Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/5a2117-f583-445d-b72e-eba9c5cb32d0/1/FMd4ncvFc0vMJ63ZqH_KhMZqr00.roa
File:                     FMd4ncvFc0vMJ63ZqH_KhMZqr00.roa (raw, json)
Hash identifier:          GAIpznWNN7ttQuk7XL5JgmFjADI10rnA9JaXxJOak4g=
Subject key identifier:   14:C7:78:9D:CB:C5:73:4B:CC:27:AD:D9:A8:7F:CA:84:C6:6A:AF:4D
Certificate issuer:       /CN=a4929fcd61dc69dccfbe01d5ff0035b41ac95260
Certificate serial:       019423D6AA560B6FF28EC6C4C68116150E03
Authority key identifier: A4:92:9F:CD:61:DC:69:DC:CF:BE:01:D5:FF:00:35:B4:1A:C9:52:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pJKfzWHcadzPvgHV_wA1tBrJUmA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/5a2117-f583-445d-b72e-eba9c5cb32d0/1/FMd4ncvFc0vMJ63ZqH_KhMZqr00.roa
Signing time:             Wed 01 Jan 2025 21:47:38 +0000
ROA not before:           Wed 01 Jan 2025 21:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216050
IP address blocks:        45.150.16.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/5a2117-f583-445d-b72e-eba9c5cb32d0/1/pJKfzWHcadzPvgHV_wA1tBrJUmA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/5a2117-f583-445d-b72e-eba9c5cb32d0/1/pJKfzWHcadzPvgHV_wA1tBrJUmA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pJKfzWHcadzPvgHV_wA1tBrJUmA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 18:01:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:aa:56:0b:6f:f2:8e:c6:c4:c6:81:16:15:0e:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4929fcd61dc69dccfbe01d5ff0035b41ac95260
        Validity
            Not Before: Jan  1 21:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=14c7789dcbc5734bcc27add9a87fca84c66aaf4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:46:49:e3:0a:4e:01:3d:56:85:70:68:aa:5b:
                    b6:b0:72:9a:f0:bd:9f:cb:e1:a2:c9:48:d8:ad:e7:
                    0d:01:96:f0:99:20:9d:85:a5:d5:e0:a9:70:c8:4f:
                    88:60:a0:04:60:33:24:83:c6:46:10:6e:7b:51:31:
                    88:a6:fa:8d:34:16:be:03:88:14:5b:c4:e0:d7:ef:
                    13:9d:1b:fb:d1:52:10:c6:41:c1:42:b8:7b:cc:15:
                    3e:fc:90:fd:a2:53:80:26:0a:e1:ce:19:4c:11:60:
                    27:73:7c:97:3d:c6:07:de:12:9a:e9:50:c5:af:38:
                    89:22:a5:a7:02:83:30:bb:92:94:83:23:fd:0c:1c:
                    32:b7:15:1b:47:d2:c9:68:c3:f0:db:73:fe:72:dd:
                    24:8b:b7:d0:30:21:af:63:78:d7:86:c3:68:5a:40:
                    a7:78:7d:9a:fd:ec:cd:3f:ba:62:e4:34:f2:8c:5b:
                    1e:1e:c9:fa:37:4d:52:71:07:43:76:9b:bb:ea:7f:
                    8b:01:df:32:8f:82:2c:d4:95:f1:43:53:1f:c3:0c:
                    f8:c4:bb:5b:2a:0c:f3:e1:9f:72:62:2c:57:0a:40:
                    eb:94:5a:9f:54:a0:db:30:b3:26:59:4a:4d:e5:68:
                    cd:b1:8b:3d:b0:20:0d:13:51:53:d7:0d:d0:58:32:
                    1a:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:C7:78:9D:CB:C5:73:4B:CC:27:AD:D9:A8:7F:CA:84:C6:6A:AF:4D
            X509v3 Authority Key Identifier:
                keyid:A4:92:9F:CD:61:DC:69:DC:CF:BE:01:D5:FF:00:35:B4:1A:C9:52:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pJKfzWHcadzPvgHV_wA1tBrJUmA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/5a2117-f583-445d-b72e-eba9c5cb32d0/1/FMd4ncvFc0vMJ63ZqH_KhMZqr00.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/5a2117-f583-445d-b72e-eba9c5cb32d0/1/pJKfzWHcadzPvgHV_wA1tBrJUmA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5c:aa:05:de:4d:0f:17:d2:70:c2:04:e2:94:df:3f:48:75:d3:
         91:87:63:0c:74:36:70:f2:62:df:41:2e:e5:8c:fc:ee:b0:ef:
         1e:19:eb:1c:46:d3:b9:b8:8a:2e:4f:14:b2:65:3f:cf:df:68:
         26:04:79:eb:88:dc:19:8a:86:b7:9e:f2:dc:d3:21:65:36:ab:
         a4:3e:37:ce:d5:4d:4e:41:9c:df:45:0d:d6:5e:d3:37:15:82:
         ec:09:60:f3:e2:b6:fa:cf:14:d0:8d:0b:39:e6:6c:61:ff:45:
         9d:e2:b5:2b:7a:82:ef:00:50:d4:fe:8e:62:ed:e5:18:0a:6e:
         67:9f:69:b3:96:be:3d:23:56:e9:19:14:e4:61:77:89:95:1d:
         92:27:d8:ba:c4:0a:55:e5:ad:c2:3b:23:84:c3:fd:a3:ec:73:
         e6:88:5a:44:3c:61:97:4c:2c:bf:3a:96:40:4a:b0:e7:12:a8:
         1a:4b:7c:f1:6b:30:94:79:a4:ce:d3:00:e4:0d:ca:19:99:37:
         2d:3d:cf:ed:11:d6:4f:10:99:ec:66:ed:a4:01:a3:36:77:d1:
         e0:a9:80:05:2f:45:55:eb:e9:f0:1a:ab:c7:5f:ba:fc:21:bf:
         4c:23:9e:05:90:f5:06:62:df:b0:36:fa:f7:f1:47:4c:06:e8:
         2c:ef:9c:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1qpWC2/yjsbExoEWFQ4DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0OTI5ZmNkNjFkYzY5ZGNjZmJlMDFkNWZmMDAzNWI0MWFj
OTUyNjAwHhcNMjUwMTAxMjE0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGM3Nzg5ZGNiYzU3MzRiY2MyN2FkZDlhODdmY2E4NGM2NmFhZjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvkZJ4wpOAT1WhXBoqlu2sHKa8L2f
y+GiyUjYrecNAZbwmSCdhaXV4KlwyE+IYKAEYDMkg8ZGEG57UTGIpvqNNBa+A4gU
W8Tg1+8TnRv70VIQxkHBQrh7zBU+/JD9olOAJgrhzhlMEWAnc3yXPcYH3hKa6VDF
rziJIqWnAoMwu5KUgyP9DBwytxUbR9LJaMPw23P+ct0ki7fQMCGvY3jXhsNoWkCn
eH2a/ezNP7pi5DTyjFseHsn6N01ScQdDdpu76n+LAd8yj4Is1JXxQ1Mfwwz4xLtb
Kgzz4Z9yYixXCkDrlFqfVKDbMLMmWUpN5WjNsYs9sCANE1FT1w3QWDIavwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBTHeJ3LxXNLzCet2ah/yoTGaq9NMB8GA1UdIwQY
MBaAFKSSn81h3Gncz74B1f8ANbQayVJgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEpLZnpXSGNhZHpQdmdIVl93QTF0QnJKVW1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy81YTIxMTctZjU4My00NDVkLWI3MmUt
ZWJhOWM1Y2IzMmQwLzEvRk1kNG5jdkZjMHZNSjYzWnFIX0toTVpxcjAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy81YTIxMTctZjU4My00NDVkLWI3MmUtZWJhOWM1Y2IzMmQw
LzEvcEpLZnpXSGNhZHpQdmdIVl93QTF0QnJKVW1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZYQMA0G
CSqGSIb3DQEBCwUAA4IBAQBcqgXeTQ8X0nDCBOKU3z9IddORh2MMdDZw8mLfQS7l
jPzusO8eGescRtO5uIouTxSyZT/P32gmBHnriNwZioa3nvLc0yFlNqukPjfO1U1O
QZzfRQ3WXtM3FYLsCWDz4rb6zxTQjQs55mxh/0Wd4rUreoLvAFDU/o5i7eUYCm5n
n2mzlr49I1bpGRTkYXeJlR2SJ9i6xApV5a3COyOEw/2j7HPmiFpEPGGXTCy/OpZA
SrDnEqgaS3zxazCUeaTO0wDkDcoZmTctPc/tEdZPEJnsZu2kAaM2d9HgqYAFL0VV
6+nwGqvHX7r8Ib9MI54FkPUGYt+wNvr38UdMBugs75x0
-----END CERTIFICATE-----