Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/FKR564PBXHZhO200gKtJmy1J_lU.roa
File:                     FKR564PBXHZhO200gKtJmy1J_lU.roa (raw, json)
Hash identifier:          6Z+0zLNl2VzNHVY2loSHmu/QRjxkdnSumPCsKeUXb/o=
Subject key identifier:   14:A4:79:EB:83:C1:5C:76:61:3B:6D:34:80:AB:49:9B:2D:49:FE:55
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       01942746A607C006510F70643ABA51B349AB
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/FKR564PBXHZhO200gKtJmy1J_lU.roa
Signing time:             Thu 02 Jan 2025 13:48:48 +0000
ROA not before:           Thu 02 Jan 2025 13:48:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200456
IP address blocks:        188.132.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 01:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:46:a6:07:c0:06:51:0f:70:64:3a:ba:51:b3:49:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Jan  2 13:48:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=14a479eb83c15c76613b6d3480ab499b2d49fe55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:2c:b9:ad:b4:2b:2f:a4:9c:0f:cb:94:6c:26:
                    6f:f5:22:22:7d:98:51:31:fe:c0:6b:dd:8b:24:ae:
                    c5:79:4c:90:f4:ed:ad:c9:3a:50:62:0c:85:b9:de:
                    bf:ab:a3:b6:d2:f3:b3:1c:82:71:9d:cd:e7:12:61:
                    89:4b:31:9f:cd:ad:35:d1:74:fb:f5:33:13:46:7e:
                    0d:c7:ed:22:54:f2:70:06:5a:81:f6:23:34:c7:58:
                    cf:4a:fa:37:ad:04:0f:5a:67:7d:dd:00:65:9b:75:
                    c2:32:62:99:59:ed:55:23:c3:b7:94:40:a9:1f:b4:
                    ee:af:a0:9c:53:f9:b2:b1:b6:2c:ad:41:e4:e8:00:
                    cb:32:34:04:04:4b:61:1a:0b:7b:d2:f3:5c:4e:5a:
                    dc:33:01:9d:17:ea:04:17:82:52:2c:bd:0b:85:90:
                    57:74:93:8e:6b:06:d3:e4:ec:a7:af:fc:f5:c9:45:
                    a5:fc:e6:91:2f:c7:1b:8e:82:17:0a:f0:f1:93:b3:
                    a1:b8:bb:7d:e8:c0:24:15:97:26:30:3d:2e:20:69:
                    0d:90:77:5a:a1:a5:bb:fd:42:cf:ea:95:4d:58:41:
                    76:32:b8:95:e4:f4:2d:d7:7f:9c:e3:90:85:4b:56:
                    08:63:45:30:fe:90:a5:83:b8:47:3e:26:ca:f9:97:
                    bd:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:A4:79:EB:83:C1:5C:76:61:3B:6D:34:80:AB:49:9B:2D:49:FE:55
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/FKR564PBXHZhO200gKtJmy1J_lU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.132.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:e1:02:05:92:94:f3:e9:61:23:16:31:b7:70:79:98:0e:e2:
         aa:93:6c:52:4e:c4:8e:68:07:d7:57:9a:0f:a7:24:e4:0d:bc:
         8b:e4:f7:1e:5a:90:60:83:dd:97:93:b4:ef:dc:e5:db:bc:0b:
         25:d8:30:44:c2:9f:48:42:69:2c:49:06:49:ca:bc:25:bc:fb:
         ef:78:f4:f9:8a:ab:a8:93:ad:96:bc:b6:48:e6:37:91:b9:42:
         5e:d8:a1:29:f5:d9:39:e1:e6:a0:55:8e:06:2d:dc:b9:7a:74:
         a5:c7:76:80:3a:7b:d0:b3:64:69:24:5f:3d:90:0a:ed:f8:2b:
         c5:68:1b:d2:ec:49:23:fc:38:e7:32:bd:7b:03:80:4e:45:67:
         a8:e5:d2:fd:44:05:32:56:0d:07:32:a3:87:95:7c:f0:f1:78:
         50:b9:96:0b:1a:0b:46:c8:eb:e4:e2:79:01:de:90:ee:87:7f:
         77:44:ae:b4:f3:5d:e7:88:15:d6:4c:6e:b3:05:b6:95:c5:9b:
         fc:fb:77:2a:c7:7b:75:e1:67:e3:2e:36:19:6a:8e:77:45:b0:
         62:09:5c:fe:af:fa:c6:6a:a9:c0:0e:f5:5c:30:15:a1:40:29:
         d2:0e:8c:9d:34:0c:ec:47:9d:d1:fd:01:53:d6:d0:cd:75:62:
         81:bc:cf:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnRqYHwAZRD3BkOrpRs0mrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjUwMTAyMTM0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGE0NzllYjgzYzE1Yzc2NjEzYjZkMzQ4MGFiNDk5YjJkNDlmZTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtiy5rbQrL6ScD8uUbCZv9SIifZhR
Mf7Aa92LJK7FeUyQ9O2tyTpQYgyFud6/q6O20vOzHIJxnc3nEmGJSzGfza010XT7
9TMTRn4Nx+0iVPJwBlqB9iM0x1jPSvo3rQQPWmd93QBlm3XCMmKZWe1VI8O3lECp
H7Tur6CcU/mysbYsrUHk6ADLMjQEBEthGgt70vNcTlrcMwGdF+oEF4JSLL0LhZBX
dJOOawbT5Oynr/z1yUWl/OaRL8cbjoIXCvDxk7OhuLt96MAkFZcmMD0uIGkNkHda
oaW7/ULP6pVNWEF2MriV5PQt13+c45CFS1YIY0Uw/pClg7hHPibK+Ze9xQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBSkeeuDwVx2YTttNICrSZstSf5VMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvRktSNTY0UEJYSFpoTzIwMGdLdEpteTFKX2xVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvITmMA0G
CSqGSIb3DQEBCwUAA4IBAQCR4QIFkpTz6WEjFjG3cHmYDuKqk2xSTsSOaAfXV5oP
pyTkDbyL5PceWpBgg92Xk7Tv3OXbvAsl2DBEwp9IQmksSQZJyrwlvPvvePT5iquo
k62WvLZI5jeRuUJe2KEp9dk54eagVY4GLdy5enSlx3aAOnvQs2RpJF89kArt+CvF
aBvS7Ekj/DjnMr17A4BORWeo5dL9RAUyVg0HMqOHlXzw8XhQuZYLGgtGyOvk4nkB
3pDuh393RK60813niBXWTG6zBbaVxZv8+3cqx3t14WfjLjYZao53RbBiCVz+r/rG
aqnADvVcMBWhQCnSDoydNAzsR53R/QFT1tDNdWKBvM9w
-----END CERTIFICATE-----