Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/FPzxN2ymmUH78y5haV0PaZXdLVY.roa
File:                     FPzxN2ymmUH78y5haV0PaZXdLVY.roa (raw, json)
Hash identifier:          DdUQ7lpUro6lEFuSiN9fKQg9b9UllNMKrwO6ynxkjos=
Subject key identifier:   14:FC:F1:37:6C:A6:99:41:FB:F3:2E:61:69:5D:0F:69:95:DD:2D:56
Certificate issuer:       /CN=9868a1992bb8037dde81d0c8cdc0695fcee17c27
Certificate serial:       0194236A4C571A7A510A2F9E92E314CAC07E
Authority key identifier: 98:68:A1:99:2B:B8:03:7D:DE:81:D0:C8:CD:C0:69:5F:CE:E1:7C:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mGihmSu4A33egdDIzcBpX87hfCc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/FPzxN2ymmUH78y5haV0PaZXdLVY.roa
Signing time:             Wed 01 Jan 2025 19:49:16 +0000
ROA not before:           Wed 01 Jan 2025 19:49:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     268624
IP address blocks:        80.94.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/mGihmSu4A33egdDIzcBpX87hfCc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/mGihmSu4A33egdDIzcBpX87hfCc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mGihmSu4A33egdDIzcBpX87hfCc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:4c:57:1a:7a:51:0a:2f:9e:92:e3:14:ca:c0:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9868a1992bb8037dde81d0c8cdc0695fcee17c27
        Validity
            Not Before: Jan  1 19:49:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=14fcf1376ca69941fbf32e61695d0f6995dd2d56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:9b:c2:fb:25:e0:ab:7a:f8:60:08:a7:70:9a:
                    6e:0a:95:3e:c9:a5:e1:ea:0a:a4:22:f4:45:e1:e3:
                    cf:d0:d1:cf:7c:32:44:0c:ad:e9:a1:6f:0a:5b:44:
                    c9:fc:f7:7c:56:04:ea:6e:3f:bc:e2:40:47:b7:7f:
                    9e:cb:b8:37:3f:5f:21:45:43:7c:0a:c4:23:9c:91:
                    39:5c:a1:3b:98:6c:4d:54:5c:99:0e:58:be:9a:e2:
                    9f:ee:ca:dd:0b:e0:6e:6f:10:cc:1d:7a:90:1f:51:
                    07:a9:15:7c:3b:6d:bd:fa:c0:43:84:51:57:65:bc:
                    9c:11:ab:22:c2:ad:24:c2:20:bf:11:ae:e6:51:fb:
                    cb:2a:dd:bd:9a:f0:73:fe:7b:04:a7:3e:fa:c3:42:
                    9c:3c:8d:33:3d:53:35:bb:dc:81:6b:74:be:c5:21:
                    58:78:3b:f1:fa:7d:88:3d:a9:b7:bf:f7:91:83:c4:
                    b0:6c:6b:b7:a9:74:c5:db:be:69:e0:11:37:c2:ad:
                    7c:8f:55:b6:b0:0a:8a:51:87:c4:99:e5:d9:fc:6d:
                    a5:4b:b3:b6:d9:8a:c4:a5:20:d2:7f:69:0e:5c:7c:
                    6c:ac:df:2f:31:21:a0:d8:fa:e6:4f:ab:5e:1d:ee:
                    c7:2d:bd:92:6d:ae:53:8d:fb:48:85:41:89:19:1c:
                    30:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:FC:F1:37:6C:A6:99:41:FB:F3:2E:61:69:5D:0F:69:95:DD:2D:56
            X509v3 Authority Key Identifier:
                keyid:98:68:A1:99:2B:B8:03:7D:DE:81:D0:C8:CD:C0:69:5F:CE:E1:7C:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mGihmSu4A33egdDIzcBpX87hfCc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/FPzxN2ymmUH78y5haV0PaZXdLVY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/mGihmSu4A33egdDIzcBpX87hfCc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.94.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:7b:9e:d6:c1:38:33:4b:e1:4d:5b:52:d7:9a:97:b6:65:51:
         2d:ac:09:15:b6:9d:95:43:88:95:32:c8:3a:2c:7d:ba:dd:94:
         bb:42:7a:60:85:14:04:f1:2e:8a:e3:2d:af:9e:20:49:ed:f1:
         c6:eb:85:b7:89:64:6d:cc:25:64:5a:d0:a6:a9:48:71:e0:b4:
         b4:a2:c1:94:0d:50:9e:91:65:a2:4e:af:b9:0e:58:34:34:5f:
         04:48:e0:38:73:1a:17:d6:94:7c:70:c4:b7:0b:07:fc:bf:fe:
         b2:8a:78:ce:9a:94:9f:22:0b:32:b7:65:ad:b0:0b:b0:87:db:
         65:2e:f9:d7:a0:9d:13:11:23:5a:d8:1c:38:c7:54:d1:71:65:
         4e:ce:95:8b:26:47:23:e7:a7:17:46:8a:a9:6e:77:4b:b1:95:
         a4:8b:34:bd:ef:2f:0e:7b:f5:18:52:a2:e4:d0:b6:f4:7f:92:
         59:86:6e:f9:92:17:5f:4d:84:c5:df:62:59:42:cc:a3:42:8c:
         11:2f:77:8f:b5:e1:04:d5:df:aa:e9:b2:32:a4:3d:88:8b:a2:
         c3:7d:a1:6b:c6:64:aa:56:28:9b:f5:05:67:7e:7c:58:17:03:
         6a:ff:db:4d:0a:6c:a0:1c:84:11:64:51:72:7e:0b:8e:9a:39:
         1d:76:64:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjakxXGnpRCi+ekuMUysB+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4NjhhMTk5MmJiODAzN2RkZTgxZDBjOGNkYzA2OTVmY2Vl
MTdjMjcwHhcNMjUwMTAxMTk0OTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGZjZjEzNzZjYTY5OTQxZmJmMzJlNjE2OTVkMGY2OTk1ZGQyZDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZvC+yXgq3r4YAincJpuCpU+yaXh
6gqkIvRF4ePP0NHPfDJEDK3poW8KW0TJ/Pd8VgTqbj+84kBHt3+ey7g3P18hRUN8
CsQjnJE5XKE7mGxNVFyZDli+muKf7srdC+BubxDMHXqQH1EHqRV8O229+sBDhFFX
ZbycEasiwq0kwiC/Ea7mUfvLKt29mvBz/nsEpz76w0KcPI0zPVM1u9yBa3S+xSFY
eDvx+n2IPam3v/eRg8SwbGu3qXTF275p4BE3wq18j1W2sAqKUYfEmeXZ/G2lS7O2
2YrEpSDSf2kOXHxsrN8vMSGg2PrmT6teHe7HLb2Sba5TjftIhUGJGRwwQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBT88TdspplB+/MuYWldD2mV3S1WMB8GA1UdIwQY
MBaAFJhooZkruAN93oHQyM3AaV/O4XwnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUdpaG1TdTRBMzNlZ2RESXpjQnBYODdoZkNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC82YjIyZTYtMzUyZi00ZTg4LTgyN2It
ZDc4ZDU2MzFkN2Y2LzEvRlB6eE4yeW1tVUg3OHk1aGFWMFBhWlhkTFZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC82YjIyZTYtMzUyZi00ZTg4LTgyN2ItZDc4ZDU2MzFkN2Y2
LzEvbUdpaG1TdTRBMzNlZ2RESXpjQnBYODdoZkNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUF5aMA0G
CSqGSIb3DQEBCwUAA4IBAQC3e57WwTgzS+FNW1LXmpe2ZVEtrAkVtp2VQ4iVMsg6
LH263ZS7QnpghRQE8S6K4y2vniBJ7fHG64W3iWRtzCVkWtCmqUhx4LS0osGUDVCe
kWWiTq+5Dlg0NF8ESOA4cxoX1pR8cMS3Cwf8v/6yinjOmpSfIgsyt2WtsAuwh9tl
LvnXoJ0TESNa2Bw4x1TRcWVOzpWLJkcj56cXRoqpbndLsZWkizS97y8Oe/UYUqLk
0Lb0f5JZhm75khdfTYTF32JZQsyjQowRL3ePteEE1d+q6bIypD2Ii6LDfaFrxmSq
Viib9QVnfnxYFwNq/9tNCmygHIQRZFFyfguOmjkddmQ9
-----END CERTIFICATE-----