Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/39a022-faed-4376-8be6-2a5e98abd1f3/1/FMgcehrq11NYnach5jymNFMSCJo.roa
File:                     FMgcehrq11NYnach5jymNFMSCJo.roa (raw, json)
Hash identifier:          23485LoqiVIG63SHNB561yBglraAa3rXuSfMUv494ng=
Subject key identifier:   14:C8:1C:7A:1A:EA:D7:53:58:9D:A7:21:E6:3C:A6:34:53:12:08:9A
Certificate issuer:       /CN=c6ff541cf364193a2a00ada14244acd34c14038a
Certificate serial:       019426D9BED876931BBE18AECF90E0F83562
Authority key identifier: C6:FF:54:1C:F3:64:19:3A:2A:00:AD:A1:42:44:AC:D3:4C:14:03:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xv9UHPNkGToqAK2hQkSs00wUA4o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/39a022-faed-4376-8be6-2a5e98abd1f3/1/FMgcehrq11NYnach5jymNFMSCJo.roa
Signing time:             Thu 02 Jan 2025 11:49:51 +0000
ROA not before:           Thu 02 Jan 2025 11:49:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39249
IP address blocks:        193.104.254.0/24 maxlen: 24
                          2001:67c:1874::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/39a022-faed-4376-8be6-2a5e98abd1f3/1/xv9UHPNkGToqAK2hQkSs00wUA4o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/39a022-faed-4376-8be6-2a5e98abd1f3/1/xv9UHPNkGToqAK2hQkSs00wUA4o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xv9UHPNkGToqAK2hQkSs00wUA4o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 11:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:be:d8:76:93:1b:be:18:ae:cf:90:e0:f8:35:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6ff541cf364193a2a00ada14244acd34c14038a
        Validity
            Not Before: Jan  2 11:49:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=14c81c7a1aead753589da721e63ca6345312089a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:a0:b1:53:22:25:0d:bb:9c:37:b8:1a:1e:af:
                    29:28:9c:2e:80:b7:34:8c:a1:99:f5:5c:57:d5:0b:
                    e2:84:29:58:92:45:b8:58:35:1b:07:cd:2b:62:4d:
                    28:43:73:57:93:3e:d3:1b:1b:fa:fd:94:bf:e8:35:
                    13:c1:30:33:30:50:2a:f6:7c:4d:d7:59:c0:e7:8a:
                    5a:e3:da:8a:83:bb:1e:73:3d:81:08:f1:bb:0e:dc:
                    b8:56:3a:d6:60:b3:c7:ed:c6:7d:2b:49:49:f6:2c:
                    61:87:ee:ef:c0:6e:5b:ec:db:53:4a:be:32:ac:e6:
                    ec:b3:d3:db:41:ee:2a:3d:f6:21:55:e4:4f:c7:ed:
                    b3:a7:d4:67:35:47:36:d9:d1:bf:39:bf:57:00:68:
                    27:2e:3b:64:9c:96:55:69:59:f6:97:4c:67:ef:ee:
                    b9:71:f2:67:43:7b:79:93:3e:af:3d:ef:86:49:59:
                    d1:8c:35:f2:22:04:27:21:63:50:8e:1f:dc:f1:91:
                    5f:6f:a5:be:7e:b8:88:ba:28:22:ba:01:77:37:4a:
                    d1:ba:63:dc:ad:08:68:d7:c0:b3:87:67:12:a7:82:
                    a3:e6:33:15:ac:07:95:6b:0f:d8:b6:66:ea:61:c8:
                    d5:42:d1:bd:76:e1:ff:43:cf:76:39:c5:9f:bb:a7:
                    72:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:C8:1C:7A:1A:EA:D7:53:58:9D:A7:21:E6:3C:A6:34:53:12:08:9A
            X509v3 Authority Key Identifier:
                keyid:C6:FF:54:1C:F3:64:19:3A:2A:00:AD:A1:42:44:AC:D3:4C:14:03:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xv9UHPNkGToqAK2hQkSs00wUA4o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/39a022-faed-4376-8be6-2a5e98abd1f3/1/FMgcehrq11NYnach5jymNFMSCJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/39a022-faed-4376-8be6-2a5e98abd1f3/1/xv9UHPNkGToqAK2hQkSs00wUA4o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.254.0/24
                IPv6:
                  2001:67c:1874::/48

    Signature Algorithm: sha256WithRSAEncryption
         94:4e:95:76:35:b9:3a:10:fb:37:ad:7a:e0:53:1b:14:31:c4:
         9f:03:8c:e3:ee:84:36:d5:f2:1f:21:5c:9a:93:09:15:f7:d5:
         1f:4b:e2:47:42:f9:74:83:d6:af:b1:51:5d:7a:75:5a:3e:87:
         8a:6b:2d:bb:2f:93:af:22:e9:47:a0:28:04:ef:9d:d9:bc:ec:
         35:31:a3:91:b4:c8:d2:6f:f6:da:67:8e:dc:07:a3:e9:ae:66:
         3b:6a:17:3a:2c:f9:fa:43:22:8e:31:91:b2:d8:dc:71:ac:bf:
         09:a2:c2:1a:a7:16:d1:b0:60:23:46:9b:eb:3f:93:6c:7a:5f:
         a5:be:2a:64:06:74:7d:ab:26:a9:d3:f0:15:42:9e:41:76:10:
         44:b7:2e:c4:dc:6c:83:54:37:36:38:53:4e:83:91:a9:73:4d:
         9d:56:c8:6a:61:59:95:43:99:2b:80:7b:54:2d:84:f9:ba:f5:
         17:35:a3:e5:b0:f6:e6:09:98:61:72:a2:3d:f3:36:b3:e4:3c:
         2c:75:06:d8:bc:0e:84:4a:3e:77:35:e9:42:27:e2:2b:be:56:
         b3:12:c8:3a:8a:cc:ed:da:cf:4c:39:a0:b7:b1:65:60:cd:4f:
         af:dc:4e:ab:4b:6d:45:4c:71:aa:c3:b3:cf:50:04:af:41:5d:
         74:c5:66:85
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQm2b7YdpMbvhiuz5Dg+DViMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2ZmY1NDFjZjM2NDE5M2EyYTAwYWRhMTQyNDRhY2QzNGMx
NDAzOGEwHhcNMjUwMTAyMTE0OTUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGM4MWM3YTFhZWFkNzUzNTg5ZGE3MjFlNjNjYTYzNDUzMTIwODlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz6CxUyIlDbucN7gaHq8pKJwugLc0
jKGZ9VxX1QvihClYkkW4WDUbB80rYk0oQ3NXkz7TGxv6/ZS/6DUTwTAzMFAq9nxN
11nA54pa49qKg7secz2BCPG7Dty4VjrWYLPH7cZ9K0lJ9ixhh+7vwG5b7NtTSr4y
rObss9PbQe4qPfYhVeRPx+2zp9RnNUc22dG/Ob9XAGgnLjtknJZVaVn2l0xn7+65
cfJnQ3t5kz6vPe+GSVnRjDXyIgQnIWNQjh/c8ZFfb6W+friIuigiugF3N0rRumPc
rQho18Czh2cSp4Kj5jMVrAeVaw/YtmbqYcjVQtG9duH/Q892OcWfu6dypwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBTIHHoa6tdTWJ2nIeY8pjRTEgiaMB8GA1UdIwQY
MBaAFMb/VBzzZBk6KgCtoUJErNNMFAOKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHY5VUhQTmtHVG9xQUsyaFFrU3MwMHdVQTRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC8zOWEwMjItZmFlZC00Mzc2LThiZTYt
MmE1ZTk4YWJkMWYzLzEvRk1nY2VocnExMU5ZbmFjaDVqeW1ORk1TQ0pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC8zOWEwMjItZmFlZC00Mzc2LThiZTYtMmE1ZTk4YWJkMWYz
LzEveHY5VUhQTmtHVG9xQUsyaFFrU3MwMHdVQTRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwWj+MA8E
AgACMAkDBwAgAQZ8GHQwDQYJKoZIhvcNAQELBQADggEBAJROlXY1uToQ+zeteuBT
GxQxxJ8DjOPuhDbV8h8hXJqTCRX31R9L4kdC+XSD1q+xUV16dVo+h4prLbsvk68i
6UegKATvndm87DUxo5G0yNJv9tpnjtwHo+muZjtqFzos+fpDIo4xkbLY3HGsvwmi
whqnFtGwYCNGm+s/k2x6X6W+KmQGdH2rJqnT8BVCnkF2EES3LsTcbINUNzY4U06D
kalzTZ1WyGphWZVDmSuAe1QthPm69Rc1o+Ww9uYJmGFyoj3zNrPkPCx1Bti8DoRK
Pnc16UIn4iu+VrMSyDqKzO3az0w5oLexZWDNT6/cTqtLbUVMcarDs89QBK9BXXTF
ZoU=
-----END CERTIFICATE-----