Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/159860-f832-438a-9e6f-76a141cdd41f/1/FS82XW-k77zMqGngn5r7_Yo2ofY.roa
File:                     FS82XW-k77zMqGngn5r7_Yo2ofY.roa (raw, json)
Hash identifier:          HKhziiZ0vfYbPizRPboCVEcmyagdxZmch8FNJ52Iiys=
Subject key identifier:   15:2F:36:5D:6F:A4:EF:BC:CC:A8:69:E0:9F:9A:FB:FD:8A:36:A1:F6
Certificate issuer:       /CN=8107dc036d9d6c28f1d87ab64e78ee485a96fd81
Certificate serial:       019422202508D7CBBA83418604DDDEC40EA2
Authority key identifier: 81:07:DC:03:6D:9D:6C:28:F1:D8:7A:B6:4E:78:EE:48:5A:96:FD:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gQfcA22dbCjx2Hq2TnjuSFqW_YE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/159860-f832-438a-9e6f-76a141cdd41f/1/FS82XW-k77zMqGngn5r7_Yo2ofY.roa
Signing time:             Wed 01 Jan 2025 13:48:39 +0000
ROA not before:           Wed 01 Jan 2025 13:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199214
IP address blocks:        91.240.74.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/159860-f832-438a-9e6f-76a141cdd41f/1/gQfcA22dbCjx2Hq2TnjuSFqW_YE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/159860-f832-438a-9e6f-76a141cdd41f/1/gQfcA22dbCjx2Hq2TnjuSFqW_YE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gQfcA22dbCjx2Hq2TnjuSFqW_YE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:25:08:d7:cb:ba:83:41:86:04:dd:de:c4:0e:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8107dc036d9d6c28f1d87ab64e78ee485a96fd81
        Validity
            Not Before: Jan  1 13:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=152f365d6fa4efbccca869e09f9afbfd8a36a1f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:48:98:43:bb:e9:85:8d:af:d7:46:0c:ab:03:
                    fb:31:22:b4:43:3c:07:37:19:ba:6c:d4:00:b5:6d:
                    8a:1a:75:b8:18:88:33:ee:10:ff:10:ad:f6:1a:6a:
                    f5:bb:02:94:7b:5c:d3:c7:08:7b:39:8c:84:5c:e6:
                    90:95:dc:4a:0c:ec:d9:6e:96:29:85:de:f6:6f:d2:
                    4c:19:a5:0b:3c:21:87:64:f9:ca:04:c5:4e:15:f2:
                    91:d3:6b:61:29:b1:7c:7d:08:4e:28:e5:d4:02:83:
                    44:d2:c9:95:3d:80:8f:cd:ee:e6:4f:54:7a:c5:c6:
                    b3:c5:f6:19:10:fd:31:13:85:b5:be:db:91:5b:23:
                    34:eb:4a:cc:b3:fe:17:84:e0:2f:d7:17:f7:05:b1:
                    43:68:6e:29:c1:20:2e:56:ba:b1:f5:1e:6a:ba:f3:
                    05:f1:04:f3:ac:89:c5:41:9d:ec:e5:01:42:5a:e3:
                    d4:ae:c7:2e:8e:1b:fa:ad:a5:82:8f:0e:87:6f:47:
                    3b:d8:d7:06:87:df:cd:06:66:1b:31:3c:da:2f:12:
                    93:77:18:e7:8b:d4:ad:a2:c8:f8:09:50:6b:ee:97:
                    fa:9c:6f:fb:6f:29:e1:bc:3b:0d:52:6b:9b:aa:29:
                    88:a5:76:54:76:9f:2e:3a:5a:fa:80:8c:3f:46:db:
                    b5:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:2F:36:5D:6F:A4:EF:BC:CC:A8:69:E0:9F:9A:FB:FD:8A:36:A1:F6
            X509v3 Authority Key Identifier:
                keyid:81:07:DC:03:6D:9D:6C:28:F1:D8:7A:B6:4E:78:EE:48:5A:96:FD:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gQfcA22dbCjx2Hq2TnjuSFqW_YE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/159860-f832-438a-9e6f-76a141cdd41f/1/FS82XW-k77zMqGngn5r7_Yo2ofY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/159860-f832-438a-9e6f-76a141cdd41f/1/gQfcA22dbCjx2Hq2TnjuSFqW_YE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.74.0/23

    Signature Algorithm: sha256WithRSAEncryption
         29:37:81:53:cb:c9:d9:33:17:f7:c4:2c:ff:2d:8f:73:ed:4c:
         38:e5:01:b1:40:cf:14:57:3c:51:2c:04:cb:0c:7c:ac:f8:fa:
         1c:f0:f7:cb:c2:e5:94:9d:a0:74:e1:0e:be:15:e9:db:21:f0:
         6b:94:38:96:94:eb:99:6d:77:7e:49:1b:f6:87:e8:99:f7:ee:
         30:98:79:4e:6e:1b:c6:5b:cc:fb:5a:99:48:c9:79:d8:9f:26:
         aa:d1:ae:41:85:f7:17:2f:47:02:6e:76:f8:2b:8f:2f:53:1a:
         9d:f9:f0:36:00:7c:d0:7b:c4:1a:6f:48:50:79:a6:65:a4:9a:
         30:97:c7:64:db:d8:bd:6a:f1:9b:4b:b7:e6:4a:8f:b0:e8:78:
         1e:d7:d8:6e:42:34:fb:16:56:9e:f2:75:09:da:38:59:8a:67:
         2a:7c:94:b0:e0:ba:64:90:70:c2:7c:5a:69:4a:6d:9a:89:e4:
         ad:d2:46:7e:be:f3:8a:47:75:d5:f8:ee:07:1c:11:a0:e6:cf:
         04:c9:16:1c:1f:a6:80:f3:c3:9d:5c:a3:a2:59:05:2d:43:a7:
         0b:18:da:1e:2c:21:73:6a:a0:25:56:59:e7:11:f9:cd:34:d3:
         d4:9f:c8:0d:db:35:3c:3b:59:24:c2:11:b7:09:5a:10:14:b6:
         6e:73:7b:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiICUI18u6g0GGBN3exA6iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxMDdkYzAzNmQ5ZDZjMjhmMWQ4N2FiNjRlNzhlZTQ4NWE5
NmZkODEwHhcNMjUwMTAxMTM0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTJmMzY1ZDZmYTRlZmJjY2NhODY5ZTA5ZjlhZmJmZDhhMzZhMWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUiYQ7vphY2v10YMqwP7MSK0QzwH
Nxm6bNQAtW2KGnW4GIgz7hD/EK32Gmr1uwKUe1zTxwh7OYyEXOaQldxKDOzZbpYp
hd72b9JMGaULPCGHZPnKBMVOFfKR02thKbF8fQhOKOXUAoNE0smVPYCPze7mT1R6
xcazxfYZEP0xE4W1vtuRWyM060rMs/4XhOAv1xf3BbFDaG4pwSAuVrqx9R5quvMF
8QTzrInFQZ3s5QFCWuPUrscujhv6raWCjw6Hb0c72NcGh9/NBmYbMTzaLxKTdxjn
i9Stosj4CVBr7pf6nG/7bynhvDsNUmubqimIpXZUdp8uOlr6gIw/Rtu1JwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBUvNl1vpO+8zKhp4J+a+/2KNqH2MB8GA1UdIwQY
MBaAFIEH3ANtnWwo8dh6tk547khalv2BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1FmY0EyMmRiQ2p4MkhxMlRuanVTRnFXX1lFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi8xNTk4NjAtZjgzMi00MzhhLTllNmYt
NzZhMTQxY2RkNDFmLzEvRlM4MlhXLWs3N3pNcUduZ241cjdfWW8yb2ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi8xNTk4NjAtZjgzMi00MzhhLTllNmYtNzZhMTQxY2RkNDFm
LzEvZ1FmY0EyMmRiQ2p4MkhxMlRuanVTRnFXX1lFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW/BKMA0G
CSqGSIb3DQEBCwUAA4IBAQApN4FTy8nZMxf3xCz/LY9z7Uw45QGxQM8UVzxRLATL
DHys+Poc8PfLwuWUnaB04Q6+FenbIfBrlDiWlOuZbXd+SRv2h+iZ9+4wmHlObhvG
W8z7WplIyXnYnyaq0a5BhfcXL0cCbnb4K48vUxqd+fA2AHzQe8Qab0hQeaZlpJow
l8dk29i9avGbS7fmSo+w6Hge19huQjT7Flae8nUJ2jhZimcqfJSw4LpkkHDCfFpp
Sm2aieSt0kZ+vvOKR3XV+O4HHBGg5s8EyRYcH6aA88OdXKOiWQUtQ6cLGNoeLCFz
aqAlVlnnEfnNNNPUn8gN2zU8O1kkwhG3CVoQFLZuc3vb
-----END CERTIFICATE-----