Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/FS_GNK3l1OJseNYkCQLfMfvNBM4.roa
File:                     FS_GNK3l1OJseNYkCQLfMfvNBM4.roa (raw, json)
Hash identifier:          IRPkEMlTeU5L3hzvv7bnuvalQQ6TpdnhHt4AVFBZ99A=
Subject key identifier:   15:2F:C6:34:AD:E5:D4:E2:6C:78:D6:24:09:02:DF:31:FB:CD:04:CE
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425220C7FBEA1F1BEF675614012DF07E0
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/FS_GNK3l1OJseNYkCQLfMfvNBM4.roa
Signing time:             Thu 02 Jan 2025 03:49:35 +0000
ROA not before:           Thu 02 Jan 2025 03:49:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202656
IP address blocks:        146.19.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:0c:7f:be:a1:f1:be:f6:75:61:40:12:df:07:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=152fc634ade5d4e26c78d6240902df31fbcd04ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:1e:08:80:83:ba:8f:11:b4:8b:68:97:3b:70:
                    6a:e3:24:3b:4e:15:f6:ee:83:46:db:c8:cf:b6:cf:
                    a8:5e:f5:57:4b:46:78:27:82:f8:d8:b3:50:6a:63:
                    2e:60:94:bb:ae:c5:f8:fa:d9:6d:23:f6:f0:ba:f9:
                    00:7f:36:d2:60:f4:30:6d:bf:3a:ec:03:57:86:4c:
                    d8:87:65:5d:9f:50:69:ec:76:7f:88:21:d1:5b:8d:
                    06:f0:d4:0b:3c:b8:c1:8f:ae:a7:3f:23:a6:0c:1a:
                    04:75:f4:dc:3c:69:ee:bd:da:cf:b9:26:94:5b:b1:
                    6e:56:1a:fa:7b:d9:74:74:4a:53:7c:45:f8:36:b7:
                    97:13:81:69:43:cb:7a:b7:63:a1:f2:92:90:a0:99:
                    54:94:3f:c7:8f:61:c3:81:66:b0:71:00:f4:b3:65:
                    18:84:9b:4d:90:d3:e8:7a:23:84:26:2c:36:0a:3a:
                    43:42:ee:39:29:8a:4b:c8:bf:17:ec:fb:ee:f0:c4:
                    53:67:ac:ac:cc:77:61:45:8d:ec:b0:da:85:f5:46:
                    78:e9:84:e8:a8:21:6b:ec:24:e8:f4:65:be:8e:13:
                    90:74:09:26:0d:19:46:e0:ef:e8:94:ab:55:5f:15:
                    3a:a4:25:50:29:75:51:22:d4:c5:45:3e:83:71:62:
                    9c:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:2F:C6:34:AD:E5:D4:E2:6C:78:D6:24:09:02:DF:31:FB:CD:04:CE
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/FS_GNK3l1OJseNYkCQLfMfvNBM4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:5b:a1:c0:4b:a6:b9:fd:2a:e4:61:a8:42:73:0d:35:bd:23:
         6e:13:a0:9e:b7:82:c9:aa:8d:8f:76:3e:13:53:fa:7d:cf:70:
         c7:31:09:23:cb:82:9b:08:03:35:e4:1e:3e:3b:0d:8f:58:c3:
         3c:d4:86:24:33:ce:08:40:3e:01:cd:84:08:ff:55:22:ef:fc:
         f6:95:06:e3:34:69:3a:4c:70:6e:23:6c:a2:25:25:65:a5:f4:
         63:c5:94:eb:b0:e2:ed:4d:ec:7e:43:df:36:17:3a:0c:00:17:
         5d:01:0f:58:1b:6e:fc:95:83:1f:10:f7:41:d3:dd:fc:bb:50:
         3e:c4:c8:27:0d:d0:d6:c7:e4:e4:6e:dc:2b:c1:82:f7:b8:1d:
         cf:c3:2b:8e:4b:4d:68:c3:31:d5:05:fb:bc:39:5a:18:b1:c8:
         cc:ba:73:12:ab:c5:32:5c:38:df:84:8e:b9:06:9c:b8:34:b3:
         9d:88:85:7c:fe:02:84:c6:64:eb:11:3d:78:44:05:bc:cb:51:
         70:a1:11:a6:62:3f:b1:1c:f1:ff:f2:7f:a9:3c:ad:b6:e5:2e:
         04:f3:1b:60:a9:36:fc:ff:c2:80:dc:d3:c4:dd:21:ff:a1:ed:
         fc:ed:9c:96:5c:2b:37:34:e3:3f:9e:0a:3c:2d:34:45:5a:e0:
         1b:ba:06:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIgx/vqHxvvZ1YUAS3wfgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTJmYzYzNGFkZTVkNGUyNmM3OGQ2MjQwOTAyZGYzMWZiY2QwNGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1B4IgIO6jxG0i2iXO3Bq4yQ7ThX2
7oNG28jPts+oXvVXS0Z4J4L42LNQamMuYJS7rsX4+tltI/bwuvkAfzbSYPQwbb86
7ANXhkzYh2Vdn1Bp7HZ/iCHRW40G8NQLPLjBj66nPyOmDBoEdfTcPGnuvdrPuSaU
W7FuVhr6e9l0dEpTfEX4NreXE4FpQ8t6t2Oh8pKQoJlUlD/Hj2HDgWawcQD0s2UY
hJtNkNPoeiOEJiw2CjpDQu45KYpLyL8X7Pvu8MRTZ6yszHdhRY3ssNqF9UZ46YTo
qCFr7CTo9GW+jhOQdAkmDRlG4O/olKtVXxU6pCVQKXVRItTFRT6DcWKcXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBUvxjSt5dTibHjWJAkC3zH7zQTOMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvRlNfR05LM2wxT0pzZU5Za0NRTGZNZnZOQk00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhOLMA0G
CSqGSIb3DQEBCwUAA4IBAQA/W6HAS6a5/SrkYahCcw01vSNuE6Cet4LJqo2Pdj4T
U/p9z3DHMQkjy4KbCAM15B4+Ow2PWMM81IYkM84IQD4BzYQI/1Ui7/z2lQbjNGk6
THBuI2yiJSVlpfRjxZTrsOLtTex+Q982FzoMABddAQ9YG278lYMfEPdB0938u1A+
xMgnDdDWx+TkbtwrwYL3uB3PwyuOS01owzHVBfu8OVoYscjMunMSq8UyXDjfhI65
Bpy4NLOdiIV8/gKExmTrET14RAW8y1FwoRGmYj+xHPH/8n+pPK225S4E8xtgqTb8
/8KA3NPE3SH/oe387ZyWXCs3NOM/ngo8LTRFWuAbugZ0
-----END CERTIFICATE-----