Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/fcEGyk-ShkerhmvdFRcRV3UxI0Q.roa
File:                     fcEGyk-ShkerhmvdFRcRV3UxI0Q.roa (raw, json)
Hash identifier:          j94ZQOuH+xS4iNOpDw2YYuethGcrhVLCQhL5yC+U8s8=
Subject key identifier:   7D:C1:06:CA:4F:92:86:47:AB:86:6B:DD:15:17:11:57:75:31:23:44
Certificate issuer:       /CN=1062bc36512658a0f7d3f96bc1d8e67d9fd4918b
Certificate serial:       01942520A632B9AD2BF0A258214F6902CFDA
Authority key identifier: 10:62:BC:36:51:26:58:A0:F7:D3:F9:6B:C1:D8:E6:7D:9F:D4:91:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EGK8NlEmWKD30_lrwdjmfZ_UkYs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/fcEGyk-ShkerhmvdFRcRV3UxI0Q.roa
Signing time:             Thu 02 Jan 2025 03:48:04 +0000
ROA not before:           Thu 02 Jan 2025 03:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396982
IP address blocks:        195.245.86.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/EGK8NlEmWKD30_lrwdjmfZ_UkYs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/EGK8NlEmWKD30_lrwdjmfZ_UkYs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EGK8NlEmWKD30_lrwdjmfZ_UkYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 18:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:20:a6:32:b9:ad:2b:f0:a2:58:21:4f:69:02:cf:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1062bc36512658a0f7d3f96bc1d8e67d9fd4918b
        Validity
            Not Before: Jan  2 03:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7dc106ca4f928647ab866bdd1517115775312344
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:7c:2d:1f:df:33:f9:6b:fa:0f:20:49:f9:07:
                    5c:fa:17:99:c2:d2:d9:88:1c:61:9d:68:81:cd:99:
                    cf:fc:e4:f1:a0:7d:22:15:7b:58:1b:a1:a9:68:b7:
                    6c:fe:f6:4a:73:3e:9d:b5:0d:f3:bd:0c:ed:3a:4c:
                    b0:ab:7b:a7:75:b4:04:85:9a:98:1d:17:2d:89:49:
                    5a:ab:b2:a7:71:29:a2:27:6b:60:25:19:58:ae:8d:
                    1e:45:2c:af:f2:b6:a2:b7:20:75:8d:ff:e7:48:c5:
                    cf:cd:13:03:f9:d6:df:0c:68:49:f1:de:48:eb:c3:
                    63:22:e1:39:4f:7a:9a:a3:e3:34:e0:fe:d8:7b:f6:
                    18:aa:5b:32:78:11:0f:68:a5:51:04:68:a1:a3:f2:
                    49:90:3e:c5:22:e8:02:e2:3f:08:8a:3b:b5:cb:eb:
                    3d:79:71:22:65:db:59:e7:c3:aa:d4:12:37:78:c9:
                    9c:3e:0d:84:82:c0:4e:d0:c6:e4:54:71:6f:9d:bf:
                    f2:4c:05:c8:ec:35:3b:6a:cf:63:2c:de:bf:19:69:
                    48:c2:3a:06:03:00:23:70:6f:42:1f:37:45:e9:1c:
                    ac:3f:e0:3f:6d:0e:da:ae:11:5c:48:aa:50:b4:e6:
                    24:7f:86:16:1a:d5:6c:7c:cf:77:c8:c1:42:1f:83:
                    e0:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:C1:06:CA:4F:92:86:47:AB:86:6B:DD:15:17:11:57:75:31:23:44
            X509v3 Authority Key Identifier:
                keyid:10:62:BC:36:51:26:58:A0:F7:D3:F9:6B:C1:D8:E6:7D:9F:D4:91:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EGK8NlEmWKD30_lrwdjmfZ_UkYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/fcEGyk-ShkerhmvdFRcRV3UxI0Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/EGK8NlEmWKD30_lrwdjmfZ_UkYs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.245.86.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a8:9f:cb:4e:73:f8:c9:85:8b:ad:88:32:2b:59:ce:84:d0:b3:
         2c:cc:1f:57:79:90:49:c6:2b:67:1c:97:1d:6b:68:53:c9:e5:
         c7:eb:5c:22:4c:7f:29:83:c3:4f:cc:5a:20:ca:f6:bf:92:39:
         2d:7f:d7:15:3b:9a:21:4a:8e:f4:9b:a2:f0:28:3b:d1:5e:39:
         ca:02:57:ff:d4:eb:ee:fb:bb:73:ba:46:2e:ef:b7:a4:6e:98:
         e3:e4:41:f3:f5:5b:a0:1e:89:8e:a5:66:80:3d:0d:f4:bb:ed:
         53:60:ad:1b:28:f5:ad:1b:18:a4:88:11:f2:8a:df:da:bf:61:
         7b:03:a1:59:3e:fd:59:1e:c8:7e:1c:d2:6b:a2:b0:50:f6:54:
         f9:79:1c:d7:9f:68:c5:33:98:7a:c6:b0:a8:1d:08:30:bf:69:
         a3:61:2f:95:06:da:bd:24:2b:f0:35:33:3c:3a:7c:5b:88:cb:
         38:cf:4a:e1:b9:1e:d7:98:32:3c:86:b4:72:27:51:c5:c3:fe:
         9b:5b:40:1d:6c:a1:1c:ae:f4:19:03:f0:08:dc:f7:cc:de:9b:
         33:42:d2:14:77:53:fe:03:bb:09:19:02:4e:33:2e:28:38:bb:
         9c:ae:a0:17:be:72:33:6a:02:b7:d7:3e:d7:c3:a9:8e:fc:93:
         cf:d8:ed:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIKYyua0r8KJYIU9pAs/aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNjJiYzM2NTEyNjU4YTBmN2QzZjk2YmMxZDhlNjdkOWZk
NDkxOGIwHhcNMjUwMTAyMDM0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGMxMDZjYTRmOTI4NjQ3YWI4NjZiZGQxNTE3MTE1Nzc1MzEyMzQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAknwtH98z+Wv6DyBJ+Qdc+heZwtLZ
iBxhnWiBzZnP/OTxoH0iFXtYG6GpaLds/vZKcz6dtQ3zvQztOkywq3undbQEhZqY
HRctiUlaq7KncSmiJ2tgJRlYro0eRSyv8raityB1jf/nSMXPzRMD+dbfDGhJ8d5I
68NjIuE5T3qao+M04P7Ye/YYqlsyeBEPaKVRBGiho/JJkD7FIugC4j8Iiju1y+s9
eXEiZdtZ58Oq1BI3eMmcPg2EgsBO0MbkVHFvnb/yTAXI7DU7as9jLN6/GWlIwjoG
AwAjcG9CHzdF6RysP+A/bQ7arhFcSKpQtOYkf4YWGtVsfM93yMFCH4PgXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH3BBspPkoZHq4Zr3RUXEVd1MSNEMB8GA1UdIwQY
MBaAFBBivDZRJlig99P5a8HY5n2f1JGLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUdLOE5sRW1XS0QzMF9scndkam1mWl9Va1lzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC82NjllYmYtZWU3Zi00ZWI3LTg0ODYt
OTVhZDkyYWM4Njk4LzEvZmNFR3lrLVNoa2VyaG12ZEZSY1JWM1V4STBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC82NjllYmYtZWU3Zi00ZWI3LTg0ODYtOTVhZDkyYWM4Njk4
LzEvRUdLOE5sRW1XS0QzMF9scndkam1mWl9Va1lzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw/VWMA0G
CSqGSIb3DQEBCwUAA4IBAQCon8tOc/jJhYutiDIrWc6E0LMszB9XeZBJxitnHJcd
a2hTyeXH61wiTH8pg8NPzFogyva/kjktf9cVO5ohSo70m6LwKDvRXjnKAlf/1Ovu
+7tzukYu77ekbpjj5EHz9VugHomOpWaAPQ30u+1TYK0bKPWtGxikiBHyit/av2F7
A6FZPv1ZHsh+HNJrorBQ9lT5eRzXn2jFM5h6xrCoHQgwv2mjYS+VBtq9JCvwNTM8
OnxbiMs4z0rhuR7XmDI8hrRyJ1HFw/6bW0AdbKEcrvQZA/AI3PfM3pszQtIUd1P+
A7sJGQJOMy4oOLucrqAXvnIzagK31z7Xw6mO/JPP2O2C
-----END CERTIFICATE-----