Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/318a23-2876-46a2-af72-3497f7e2de62/1/FoLZPs7jrCTyiPs4I9l18S1Qr8Y.roa
File:                     FoLZPs7jrCTyiPs4I9l18S1Qr8Y.roa (raw, json)
Hash identifier:          WOyc3nyHlP8BA5pHAMbDbGZktLqXc6sBTwvRJ/HW9z8=
Subject key identifier:   16:82:D9:3E:CE:E3:AC:24:F2:88:FB:38:23:D9:75:F1:2D:50:AF:C6
Certificate issuer:       /CN=c7d91462c4dc1df6a8a3a97a1aee57a0cc14efba
Certificate serial:       01942748361CE440110AD65E7DE7EED975F3
Authority key identifier: C7:D9:14:62:C4:DC:1D:F6:A8:A3:A9:7A:1A:EE:57:A0:CC:14:EF:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x9kUYsTcHfaoo6l6Gu5XoMwU77o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/318a23-2876-46a2-af72-3497f7e2de62/1/FoLZPs7jrCTyiPs4I9l18S1Qr8Y.roa
Signing time:             Thu 02 Jan 2025 13:50:31 +0000
ROA not before:           Thu 02 Jan 2025 13:50:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200937
IP address blocks:        185.90.148.0/22 maxlen: 22
                          185.90.148.0/24 maxlen: 24
                          185.90.149.0/24 maxlen: 24
                          185.90.150.0/24 maxlen: 24
                          185.90.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/318a23-2876-46a2-af72-3497f7e2de62/1/x9kUYsTcHfaoo6l6Gu5XoMwU77o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/318a23-2876-46a2-af72-3497f7e2de62/1/x9kUYsTcHfaoo6l6Gu5XoMwU77o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x9kUYsTcHfaoo6l6Gu5XoMwU77o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:36:1c:e4:40:11:0a:d6:5e:7d:e7:ee:d9:75:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7d91462c4dc1df6a8a3a97a1aee57a0cc14efba
        Validity
            Not Before: Jan  2 13:50:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1682d93ecee3ac24f288fb3823d975f12d50afc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:52:23:55:6e:ae:03:eb:94:30:19:ce:3f:ef:
                    ea:a7:27:5d:97:c0:94:da:74:73:af:d6:16:6d:46:
                    fa:31:61:29:22:6a:1c:64:5e:d8:9e:be:8c:57:78:
                    a9:94:1e:69:85:e9:7e:32:c9:b8:22:b9:a9:8f:d6:
                    56:6b:cf:e3:2f:f8:14:ee:8d:ef:0f:55:de:f4:90:
                    7e:64:94:58:6f:6c:35:d3:1c:4d:fd:6b:f4:a4:77:
                    ae:87:7f:16:7d:6b:61:1f:5b:cd:b5:71:40:32:ee:
                    a7:fe:a8:c9:d3:66:bd:2b:48:c6:10:fd:58:22:fb:
                    92:60:f5:3b:52:c5:a1:43:54:1d:0a:23:6c:f7:01:
                    5f:9a:ae:c7:54:af:a7:1f:06:fd:f9:dd:1a:b3:5c:
                    59:dc:61:15:f8:6b:0f:5a:62:c1:7c:8b:fe:7d:92:
                    95:fa:e8:46:cc:6f:0a:74:15:8f:23:d6:85:95:2f:
                    d4:b3:75:a3:38:36:c3:0a:f3:a0:7f:4a:a1:77:7f:
                    6d:67:11:a4:0c:5b:09:d2:35:f3:ef:87:99:59:46:
                    b5:63:30:73:38:65:86:ba:29:77:b8:a7:51:bc:3d:
                    35:5b:1b:3f:1d:c7:ae:05:93:b7:0d:be:10:ce:14:
                    90:66:60:d9:4c:20:7e:39:4f:ba:48:22:47:40:2a:
                    1c:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:82:D9:3E:CE:E3:AC:24:F2:88:FB:38:23:D9:75:F1:2D:50:AF:C6
            X509v3 Authority Key Identifier:
                keyid:C7:D9:14:62:C4:DC:1D:F6:A8:A3:A9:7A:1A:EE:57:A0:CC:14:EF:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x9kUYsTcHfaoo6l6Gu5XoMwU77o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/318a23-2876-46a2-af72-3497f7e2de62/1/FoLZPs7jrCTyiPs4I9l18S1Qr8Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/318a23-2876-46a2-af72-3497f7e2de62/1/x9kUYsTcHfaoo6l6Gu5XoMwU77o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.90.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         47:4f:b8:a9:78:d4:86:72:01:14:33:80:2d:90:c4:18:9f:39:
         69:ce:f6:8b:f5:c3:01:5f:dc:05:6a:67:45:7c:ac:8f:7f:aa:
         d1:45:71:db:95:c7:1f:41:07:29:78:e7:e5:e2:62:77:13:b5:
         b2:bb:d6:9b:0a:38:76:ab:61:8a:ac:7f:3c:3f:f8:a9:c5:46:
         d1:74:ba:25:47:1c:ee:64:e4:ec:24:9d:a4:2a:d3:a9:90:5f:
         11:56:ea:53:fe:97:f4:8e:cf:f8:b3:20:b7:61:76:2f:7f:ac:
         f1:b4:c5:b8:7f:c3:71:56:cf:ea:38:f6:31:fb:e3:c6:f3:e5:
         ec:5e:31:a8:cb:c9:a8:33:64:4d:5d:c6:77:94:1d:b5:d3:52:
         f8:23:11:64:99:bf:46:69:c6:16:a0:fa:ec:d4:0b:44:0b:f5:
         1e:d7:1a:a4:b8:cc:c7:d2:54:fe:6d:07:6d:3a:1d:2e:02:49:
         1b:87:83:df:b5:a4:93:a0:4f:3b:0b:f5:d5:46:47:ae:50:41:
         8a:75:b3:02:10:2a:25:73:94:4f:ba:9c:47:33:c3:3f:f4:0a:
         85:a7:fd:63:69:fe:24:34:72:7a:7d:e4:31:d3:ad:fa:0c:a6:
         1c:cb:0f:66:4d:9e:31:c9:5b:3f:e6:c7:03:04:48:3c:1a:d8:
         2a:52:b4:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSDYc5EARCtZefefu2XXzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3ZDkxNDYyYzRkYzFkZjZhOGEzYTk3YTFhZWU1N2EwY2Mx
NGVmYmEwHhcNMjUwMTAyMTM1MDMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjgyZDkzZWNlZTNhYzI0ZjI4OGZiMzgyM2Q5NzVmMTJkNTBhZmM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvlIjVW6uA+uUMBnOP+/qpyddl8CU
2nRzr9YWbUb6MWEpImocZF7Ynr6MV3iplB5phel+Msm4Irmpj9ZWa8/jL/gU7o3v
D1Xe9JB+ZJRYb2w10xxN/Wv0pHeuh38WfWthH1vNtXFAMu6n/qjJ02a9K0jGEP1Y
IvuSYPU7UsWhQ1QdCiNs9wFfmq7HVK+nHwb9+d0as1xZ3GEV+GsPWmLBfIv+fZKV
+uhGzG8KdBWPI9aFlS/Us3WjODbDCvOgf0qhd39tZxGkDFsJ0jXz74eZWUa1YzBz
OGWGuil3uKdRvD01Wxs/HceuBZO3Db4QzhSQZmDZTCB+OU+6SCJHQCocwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBaC2T7O46wk8oj7OCPZdfEtUK/GMB8GA1UdIwQY
MBaAFMfZFGLE3B32qKOpehruV6DMFO+6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDlrVVlzVGNIZmFvbzZsNkd1NVhvTXdVNzdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy8zMThhMjMtMjg3Ni00NmEyLWFmNzIt
MzQ5N2Y3ZTJkZTYyLzEvRm9MWlBzN2pyQ1R5aVBzNEk5bDE4UzFRcjhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy8zMThhMjMtMjg3Ni00NmEyLWFmNzItMzQ5N2Y3ZTJkZTYy
LzEveDlrVVlzVGNIZmFvbzZsNkd1NVhvTXdVNzdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVqUMA0G
CSqGSIb3DQEBCwUAA4IBAQBHT7ipeNSGcgEUM4AtkMQYnzlpzvaL9cMBX9wFamdF
fKyPf6rRRXHblccfQQcpeOfl4mJ3E7Wyu9abCjh2q2GKrH88P/ipxUbRdLolRxzu
ZOTsJJ2kKtOpkF8RVupT/pf0js/4syC3YXYvf6zxtMW4f8NxVs/qOPYx++PG8+Xs
XjGoy8moM2RNXcZ3lB2101L4IxFkmb9GacYWoPrs1AtEC/Ue1xqkuMzH0lT+bQdt
Oh0uAkkbh4PftaSToE87C/XVRkeuUEGKdbMCEColc5RPupxHM8M/9AqFp/1jaf4k
NHJ6feQx0636DKYcyw9mTZ4xyVs/5scDBEg8GtgqUrRl
-----END CERTIFICATE-----