKLbJUySDJ5VPy4q9bS/JAk
-----END CERTIFICATE-----