Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/FPIY7tfdJ_j9wMu1obMddsSQLYI.roa
File:                     FPIY7tfdJ_j9wMu1obMddsSQLYI.roa (raw, json)
Hash identifier:          HFr78fHsjYChJd3MnoR5+rTJEMRnzDaPhK5CGp2Jd9Q=
Subject key identifier:   14:F2:18:EE:D7:DD:27:F8:FD:C0:CB:B5:A1:B3:1D:76:C4:90:2D:82
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0196C3F07BDFD9845F47A7E472DDF5CB2E33
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/FPIY7tfdJ_j9wMu1obMddsSQLYI.roa
Signing time:             Mon 12 May 2025 10:00:39 +0000
ROA not before:           Mon 12 May 2025 10:00:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208946
IP address blocks:        93.171.158.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 22:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c3:f0:7b:df:d9:84:5f:47:a7:e4:72:dd:f5:cb:2e:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: May 12 10:00:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=14f218eed7dd27f8fdc0cbb5a1b31d76c4902d82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:7b:5a:b0:1f:00:40:23:a3:4a:91:af:11:b0:
                    ab:76:a7:f0:81:53:f6:fc:b0:74:0a:12:f1:d2:ba:
                    c1:41:1e:fd:e5:dc:66:ad:83:0a:2f:00:53:a5:1e:
                    84:27:f8:06:0c:0a:6c:66:82:50:58:51:82:86:8c:
                    20:77:0f:6e:b5:ee:c8:d3:22:95:a3:f4:11:af:73:
                    42:b2:5e:8e:89:b7:58:6c:79:77:9b:c0:7b:fd:25:
                    59:d0:86:ea:22:24:32:bf:79:20:45:09:e9:b9:c5:
                    ac:f5:90:88:61:2f:7b:23:d6:25:df:bb:83:fe:3a:
                    68:dd:fb:7a:dc:46:f8:05:5f:5f:f9:12:3b:70:32:
                    ae:53:84:35:21:4f:f9:45:b7:e9:b0:97:be:7c:cb:
                    bc:1e:34:8d:97:ae:e3:c2:84:ca:88:22:84:29:d6:
                    d8:dd:ad:56:01:64:4c:08:2f:df:66:16:d8:9c:ea:
                    d5:e3:ea:38:48:bf:99:46:bd:53:7f:7d:8d:4f:0a:
                    f0:ec:00:e1:ae:91:eb:2f:12:5d:75:9b:5a:4b:4c:
                    66:2a:0e:23:d9:c9:b3:26:a6:e5:6a:3e:d9:9f:83:
                    ce:72:1c:60:d2:61:21:83:90:ad:ff:03:d6:ef:d8:
                    80:f3:54:7c:44:db:af:1d:42:bd:be:c5:33:e7:f4:
                    99:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:F2:18:EE:D7:DD:27:F8:FD:C0:CB:B5:A1:B3:1D:76:C4:90:2D:82
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/FPIY7tfdJ_j9wMu1obMddsSQLYI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.171.158.0/23

    Signature Algorithm: sha256WithRSAEncryption
         90:7b:29:36:b8:66:2b:6e:38:2c:26:5c:95:1a:ca:38:ce:77:
         f7:31:ee:cb:77:fd:e4:f4:57:0c:91:f8:6a:c5:3e:34:58:85:
         23:47:03:eb:e6:8c:9e:d7:66:b1:80:9d:1b:10:35:d4:4e:69:
         10:cf:51:ec:4f:4a:0d:63:ed:87:34:43:1b:b7:91:e6:82:ab:
         89:60:db:e2:39:97:9d:eb:67:73:c7:8d:88:db:1a:55:7e:74:
         6f:f9:fa:1e:f6:31:25:87:a4:57:5b:9f:18:84:1e:2a:d0:be:
         0d:a1:13:f7:9b:c6:cd:8a:74:34:47:3f:09:a3:83:f3:16:cb:
         33:47:64:f7:b8:76:93:9e:f2:7a:79:f5:b7:4e:fe:41:72:71:
         7e:bb:70:fb:89:cd:ec:f1:6d:92:7a:f7:d2:38:ce:fe:1c:91:
         43:e8:99:95:f7:7d:22:c9:9b:6f:13:3d:e6:a8:69:de:d7:55:
         c1:d7:2c:12:63:0b:87:05:ae:c5:a4:9a:67:13:fa:76:df:41:
         6c:ca:16:4a:a5:59:c4:e3:96:71:e1:e5:ad:15:99:12:9d:d2:
         11:0a:13:11:a1:e9:10:b3:e1:06:81:f1:fb:28:7b:06:e6:5d:
         9b:49:7f:98:78:ea:30:b3:2e:c9:bd:18:84:cb:ae:3c:e3:f7:
         c5:de:d0:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbD8Hvf2YRfR6fkct31yy4zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwNTEyMTAwMDM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGYyMThlZWQ3ZGQyN2Y4ZmRjMGNiYjVhMWIzMWQ3NmM0OTAyZDgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoXtasB8AQCOjSpGvEbCrdqfwgVP2
/LB0ChLx0rrBQR795dxmrYMKLwBTpR6EJ/gGDApsZoJQWFGChowgdw9ute7I0yKV
o/QRr3NCsl6OibdYbHl3m8B7/SVZ0IbqIiQyv3kgRQnpucWs9ZCIYS97I9Yl37uD
/jpo3ft63Eb4BV9f+RI7cDKuU4Q1IU/5RbfpsJe+fMu8HjSNl67jwoTKiCKEKdbY
3a1WAWRMCC/fZhbYnOrV4+o4SL+ZRr1Tf32NTwrw7ADhrpHrLxJddZtaS0xmKg4j
2cmzJqblaj7Zn4POchxg0mEhg5Ct/wPW79iA81R8RNuvHUK9vsUz5/SZdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBTyGO7X3Sf4/cDLtaGzHXbEkC2CMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvRlBJWTd0ZmRKX2o5d011MW9iTWRkc1NRTFlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXaueMA0G
CSqGSIb3DQEBCwUAA4IBAQCQeyk2uGYrbjgsJlyVGso4znf3Me7Ld/3k9FcMkfhq
xT40WIUjRwPr5oye12axgJ0bEDXUTmkQz1HsT0oNY+2HNEMbt5HmgquJYNviOZed
62dzx42I2xpVfnRv+foe9jElh6RXW58YhB4q0L4NoRP3m8bNinQ0Rz8Jo4PzFssz
R2T3uHaTnvJ6efW3Tv5BcnF+u3D7ic3s8W2SevfSOM7+HJFD6JmV930iyZtvEz3m
qGne11XB1ywSYwuHBa7FpJpnE/p230FsyhZKpVnE45Zx4eWtFZkSndIRChMRoekQ
s+EGgfH7KHsG5l2bSX+YeOowsy7JvRiEy6484/fF3tDp
-----END CERTIFICATE-----