Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/FmNEfzs-SRSfbomfiiNIeqQS1sk.roa
File:                     FmNEfzs-SRSfbomfiiNIeqQS1sk.roa (raw, json)
Hash identifier:          DZqchwYxSvfrNSJm9BmQA3cTvM8eHMT7t5woC6TuhyE=
Subject key identifier:   16:63:44:7F:3B:3E:49:14:9F:6E:89:9F:8A:23:48:7A:A4:12:D6:C9
Certificate issuer:       /CN=abc8dbe52083ad335c9f1fde6016ec8b49293140
Certificate serial:       0194228D3C8A1D2E087E6F7C53FB9E6C4731
Authority key identifier: AB:C8:DB:E5:20:83:AD:33:5C:9F:1F:DE:60:16:EC:8B:49:29:31:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q8jb5SCDrTNcnx_eYBbsi0kpMUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/FmNEfzs-SRSfbomfiiNIeqQS1sk.roa
Signing time:             Wed 01 Jan 2025 15:47:48 +0000
ROA not before:           Wed 01 Jan 2025 15:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210340
IP address blocks:        195.114.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/q8jb5SCDrTNcnx_eYBbsi0kpMUA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/q8jb5SCDrTNcnx_eYBbsi0kpMUA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q8jb5SCDrTNcnx_eYBbsi0kpMUA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 16:11:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:3c:8a:1d:2e:08:7e:6f:7c:53:fb:9e:6c:47:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abc8dbe52083ad335c9f1fde6016ec8b49293140
        Validity
            Not Before: Jan  1 15:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1663447f3b3e49149f6e899f8a23487aa412d6c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:e8:e1:ad:49:ac:31:8f:9f:15:64:41:3f:a3:
                    4f:a3:2c:9a:0b:6b:b6:58:23:5b:7f:2d:36:3d:2f:
                    a8:25:d9:27:8a:83:62:b4:72:1d:23:76:42:a6:0e:
                    c4:df:5d:53:7e:af:3f:40:54:08:eb:ee:57:47:b6:
                    4e:f6:67:dd:4e:0e:9f:e5:90:61:65:1f:ba:46:71:
                    f9:c7:ef:b3:75:e0:f8:1a:b2:3f:17:5b:19:20:aa:
                    ce:fc:40:30:b4:8d:f8:d0:98:7a:07:ba:79:1d:d3:
                    66:b4:14:29:ca:86:8a:b2:69:4d:29:30:20:f6:17:
                    c3:1e:13:15:a7:a6:e7:61:66:d8:8f:cd:52:05:e1:
                    4a:9d:7b:8c:20:75:23:c7:49:8c:08:01:86:17:e0:
                    14:ea:10:d4:f2:7a:5d:09:a2:e6:4d:5a:81:8f:8a:
                    ba:8c:f9:75:45:3e:51:3b:7a:08:57:7c:eb:a1:d9:
                    d2:bc:3a:18:66:05:6f:fe:6e:32:87:ff:aa:7e:79:
                    d5:ac:29:c8:36:ad:8a:3b:87:62:28:2f:7a:6c:9d:
                    6c:5c:71:93:c5:31:4a:63:04:fe:49:63:d7:51:28:
                    85:0e:b5:7b:a6:99:b1:63:93:c8:40:3e:7e:6b:c1:
                    35:8a:23:92:bc:9d:d9:34:d5:17:a3:9c:87:18:c2:
                    04:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:63:44:7F:3B:3E:49:14:9F:6E:89:9F:8A:23:48:7A:A4:12:D6:C9
            X509v3 Authority Key Identifier:
                keyid:AB:C8:DB:E5:20:83:AD:33:5C:9F:1F:DE:60:16:EC:8B:49:29:31:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q8jb5SCDrTNcnx_eYBbsi0kpMUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/FmNEfzs-SRSfbomfiiNIeqQS1sk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/q8jb5SCDrTNcnx_eYBbsi0kpMUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.114.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:de:e4:43:df:bd:81:be:14:ea:34:49:fa:fb:63:c7:42:19:
         7a:6f:90:1d:b2:d6:c7:8c:f1:b7:7b:a8:86:e1:0f:83:c2:1c:
         e5:cd:65:3f:4a:2c:88:b2:35:a2:ec:e7:fd:2a:a5:d9:48:fd:
         65:ce:65:e5:39:01:df:26:62:16:da:98:ac:e9:eb:bb:69:e2:
         35:48:68:7a:ac:43:89:ce:0a:b0:c1:9e:9a:3a:45:a5:18:e4:
         93:ed:c7:8e:dc:89:9a:59:6a:4c:88:c2:19:1d:b1:da:e0:15:
         f6:4a:d4:84:6a:66:27:23:89:07:e3:03:f8:ba:f0:b9:4d:ce:
         0b:98:58:f1:0a:e0:df:4f:b0:a6:01:8f:97:87:5b:f8:7e:dd:
         a4:28:cd:bc:1d:17:48:60:13:e9:7f:f2:e9:e1:57:ac:c0:73:
         ad:f3:67:d7:ca:db:a2:ca:f7:4f:0e:a1:2a:99:d2:43:5e:6a:
         f1:e5:43:2a:53:df:e7:cd:37:22:2c:c5:da:c2:2a:fb:30:00:
         82:bf:6f:3c:a1:60:71:cd:c6:7f:c6:95:d8:0c:e7:25:a8:bb:
         b4:4d:5f:ee:19:84:7a:f1:27:62:82:f0:e7:4e:c9:22:05:b1:
         9d:f9:01:1f:3a:28:30:0f:3b:4d:1b:bd:52:b3:d1:3f:c9:d2:
         e7:bd:56:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijTyKHS4Ifm98U/uebEcxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiYzhkYmU1MjA4M2FkMzM1YzlmMWZkZTYwMTZlYzhiNDky
OTMxNDAwHhcNMjUwMTAxMTU0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjYzNDQ3ZjNiM2U0OTE0OWY2ZTg5OWY4YTIzNDg3YWE0MTJkNmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArOjhrUmsMY+fFWRBP6NPoyyaC2u2
WCNbfy02PS+oJdknioNitHIdI3ZCpg7E311Tfq8/QFQI6+5XR7ZO9mfdTg6f5ZBh
ZR+6RnH5x++zdeD4GrI/F1sZIKrO/EAwtI340Jh6B7p5HdNmtBQpyoaKsmlNKTAg
9hfDHhMVp6bnYWbYj81SBeFKnXuMIHUjx0mMCAGGF+AU6hDU8npdCaLmTVqBj4q6
jPl1RT5RO3oIV3zrodnSvDoYZgVv/m4yh/+qfnnVrCnINq2KO4diKC96bJ1sXHGT
xTFKYwT+SWPXUSiFDrV7ppmxY5PIQD5+a8E1iiOSvJ3ZNNUXo5yHGMIE3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBZjRH87PkkUn26Jn4ojSHqkEtbJMB8GA1UdIwQY
MBaAFKvI2+Ugg60zXJ8f3mAW7ItJKTFAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcThqYjVTQ0RyVE5jbnhfZVlCYnNpMGtwTVVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9jZTZjY2ItMjVjZi00OTE3LWIzY2Qt
MzA1NmFmOWEzMzVlLzEvRm1ORWZ6cy1TUlNmYm9tZmlpTkllcVFTMXNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9jZTZjY2ItMjVjZi00OTE3LWIzY2QtMzA1NmFmOWEzMzVl
LzEvcThqYjVTQ0RyVE5jbnhfZVlCYnNpMGtwTVVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw3KGMA0G
CSqGSIb3DQEBCwUAA4IBAQAq3uRD372BvhTqNEn6+2PHQhl6b5AdstbHjPG3e6iG
4Q+DwhzlzWU/SiyIsjWi7Of9KqXZSP1lzmXlOQHfJmIW2pis6eu7aeI1SGh6rEOJ
zgqwwZ6aOkWlGOST7ceO3ImaWWpMiMIZHbHa4BX2StSEamYnI4kH4wP4uvC5Tc4L
mFjxCuDfT7CmAY+Xh1v4ft2kKM28HRdIYBPpf/Lp4VeswHOt82fXytuiyvdPDqEq
mdJDXmrx5UMqU9/nzTciLMXawir7MACCv288oWBxzcZ/xpXYDOclqLu0TV/uGYR6
8SdigvDnTskiBbGd+QEfOigwDztNG71Ss9E/ydLnvVZn
-----END CERTIFICATE-----