Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/a0099c-d860-49a5-b459-3d0036603ea0/1/FAPasEirS5CbUB6PjBrAMteNaOo.roa
File:                     FAPasEirS5CbUB6PjBrAMteNaOo.roa (raw, json)
Hash identifier:          HbkkLdFOGhY92Tbv9fOfCuB90ZHdJx6ePREhkoIqvyA=
Subject key identifier:   14:03:DA:B0:48:AB:4B:90:9B:50:1E:8F:8C:1A:C0:32:D7:8D:68:EA
Certificate issuer:       /CN=264d04c39641b82b5dc3844cf5ff550f54044689
Certificate serial:       0194214433A8B6DD849118EDA09F0A0FA627
Authority key identifier: 26:4D:04:C3:96:41:B8:2B:5D:C3:84:4C:F5:FF:55:0F:54:04:46:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Jk0Ew5ZBuCtdw4RM9f9VD1QERok.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/a0099c-d860-49a5-b459-3d0036603ea0/1/FAPasEirS5CbUB6PjBrAMteNaOo.roa
Signing time:             Wed 01 Jan 2025 09:48:25 +0000
ROA not before:           Wed 01 Jan 2025 09:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210144
IP address blocks:        31.132.48.0/22 maxlen: 22
                          185.141.172.0/22 maxlen: 22
                          2a0d:e800::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/a0099c-d860-49a5-b459-3d0036603ea0/1/Jk0Ew5ZBuCtdw4RM9f9VD1QERok.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/a0099c-d860-49a5-b459-3d0036603ea0/1/Jk0Ew5ZBuCtdw4RM9f9VD1QERok.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Jk0Ew5ZBuCtdw4RM9f9VD1QERok.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:33:a8:b6:dd:84:91:18:ed:a0:9f:0a:0f:a6:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=264d04c39641b82b5dc3844cf5ff550f54044689
        Validity
            Not Before: Jan  1 09:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1403dab048ab4b909b501e8f8c1ac032d78d68ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:f7:f6:16:c2:77:61:3f:51:ca:ae:10:d6:b4:
                    21:6b:d9:3f:cf:b7:ea:da:c5:c6:60:a6:97:e0:f4:
                    7c:8d:46:c7:6d:12:0b:ff:3e:41:07:e7:72:4d:49:
                    45:7d:66:56:02:23:1e:bc:1f:95:3a:ac:9e:49:d0:
                    99:61:9c:90:e0:4e:22:f9:79:5c:66:46:0b:57:4a:
                    ea:6d:89:54:14:6a:a5:56:65:ea:a5:09:42:4b:7c:
                    a4:e7:af:f7:8b:3b:94:68:66:12:98:cf:7e:b9:7b:
                    88:56:3c:7c:72:be:da:96:37:7c:e4:7b:60:03:9b:
                    ed:7e:2d:e6:07:5f:e6:de:02:fe:1f:7d:33:81:76:
                    a5:a4:f4:71:ff:f0:15:5b:1c:a2:bd:52:47:92:35:
                    6e:22:38:01:4c:00:27:d2:86:23:d1:8d:bc:ce:b2:
                    3a:a4:72:38:9d:2d:f7:8b:c6:7a:d1:3f:e3:1d:3c:
                    29:09:c8:03:80:7d:5e:53:cb:bc:e1:f8:d0:87:dd:
                    92:e4:7f:ac:42:53:70:c9:1c:ab:a4:3a:1a:cb:e0:
                    83:2a:49:54:15:79:89:f0:e0:46:93:e1:7d:34:41:
                    d0:ac:61:0e:d3:3b:08:07:77:39:db:8a:02:db:4a:
                    74:66:40:40:26:d8:6a:03:96:16:96:8d:91:e7:34:
                    e9:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:03:DA:B0:48:AB:4B:90:9B:50:1E:8F:8C:1A:C0:32:D7:8D:68:EA
            X509v3 Authority Key Identifier:
                keyid:26:4D:04:C3:96:41:B8:2B:5D:C3:84:4C:F5:FF:55:0F:54:04:46:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jk0Ew5ZBuCtdw4RM9f9VD1QERok.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/a0099c-d860-49a5-b459-3d0036603ea0/1/FAPasEirS5CbUB6PjBrAMteNaOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/a0099c-d860-49a5-b459-3d0036603ea0/1/Jk0Ew5ZBuCtdw4RM9f9VD1QERok.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.132.48.0/22
                  185.141.172.0/22
                IPv6:
                  2a0d:e800::/29

    Signature Algorithm: sha256WithRSAEncryption
         12:58:9c:b6:47:44:3f:ea:83:bc:a1:df:db:4e:9c:29:0c:d8:
         b7:d8:8e:1f:80:6d:e6:a6:2e:8b:10:ae:32:5b:dc:18:1d:bf:
         59:2b:47:63:2a:4d:b9:02:75:b3:87:d7:a8:07:54:64:24:e3:
         7a:3b:1d:88:5d:cf:16:3d:6f:5f:1c:12:45:be:c1:43:04:5e:
         ad:42:0a:e8:c5:be:4b:9a:38:ed:52:fe:13:85:42:4a:af:5f:
         7d:42:9e:8c:d8:ec:34:be:df:63:b5:3a:d7:a0:76:f3:62:f1:
         9b:09:48:58:ac:18:f4:6a:fb:fe:d2:31:72:cc:a1:18:b4:08:
         c8:8c:98:0c:5f:62:30:23:40:70:36:4b:79:0b:93:89:dd:26:
         15:94:ed:84:76:54:e5:12:d3:ea:b4:29:c9:8b:0a:47:d1:bc:
         8d:c3:84:10:24:f7:47:2d:f8:c8:98:5f:d3:1f:19:3e:86:4f:
         0c:48:0d:7c:bd:da:77:f1:d8:77:1c:d3:88:77:ae:f0:bf:e3:
         14:2f:51:ff:a0:10:c1:45:af:36:0b:91:f6:b5:78:0b:4f:95:
         a0:be:a9:9a:18:8c:86:2e:f4:92:42:8a:5f:a8:67:75:5d:8b:
         1b:6c:83:0e:06:0c:fc:2c:35:c6:97:f7:5e:34:74:e6:86:c8:
         28:c0:85:64
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQhRDOott2EkRjtoJ8KD6YnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NGQwNGMzOTY0MWI4MmI1ZGMzODQ0Y2Y1ZmY1NTBmNTQw
NDQ2ODkwHhcNMjUwMTAxMDk0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDAzZGFiMDQ4YWI0YjkwOWI1MDFlOGY4YzFhYzAzMmQ3OGQ2OGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvvf2FsJ3YT9Ryq4Q1rQha9k/z7fq
2sXGYKaX4PR8jUbHbRIL/z5BB+dyTUlFfWZWAiMevB+VOqyeSdCZYZyQ4E4i+Xlc
ZkYLV0rqbYlUFGqlVmXqpQlCS3yk56/3izuUaGYSmM9+uXuIVjx8cr7aljd85Htg
A5vtfi3mB1/m3gL+H30zgXalpPRx//AVWxyivVJHkjVuIjgBTAAn0oYj0Y28zrI6
pHI4nS33i8Z60T/jHTwpCcgDgH1eU8u84fjQh92S5H+sQlNwyRyrpDoay+CDKklU
FXmJ8OBGk+F9NEHQrGEO0zsIB3c524oC20p0ZkBAJthqA5YWlo2R5zTpTwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFBQD2rBIq0uQm1Aej4wawDLXjWjqMB8GA1UdIwQY
MBaAFCZNBMOWQbgrXcOETPX/VQ9UBEaJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmswRXc1WkJ1Q3RkdzRSTTlmOVZEMVFFUm9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC9hMDA5OWMtZDg2MC00OWE1LWI0NTkt
M2QwMDM2NjAzZWEwLzEvRkFQYXNFaXJTNUNiVUI2UGpCckFNdGVOYU9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC9hMDA5OWMtZDg2MC00OWE1LWI0NTktM2QwMDM2NjAzZWEw
LzEvSmswRXc1WkJ1Q3RkdzRSTTlmOVZEMVFFUm9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCH4QwAwQC
uY2sMA0EAgACMAcDBQMqDegAMA0GCSqGSIb3DQEBCwUAA4IBAQASWJy2R0Q/6oO8
od/bTpwpDNi32I4fgG3mpi6LEK4yW9wYHb9ZK0djKk25AnWzh9eoB1RkJON6Ox2I
Xc8WPW9fHBJFvsFDBF6tQgroxb5LmjjtUv4ThUJKr199Qp6M2Ow0vt9jtTrXoHbz
YvGbCUhYrBj0avv+0jFyzKEYtAjIjJgMX2IwI0BwNkt5C5OJ3SYVlO2EdlTlEtPq
tCnJiwpH0byNw4QQJPdHLfjImF/THxk+hk8MSA18vdp38dh3HNOId67wv+MUL1H/
oBDBRa82C5H2tXgLT5WgvqmaGIyGLvSSQopfqGd1XYsbbIMOBgz8LDXGl/deNHTm
hsgowIVk
-----END CERTIFICATE-----