Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/463666-00e0-492e-a463-0128d97179e8/1/FRrrM4yAfnu6pnFh5wowlvqVDWA.roa
File:                     FRrrM4yAfnu6pnFh5wowlvqVDWA.roa (raw, json)
Hash identifier:          Hv8/4ynB8VDf7OX62BWXwwqyCndg3mMaA+WdwhpJSlw=
Subject key identifier:   15:1A:EB:33:8C:80:7E:7B:BA:A6:71:61:E7:0A:30:96:FA:95:0D:60
Certificate issuer:       /CN=627a99509ed51df93a33f2a4e2fd662d1c8d660b
Certificate serial:       019492420083CDA49E5B31DE189451E307FE
Authority key identifier: 62:7A:99:50:9E:D5:1D:F9:3A:33:F2:A4:E2:FD:66:2D:1C:8D:66:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YnqZUJ7VHfk6M_Kk4v1mLRyNZgs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/463666-00e0-492e-a463-0128d97179e8/1/FRrrM4yAfnu6pnFh5wowlvqVDWA.roa
Signing time:             Thu 23 Jan 2025 08:23:06 +0000
ROA not before:           Thu 23 Jan 2025 08:23:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3303
IP address blocks:        194.61.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/463666-00e0-492e-a463-0128d97179e8/1/YnqZUJ7VHfk6M_Kk4v1mLRyNZgs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/463666-00e0-492e-a463-0128d97179e8/1/YnqZUJ7VHfk6M_Kk4v1mLRyNZgs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YnqZUJ7VHfk6M_Kk4v1mLRyNZgs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:92:42:00:83:cd:a4:9e:5b:31:de:18:94:51:e3:07:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=627a99509ed51df93a33f2a4e2fd662d1c8d660b
        Validity
            Not Before: Jan 23 08:23:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=151aeb338c807e7bbaa67161e70a3096fa950d60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:fa:27:41:e3:d4:fb:ff:f8:74:4e:5c:84:f0:
                    ee:46:0f:81:d4:df:05:45:5e:50:22:d5:fe:bc:8f:
                    fe:94:82:b6:f6:d7:73:90:fb:af:92:62:77:f9:0c:
                    61:b7:d8:de:c8:85:ff:ad:25:1c:d2:7d:dd:68:a8:
                    31:3a:2b:99:95:76:18:08:9a:fa:d6:53:29:49:d9:
                    4a:d2:76:84:15:76:1a:5c:07:b3:ac:26:f3:47:7c:
                    d7:41:1a:b9:43:3a:e4:f6:37:0b:a6:7c:a3:bc:02:
                    6b:f9:15:d0:12:74:4b:1b:a1:09:85:be:33:c5:6d:
                    54:6c:7c:d8:78:cf:22:51:a7:cc:0f:17:9b:93:a3:
                    d1:5f:61:60:f0:69:00:37:92:f9:6f:9a:4d:0a:9a:
                    92:5b:b8:1d:f2:5a:93:18:a4:38:23:2c:1c:a2:bc:
                    7d:ef:11:ec:9f:84:18:66:d8:01:55:83:f0:fe:97:
                    5e:07:ee:31:0b:40:4b:ac:c4:32:9e:be:c1:53:28:
                    bf:7d:dd:26:00:0c:4a:d7:fa:0e:90:60:7e:cc:25:
                    f9:5b:e7:2c:b0:b4:3c:f3:c6:9c:74:a0:d1:c3:94:
                    5f:55:06:b7:cf:b0:9c:2f:fa:5a:41:6e:7d:45:4b:
                    77:08:a1:5d:59:1d:3e:1a:e5:aa:6c:7c:d8:c2:87:
                    08:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:1A:EB:33:8C:80:7E:7B:BA:A6:71:61:E7:0A:30:96:FA:95:0D:60
            X509v3 Authority Key Identifier:
                keyid:62:7A:99:50:9E:D5:1D:F9:3A:33:F2:A4:E2:FD:66:2D:1C:8D:66:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YnqZUJ7VHfk6M_Kk4v1mLRyNZgs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/463666-00e0-492e-a463-0128d97179e8/1/FRrrM4yAfnu6pnFh5wowlvqVDWA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/463666-00e0-492e-a463-0128d97179e8/1/YnqZUJ7VHfk6M_Kk4v1mLRyNZgs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.61.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:35:5d:5a:98:6a:b0:d4:74:28:90:92:54:04:aa:5b:f7:76:
         b6:23:0a:bb:68:4b:07:24:0c:1a:49:bb:00:d5:5f:4b:ed:9c:
         e4:54:23:d6:38:75:65:b0:e9:b7:1f:4c:79:4a:b1:c9:c8:8e:
         f1:67:d4:f1:1d:51:c2:aa:3b:7e:30:10:d8:52:cb:0a:15:43:
         18:73:fb:c3:d1:ea:ce:68:87:a8:c7:44:60:62:61:40:98:22:
         0b:18:33:92:b2:de:a4:17:7e:4f:f9:9b:ba:7f:d9:ab:51:e9:
         90:6f:4d:10:0f:32:5a:9c:0e:0b:eb:e9:0a:03:4d:51:f2:51:
         bb:b7:20:e6:18:99:04:b6:3e:f5:88:fb:c5:d4:a2:4a:ce:53:
         d0:1f:a1:fe:cb:04:98:76:95:dc:f7:70:09:6d:38:fa:e3:79:
         50:38:19:34:2f:0d:39:20:fb:ec:f9:c8:39:b1:d5:c0:0d:4c:
         e6:28:db:84:c6:74:01:fe:da:66:2e:ee:5d:58:a2:14:fb:ad:
         49:95:98:26:fe:fa:39:9f:55:6b:fc:7a:1a:98:6e:85:18:6d:
         e5:34:53:78:71:dd:fd:30:fb:95:ef:64:11:bd:45:06:e5:19:
         b9:6e:62:24:81:07:c4:90:aa:19:a0:d4:e4:84:d8:75:0c:75:
         14:8a:54:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSSQgCDzaSeWzHeGJRR4wf+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyN2E5OTUwOWVkNTFkZjkzYTMzZjJhNGUyZmQ2NjJkMWM4
ZDY2MGIwHhcNMjUwMTIzMDgyMzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTFhZWIzMzhjODA3ZTdiYmFhNjcxNjFlNzBhMzA5NmZhOTUwZDYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/onQePU+//4dE5chPDuRg+B1N8F
RV5QItX+vI/+lIK29tdzkPuvkmJ3+Qxht9jeyIX/rSUc0n3daKgxOiuZlXYYCJr6
1lMpSdlK0naEFXYaXAezrCbzR3zXQRq5Qzrk9jcLpnyjvAJr+RXQEnRLG6EJhb4z
xW1UbHzYeM8iUafMDxebk6PRX2Fg8GkAN5L5b5pNCpqSW7gd8lqTGKQ4Iywcorx9
7xHsn4QYZtgBVYPw/pdeB+4xC0BLrMQynr7BUyi/fd0mAAxK1/oOkGB+zCX5W+cs
sLQ888acdKDRw5RfVQa3z7CcL/paQW59RUt3CKFdWR0+GuWqbHzYwocIYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBUa6zOMgH57uqZxYecKMJb6lQ1gMB8GA1UdIwQY
MBaAFGJ6mVCe1R35OjPypOL9Zi0cjWYLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW5xWlVKN1ZIZms2TV9LazR2MW1MUnlOWmdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy80NjM2NjYtMDBlMC00OTJlLWE0NjMt
MDEyOGQ5NzE3OWU4LzEvRlJyck00eUFmbnU2cG5GaDV3b3dsdnFWRFdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy80NjM2NjYtMDBlMC00OTJlLWE0NjMtMDEyOGQ5NzE3OWU4
LzEvWW5xWlVKN1ZIZms2TV9LazR2MW1MUnlOWmdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwj0CMA0G
CSqGSIb3DQEBCwUAA4IBAQBtNV1amGqw1HQokJJUBKpb93a2Iwq7aEsHJAwaSbsA
1V9L7ZzkVCPWOHVlsOm3H0x5SrHJyI7xZ9TxHVHCqjt+MBDYUssKFUMYc/vD0erO
aIeox0RgYmFAmCILGDOSst6kF35P+Zu6f9mrUemQb00QDzJanA4L6+kKA01R8lG7
tyDmGJkEtj71iPvF1KJKzlPQH6H+ywSYdpXc93AJbTj643lQOBk0Lw05IPvs+cg5
sdXADUzmKNuExnQB/tpmLu5dWKIU+61JlZgm/vo5n1Vr/HoamG6FGG3lNFN4cd39
MPuV72QRvUUG5Rm5bmIkgQfEkKoZoNTkhNh1DHUUilSb
-----END CERTIFICATE-----