Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/3e2a73-f497-49cc-b420-d7ab514d4ee2/1/fGeYBTeIqUGlzWkeYCJZuXTV3NA.roa
File:                     fGeYBTeIqUGlzWkeYCJZuXTV3NA.roa (raw, json)
Hash identifier:          NVWcI0sfwe5T87MmDN6gYp0EndXzVclJkGdW6buL8Q8=
Subject key identifier:   7C:67:98:05:37:88:A9:41:A5:CD:69:1E:60:22:59:B9:74:D5:DC:D0
Certificate issuer:       /CN=f4e736f0d8e9e70f1ae7caa11c559ecf70a72828
Certificate serial:       01942827E34655ED2959BDA5D8EFF4362A47
Authority key identifier: F4:E7:36:F0:D8:E9:E7:0F:1A:E7:CA:A1:1C:55:9E:CF:70:A7:28:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9Oc28Njp5w8a58qhHFWez3CnKCg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/3e2a73-f497-49cc-b420-d7ab514d4ee2/1/fGeYBTeIqUGlzWkeYCJZuXTV3NA.roa
Signing time:             Thu 02 Jan 2025 17:54:50 +0000
ROA not before:           Thu 02 Jan 2025 17:54:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24971
IP address blocks:        193.169.160.0/23 maxlen: 23
                          2001:678:a50::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/3e2a73-f497-49cc-b420-d7ab514d4ee2/1/9Oc28Njp5w8a58qhHFWez3CnKCg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/3e2a73-f497-49cc-b420-d7ab514d4ee2/1/9Oc28Njp5w8a58qhHFWez3CnKCg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9Oc28Njp5w8a58qhHFWez3CnKCg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Apr 2025 08:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:e3:46:55:ed:29:59:bd:a5:d8:ef:f4:36:2a:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4e736f0d8e9e70f1ae7caa11c559ecf70a72828
        Validity
            Not Before: Jan  2 17:54:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7c6798053788a941a5cd691e602259b974d5dcd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:76:2a:72:b8:5c:f1:59:0f:fc:e0:f7:63:b2:
                    d1:14:53:50:f3:52:32:4d:5c:5c:8b:68:58:49:6a:
                    09:7d:82:04:9c:4e:5e:38:87:e0:8a:bf:13:83:db:
                    1e:69:ec:f6:6f:e6:18:c8:c4:ac:1b:10:86:a4:eb:
                    45:c2:4e:3b:d7:33:d2:d2:ea:2e:59:51:1e:1f:a5:
                    bd:c6:e3:2b:49:ad:e9:ad:40:b7:47:82:af:a4:13:
                    37:2e:d2:24:77:a5:10:19:77:bf:fb:c3:5c:e6:db:
                    7c:b8:32:b3:03:7f:ab:b1:7b:be:0b:e2:dc:6e:c7:
                    8e:20:e1:a8:6a:1f:c2:bb:09:91:41:07:16:b4:6a:
                    25:dc:30:24:41:74:aa:a1:7e:46:41:94:12:9b:2e:
                    19:d2:f1:66:6a:70:f0:53:68:80:79:bd:16:e6:a7:
                    70:98:bc:c7:7f:c3:6d:66:02:15:e0:7d:f5:9d:72:
                    80:38:6c:74:31:dc:c2:d2:9e:37:e2:80:e7:e6:ad:
                    5a:c5:f9:e9:c0:bc:9e:98:54:13:98:44:4f:5b:71:
                    b7:ea:05:7a:fb:a8:6d:ca:a4:50:3c:17:63:79:fe:
                    76:68:75:61:19:62:00:b2:88:e7:d5:a9:42:ff:89:
                    3b:9e:72:5a:a3:31:8a:c6:ea:92:d4:2a:7d:76:82:
                    0e:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:67:98:05:37:88:A9:41:A5:CD:69:1E:60:22:59:B9:74:D5:DC:D0
            X509v3 Authority Key Identifier:
                keyid:F4:E7:36:F0:D8:E9:E7:0F:1A:E7:CA:A1:1C:55:9E:CF:70:A7:28:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9Oc28Njp5w8a58qhHFWez3CnKCg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/3e2a73-f497-49cc-b420-d7ab514d4ee2/1/fGeYBTeIqUGlzWkeYCJZuXTV3NA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/3e2a73-f497-49cc-b420-d7ab514d4ee2/1/9Oc28Njp5w8a58qhHFWez3CnKCg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.169.160.0/23
                IPv6:
                  2001:678:a50::/48

    Signature Algorithm: sha256WithRSAEncryption
         19:c4:38:df:28:a3:b7:d4:75:c3:cd:47:ba:24:5d:86:c7:0f:
         64:85:e8:71:91:8b:39:88:31:ae:7a:cc:19:da:dd:b6:60:2b:
         fc:82:59:1f:03:39:37:25:78:19:b7:b4:46:77:cb:23:2d:0e:
         04:f7:56:56:91:c9:66:5a:56:cc:ff:34:80:d4:34:92:0e:85:
         7a:41:7f:af:d9:a7:21:c9:52:9c:74:ef:a3:5b:c1:12:15:9f:
         58:83:54:67:33:94:bf:a2:76:71:a8:7c:62:d9:c8:b1:e9:e4:
         d3:2f:cf:43:26:5a:5d:9d:97:4b:72:36:6c:2f:c1:f9:c4:c5:
         e4:d4:84:32:c6:0f:87:bb:3e:ea:81:78:2c:6d:15:31:01:5b:
         1b:05:58:ef:9a:98:eb:b0:15:44:7b:8a:95:62:62:a2:f4:ae:
         93:8e:be:5c:33:7e:9f:6d:36:09:2d:65:83:58:26:04:4c:b3:
         0d:c0:b1:4d:73:08:c0:e8:58:49:fc:aa:e6:da:e2:b9:ea:5a:
         3f:15:d2:ac:bb:8e:38:de:18:01:90:f7:96:12:19:d0:86:6b:
         28:38:72:1d:5d:75:f0:51:e2:9d:78:d1:0b:93:89:64:b2:bf:
         57:01:f5:ae:81:2f:64:9c:60:e5:d1:a9:6a:2f:b4:f0:30:61:
         6d:83:3f:5f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQoJ+NGVe0pWb2l2O/0NipHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZTczNmYwZDhlOWU3MGYxYWU3Y2FhMTFjNTU5ZWNmNzBh
NzI4MjgwHhcNMjUwMTAyMTc1NDUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzY3OTgwNTM3ODhhOTQxYTVjZDY5MWU2MDIyNTliOTc0ZDVkY2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA43Yqcrhc8VkP/OD3Y7LRFFNQ81Iy
TVxci2hYSWoJfYIEnE5eOIfgir8Tg9seaez2b+YYyMSsGxCGpOtFwk471zPS0uou
WVEeH6W9xuMrSa3prUC3R4KvpBM3LtIkd6UQGXe/+8Nc5tt8uDKzA3+rsXu+C+Lc
bseOIOGoah/CuwmRQQcWtGol3DAkQXSqoX5GQZQSmy4Z0vFmanDwU2iAeb0W5qdw
mLzHf8NtZgIV4H31nXKAOGx0MdzC0p434oDn5q1axfnpwLyemFQTmERPW3G36gV6
+6htyqRQPBdjef52aHVhGWIAsojn1alC/4k7nnJaozGKxuqS1Cp9doIOmQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHxnmAU3iKlBpc1pHmAiWbl01dzQMB8GA1UdIwQY
MBaAFPTnNvDY6ecPGufKoRxVns9wpygoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU9jMjhOanA1dzhhNThxaEhGV2V6M0NuS0NnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni8zZTJhNzMtZjQ5Ny00OWNjLWI0MjAt
ZDdhYjUxNGQ0ZWUyLzEvZkdlWUJUZUlxVUdseldrZVlDSlp1WFRWM05BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni8zZTJhNzMtZjQ5Ny00OWNjLWI0MjAtZDdhYjUxNGQ0ZWUy
LzEvOU9jMjhOanA1dzhhNThxaEhGV2V6M0NuS0NnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBwamgMA8E
AgACMAkDBwAgAQZ4ClAwDQYJKoZIhvcNAQELBQADggEBABnEON8oo7fUdcPNR7ok
XYbHD2SF6HGRizmIMa56zBna3bZgK/yCWR8DOTcleBm3tEZ3yyMtDgT3VlaRyWZa
Vsz/NIDUNJIOhXpBf6/ZpyHJUpx076NbwRIVn1iDVGczlL+idnGofGLZyLHp5NMv
z0MmWl2dl0tyNmwvwfnExeTUhDLGD4e7PuqBeCxtFTEBWxsFWO+amOuwFUR7ipVi
YqL0rpOOvlwzfp9tNgktZYNYJgRMsw3AsU1zCMDoWEn8quba4rnqWj8V0qy7jjje
GAGQ95YSGdCGayg4ch1ddfBR4p140QuTiWSyv1cB9a6BL2ScYOXRqWovtPAwYW2D
P18=
-----END CERTIFICATE-----