Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/fc9927-63fe-4e3b-bf28-62877fe48618/1/FoYoEZG4yQ-zmia58D3kbXTMFyI.roa
File:                     FoYoEZG4yQ-zmia58D3kbXTMFyI.roa (raw, json)
Hash identifier:          VDgVe2Q/qFZmB+xrtdC5B5lAUUngOslsx2GFlKLDYrg=
Subject key identifier:   16:86:28:11:91:B8:C9:0F:B3:9A:26:B9:F0:3D:E4:6D:74:CC:17:22
Certificate issuer:       /CN=69af70bda77cf858e164d6b7c709e878fd1a6045
Certificate serial:       0194274849359983040C377234C7D0A302A7
Authority key identifier: 69:AF:70:BD:A7:7C:F8:58:E1:64:D6:B7:C7:09:E8:78:FD:1A:60:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aa9wvad8-FjhZNa3xwnoeP0aYEU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/fc9927-63fe-4e3b-bf28-62877fe48618/1/FoYoEZG4yQ-zmia58D3kbXTMFyI.roa
Signing time:             Thu 02 Jan 2025 13:50:36 +0000
ROA not before:           Thu 02 Jan 2025 13:50:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28878
IP address blocks:        193.177.160.0/23 maxlen: 23
                          194.53.72.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/fc9927-63fe-4e3b-bf28-62877fe48618/1/aa9wvad8-FjhZNa3xwnoeP0aYEU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/fc9927-63fe-4e3b-bf28-62877fe48618/1/aa9wvad8-FjhZNa3xwnoeP0aYEU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aa9wvad8-FjhZNa3xwnoeP0aYEU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:49:35:99:83:04:0c:37:72:34:c7:d0:a3:02:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69af70bda77cf858e164d6b7c709e878fd1a6045
        Validity
            Not Before: Jan  2 13:50:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1686281191b8c90fb39a26b9f03de46d74cc1722
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:5d:6d:f3:9a:c7:05:14:0b:3a:31:0a:ee:d9:
                    19:f8:61:94:1a:d8:93:99:14:13:45:20:ab:34:ff:
                    7f:a6:45:d4:66:10:e1:57:1f:c1:1c:5b:6f:0d:47:
                    9c:1e:6a:be:1c:e7:62:77:bc:78:98:91:f0:cf:cb:
                    dc:d6:a6:5f:9f:d5:ad:5c:91:c9:6b:4d:7a:85:c2:
                    ef:c7:05:aa:a4:6d:76:f8:ef:d8:56:07:d0:9a:a0:
                    f2:cd:e7:c8:2a:ea:68:a2:d4:f7:14:fa:69:df:05:
                    71:15:4f:e5:45:cb:8e:54:5d:56:a6:74:c4:c7:08:
                    14:c3:ca:5e:11:8b:96:60:6f:5b:15:5d:2b:c1:9c:
                    b5:07:f5:9e:14:ee:7c:30:ba:ad:bb:14:73:b3:cb:
                    07:c5:ca:93:99:25:76:bb:74:53:58:ce:5d:89:4a:
                    2a:09:a4:9f:21:7d:cd:06:1a:f4:f7:3c:3e:99:0c:
                    b8:94:a1:d2:93:3f:22:db:74:d2:49:15:3f:88:5b:
                    81:f1:f9:fa:d6:86:05:76:e3:df:e3:6e:20:4d:23:
                    c2:1b:10:f2:ef:d9:91:1e:50:43:3e:77:0f:a5:b6:
                    39:75:28:14:99:9d:14:de:91:60:d0:3b:62:41:25:
                    8e:64:e9:24:2b:74:92:e2:e5:1e:bf:5c:14:f9:52:
                    e1:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:86:28:11:91:B8:C9:0F:B3:9A:26:B9:F0:3D:E4:6D:74:CC:17:22
            X509v3 Authority Key Identifier:
                keyid:69:AF:70:BD:A7:7C:F8:58:E1:64:D6:B7:C7:09:E8:78:FD:1A:60:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa9wvad8-FjhZNa3xwnoeP0aYEU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/fc9927-63fe-4e3b-bf28-62877fe48618/1/FoYoEZG4yQ-zmia58D3kbXTMFyI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/fc9927-63fe-4e3b-bf28-62877fe48618/1/aa9wvad8-FjhZNa3xwnoeP0aYEU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.177.160.0/23
                  194.53.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a1:65:00:02:37:ce:51:cd:84:1d:2b:4f:08:f6:5a:51:15:e9:
         2e:17:f4:79:22:b0:95:74:40:1b:cb:a6:af:71:2d:04:47:20:
         71:4c:d1:f7:c2:34:41:b8:b6:2d:3a:08:ea:cc:3b:0f:e6:2c:
         c8:88:b3:6b:a3:c9:5f:89:0f:1e:85:f0:8f:11:c6:57:4b:8a:
         a0:89:1f:0b:3d:ea:2d:91:9d:04:b4:cd:47:e9:e7:ed:f1:79:
         0e:93:17:54:4b:b3:6a:01:dd:b4:8a:0b:d7:7d:c4:3f:08:e4:
         3c:c1:5b:64:84:77:a2:0b:b5:eb:53:9b:b4:58:9d:36:74:84:
         b1:56:82:36:05:ab:33:fb:67:6f:ef:58:42:7b:1c:81:47:d0:
         97:95:b6:f3:8f:2c:69:49:f7:d2:36:f2:4e:b0:2c:10:f2:c2:
         ee:8b:ec:d3:58:70:d1:be:95:06:4a:11:af:00:c3:72:c7:9e:
         38:d0:87:59:c0:8e:8e:10:ff:d4:47:14:60:75:27:73:b7:e8:
         c2:bc:61:8f:f8:20:c4:ce:c1:3e:a7:96:54:0a:e0:b3:a7:42:
         ef:de:1e:24:e6:95:19:e3:4a:07:d7:d3:79:f0:5f:84:14:24:
         bd:1d:52:70:92:70:7b:89:80:a3:cd:36:2c:0e:2b:19:f8:5c:
         16:f3:68:e4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnSEk1mYMEDDdyNMfQowKnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5YWY3MGJkYTc3Y2Y4NThlMTY0ZDZiN2M3MDllODc4ZmQx
YTYwNDUwHhcNMjUwMTAyMTM1MDM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjg2MjgxMTkxYjhjOTBmYjM5YTI2YjlmMDNkZTQ2ZDc0Y2MxNzIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmF1t85rHBRQLOjEK7tkZ+GGUGtiT
mRQTRSCrNP9/pkXUZhDhVx/BHFtvDUecHmq+HOdid7x4mJHwz8vc1qZfn9WtXJHJ
a016hcLvxwWqpG12+O/YVgfQmqDyzefIKupootT3FPpp3wVxFU/lRcuOVF1WpnTE
xwgUw8peEYuWYG9bFV0rwZy1B/WeFO58MLqtuxRzs8sHxcqTmSV2u3RTWM5diUoq
CaSfIX3NBhr09zw+mQy4lKHSkz8i23TSSRU/iFuB8fn61oYFduPf424gTSPCGxDy
79mRHlBDPncPpbY5dSgUmZ0U3pFg0DtiQSWOZOkkK3SS4uUev1wU+VLhaQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBaGKBGRuMkPs5omufA95G10zBciMB8GA1UdIwQY
MBaAFGmvcL2nfPhY4WTWt8cJ6Hj9GmBFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWE5d3ZhZDgtRmpoWk5hM3h3bm9lUDBhWUVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9mYzk5MjctNjNmZS00ZTNiLWJmMjgt
NjI4NzdmZTQ4NjE4LzEvRm9Zb0VaRzR5US16bWlhNThEM2tiWFRNRnlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9mYzk5MjctNjNmZS00ZTNiLWJmMjgtNjI4NzdmZTQ4NjE4
LzEvYWE5d3ZhZDgtRmpoWk5hM3h3bm9lUDBhWUVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwbGgAwQC
wjVIMA0GCSqGSIb3DQEBCwUAA4IBAQChZQACN85RzYQdK08I9lpRFekuF/R5IrCV
dEAby6avcS0ERyBxTNH3wjRBuLYtOgjqzDsP5izIiLNro8lfiQ8ehfCPEcZXS4qg
iR8LPeotkZ0EtM1H6eft8XkOkxdUS7NqAd20igvXfcQ/COQ8wVtkhHeiC7XrU5u0
WJ02dISxVoI2Basz+2dv71hCexyBR9CXlbbzjyxpSffSNvJOsCwQ8sLui+zTWHDR
vpUGShGvAMNyx5440IdZwI6OEP/URxRgdSdzt+jCvGGP+CDEzsE+p5ZUCuCzp0Lv
3h4k5pUZ40oH19N58F+EFCS9HVJwknB7iYCjzTYsDisZ+FwW82jk
-----END CERTIFICATE-----