Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/FXO7cpBTEkFUwCkqDmIqVUncss8.roa
File:                     FXO7cpBTEkFUwCkqDmIqVUncss8.roa (raw, json)
Hash identifier:          8PYaTiCjbkBjdk+nXqelVrh2P0hUN5rV4w99tsLgWVY=
Subject key identifier:   15:73:BB:72:90:53:12:41:54:C0:29:2A:0E:62:2A:55:49:DC:B2:CF
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       0194282755FF88797540B31AAD577ECBCB27
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/FXO7cpBTEkFUwCkqDmIqVUncss8.roa
Signing time:             Thu 02 Jan 2025 17:54:14 +0000
ROA not before:           Thu 02 Jan 2025 17:54:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     26832
IP address blocks:        185.141.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:55:ff:88:79:75:40:b3:1a:ad:57:7e:cb:cb:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan  2 17:54:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1573bb729053124154c0292a0e622a5549dcb2cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:2c:bb:f7:4b:ff:42:2c:15:24:f4:9e:a9:9a:
                    1e:d3:75:6c:67:76:84:28:3c:ad:dc:00:29:bc:55:
                    1f:0f:2a:88:ff:76:7d:00:b9:83:b2:90:ee:62:91:
                    ea:76:3a:17:33:c4:9c:fa:b5:8a:64:86:f0:33:82:
                    3b:89:bb:a1:c2:1c:96:09:a3:b5:72:c1:cc:9d:74:
                    f1:c6:ef:a3:c0:27:05:43:3f:ea:ce:0a:05:f3:ae:
                    39:32:7c:fa:04:63:51:0b:6b:33:2e:80:c7:ac:8c:
                    6e:69:31:2d:8b:5c:d4:a0:49:71:b2:cd:82:96:c2:
                    58:5e:97:f6:2a:ff:fa:fe:95:cd:38:3d:b7:88:70:
                    a5:96:98:8b:ca:d2:04:21:7e:a7:b4:16:6a:40:5d:
                    01:69:54:f4:94:ff:ef:0b:ba:80:76:c1:a3:ca:aa:
                    1e:40:9f:7e:27:e8:92:1f:d1:9f:d6:cb:a1:92:8f:
                    a6:49:cf:b7:4f:78:9c:40:3d:33:98:6d:ad:9b:bb:
                    bb:5e:dd:4a:09:8c:8f:80:f1:f4:ef:42:30:16:ad:
                    ed:65:55:32:1f:c5:7f:02:30:f9:e0:f0:95:51:12:
                    77:d7:be:14:fc:a0:26:2f:1d:aa:d8:77:74:6a:4a:
                    80:55:d9:74:eb:0f:d8:07:b2:94:87:88:c6:53:5a:
                    85:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:73:BB:72:90:53:12:41:54:C0:29:2A:0E:62:2A:55:49:DC:B2:CF
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/FXO7cpBTEkFUwCkqDmIqVUncss8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.141.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:9b:23:92:9d:ea:ae:ce:b9:03:48:a1:3a:f8:02:3d:e8:3e:
         2e:bf:07:6f:e6:4e:d8:85:5e:57:4d:ae:a2:b0:91:d9:84:3e:
         88:e7:5f:b5:d6:b3:f8:52:1b:b1:24:75:5b:e2:fd:a0:85:2d:
         2f:b2:07:57:31:b3:58:1e:61:79:dc:01:2b:25:05:ab:a6:a7:
         06:a9:d6:fe:5f:c1:67:c4:a3:f3:83:e1:74:2d:04:57:76:c8:
         83:48:33:5b:7c:69:78:a8:27:21:27:54:a9:3f:03:63:f8:c0:
         fa:97:c6:01:7d:47:59:09:2c:27:61:aa:aa:b8:7c:8c:74:bb:
         91:84:9f:e5:0e:49:b5:cd:63:15:26:a8:ec:fd:3b:8a:31:55:
         90:97:fb:1c:df:37:4b:25:68:ac:05:80:db:67:62:94:65:83:
         16:c1:63:6f:7d:d0:91:a0:0c:88:39:1c:e9:a3:c2:4a:51:95:
         31:8d:25:57:e1:fd:2d:b5:c8:6d:bf:b8:3c:c3:3e:97:b8:53:
         96:48:5b:c0:49:5f:fd:b9:be:64:20:24:77:00:17:d7:18:24:
         38:53:37:51:d7:09:10:29:8c:72:cf:f6:96:8d:12:5f:72:26:
         3c:9a:66:a5:e8:27:ac:f0:a4:84:3c:cd:02:96:aa:63:6e:c4:
         c7:36:9e:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJ1X/iHl1QLMarVd+y8snMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwMTAyMTc1NDE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTczYmI3MjkwNTMxMjQxNTRjMDI5MmEwZTYyMmE1NTQ5ZGNiMmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4yy790v/QiwVJPSeqZoe03VsZ3aE
KDyt3AApvFUfDyqI/3Z9ALmDspDuYpHqdjoXM8Sc+rWKZIbwM4I7ibuhwhyWCaO1
csHMnXTxxu+jwCcFQz/qzgoF8645Mnz6BGNRC2szLoDHrIxuaTEti1zUoElxss2C
lsJYXpf2Kv/6/pXNOD23iHCllpiLytIEIX6ntBZqQF0BaVT0lP/vC7qAdsGjyqoe
QJ9+J+iSH9Gf1suhko+mSc+3T3icQD0zmG2tm7u7Xt1KCYyPgPH070IwFq3tZVUy
H8V/AjD54PCVURJ3174U/KAmLx2q2Hd0akqAVdl06w/YB7KUh4jGU1qFuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBVzu3KQUxJBVMApKg5iKlVJ3LLPMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvRlhPN2NwQlRFa0ZVd0NrcURtSXFWVW5jc3M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY3YMA0G
CSqGSIb3DQEBCwUAA4IBAQCRmyOSnequzrkDSKE6+AI96D4uvwdv5k7YhV5XTa6i
sJHZhD6I51+11rP4UhuxJHVb4v2ghS0vsgdXMbNYHmF53AErJQWrpqcGqdb+X8Fn
xKPzg+F0LQRXdsiDSDNbfGl4qCchJ1SpPwNj+MD6l8YBfUdZCSwnYaqquHyMdLuR
hJ/lDkm1zWMVJqjs/TuKMVWQl/sc3zdLJWisBYDbZ2KUZYMWwWNvfdCRoAyIORzp
o8JKUZUxjSVX4f0ttchtv7g8wz6XuFOWSFvASV/9ub5kICR3ABfXGCQ4UzdR1wkQ
KYxyz/aWjRJfciY8mmal6Ces8KSEPM0ClqpjbsTHNp4f
-----END CERTIFICATE-----