Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/2d8053-3812-4497-9777-9ce798d01f8d/1/FtRwgK_I9t-YF_sE7UyodoqDTX4.roa
File:                     FtRwgK_I9t-YF_sE7UyodoqDTX4.roa (raw, json)
Hash identifier:          Dqn0JGEobLwx+9jJ1AESQC6JXGtHX+GiTsykBk6YE2c=
Subject key identifier:   16:D4:70:80:AF:C8:F6:DF:98:17:FB:04:ED:4C:A8:76:8A:83:4D:7E
Certificate issuer:       /CN=ac987fa1f363ed8d8178282c6748081dcc342803
Certificate serial:       019421B1C06534E87B3C8AAF5C8AF11E01FB
Authority key identifier: AC:98:7F:A1:F3:63:ED:8D:81:78:28:2C:67:48:08:1D:CC:34:28:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rJh_ofNj7Y2BeCgsZ0gIHcw0KAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/2d8053-3812-4497-9777-9ce798d01f8d/1/FtRwgK_I9t-YF_sE7UyodoqDTX4.roa
Signing time:             Wed 01 Jan 2025 11:48:04 +0000
ROA not before:           Wed 01 Jan 2025 11:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16019
IP address blocks:        178.211.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/2d8053-3812-4497-9777-9ce798d01f8d/1/rJh_ofNj7Y2BeCgsZ0gIHcw0KAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/2d8053-3812-4497-9777-9ce798d01f8d/1/rJh_ofNj7Y2BeCgsZ0gIHcw0KAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rJh_ofNj7Y2BeCgsZ0gIHcw0KAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 23:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:c0:65:34:e8:7b:3c:8a:af:5c:8a:f1:1e:01:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac987fa1f363ed8d8178282c6748081dcc342803
        Validity
            Not Before: Jan  1 11:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=16d47080afc8f6df9817fb04ed4ca8768a834d7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:cd:64:db:bd:c0:71:ba:96:47:14:20:33:97:
                    53:85:06:92:10:a8:ba:eb:0c:86:30:65:a0:7a:10:
                    7c:df:43:c9:b4:cf:df:dc:3b:f9:37:3f:bb:97:26:
                    2f:27:8f:c3:7a:6b:b0:05:cd:e4:2d:ff:47:7f:77:
                    81:1e:8a:42:32:ec:db:6e:72:0d:37:a5:b5:e9:fc:
                    0d:2e:3a:cb:8a:13:5a:20:b9:3f:5f:27:70:6b:cf:
                    49:05:eb:1a:7b:cb:b3:98:fc:48:42:97:a5:48:d7:
                    96:f4:e5:a6:51:17:7f:4f:d8:3c:62:67:db:d9:43:
                    84:b6:f4:ea:b1:45:12:27:8c:6b:5f:3a:c6:1b:a5:
                    6f:e5:43:29:68:06:7e:0d:58:40:4b:1a:f2:8e:e8:
                    24:b0:23:0f:3b:86:e1:96:c9:bc:e7:ea:ee:f0:86:
                    7d:b0:6a:46:1a:c2:9b:89:f3:75:4a:6f:f9:47:8e:
                    c2:11:8f:de:77:89:2f:21:eb:ee:ee:f8:a8:cd:89:
                    4b:0e:f9:0e:92:a8:96:a3:47:2d:9b:d2:0c:53:32:
                    4b:cc:75:68:4c:a8:b8:31:e0:79:26:06:78:ed:e0:
                    04:6b:d6:55:91:a9:1e:09:7c:a2:c0:10:a7:c4:6b:
                    40:a4:5c:e2:eb:6c:28:fa:1d:55:e2:94:4c:af:41:
                    8f:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:D4:70:80:AF:C8:F6:DF:98:17:FB:04:ED:4C:A8:76:8A:83:4D:7E
            X509v3 Authority Key Identifier:
                keyid:AC:98:7F:A1:F3:63:ED:8D:81:78:28:2C:67:48:08:1D:CC:34:28:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rJh_ofNj7Y2BeCgsZ0gIHcw0KAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/2d8053-3812-4497-9777-9ce798d01f8d/1/FtRwgK_I9t-YF_sE7UyodoqDTX4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/2d8053-3812-4497-9777-9ce798d01f8d/1/rJh_ofNj7Y2BeCgsZ0gIHcw0KAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.211.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:56:93:00:5a:35:65:60:a6:31:fa:12:32:7f:9b:9b:d1:4f:
         e5:3c:d9:91:ef:ff:ae:3a:dc:4c:6d:7f:dd:f1:4f:dc:a2:09:
         74:5d:9d:47:94:66:35:54:c0:ef:fb:40:43:7f:a1:53:92:c3:
         f6:20:f9:a1:f7:6d:55:1b:14:b0:42:91:d8:ce:2f:d2:b6:81:
         d9:17:7b:94:5f:28:a9:93:b4:2a:5e:97:df:a1:a2:d8:d2:89:
         0a:ff:c9:43:65:e6:33:b7:4b:9b:73:34:a9:fa:24:6d:db:96:
         8b:14:39:ae:d1:c6:ce:50:54:f5:3d:45:74:e8:94:c8:67:0e:
         89:f2:63:ac:17:16:79:e4:ab:3b:6c:4f:c1:b8:ab:7d:84:8d:
         41:0c:a4:31:9f:d1:9f:e4:3c:5b:1b:b0:71:d4:fb:68:c4:17:
         17:9c:11:d9:67:6a:88:06:15:c1:f8:da:ac:e6:15:a6:8b:7e:
         96:a5:c7:a3:67:eb:56:7d:ad:7e:a0:61:16:40:bf:5f:30:0f:
         56:64:d7:4a:c0:1c:f2:46:74:6f:c5:ad:02:e0:ab:41:5f:72:
         d9:e4:37:97:39:81:ac:03:99:41:51:76:1e:fb:92:3b:d6:27:
         27:2b:a8:21:d6:e3:80:61:f5:1a:58:de:06:42:38:35:ab:c8:
         13:0f:f9:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhscBlNOh7PIqvXIrxHgH7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjOTg3ZmExZjM2M2VkOGQ4MTc4MjgyYzY3NDgwODFkY2Mz
NDI4MDMwHhcNMjUwMTAxMTE0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmQ0NzA4MGFmYzhmNmRmOTgxN2ZiMDRlZDRjYTg3NjhhODM0ZDdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr81k273AcbqWRxQgM5dThQaSEKi6
6wyGMGWgehB830PJtM/f3Dv5Nz+7lyYvJ4/DemuwBc3kLf9Hf3eBHopCMuzbbnIN
N6W16fwNLjrLihNaILk/Xydwa89JBesae8uzmPxIQpelSNeW9OWmURd/T9g8Ymfb
2UOEtvTqsUUSJ4xrXzrGG6Vv5UMpaAZ+DVhASxryjugksCMPO4bhlsm85+ru8IZ9
sGpGGsKbifN1Sm/5R47CEY/ed4kvIevu7viozYlLDvkOkqiWo0ctm9IMUzJLzHVo
TKi4MeB5JgZ47eAEa9ZVkakeCXyiwBCnxGtApFzi62wo+h1V4pRMr0GPpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBbUcICvyPbfmBf7BO1MqHaKg01+MB8GA1UdIwQY
MBaAFKyYf6HzY+2NgXgoLGdICB3MNCgDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckpoX29mTmo3WTJCZUNnc1owZ0lIY3cwS0FNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS8yZDgwNTMtMzgxMi00NDk3LTk3Nzct
OWNlNzk4ZDAxZjhkLzEvRnRSd2dLX0k5dC1ZRl9zRTdVeW9kb3FEVFg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS8yZDgwNTMtMzgxMi00NDk3LTk3NzctOWNlNzk4ZDAxZjhk
LzEvckpoX29mTmo3WTJCZUNnc1owZ0lIY3cwS0FNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAstOTMA0G
CSqGSIb3DQEBCwUAA4IBAQCRVpMAWjVlYKYx+hIyf5ub0U/lPNmR7/+uOtxMbX/d
8U/cogl0XZ1HlGY1VMDv+0BDf6FTksP2IPmh921VGxSwQpHYzi/StoHZF3uUXyip
k7QqXpffoaLY0okK/8lDZeYzt0ubczSp+iRt25aLFDmu0cbOUFT1PUV06JTIZw6J
8mOsFxZ55Ks7bE/BuKt9hI1BDKQxn9Gf5DxbG7Bx1PtoxBcXnBHZZ2qIBhXB+Nqs
5hWmi36WpcejZ+tWfa1+oGEWQL9fMA9WZNdKwBzyRnRvxa0C4KtBX3LZ5DeXOYGs
A5lBUXYe+5I71icnK6gh1uOAYfUaWN4GQjg1q8gTD/ky
-----END CERTIFICATE-----