Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/3314ec-8ff0-4950-858f-a051ae63dba1/1/FvmWK8AMx-teHQ5tWkhhyLwCTdQ.roa
File:                     FvmWK8AMx-teHQ5tWkhhyLwCTdQ.roa (raw, json)
Hash identifier:          coWDehO4MQ177+hdG6n28lrng5GzRH0clwFKkBo/jyg=
Subject key identifier:   16:F9:96:2B:C0:0C:C7:EB:5E:1D:0E:6D:5A:48:61:C8:BC:02:4D:D4
Certificate issuer:       /CN=be4943f5203d43460a13ad4ea9d7d5b950c613cd
Certificate serial:       019426D966DC7844955FA13055BAB787BEB9
Authority key identifier: BE:49:43:F5:20:3D:43:46:0A:13:AD:4E:A9:D7:D5:B9:50:C6:13:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vklD9SA9Q0YKE61OqdfVuVDGE80.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/3314ec-8ff0-4950-858f-a051ae63dba1/1/FvmWK8AMx-teHQ5tWkhhyLwCTdQ.roa
Signing time:             Thu 02 Jan 2025 11:49:29 +0000
ROA not before:           Thu 02 Jan 2025 11:49:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61334
IP address blocks:        93.113.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/3314ec-8ff0-4950-858f-a051ae63dba1/1/vklD9SA9Q0YKE61OqdfVuVDGE80.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/3314ec-8ff0-4950-858f-a051ae63dba1/1/vklD9SA9Q0YKE61OqdfVuVDGE80.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vklD9SA9Q0YKE61OqdfVuVDGE80.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:66:dc:78:44:95:5f:a1:30:55:ba:b7:87:be:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be4943f5203d43460a13ad4ea9d7d5b950c613cd
        Validity
            Not Before: Jan  2 11:49:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=16f9962bc00cc7eb5e1d0e6d5a4861c8bc024dd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:a7:cb:19:b6:1c:f9:25:85:38:cf:3e:d7:37:
                    fe:37:ee:39:f2:45:3c:fe:40:5e:3e:1c:0d:c8:25:
                    47:84:d9:89:8f:74:a7:ad:85:c9:1d:e5:e1:b3:98:
                    9f:37:18:75:ef:0d:33:83:39:79:1a:12:82:2f:2c:
                    60:29:dd:f5:fc:60:96:a7:06:5f:b5:be:13:e1:07:
                    23:5c:d0:1a:03:27:09:2b:04:0f:c8:3d:2a:96:fc:
                    b8:40:46:ab:28:bf:02:64:a1:07:fa:4e:e6:3a:65:
                    f9:5d:a4:80:ec:5f:ac:da:47:0a:e9:55:38:b4:51:
                    c4:62:0c:a2:56:04:d9:02:1f:fc:6a:30:6e:86:f8:
                    2e:3d:90:04:29:51:26:46:c1:bb:f4:d5:b1:d7:94:
                    a5:27:06:74:b6:14:3c:89:6b:52:66:e4:e4:95:cf:
                    47:e4:d1:7d:1d:4b:e1:2d:7c:58:5c:5b:d2:5e:d2:
                    d0:c7:35:80:9a:28:d5:dc:8b:11:65:a1:7b:f8:64:
                    7f:69:b3:7c:55:01:60:65:70:08:e4:41:57:51:3e:
                    16:f1:a8:62:74:a2:73:d5:87:d4:b4:d1:4b:ec:3a:
                    ff:99:b3:49:1b:74:e4:dc:35:6e:b6:41:c8:8f:30:
                    96:1c:10:07:e7:7a:ab:d6:74:08:40:86:76:ac:39:
                    22:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:F9:96:2B:C0:0C:C7:EB:5E:1D:0E:6D:5A:48:61:C8:BC:02:4D:D4
            X509v3 Authority Key Identifier:
                keyid:BE:49:43:F5:20:3D:43:46:0A:13:AD:4E:A9:D7:D5:B9:50:C6:13:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vklD9SA9Q0YKE61OqdfVuVDGE80.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/3314ec-8ff0-4950-858f-a051ae63dba1/1/FvmWK8AMx-teHQ5tWkhhyLwCTdQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/3314ec-8ff0-4950-858f-a051ae63dba1/1/vklD9SA9Q0YKE61OqdfVuVDGE80.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.113.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:7b:70:ad:d2:86:3c:e9:7a:55:87:b9:c1:52:6e:c8:43:18:
         bc:a3:a0:82:86:08:43:0e:f2:8d:c7:d1:bc:0d:8d:66:83:aa:
         21:c4:74:c2:da:16:c6:3f:45:fb:2f:40:f1:b7:65:a3:c4:c8:
         e4:34:c4:d2:a9:43:da:e7:07:6c:98:45:a1:a1:71:27:fc:ea:
         38:1b:da:fc:b8:00:ba:93:87:41:95:eb:05:f1:c3:06:78:0b:
         b9:8b:6c:8d:2b:d8:fa:1b:76:72:87:1d:ae:0c:ed:d7:a2:ba:
         15:0d:62:02:73:bb:bc:56:62:78:07:79:83:f1:f4:25:20:13:
         b4:45:31:d0:e9:b1:46:5e:bd:8d:b4:65:83:18:69:58:1c:57:
         1e:dc:00:28:de:9d:a8:d5:37:3f:58:6d:fd:02:c3:ff:de:2a:
         2d:61:cb:68:c6:2c:7c:aa:b5:42:9b:46:70:fb:11:28:c6:fa:
         75:9f:55:1d:23:d6:75:6a:a0:e8:6e:76:5a:ce:73:95:4f:6f:
         65:13:69:73:c7:b9:5b:2a:30:a3:fe:c1:ba:0e:69:db:57:ac:
         0f:4d:eb:34:59:59:a5:b5:2b:4c:a3:5e:c0:23:4e:e8:1c:43:
         c7:b1:c6:57:34:96:ed:16:e6:a8:d3:53:58:ca:52:68:f6:b5:
         fd:28:82:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2WbceESVX6EwVbq3h765MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNDk0M2Y1MjAzZDQzNDYwYTEzYWQ0ZWE5ZDdkNWI5NTBj
NjEzY2QwHhcNMjUwMTAyMTE0OTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmY5OTYyYmMwMGNjN2ViNWUxZDBlNmQ1YTQ4NjFjOGJjMDI0ZGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6fLGbYc+SWFOM8+1zf+N+458kU8
/kBePhwNyCVHhNmJj3SnrYXJHeXhs5ifNxh17w0zgzl5GhKCLyxgKd31/GCWpwZf
tb4T4QcjXNAaAycJKwQPyD0qlvy4QEarKL8CZKEH+k7mOmX5XaSA7F+s2kcK6VU4
tFHEYgyiVgTZAh/8ajBuhvguPZAEKVEmRsG79NWx15SlJwZ0thQ8iWtSZuTklc9H
5NF9HUvhLXxYXFvSXtLQxzWAmijV3IsRZaF7+GR/abN8VQFgZXAI5EFXUT4W8ahi
dKJz1YfUtNFL7Dr/mbNJG3Tk3DVutkHIjzCWHBAH53qr1nQIQIZ2rDkiOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBb5livADMfrXh0ObVpIYci8Ak3UMB8GA1UdIwQY
MBaAFL5JQ/UgPUNGChOtTqnX1blQxhPNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmtsRDlTQTlRMFlLRTYxT3FkZlZ1VkRHRTgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8zMzE0ZWMtOGZmMC00OTUwLTg1OGYt
YTA1MWFlNjNkYmExLzEvRnZtV0s4QU14LXRlSFE1dFdraGh5THdDVGRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8zMzE0ZWMtOGZmMC00OTUwLTg1OGYtYTA1MWFlNjNkYmEx
LzEvdmtsRDlTQTlRMFlLRTYxT3FkZlZ1VkRHRTgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXXGfMA0G
CSqGSIb3DQEBCwUAA4IBAQAIe3Ct0oY86XpVh7nBUm7IQxi8o6CChghDDvKNx9G8
DY1mg6ohxHTC2hbGP0X7L0Dxt2WjxMjkNMTSqUPa5wdsmEWhoXEn/Oo4G9r8uAC6
k4dBlesF8cMGeAu5i2yNK9j6G3Zyhx2uDO3XoroVDWICc7u8VmJ4B3mD8fQlIBO0
RTHQ6bFGXr2NtGWDGGlYHFce3AAo3p2o1Tc/WG39AsP/3iotYctoxix8qrVCm0Zw
+xEoxvp1n1UdI9Z1aqDobnZaznOVT29lE2lzx7lbKjCj/sG6DmnbV6wPTes0WVml
tStMo17AI07oHEPHscZXNJbtFuao01NYylJo9rX9KIJ6
-----END CERTIFICATE-----