Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/fcea50-fe47-4664-9267-c0dccdb7a905/1/iq6cggpLyhLXIPMceZzj6A6ieSo.roa
File:                     iq6cggpLyhLXIPMceZzj6A6ieSo.roa (raw, json)
Hash identifier:          2Q+RThf982J7lEvTN7V9KTNdApYIItFmCQYJyXZjAuE=
Subject key identifier:   8A:AE:9C:82:0A:4B:CA:12:D7:20:F3:1C:79:9C:E3:E8:0E:A2:79:2A
Certificate issuer:       /CN=fc157d396ed992843daeef7b9cca73b043966c08
Certificate serial:       0196EDC14C8EE7EA0FD31BD802F4A345DA18
Authority key identifier: FC:15:7D:39:6E:D9:92:84:3D:AE:EF:7B:9C:CA:73:B0:43:96:6C:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_BV9OW7ZkoQ9ru97nMpzsEOWbAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/fcea50-fe47-4664-9267-c0dccdb7a905/1/iq6cggpLyhLXIPMceZzj6A6ieSo.roa
Signing time:             Tue 20 May 2025 12:53:10 +0000
ROA not before:           Tue 20 May 2025 12:53:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207724
IP address blocks:        217.18.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/fcea50-fe47-4664-9267-c0dccdb7a905/1/_BV9OW7ZkoQ9ru97nMpzsEOWbAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/fcea50-fe47-4664-9267-c0dccdb7a905/1/_BV9OW7ZkoQ9ru97nMpzsEOWbAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_BV9OW7ZkoQ9ru97nMpzsEOWbAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Jun 2025 18:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ed:c1:4c:8e:e7:ea:0f:d3:1b:d8:02:f4:a3:45:da:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc157d396ed992843daeef7b9cca73b043966c08
        Validity
            Not Before: May 20 12:53:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8aae9c820a4bca12d720f31c799ce3e80ea2792a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:7d:2b:d3:d7:6e:99:64:ed:9c:c2:27:c1:f0:
                    e0:7e:d3:8b:e2:1a:32:c4:82:5b:cb:3f:98:32:a1:
                    43:93:7b:72:b0:db:d8:b2:1b:01:01:f8:00:26:4c:
                    7a:57:e1:33:99:63:22:9f:9c:7e:d7:8e:5b:1c:7c:
                    f4:9a:71:32:7a:31:ba:28:cf:cc:58:4b:94:c5:d8:
                    44:c4:11:7c:22:4b:b8:87:82:b7:7e:c3:3b:5a:81:
                    21:b6:00:c9:2c:a3:f0:a5:34:ec:a3:8c:c5:1b:bb:
                    ef:61:27:a3:20:f2:06:0e:e2:55:57:bc:c8:37:5d:
                    6a:ba:84:42:4f:a8:5c:a0:68:e5:4e:ba:55:8a:2a:
                    28:dc:9c:27:5f:2d:67:7a:0a:93:64:7e:e0:4e:c6:
                    8a:16:4f:ee:26:ac:ab:e7:d5:d9:f9:f2:ef:fc:8c:
                    ff:03:2b:40:cc:3d:58:e6:54:ca:ab:c1:16:5b:f8:
                    ba:78:2f:7c:d2:f2:1a:14:45:e0:98:dd:7c:e2:bc:
                    2b:39:e5:52:0d:cc:3e:75:07:9d:f6:4f:83:b7:db:
                    dc:ab:b1:90:5a:2c:08:84:d4:fa:ca:c7:4e:42:f9:
                    b6:2c:40:dd:45:40:51:09:7d:50:71:11:58:a4:56:
                    f3:f4:30:bb:0f:af:b6:74:df:c5:4e:c4:12:f7:88:
                    1a:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:AE:9C:82:0A:4B:CA:12:D7:20:F3:1C:79:9C:E3:E8:0E:A2:79:2A
            X509v3 Authority Key Identifier:
                keyid:FC:15:7D:39:6E:D9:92:84:3D:AE:EF:7B:9C:CA:73:B0:43:96:6C:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_BV9OW7ZkoQ9ru97nMpzsEOWbAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/fcea50-fe47-4664-9267-c0dccdb7a905/1/iq6cggpLyhLXIPMceZzj6A6ieSo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/fcea50-fe47-4664-9267-c0dccdb7a905/1/_BV9OW7ZkoQ9ru97nMpzsEOWbAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.18.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:70:78:57:5c:47:34:d5:3f:60:19:5b:36:48:3b:8a:1a:d6:
         e2:00:b8:87:ac:d1:e4:38:c2:05:79:ae:74:a2:fb:a4:e5:00:
         0a:90:9b:e6:a3:8a:5d:27:68:59:ca:47:20:25:0e:5e:20:1f:
         da:fe:0d:21:77:da:6b:bb:c9:c1:96:36:ba:d3:b6:5f:ca:d6:
         08:92:79:5b:5a:aa:96:a7:b0:f2:fe:e4:be:fc:c9:75:1d:82:
         7e:45:4b:a0:75:96:50:26:90:cf:73:ec:57:28:0e:43:7b:ac:
         0f:ca:2e:3c:f9:2e:93:9d:7d:45:92:08:0b:85:d1:50:96:71:
         12:d7:9d:52:3a:9c:80:de:35:4a:ac:f4:ce:fc:81:bf:34:7b:
         aa:d9:49:e5:a4:86:35:1b:fb:53:65:a5:4a:9e:bb:99:22:57:
         f7:f7:36:35:9f:d5:18:22:e5:a8:00:95:44:58:d2:25:f5:57:
         77:63:bd:66:11:20:f1:f7:a6:0b:2d:46:86:b3:1e:af:41:c9:
         7b:c1:2b:57:f4:fd:76:46:4a:d3:a4:4e:ba:c9:7d:a1:46:b1:
         53:20:14:7d:39:c1:59:84:e1:1a:db:8f:86:be:4f:18:2c:b7:
         46:ed:f2:80:c3:08:23:0b:9e:d6:8e:15:6c:9f:8c:0a:4d:54:
         6d:86:74:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbtwUyO5+oP0xvYAvSjRdoYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjMTU3ZDM5NmVkOTkyODQzZGFlZWY3YjljY2E3M2IwNDM5
NjZjMDgwHhcNMjUwNTIwMTI1MzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWFlOWM4MjBhNGJjYTEyZDcyMGYzMWM3OTljZTNlODBlYTI3OTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzX0r09dumWTtnMInwfDgftOL4hoy
xIJbyz+YMqFDk3tysNvYshsBAfgAJkx6V+EzmWMin5x+145bHHz0mnEyejG6KM/M
WEuUxdhExBF8Iku4h4K3fsM7WoEhtgDJLKPwpTTso4zFG7vvYSejIPIGDuJVV7zI
N11quoRCT6hcoGjlTrpViioo3JwnXy1negqTZH7gTsaKFk/uJqyr59XZ+fLv/Iz/
AytAzD1Y5lTKq8EWW/i6eC980vIaFEXgmN184rwrOeVSDcw+dQed9k+Dt9vcq7GQ
WiwIhNT6ysdOQvm2LEDdRUBRCX1QcRFYpFbz9DC7D6+2dN/FTsQS94gaoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIqunIIKS8oS1yDzHHmc4+gOonkqMB8GA1UdIwQY
MBaAFPwVfTlu2ZKEPa7ve5zKc7BDlmwIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0JWOU9XN1prb1E5cnU5N25NcHpzRU9XYkFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9mY2VhNTAtZmU0Ny00NjY0LTkyNjct
YzBkY2NkYjdhOTA1LzEvaXE2Y2dncEx5aExYSVBNY2Vaemo2QTZpZVNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9mY2VhNTAtZmU0Ny00NjY0LTkyNjctYzBkY2NkYjdhOTA1
LzEvX0JWOU9XN1prb1E5cnU5N25NcHpzRU9XYkFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RJeMA0G
CSqGSIb3DQEBCwUAA4IBAQBHcHhXXEc01T9gGVs2SDuKGtbiALiHrNHkOMIFea50
ovuk5QAKkJvmo4pdJ2hZykcgJQ5eIB/a/g0hd9pru8nBlja607ZfytYIknlbWqqW
p7Dy/uS+/Ml1HYJ+RUugdZZQJpDPc+xXKA5De6wPyi48+S6TnX1FkggLhdFQlnES
151SOpyA3jVKrPTO/IG/NHuq2UnlpIY1G/tTZaVKnruZIlf39zY1n9UYIuWoAJVE
WNIl9Vd3Y71mESDx96YLLUaGsx6vQcl7wStX9P12RkrTpE66yX2hRrFTIBR9OcFZ
hOEa24+Gvk8YLLdG7fKAwwgjC57WjhVsn4wKTVRthnR8
-----END CERTIFICATE-----