Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a93da0-e155-4324-9ba9-62098d1ec1e6/1/fe1oOTHUFPkwFLaBhSJgtXk18K0.roa
File:                     fe1oOTHUFPkwFLaBhSJgtXk18K0.roa (raw, json)
Hash identifier:          fkkgIxypjSY0trqrdH7vDswC8HMHlpDfymztaFU8S48=
Subject key identifier:   7D:ED:68:39:31:D4:14:F9:30:14:B6:81:85:22:60:B5:79:35:F0:AD
Certificate issuer:       /CN=d04079bb7070ed0eeea3a1a467c79462bcc5455f
Certificate serial:       0194222005D257D4B258668E7DC850B25166
Authority key identifier: D0:40:79:BB:70:70:ED:0E:EE:A3:A1:A4:67:C7:94:62:BC:C5:45:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0EB5u3Bw7Q7uo6GkZ8eUYrzFRV8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/a93da0-e155-4324-9ba9-62098d1ec1e6/1/fe1oOTHUFPkwFLaBhSJgtXk18K0.roa
Signing time:             Wed 01 Jan 2025 13:48:31 +0000
ROA not before:           Wed 01 Jan 2025 13:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51782
IP address blocks:        149.255.168.0/21 maxlen: 24
                          185.66.204.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/a93da0-e155-4324-9ba9-62098d1ec1e6/1/0EB5u3Bw7Q7uo6GkZ8eUYrzFRV8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/a93da0-e155-4324-9ba9-62098d1ec1e6/1/0EB5u3Bw7Q7uo6GkZ8eUYrzFRV8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0EB5u3Bw7Q7uo6GkZ8eUYrzFRV8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:05:d2:57:d4:b2:58:66:8e:7d:c8:50:b2:51:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d04079bb7070ed0eeea3a1a467c79462bcc5455f
        Validity
            Not Before: Jan  1 13:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7ded683931d414f93014b681852260b57935f0ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:b9:36:84:99:04:de:be:70:bc:aa:64:69:c9:
                    d6:aa:61:a6:49:1e:d9:38:20:13:e1:f0:de:a3:27:
                    25:b6:75:9c:69:3c:2d:b7:37:ee:50:8c:da:39:8a:
                    6e:7c:af:9c:bc:b2:1a:e9:46:0c:49:22:38:81:7f:
                    14:4b:4e:a1:48:b2:4c:eb:bc:c2:dc:3f:c9:83:75:
                    dc:6a:d9:58:b4:6f:e1:d7:a3:d6:17:63:98:57:1d:
                    07:5a:d9:38:b1:74:19:cd:42:ab:1c:0b:a6:f0:28:
                    39:19:e8:ae:ff:62:9d:c9:17:ba:9f:72:c3:b5:0b:
                    b9:2f:7a:49:ff:84:56:3c:1f:49:5d:1e:06:12:00:
                    57:8c:1b:f9:c0:4c:ec:2c:d5:e0:46:96:33:50:73:
                    05:27:5b:b2:6a:45:55:2d:8d:23:41:c0:fd:cc:be:
                    a5:c1:e9:36:c2:64:d2:9f:43:94:41:e4:b4:91:93:
                    2a:35:a7:f6:f1:0b:f1:68:f7:69:df:f5:7e:2c:ee:
                    32:bb:0e:3f:f2:08:e6:d6:d3:72:ce:90:10:5a:78:
                    41:4e:89:83:09:86:36:1b:b0:96:0d:c7:6a:b4:63:
                    0c:89:86:1d:c5:31:43:32:f0:23:d3:0f:9c:32:d6:
                    31:26:ac:da:53:0d:e7:06:cb:6a:32:a4:80:f6:f1:
                    06:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:ED:68:39:31:D4:14:F9:30:14:B6:81:85:22:60:B5:79:35:F0:AD
            X509v3 Authority Key Identifier:
                keyid:D0:40:79:BB:70:70:ED:0E:EE:A3:A1:A4:67:C7:94:62:BC:C5:45:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0EB5u3Bw7Q7uo6GkZ8eUYrzFRV8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a93da0-e155-4324-9ba9-62098d1ec1e6/1/fe1oOTHUFPkwFLaBhSJgtXk18K0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a93da0-e155-4324-9ba9-62098d1ec1e6/1/0EB5u3Bw7Q7uo6GkZ8eUYrzFRV8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.255.168.0/21
                  185.66.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         00:47:8a:cd:ec:9c:61:1d:31:68:a9:2d:17:94:75:35:44:e3:
         af:1b:10:83:04:b8:54:1c:2c:ad:91:3c:eb:25:b7:ca:c1:a4:
         15:7a:40:1a:1f:4d:e0:5a:15:96:21:9a:51:fe:00:21:75:49:
         7b:b0:0f:a6:70:2c:bc:45:f6:e7:69:1d:8f:a6:13:13:ec:72:
         33:9d:85:d4:2b:66:b0:14:7f:d5:f0:b9:b2:9a:6f:8f:da:3d:
         9e:f0:01:64:ff:f3:7d:21:50:8d:15:19:1c:45:c6:76:d4:7c:
         20:b2:1f:7a:40:5f:e7:53:42:71:ff:67:95:69:29:b5:35:d9:
         e2:f6:2a:88:f1:00:2b:df:20:7a:ca:66:a1:da:eb:a1:a8:b3:
         ac:16:c1:ef:b1:69:94:cb:2a:0d:5b:90:b9:9f:3f:00:11:51:
         e6:f9:2f:d1:03:c1:2d:99:dc:98:5e:86:46:ff:8c:5c:51:7e:
         82:a7:b1:db:a7:42:89:db:b5:3a:90:b0:fc:46:83:71:cd:bc:
         04:80:59:a1:5f:37:ff:ac:bc:dc:a6:4e:88:9a:1b:af:64:11:
         ac:b8:d1:9a:e0:10:38:ea:d7:4f:63:05:42:af:43:c9:81:28:
         fc:0c:4f:63:7e:a1:ef:70:0a:91:4d:81:33:63:30:b6:fe:32:
         cf:ff:8b:ae
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiIAXSV9SyWGaOfchQslFmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwNDA3OWJiNzA3MGVkMGVlZWEzYTFhNDY3Yzc5NDYyYmNj
NTQ1NWYwHhcNMjUwMTAxMTM0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGVkNjgzOTMxZDQxNGY5MzAxNGI2ODE4NTIyNjBiNTc5MzVmMGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmbk2hJkE3r5wvKpkacnWqmGmSR7Z
OCAT4fDeoycltnWcaTwttzfuUIzaOYpufK+cvLIa6UYMSSI4gX8US06hSLJM67zC
3D/Jg3XcatlYtG/h16PWF2OYVx0HWtk4sXQZzUKrHAum8Cg5Geiu/2KdyRe6n3LD
tQu5L3pJ/4RWPB9JXR4GEgBXjBv5wEzsLNXgRpYzUHMFJ1uyakVVLY0jQcD9zL6l
wek2wmTSn0OUQeS0kZMqNaf28QvxaPdp3/V+LO4yuw4/8gjm1tNyzpAQWnhBTomD
CYY2G7CWDcdqtGMMiYYdxTFDMvAj0w+cMtYxJqzaUw3nBstqMqSA9vEGpQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH3taDkx1BT5MBS2gYUiYLV5NfCtMB8GA1UdIwQY
MBaAFNBAebtwcO0O7qOhpGfHlGK8xUVfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEVCNXUzQnc3UTd1bzZHa1o4ZVVZcnpGUlY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hOTNkYTAtZTE1NS00MzI0LTliYTkt
NjIwOThkMWVjMWU2LzEvZmUxb09USFVGUGt3RkxhQmhTSmd0WGsxOEswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hOTNkYTAtZTE1NS00MzI0LTliYTktNjIwOThkMWVjMWU2
LzEvMEVCNXUzQnc3UTd1bzZHa1o4ZVVZcnpGUlY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDlf+oAwQC
uULMMA0GCSqGSIb3DQEBCwUAA4IBAQAAR4rN7JxhHTFoqS0XlHU1ROOvGxCDBLhU
HCytkTzrJbfKwaQVekAaH03gWhWWIZpR/gAhdUl7sA+mcCy8RfbnaR2PphMT7HIz
nYXUK2awFH/V8Lmymm+P2j2e8AFk//N9IVCNFRkcRcZ21Hwgsh96QF/nU0Jx/2eV
aSm1Ndni9iqI8QAr3yB6ymah2uuhqLOsFsHvsWmUyyoNW5C5nz8AEVHm+S/RA8Et
mdyYXoZG/4xcUX6Cp7Hbp0KJ27U6kLD8RoNxzbwEgFmhXzf/rLzcpk6ImhuvZBGs
uNGa4BA46tdPYwVCr0PJgSj8DE9jfqHvcAqRTYEzYzC2/jLP/4uu
-----END CERTIFICATE-----