Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/FYG5OM4w5SQGJkmvHdRozNN3YoM.roa
File:                     FYG5OM4w5SQGJkmvHdRozNN3YoM.roa (raw, json)
Hash identifier:          WPRLobATFe0RaSvbCILRQQkMpvNBKi8mV+NdLFRaxqg=
Subject key identifier:   15:81:B9:38:CE:30:E5:24:06:26:49:AF:1D:D4:68:CC:D3:77:62:83
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019421440BCB54D1161B97A9130FABEFB33B
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/FYG5OM4w5SQGJkmvHdRozNN3YoM.roa
Signing time:             Wed 01 Jan 2025 09:48:15 +0000
ROA not before:           Wed 01 Jan 2025 09:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209336
IP address blocks:        89.213.62.0/24 maxlen: 24
                          212.38.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:0b:cb:54:d1:16:1b:97:a9:13:0f:ab:ef:b3:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1581b938ce30e524062649af1dd468ccd3776283
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:27:b1:62:f8:60:13:94:75:f3:30:2e:de:d9:
                    69:b7:e4:d0:14:b5:1d:ca:8b:02:40:87:e3:d1:90:
                    1b:98:dc:df:68:e4:c9:0d:9d:07:54:b7:c2:e1:cb:
                    a7:7f:21:d2:61:1c:94:3c:f6:60:f5:df:2c:f2:49:
                    9b:a7:75:b3:c3:cd:84:02:d9:0c:14:f8:aa:93:0a:
                    46:2f:75:ac:fd:a7:34:41:fd:83:35:84:73:48:72:
                    db:99:a2:f8:11:39:53:ea:23:b6:f7:bd:a9:8b:4c:
                    9b:86:fb:33:4c:11:ff:fc:f7:12:4b:1b:75:62:af:
                    74:58:57:e7:36:75:30:bc:9c:c7:47:2c:8d:75:f7:
                    16:25:a4:b6:57:25:c1:92:2d:90:63:8b:0a:8d:33:
                    dc:1f:6a:d3:ce:6b:86:29:ab:5d:40:d8:08:85:ca:
                    d9:d0:a4:0d:37:ac:10:40:94:18:af:b4:0c:48:fc:
                    40:0c:3d:d4:fa:6b:55:7c:d4:18:e7:4b:ed:5a:e3:
                    80:86:51:21:70:90:22:5b:fa:e2:03:d3:45:19:8e:
                    7e:21:9d:4d:42:b3:89:b6:d1:5b:5f:20:7c:e5:e3:
                    22:cb:e8:4a:21:1c:81:18:3c:16:68:e6:1d:1a:be:
                    fd:c3:88:e6:df:e4:a4:69:c6:18:db:42:76:43:11:
                    25:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:81:B9:38:CE:30:E5:24:06:26:49:AF:1D:D4:68:CC:D3:77:62:83
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/FYG5OM4w5SQGJkmvHdRozNN3YoM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.62.0/24
                  212.38.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:b6:e5:89:78:ed:e0:71:97:ce:d4:00:7f:99:2c:34:83:94:
         7b:d8:2e:20:a5:92:e0:0f:52:f2:51:5f:a5:f7:82:61:6e:56:
         8c:0b:07:57:c9:9b:11:33:e4:7d:bf:74:76:08:78:4c:e5:bf:
         e1:9b:77:4a:d5:97:c2:72:3c:9c:dd:f4:f4:52:45:00:05:e5:
         56:bb:71:e5:a4:f3:05:32:b7:b5:ce:e2:17:b6:8f:83:5e:1a:
         1d:b8:e1:30:93:04:42:6e:33:4e:ed:b4:59:90:09:69:07:70:
         bc:36:1c:da:d6:8b:0d:82:88:5b:48:bb:d3:37:ea:93:c8:c9:
         99:aa:b2:1f:11:fc:42:62:9c:39:6e:12:dd:13:f4:6a:ba:f0:
         b4:39:d8:1e:49:cb:1e:d2:b1:08:f3:61:34:3f:ae:3c:2f:65:
         f7:ca:c9:e6:15:b3:51:8b:c7:53:2f:a1:d8:df:33:f8:a9:4a:
         c3:f0:bb:fd:5c:3d:c2:73:88:62:88:99:3c:e0:5d:b6:78:23:
         31:62:51:95:81:9b:da:91:0b:fb:9d:1a:e9:25:f4:79:62:de:
         5c:99:cf:88:36:d4:e7:8e:78:e8:74:a3:d0:40:fc:3e:be:3d:
         51:93:b0:98:0f:86:9d:00:e4:0c:f9:cb:7a:7f:4b:46:aa:03:
         c2:c2:83:71
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhRAvLVNEWG5epEw+r77M7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTgxYjkzOGNlMzBlNTI0MDYyNjQ5YWYxZGQ0NjhjY2QzNzc2MjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvCexYvhgE5R18zAu3tlpt+TQFLUd
yosCQIfj0ZAbmNzfaOTJDZ0HVLfC4cunfyHSYRyUPPZg9d8s8kmbp3Wzw82EAtkM
FPiqkwpGL3Ws/ac0Qf2DNYRzSHLbmaL4ETlT6iO2972pi0ybhvszTBH//PcSSxt1
Yq90WFfnNnUwvJzHRyyNdfcWJaS2VyXBki2QY4sKjTPcH2rTzmuGKatdQNgIhcrZ
0KQNN6wQQJQYr7QMSPxADD3U+mtVfNQY50vtWuOAhlEhcJAiW/riA9NFGY5+IZ1N
QrOJttFbXyB85eMiy+hKIRyBGDwWaOYdGr79w4jm3+SkacYY20J2QxElCwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBWBuTjOMOUkBiZJrx3UaMzTd2KDMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvRllHNU9NNHc1U1FHSmttdkhkUm96Tk4zWW9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWdU+AwQA
1CZHMA0GCSqGSIb3DQEBCwUAA4IBAQAituWJeO3gcZfO1AB/mSw0g5R72C4gpZLg
D1LyUV+l94JhblaMCwdXyZsRM+R9v3R2CHhM5b/hm3dK1ZfCcjyc3fT0UkUABeVW
u3HlpPMFMre1zuIXto+DXhoduOEwkwRCbjNO7bRZkAlpB3C8Nhza1osNgohbSLvT
N+qTyMmZqrIfEfxCYpw5bhLdE/RquvC0OdgeScse0rEI82E0P648L2X3ysnmFbNR
i8dTL6HY3zP4qUrD8Lv9XD3Cc4hiiJk84F22eCMxYlGVgZvakQv7nRrpJfR5Yt5c
mc+INtTnjnjodKPQQPw+vj1Rk7CYD4adAOQM+ct6f0tGqgPCwoNx
-----END CERTIFICATE-----