Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/FMoS-o9DiVgUmecx3SfvDXEo6xw.roa
File:                     FMoS-o9DiVgUmecx3SfvDXEo6xw.roa (raw, json)
Hash identifier:          1UzCsZkjWYFE709BjoGlEdeWX/dMS9WtM2S2yyY1T4U=
Subject key identifier:   14:CA:12:FA:8F:43:89:58:14:99:E7:31:DD:27:EF:0D:71:28:EB:1C
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       01975662FFDAA240C54986A6D852920B00E6
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/FMoS-o9DiVgUmecx3SfvDXEo6xw.roa
Signing time:             Mon 09 Jun 2025 20:30:17 +0000
ROA not before:           Mon 09 Jun 2025 20:30:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29802
IP address blocks:        5.102.104.0/22 maxlen: 24
                          5.102.116.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Jun 2025 22:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:56:62:ff:da:a2:40:c5:49:86:a6:d8:52:92:0b:00:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Jun  9 20:30:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=14ca12fa8f4389581499e731dd27ef0d7128eb1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:22:0a:5f:d5:1c:47:98:52:04:e6:63:6a:12:
                    97:e7:23:00:26:02:f1:94:52:41:0b:8e:c7:51:95:
                    20:5f:9d:5d:39:db:82:43:89:f5:78:45:13:44:7b:
                    0f:4a:51:ca:dc:3e:cc:5c:70:45:9a:4c:a4:1e:22:
                    10:d7:5f:ce:65:da:5b:f6:ef:80:4a:70:57:5e:c6:
                    0d:73:46:b2:5d:e5:21:cc:bf:5a:bc:2a:b3:1d:ce:
                    43:df:71:3d:ad:51:b1:43:11:0c:01:c3:05:1c:49:
                    1a:48:5d:b3:2f:3e:2a:b0:c8:64:e5:4c:72:87:f9:
                    7a:27:cf:6d:fd:03:fd:f0:58:14:12:8b:63:f4:f2:
                    94:7c:a2:37:e4:1b:ef:08:66:bb:11:f6:ee:d7:8e:
                    28:d2:66:10:15:35:5f:2c:51:df:39:78:71:58:8f:
                    5f:7b:73:6d:cd:04:2d:6d:95:82:02:ad:c6:84:6b:
                    0c:35:c5:91:09:be:8b:d7:47:55:a1:9d:c1:f9:50:
                    83:70:40:c6:fb:64:36:5d:d7:33:d0:72:0f:46:78:
                    25:81:88:aa:55:53:90:4b:1e:ea:0f:9e:dc:eb:1f:
                    e0:96:b7:10:b8:52:c3:bb:1a:1d:5b:4b:94:a0:be:
                    9e:85:fa:66:46:d4:0e:ba:b8:81:83:23:05:87:59:
                    47:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:CA:12:FA:8F:43:89:58:14:99:E7:31:DD:27:EF:0D:71:28:EB:1C
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/FMoS-o9DiVgUmecx3SfvDXEo6xw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.104.0/22
                  5.102.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1e:86:23:a0:87:83:d0:f4:f1:14:b0:a2:46:4a:dd:bd:e9:73:
         a0:00:40:9e:19:aa:a3:e1:14:f2:91:03:16:b9:52:40:89:fb:
         c9:aa:93:ef:0a:81:8d:6d:54:bf:64:c4:c1:74:a8:e1:bd:7c:
         7f:5c:00:e8:83:2c:9c:2d:10:4f:8e:b7:74:f2:be:2f:16:6a:
         9c:75:fc:b9:e5:33:80:dc:f8:e2:30:ce:dd:9d:fb:0f:0f:4f:
         56:b0:96:2d:9c:25:6e:45:6d:77:4b:d6:af:a0:30:71:54:91:
         53:07:93:c0:0b:5d:a3:5f:f0:66:72:c0:8d:bd:3d:bb:82:aa:
         3e:74:91:97:0f:39:50:fc:88:d9:46:b0:97:93:8a:1e:3c:62:
         d5:57:1d:a9:60:85:65:ec:53:be:15:e9:85:b1:64:0c:c1:a8:
         a6:34:79:7c:cc:85:34:31:23:c7:37:c7:30:93:3a:ca:f0:42:
         2a:f1:60:7a:31:9b:a1:9c:3f:67:01:b8:92:0c:d9:48:1d:36:
         13:1b:ca:40:fa:6c:2b:b6:c2:45:d5:a6:96:0a:64:be:9a:50:
         cb:3c:1c:83:2e:92:cb:6e:57:a7:37:97:1e:11:46:67:94:23:
         f1:04:92:82:22:70:d1:b4:46:9d:1b:96:9f:cd:d7:5a:1f:ff:
         46:59:4b:5f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZdWYv/aokDFSYam2FKSCwDmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjUwNjA5MjAzMDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGNhMTJmYThmNDM4OTU4MTQ5OWU3MzFkZDI3ZWYwZDcxMjhlYjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvyIKX9UcR5hSBOZjahKX5yMAJgLx
lFJBC47HUZUgX51dOduCQ4n1eEUTRHsPSlHK3D7MXHBFmkykHiIQ11/OZdpb9u+A
SnBXXsYNc0ayXeUhzL9avCqzHc5D33E9rVGxQxEMAcMFHEkaSF2zLz4qsMhk5Uxy
h/l6J89t/QP98FgUEotj9PKUfKI35BvvCGa7Efbu144o0mYQFTVfLFHfOXhxWI9f
e3NtzQQtbZWCAq3GhGsMNcWRCb6L10dVoZ3B+VCDcEDG+2Q2Xdcz0HIPRnglgYiq
VVOQSx7qD57c6x/glrcQuFLDuxodW0uUoL6ehfpmRtQOuriBgyMFh1lHKwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBTKEvqPQ4lYFJnnMd0n7w1xKOscMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvRk1vUy1vOURpVmdVbWVjeDNTZnZEWEVvNnh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCBWZoAwQC
BWZ0MA0GCSqGSIb3DQEBCwUAA4IBAQAehiOgh4PQ9PEUsKJGSt296XOgAECeGaqj
4RTykQMWuVJAifvJqpPvCoGNbVS/ZMTBdKjhvXx/XADogyycLRBPjrd08r4vFmqc
dfy55TOA3PjiMM7dnfsPD09WsJYtnCVuRW13S9avoDBxVJFTB5PAC12jX/BmcsCN
vT27gqo+dJGXDzlQ/IjZRrCXk4oePGLVVx2pYIVl7FO+FemFsWQMwaimNHl8zIU0
MSPHN8cwkzrK8EIq8WB6MZuhnD9nAbiSDNlIHTYTG8pA+mwrtsJF1aaWCmS+mlDL
PByDLpLLblenN5ceEUZnlCPxBJKCInDRtEadG5afzddaH/9GWUtf
-----END CERTIFICATE-----