Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/72d48b-865a-4e6e-96f3-5768d37f7bb5/1/FFFquzyoI6V8zUirU5qgTnYffFE.roa
File:                     FFFquzyoI6V8zUirU5qgTnYffFE.roa (raw, json)
Hash identifier:          UkzzNUPit9F8YYAkgHSPwBmxXN79Y3LDHaSScH7xgPY=
Subject key identifier:   14:51:6A:BB:3C:A8:23:A5:7C:CD:48:AB:53:9A:A0:4E:76:1F:7C:51
Certificate issuer:       /CN=f356cdd5a49ce6c42a9a35fa77b9727819688896
Certificate serial:       01941F8C99723CCCD7FA38FDBA0B3D2A605B
Authority key identifier: F3:56:CD:D5:A4:9C:E6:C4:2A:9A:35:FA:77:B9:72:78:19:68:88:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/81bN1aSc5sQqmjX6d7lyeBloiJY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/72d48b-865a-4e6e-96f3-5768d37f7bb5/1/FFFquzyoI6V8zUirU5qgTnYffFE.roa
Signing time:             Wed 01 Jan 2025 01:48:15 +0000
ROA not before:           Wed 01 Jan 2025 01:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        2.57.1.0/24 maxlen: 24
                          134.99.0.0/16 maxlen: 16
                          134.99.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/72d48b-865a-4e6e-96f3-5768d37f7bb5/1/81bN1aSc5sQqmjX6d7lyeBloiJY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/72d48b-865a-4e6e-96f3-5768d37f7bb5/1/81bN1aSc5sQqmjX6d7lyeBloiJY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/81bN1aSc5sQqmjX6d7lyeBloiJY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:99:72:3c:cc:d7:fa:38:fd:ba:0b:3d:2a:60:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f356cdd5a49ce6c42a9a35fa77b9727819688896
        Validity
            Not Before: Jan  1 01:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=14516abb3ca823a57ccd48ab539aa04e761f7c51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:6e:bd:ef:6b:20:28:6f:11:e2:ce:74:f2:4b:
                    97:ad:50:20:24:a5:7d:f8:e0:0d:0f:b5:84:dc:81:
                    fb:77:e0:46:3a:16:5a:e2:98:fa:3d:fe:8a:58:a9:
                    0a:94:40:33:a7:55:60:33:ba:0d:06:47:d9:57:8e:
                    b4:9f:3e:14:6f:a7:bd:05:03:21:53:a6:fb:a5:8c:
                    6e:d1:14:31:d5:bc:a2:58:57:22:24:95:74:5b:56:
                    86:60:3e:f7:9b:3c:4a:85:30:54:a0:e1:11:d8:71:
                    66:7b:05:fb:68:4c:e6:8b:4e:85:24:87:40:96:5a:
                    76:b6:be:22:5d:aa:19:cb:0a:01:35:15:0e:aa:6b:
                    d5:40:da:3c:80:0d:63:63:75:9e:23:cf:55:8e:7e:
                    df:f0:45:7f:aa:e6:c2:58:ca:1d:0b:99:23:55:cc:
                    5d:ad:ea:80:64:ae:7f:47:03:37:a6:e3:19:da:ea:
                    53:7f:fe:19:b4:99:92:81:4f:ca:7d:96:91:9a:47:
                    38:1e:1f:7f:18:bb:07:9f:aa:90:de:6a:59:df:77:
                    3e:c8:17:96:fd:78:10:cc:4d:78:95:00:40:bd:f7:
                    c3:65:5a:4d:78:63:6e:68:70:55:13:02:ac:86:8a:
                    20:a5:d7:9c:ec:75:c0:4b:5d:83:2b:7e:eb:03:75:
                    b7:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:51:6A:BB:3C:A8:23:A5:7C:CD:48:AB:53:9A:A0:4E:76:1F:7C:51
            X509v3 Authority Key Identifier:
                keyid:F3:56:CD:D5:A4:9C:E6:C4:2A:9A:35:FA:77:B9:72:78:19:68:88:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/81bN1aSc5sQqmjX6d7lyeBloiJY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/72d48b-865a-4e6e-96f3-5768d37f7bb5/1/FFFquzyoI6V8zUirU5qgTnYffFE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/72d48b-865a-4e6e-96f3-5768d37f7bb5/1/81bN1aSc5sQqmjX6d7lyeBloiJY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.1.0/24
                  134.99.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         0b:29:1c:4b:6e:1b:03:96:6e:d7:05:0b:8b:76:d0:c1:57:55:
         32:f2:29:0e:61:01:1d:10:2c:ee:80:c5:2b:b3:5f:1c:69:d7:
         f4:c6:f1:6f:6e:96:97:22:bc:d7:52:ec:30:f8:a7:e4:fd:f1:
         a0:7a:5b:10:06:2b:0b:84:c7:77:b4:5d:91:3b:62:04:dc:10:
         a3:fd:03:07:1b:79:14:fd:9b:d1:21:f2:2a:33:cc:eb:d1:09:
         b3:de:fc:0f:b4:2d:d9:38:f5:ab:70:a1:01:2b:dc:af:8c:f6:
         ac:47:dc:b5:37:7c:41:88:ae:5e:db:5f:30:3c:42:35:fb:01:
         b0:28:5f:c3:ba:4f:1a:44:1d:86:40:fe:ca:93:5e:8c:17:9f:
         9b:0b:cb:79:87:13:1e:38:21:09:a9:a3:c7:0f:43:f2:c8:fb:
         e7:47:d0:4d:83:a9:b1:50:cc:30:d1:cb:a6:72:c1:bb:d8:bb:
         c6:ba:9b:ef:04:2e:71:da:e4:cd:b1:89:56:92:d8:41:8f:d5:
         d5:8b:70:80:86:08:bf:0e:92:bc:f9:a6:85:11:f8:e2:47:5d:
         0a:25:77:3c:b1:4a:8e:60:17:e2:0f:33:2a:5e:0b:76:36:07:
         5d:89:cb:d1:78:4f:78:67:3f:0d:78:8e:ce:39:ff:0a:ca:a3:
         53:96:6a:a9
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAZQfjJlyPMzX+jj9ugs9KmBbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzNTZjZGQ1YTQ5Y2U2YzQyYTlhMzVmYTc3Yjk3Mjc4MTk2
ODg4OTYwHhcNMjUwMTAxMDE0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDUxNmFiYjNjYTgyM2E1N2NjZDQ4YWI1MzlhYTA0ZTc2MWY3YzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvG6972sgKG8R4s508kuXrVAgJKV9
+OAND7WE3IH7d+BGOhZa4pj6Pf6KWKkKlEAzp1VgM7oNBkfZV460nz4Ub6e9BQMh
U6b7pYxu0RQx1byiWFciJJV0W1aGYD73mzxKhTBUoOER2HFmewX7aEzmi06FJIdA
llp2tr4iXaoZywoBNRUOqmvVQNo8gA1jY3WeI89Vjn7f8EV/qubCWModC5kjVcxd
reqAZK5/RwM3puMZ2upTf/4ZtJmSgU/KfZaRmkc4Hh9/GLsHn6qQ3mpZ33c+yBeW
/XgQzE14lQBAvffDZVpNeGNuaHBVEwKshoogpdec7HXAS12DK37rA3W3VQIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFBRRars8qCOlfM1Iq1OaoE52H3xRMB8GA1UdIwQY
MBaAFPNWzdWknObEKpo1+ne5cngZaIiWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODFiTjFhU2M1c1FxbWpYNmQ3bHllQmxvaUpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni83MmQ0OGItODY1YS00ZTZlLTk2ZjMt
NTc2OGQzN2Y3YmI1LzEvRkZGcXV6eW9JNlY4elVpclU1cWdUbllmZkZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni83MmQ0OGItODY1YS00ZTZlLTk2ZjMtNTc2OGQzN2Y3YmI1
LzEvODFiTjFhU2M1c1FxbWpYNmQ3bHllQmxvaUpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAATALAwQAAjkBAwMA
hmMwDQYJKoZIhvcNAQELBQADggEBAAspHEtuGwOWbtcFC4t20MFXVTLyKQ5hAR0Q
LO6AxSuzXxxp1/TG8W9ulpcivNdS7DD4p+T98aB6WxAGKwuEx3e0XZE7YgTcEKP9
AwcbeRT9m9Eh8iozzOvRCbPe/A+0Ldk49atwoQEr3K+M9qxH3LU3fEGIrl7bXzA8
QjX7AbAoX8O6TxpEHYZA/sqTXowXn5sLy3mHEx44IQmpo8cPQ/LI++dH0E2DqbFQ
zDDRy6ZywbvYu8a6m+8ELnHa5M2xiVaS2EGP1dWLcICGCL8Okrz5poUR+OJHXQol
dzyxSo5gF+IPMypeC3Y2B12Jy9F4T3hnPw14js45/wrKo1OWaqk=
-----END CERTIFICATE-----