Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/FFOy7JzcrItrCcqIMOBP12gCuvA.roa
File:                     FFOy7JzcrItrCcqIMOBP12gCuvA.roa (raw, json)
Hash identifier:          4feRGc55ccbj4QRPLSWi7NCE31nGpgj09ILORHtqr7E=
Subject key identifier:   14:53:B2:EC:9C:DC:AC:8B:6B:09:CA:88:30:E0:4F:D7:68:02:BA:F0
Certificate issuer:       /CN=ba9d30e6035be8b8386061f271481c707e04ce2b
Certificate serial:       0194228E03D91B71A0153D8FFD99BDDDC94F
Authority key identifier: BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/FFOy7JzcrItrCcqIMOBP12gCuvA.roa
Signing time:             Wed 01 Jan 2025 15:48:39 +0000
ROA not before:           Wed 01 Jan 2025 15:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9121
IP address blocks:        82.222.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 21:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:03:d9:1b:71:a0:15:3d:8f:fd:99:bd:dd:c9:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba9d30e6035be8b8386061f271481c707e04ce2b
        Validity
            Not Before: Jan  1 15:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1453b2ec9cdcac8b6b09ca8830e04fd76802baf0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:dc:45:ba:22:b1:b1:ed:60:11:ed:b8:f0:48:
                    94:60:c4:be:4d:52:3b:d3:95:72:3c:de:75:c8:7e:
                    b0:48:42:f1:62:9c:25:a6:30:47:db:2f:f6:b2:30:
                    96:16:46:be:08:a7:07:0e:3f:d9:6e:1f:75:75:78:
                    d7:76:54:56:4f:49:13:e7:e1:2c:1e:d2:a3:88:81:
                    2f:76:7e:aa:4c:c5:3b:37:c6:50:5d:23:4f:38:fa:
                    b2:d1:77:29:97:a7:8b:da:8a:3b:0e:36:df:8f:86:
                    b7:4d:33:0d:d8:0a:ec:ff:5c:42:5c:23:1e:4a:1b:
                    3c:f1:2c:05:b8:2f:da:c9:2b:50:79:0e:e3:6b:b8:
                    cb:21:73:cb:95:66:c9:fc:b9:f9:97:bd:70:ed:ee:
                    97:45:e5:26:fe:5f:ac:ab:58:eb:b2:18:fc:53:96:
                    f7:f6:97:00:e9:b3:11:ae:a5:a4:2d:79:37:29:2c:
                    2f:c1:8f:ce:4c:0d:aa:28:1c:fa:aa:ce:ff:3c:89:
                    36:ac:48:54:c3:be:9d:3c:45:3d:83:88:dd:7b:bc:
                    4a:3a:eb:13:fb:0b:18:e0:d7:d7:a1:12:c3:84:e0:
                    eb:ff:05:1f:fa:67:50:7e:64:e7:9c:50:55:2b:48:
                    01:d9:fc:22:d6:1a:c5:53:a7:91:02:ef:81:0a:e8:
                    5a:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:53:B2:EC:9C:DC:AC:8B:6B:09:CA:88:30:E0:4F:D7:68:02:BA:F0
            X509v3 Authority Key Identifier:
                keyid:BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/FFOy7JzcrItrCcqIMOBP12gCuvA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.222.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:98:a6:20:78:81:a7:f1:3d:18:79:86:bf:b7:4f:d5:ee:8d:
         4e:88:b2:82:7a:98:db:6e:87:0f:3b:79:ea:d3:ba:ea:c0:80:
         4e:94:d5:eb:7a:7d:5a:59:8c:83:06:6c:9c:16:d0:b3:5f:9a:
         7c:e6:e1:41:18:24:da:b5:48:5f:f1:a7:9d:bf:50:e7:9b:72:
         e5:b5:4a:97:66:3a:a7:10:02:60:99:07:0d:6a:7f:ea:94:43:
         e3:97:b7:31:3d:e0:72:c1:10:75:ec:e7:89:97:51:28:1f:54:
         a1:57:a4:db:36:fc:ad:54:72:cf:b3:90:19:1b:65:5a:d7:4e:
         d7:86:97:72:4c:bd:a8:dc:63:a4:a4:8e:51:24:c4:bb:ed:59:
         7a:60:0c:f8:27:49:a5:5e:fe:0e:aa:0a:ea:4c:79:36:4b:73:
         31:46:c2:ef:d0:37:55:cc:59:f4:6b:c2:dc:b8:a3:a0:6b:ed:
         3b:74:aa:61:e3:fe:ae:03:ab:2e:84:bb:5c:0b:1f:7f:f9:1c:
         74:04:dc:ae:8b:7e:7d:cd:b4:5d:a1:0b:68:b0:3f:d5:72:14:
         1e:c9:14:3b:71:93:d2:33:d2:f3:58:8f:fb:33:cb:6e:75:7d:
         5e:bd:c2:69:be:55:dc:96:a3:a2:56:f8:49:3e:2e:43:fe:c8:
         2f:55:61:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijgPZG3GgFT2P/Zm93clPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhOWQzMGU2MDM1YmU4YjgzODYwNjFmMjcxNDgxYzcwN2Uw
NGNlMmIwHhcNMjUwMTAxMTU0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDUzYjJlYzljZGNhYzhiNmIwOWNhODgzMGUwNGZkNzY4MDJiYWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9xFuiKxse1gEe248EiUYMS+TVI7
05VyPN51yH6wSELxYpwlpjBH2y/2sjCWFka+CKcHDj/Zbh91dXjXdlRWT0kT5+Es
HtKjiIEvdn6qTMU7N8ZQXSNPOPqy0Xcpl6eL2oo7Djbfj4a3TTMN2Ars/1xCXCMe
Shs88SwFuC/ayStQeQ7ja7jLIXPLlWbJ/Ln5l71w7e6XReUm/l+sq1jrshj8U5b3
9pcA6bMRrqWkLXk3KSwvwY/OTA2qKBz6qs7/PIk2rEhUw76dPEU9g4jde7xKOusT
+wsY4NfXoRLDhODr/wUf+mdQfmTnnFBVK0gB2fwi1hrFU6eRAu+BCuha+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBRTsuyc3KyLawnKiDDgT9doArrwMB8GA1UdIwQY
MBaAFLqdMOYDW+i4OGBh8nFIHHB+BM4rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgt
NWQ1ODRmYmM1ZDI3LzEvRkZPeTdKemNySXRyQ2NxSU1PQlAxMmdDdXZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgtNWQ1ODRmYmM1ZDI3
LzEvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUt6pMA0G
CSqGSIb3DQEBCwUAA4IBAQBKmKYgeIGn8T0YeYa/t0/V7o1OiLKCepjbbocPO3nq
07rqwIBOlNXren1aWYyDBmycFtCzX5p85uFBGCTatUhf8aedv1Dnm3LltUqXZjqn
EAJgmQcNan/qlEPjl7cxPeBywRB17OeJl1EoH1ShV6TbNvytVHLPs5AZG2Va107X
hpdyTL2o3GOkpI5RJMS77Vl6YAz4J0mlXv4OqgrqTHk2S3MxRsLv0DdVzFn0a8Lc
uKOga+07dKph4/6uA6suhLtcCx9/+Rx0BNyui359zbRdoQtosD/VchQeyRQ7cZPS
M9LzWI/7M8tudX1evcJpvlXclqOiVvhJPi5D/sgvVWEH
-----END CERTIFICATE-----