Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/fuKyxGw_5UKeL4AWKKV3APO-jXs.roa
File:                     fuKyxGw_5UKeL4AWKKV3APO-jXs.roa (raw, json)
Hash identifier:          1i6kDmcAC1XA98X8VCsAJMMtYyeOaBwcuGwbyAjYXgY=
Subject key identifier:   7E:E2:B2:C4:6C:3F:E5:42:9E:2F:80:16:28:A5:77:00:F3:BE:8D:7B
Certificate issuer:       /CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
Certificate serial:       0194244524F84A840D380B1C34394BE1A28F
Authority key identifier: 07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/fuKyxGw_5UKeL4AWKKV3APO-jXs.roa
Signing time:             Wed 01 Jan 2025 23:48:18 +0000
ROA not before:           Wed 01 Jan 2025 23:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49993
IP address blocks:        87.251.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 18:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:24:f8:4a:84:0d:38:0b:1c:34:39:4b:e1:a2:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
        Validity
            Not Before: Jan  1 23:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7ee2b2c46c3fe5429e2f801628a57700f3be8d7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:23:0e:1d:26:26:87:34:88:6e:dc:d6:fd:cc:
                    13:28:9b:69:3e:5c:f2:34:ad:3a:ca:15:e6:a7:e6:
                    cb:ab:bc:af:ae:e4:a3:2a:f5:04:d7:4c:d5:87:71:
                    84:74:56:28:08:3c:cd:6a:c4:4d:80:62:19:26:4f:
                    04:2d:2d:23:ec:fb:07:e4:03:36:73:fd:57:3a:cd:
                    ee:65:d3:14:3a:79:75:6a:4d:66:7e:51:95:27:44:
                    d3:66:86:8f:be:52:da:f4:b6:58:a5:e7:00:e7:dd:
                    82:89:c1:c0:02:2b:ce:86:8e:25:db:d6:50:86:88:
                    8c:ef:b4:d5:b6:22:35:f2:7f:95:dd:09:3d:02:03:
                    2a:25:f1:73:cb:c7:cb:5b:27:fa:d4:91:58:9a:b1:
                    6c:f1:83:1c:61:ef:6a:1c:81:f0:2e:cd:1b:a8:27:
                    c0:04:64:9b:91:19:91:0d:ad:b3:9f:14:bd:d7:f5:
                    fd:f8:f8:ba:b7:d4:3b:24:d4:07:6d:c8:89:46:31:
                    00:79:87:6a:73:27:4b:96:f6:33:6f:d6:94:1d:98:
                    b7:a8:dd:41:8b:53:e3:db:dc:c5:46:8d:7a:66:de:
                    8e:44:f0:6e:eb:2c:76:21:fd:1f:6b:34:11:b2:e9:
                    a7:f9:44:1f:9e:35:67:12:1f:be:7d:fd:fa:80:d9:
                    05:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:E2:B2:C4:6C:3F:E5:42:9E:2F:80:16:28:A5:77:00:F3:BE:8D:7B
            X509v3 Authority Key Identifier:
                keyid:07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/fuKyxGw_5UKeL4AWKKV3APO-jXs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.251.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:8f:03:51:d8:fa:5a:5b:28:0d:e4:8a:3a:a6:36:53:4d:43:
         06:9e:3d:1f:b6:22:63:e5:f6:11:18:e3:ad:3a:51:1d:26:5b:
         d8:1a:30:cb:68:f2:0c:5e:25:20:63:ef:32:ce:23:50:0c:88:
         bd:3a:46:84:66:f1:89:e6:26:e4:d1:e8:0a:fd:d0:16:e3:68:
         e0:21:56:be:d2:f5:a5:23:d3:23:b2:6f:5a:3a:13:c5:27:3c:
         63:f9:45:93:0b:79:54:c1:43:29:50:7c:1a:8e:aa:cb:fe:ff:
         7d:98:26:a1:73:4b:01:0e:dc:5a:28:70:08:da:86:a2:b3:b1:
         20:5b:c6:19:1c:6e:8f:a2:fd:df:da:6a:c4:7b:76:94:16:42:
         0c:35:63:cc:86:6c:67:a8:e5:65:d2:6e:75:d6:d2:47:f1:74:
         5a:4d:39:1f:f9:7c:57:b8:84:46:94:e0:6c:b0:d7:83:0b:32:
         da:0d:5a:34:84:8b:91:74:b6:4e:98:82:4b:71:3e:77:5d:73:
         cf:11:1b:64:9e:85:49:e4:ba:22:95:6a:a7:ac:62:c1:83:83:
         93:12:be:cc:91:c5:0b:a6:c8:c7:77:91:79:72:21:c2:57:c3:
         28:70:4c:a7:bb:c8:e2:29:7c:d2:4e:7b:a2:2d:e2:3d:09:28:
         95:d3:91:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRST4SoQNOAscNDlL4aKPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3M2I0YzEyNDhjNGJjZjIyYjA1NzdkZmNhOWIxNGQ5MDYz
YzI4YzAwHhcNMjUwMTAxMjM0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWUyYjJjNDZjM2ZlNTQyOWUyZjgwMTYyOGE1NzcwMGYzYmU4ZDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSMOHSYmhzSIbtzW/cwTKJtpPlzy
NK06yhXmp+bLq7yvruSjKvUE10zVh3GEdFYoCDzNasRNgGIZJk8ELS0j7PsH5AM2
c/1XOs3uZdMUOnl1ak1mflGVJ0TTZoaPvlLa9LZYpecA592CicHAAivOho4l29ZQ
hoiM77TVtiI18n+V3Qk9AgMqJfFzy8fLWyf61JFYmrFs8YMcYe9qHIHwLs0bqCfA
BGSbkRmRDa2znxS91/X9+Pi6t9Q7JNQHbciJRjEAeYdqcydLlvYzb9aUHZi3qN1B
i1Pj29zFRo16Zt6ORPBu6yx2If0fazQRsumn+UQfnjVnEh++ff36gNkFYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH7issRsP+VCni+AFiildwDzvo17MB8GA1UdIwQY
MBaAFAc7TBJIxLzyKwV338qbFNkGPCjAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQt
YThkMzYxY2U2NGFhLzEvZnVLeXhHd181VUtlTDRBV0tLVjNBUE8talhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQtYThkMzYxY2U2NGFh
LzEvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/tMMA0G
CSqGSIb3DQEBCwUAA4IBAQBbjwNR2PpaWygN5Io6pjZTTUMGnj0ftiJj5fYRGOOt
OlEdJlvYGjDLaPIMXiUgY+8yziNQDIi9OkaEZvGJ5ibk0egK/dAW42jgIVa+0vWl
I9Mjsm9aOhPFJzxj+UWTC3lUwUMpUHwajqrL/v99mCahc0sBDtxaKHAI2oais7Eg
W8YZHG6Pov3f2mrEe3aUFkIMNWPMhmxnqOVl0m511tJH8XRaTTkf+XxXuIRGlOBs
sNeDCzLaDVo0hIuRdLZOmIJLcT53XXPPERtknoVJ5LoilWqnrGLBg4OTEr7MkcUL
psjHd5F5ciHCV8MocEynu8jiKXzSTnuiLeI9CSiV05E/
-----END CERTIFICATE-----