Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/cf7c19-1c7d-4ebe-b4dd-cbccf90455fe/1/fKVvugVq57Vok-HeOBFsVeEq_KY.roa
File:                     fKVvugVq57Vok-HeOBFsVeEq_KY.roa (raw, json)
Hash identifier:          F7Yehco5YSDWcARYN+I7zPfrg1uSQ0Y+IfgsllPqsIE=
Subject key identifier:   7C:A5:6F:BA:05:6A:E7:B5:68:93:E1:DE:38:11:6C:55:E1:2A:FC:A6
Certificate issuer:       /CN=2d2d7d9743de2efa2f633378a268f58f2aa16050
Certificate serial:       01941F8C25836CB33AC85E236BF59E15618C
Authority key identifier: 2D:2D:7D:97:43:DE:2E:FA:2F:63:33:78:A2:68:F5:8F:2A:A1:60:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LS19l0PeLvovYzN4omj1jyqhYFA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/cf7c19-1c7d-4ebe-b4dd-cbccf90455fe/1/fKVvugVq57Vok-HeOBFsVeEq_KY.roa
Signing time:             Wed 01 Jan 2025 01:47:45 +0000
ROA not before:           Wed 01 Jan 2025 01:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207656
IP address blocks:        193.218.118.0/24 maxlen: 24
                          193.218.119.0/24 maxlen: 24
                          2a0f:e586::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/cf7c19-1c7d-4ebe-b4dd-cbccf90455fe/1/LS19l0PeLvovYzN4omj1jyqhYFA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/cf7c19-1c7d-4ebe-b4dd-cbccf90455fe/1/LS19l0PeLvovYzN4omj1jyqhYFA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LS19l0PeLvovYzN4omj1jyqhYFA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 21:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:25:83:6c:b3:3a:c8:5e:23:6b:f5:9e:15:61:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d2d7d9743de2efa2f633378a268f58f2aa16050
        Validity
            Not Before: Jan  1 01:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7ca56fba056ae7b56893e1de38116c55e12afca6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:1b:19:8a:42:b4:92:77:8e:3c:4f:11:52:87:
                    64:a8:4f:44:5b:bf:9b:07:b5:d8:62:fe:1d:dd:89:
                    be:1c:c4:c3:2f:f8:97:fb:5f:81:14:2a:db:d2:92:
                    96:fa:4b:33:54:01:3c:93:a5:05:17:bc:45:dd:fa:
                    fc:5b:16:b4:d6:85:b9:60:53:0a:0b:7b:7e:c1:f6:
                    01:af:ab:e2:77:f4:c8:3d:96:ab:00:ae:a1:42:bf:
                    ba:1f:fa:bb:55:44:52:f9:75:37:44:ef:67:99:42:
                    11:62:19:a6:fa:f5:7b:da:ec:1b:a0:19:8b:ed:f2:
                    02:31:e6:67:03:87:aa:62:dc:66:fc:76:64:3f:3b:
                    e4:41:de:52:e7:8f:68:7c:f8:54:cc:5d:8b:5d:78:
                    10:e5:c0:2f:af:3f:01:77:2d:93:15:6f:89:98:98:
                    d0:60:59:bb:a9:1c:4b:c4:29:82:39:dc:97:95:1b:
                    c9:d3:f9:2e:a1:5f:33:4e:d1:95:dd:6c:8e:19:19:
                    67:73:1f:3d:b0:d5:61:ad:4a:ba:c5:32:f4:c7:7c:
                    6c:c2:8e:d2:1b:cd:54:14:f2:fa:74:df:fc:0a:cc:
                    df:a0:de:b4:12:cc:9c:94:a6:cb:c1:56:01:5a:1c:
                    f7:95:73:e7:37:f3:ab:1f:bb:7e:6a:cd:ec:eb:c3:
                    9c:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:A5:6F:BA:05:6A:E7:B5:68:93:E1:DE:38:11:6C:55:E1:2A:FC:A6
            X509v3 Authority Key Identifier:
                keyid:2D:2D:7D:97:43:DE:2E:FA:2F:63:33:78:A2:68:F5:8F:2A:A1:60:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LS19l0PeLvovYzN4omj1jyqhYFA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/cf7c19-1c7d-4ebe-b4dd-cbccf90455fe/1/fKVvugVq57Vok-HeOBFsVeEq_KY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/cf7c19-1c7d-4ebe-b4dd-cbccf90455fe/1/LS19l0PeLvovYzN4omj1jyqhYFA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.218.118.0/23
                IPv6:
                  2a0f:e586::/32

    Signature Algorithm: sha256WithRSAEncryption
         04:d4:8e:b3:98:bc:9f:8d:48:4b:21:a2:a4:bc:45:e3:09:fe:
         47:09:5b:0a:7c:ae:93:bd:4e:e3:64:81:d6:94:a6:77:a3:91:
         75:3a:70:46:ed:aa:ff:2b:08:ab:3a:16:49:29:e3:77:5d:42:
         fa:c2:01:a6:f7:17:0b:4e:26:98:4e:18:90:a4:ec:cb:3f:ae:
         3e:d1:7c:cd:86:f1:c8:69:65:da:34:02:dd:7a:68:e7:6d:1e:
         36:7d:f6:aa:05:13:62:c8:62:82:dc:57:c6:ce:76:bb:4b:2f:
         28:7b:b0:9e:89:65:cc:55:b3:04:3a:55:47:78:0a:a9:82:d9:
         5e:74:5d:f0:41:04:9b:96:6d:1f:1f:0a:91:65:5c:16:f4:bb:
         cd:8a:34:8c:19:b0:ab:0f:cb:9d:34:68:e3:54:3a:c9:55:f1:
         5b:67:fa:cb:41:9b:e8:d7:a5:3f:4c:71:a2:54:0a:13:ac:1c:
         09:12:55:18:d3:0a:ab:88:7f:f9:f6:6b:54:45:81:6f:3d:60:
         27:d5:d8:3c:dc:8e:2c:58:44:d0:fc:89:c1:c9:29:ba:19:6c:
         eb:80:80:e9:a9:1d:c5:61:9e:c1:f0:57:25:60:ee:2c:9d:18:
         05:9d:02:c3:2f:b4:d8:f4:c4:41:23:f2:56:02:21:33:ae:ae:
         e7:73:e0:5d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQfjCWDbLM6yF4ja/WeFWGMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMmQ3ZDk3NDNkZTJlZmEyZjYzMzM3OGEyNjhmNThmMmFh
MTYwNTAwHhcNMjUwMTAxMDE0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2E1NmZiYTA1NmFlN2I1Njg5M2UxZGUzODExNmM1NWUxMmFmY2E2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRsZikK0kneOPE8RUodkqE9EW7+b
B7XYYv4d3Ym+HMTDL/iX+1+BFCrb0pKW+kszVAE8k6UFF7xF3fr8Wxa01oW5YFMK
C3t+wfYBr6vid/TIPZarAK6hQr+6H/q7VURS+XU3RO9nmUIRYhmm+vV72uwboBmL
7fICMeZnA4eqYtxm/HZkPzvkQd5S549ofPhUzF2LXXgQ5cAvrz8Bdy2TFW+JmJjQ
YFm7qRxLxCmCOdyXlRvJ0/kuoV8zTtGV3WyOGRlncx89sNVhrUq6xTL0x3xswo7S
G81UFPL6dN/8CszfoN60EsyclKbLwVYBWhz3lXPnN/OrH7t+as3s68Oc5QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHylb7oFaue1aJPh3jgRbFXhKvymMB8GA1UdIwQY
MBaAFC0tfZdD3i76L2MzeKJo9Y8qoWBQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFMxOWwwUGVMdm92WXpONG9tajFqeXFoWUZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My9jZjdjMTktMWM3ZC00ZWJlLWI0ZGQt
Y2JjY2Y5MDQ1NWZlLzEvZktWdnVnVnE1N1Zvay1IZU9CRnNWZUVxX0tZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My9jZjdjMTktMWM3ZC00ZWJlLWI0ZGQtY2JjY2Y5MDQ1NWZl
LzEvTFMxOWwwUGVMdm92WXpONG9tajFqeXFoWUZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBwdp2MA0E
AgACMAcDBQAqD+WGMA0GCSqGSIb3DQEBCwUAA4IBAQAE1I6zmLyfjUhLIaKkvEXj
Cf5HCVsKfK6TvU7jZIHWlKZ3o5F1OnBG7ar/KwirOhZJKeN3XUL6wgGm9xcLTiaY
ThiQpOzLP64+0XzNhvHIaWXaNALdemjnbR42ffaqBRNiyGKC3FfGzna7Sy8oe7Ce
iWXMVbMEOlVHeAqpgtledF3wQQSblm0fHwqRZVwW9LvNijSMGbCrD8udNGjjVDrJ
VfFbZ/rLQZvo16U/THGiVAoTrBwJElUY0wqriH/59mtURYFvPWAn1dg83I4sWETQ
/InBySm6GWzrgIDpqR3FYZ7B8FclYO4snRgFnQLDL7TY9MRBI/JWAiEzrq7nc+Bd
-----END CERTIFICATE-----