Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/54bac8-bf50-44d2-ad42-388d8ad2a5bb/1/F-U-cDtSSag2W1wAvfbUo3fdaQs.roa
File:                     F-U-cDtSSag2W1wAvfbUo3fdaQs.roa (raw, json)
Hash identifier:          2Ga8t3NnP1c8+shLsR913ttQ8XGLyvFZpunmc/03AyI=
Subject key identifier:   17:E5:3E:70:3B:52:49:A8:36:5B:5C:00:BD:F6:D4:A3:77:DD:69:0B
Certificate issuer:       /CN=1a9154e1c5578b0fef8abb779f8117e64e884d18
Certificate serial:       019425FC18E7E1E992F7BD0DAE357571627A
Authority key identifier: 1A:91:54:E1:C5:57:8B:0F:EF:8A:BB:77:9F:81:17:E6:4E:88:4D:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GpFU4cVXiw_virt3n4EX5k6ITRg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/54bac8-bf50-44d2-ad42-388d8ad2a5bb/1/F-U-cDtSSag2W1wAvfbUo3fdaQs.roa
Signing time:             Thu 02 Jan 2025 07:47:45 +0000
ROA not before:           Thu 02 Jan 2025 07:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7029
IP address blocks:        193.176.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/54bac8-bf50-44d2-ad42-388d8ad2a5bb/1/GpFU4cVXiw_virt3n4EX5k6ITRg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/54bac8-bf50-44d2-ad42-388d8ad2a5bb/1/GpFU4cVXiw_virt3n4EX5k6ITRg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GpFU4cVXiw_virt3n4EX5k6ITRg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 04:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:18:e7:e1:e9:92:f7:bd:0d:ae:35:75:71:62:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a9154e1c5578b0fef8abb779f8117e64e884d18
        Validity
            Not Before: Jan  2 07:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=17e53e703b5249a8365b5c00bdf6d4a377dd690b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:31:e2:06:cc:d6:c5:38:29:85:6b:be:0b:22:
                    36:fd:3c:a6:24:d6:89:bd:8e:2a:32:e6:db:f1:03:
                    00:04:25:40:60:e4:66:4f:b6:9d:13:8f:6b:3d:50:
                    ef:74:86:f9:85:a6:bd:cd:46:6b:7e:0c:81:77:b9:
                    4a:c8:06:c5:db:0d:91:1b:81:ed:4a:fa:9e:97:22:
                    90:3d:69:1b:a5:3e:a9:9a:e7:f1:bb:02:77:be:7f:
                    ea:e5:d9:f0:77:69:2b:f4:39:58:44:f5:5e:f1:57:
                    8b:aa:0c:59:e2:61:e4:bb:75:aa:48:6b:a9:5b:fb:
                    83:77:87:96:59:ef:13:91:f9:7c:e5:9a:db:8f:2f:
                    77:af:9c:52:a2:37:69:9b:f7:ee:b4:34:ad:19:fd:
                    4f:c2:5a:9c:a5:31:67:60:8d:67:40:5b:90:2c:9a:
                    64:36:4a:42:9e:87:f1:d6:2e:d1:b9:fa:8f:41:61:
                    49:bb:04:cd:1a:2f:44:c4:81:50:a2:29:d1:eb:e5:
                    80:d4:a2:cb:64:65:9a:61:ea:4d:4c:2c:a1:d3:c3:
                    25:26:c2:6b:95:c2:f4:9a:1e:59:61:4c:23:1e:75:
                    e2:23:68:2f:51:9d:8a:ad:d7:d1:63:d2:f0:10:31:
                    81:cc:dd:ea:0d:84:82:0c:b5:0d:84:b5:96:6b:a3:
                    9a:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:E5:3E:70:3B:52:49:A8:36:5B:5C:00:BD:F6:D4:A3:77:DD:69:0B
            X509v3 Authority Key Identifier:
                keyid:1A:91:54:E1:C5:57:8B:0F:EF:8A:BB:77:9F:81:17:E6:4E:88:4D:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GpFU4cVXiw_virt3n4EX5k6ITRg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/54bac8-bf50-44d2-ad42-388d8ad2a5bb/1/F-U-cDtSSag2W1wAvfbUo3fdaQs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/54bac8-bf50-44d2-ad42-388d8ad2a5bb/1/GpFU4cVXiw_virt3n4EX5k6ITRg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.176.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:f1:2e:b4:6c:d5:61:0a:00:a7:cf:0e:c1:9f:91:b0:30:a8:
         ed:f4:0f:a8:cf:19:88:0e:e5:43:b6:37:ff:ca:84:78:73:88:
         0f:88:df:2f:e8:a7:a8:57:ad:83:b9:c1:cf:91:b1:27:d1:dd:
         cd:41:ce:fe:f9:f7:71:56:a4:1c:18:4f:57:02:41:ea:8d:6a:
         7a:c1:9f:63:a4:49:8d:60:5d:9b:9b:9a:bc:88:56:33:ca:9f:
         74:dd:49:90:28:8c:62:4b:64:a2:d7:48:44:b9:4f:5a:cd:55:
         c2:7b:14:f2:35:74:6a:54:ac:6c:bc:00:25:09:41:0b:ff:8c:
         c7:55:27:43:46:c5:df:51:4f:16:72:0c:60:ae:67:9e:e7:aa:
         04:c1:2d:df:1d:fa:d7:a9:9f:d8:50:e9:5c:27:20:02:57:ad:
         47:45:d8:c3:d8:51:e8:98:da:d7:fa:8d:15:98:e7:c0:c0:57:
         a1:2b:ca:e1:f1:81:a0:f1:92:76:cc:bd:e0:b4:8e:d7:90:9f:
         bc:0c:3d:0f:0f:dc:c6:13:0c:70:c3:87:de:bd:b1:2f:88:1a:
         b5:ea:73:b0:b5:7f:2f:c4:8b:ab:9b:de:bd:69:1d:f0:64:d4:
         6f:eb:1a:43:53:a4:29:64:8d:89:60:eb:e8:0a:6d:0c:da:85:
         92:36:9a:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/Bjn4emS970NrjV1cWJ6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhOTE1NGUxYzU1NzhiMGZlZjhhYmI3NzlmODExN2U2NGU4
ODRkMTgwHhcNMjUwMTAyMDc0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2U1M2U3MDNiNTI0OWE4MzY1YjVjMDBiZGY2ZDRhMzc3ZGQ2OTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTHiBszWxTgphWu+CyI2/TymJNaJ
vY4qMubb8QMABCVAYORmT7adE49rPVDvdIb5haa9zUZrfgyBd7lKyAbF2w2RG4Ht
SvqelyKQPWkbpT6pmufxuwJ3vn/q5dnwd2kr9DlYRPVe8VeLqgxZ4mHku3WqSGup
W/uDd4eWWe8Tkfl85Zrbjy93r5xSojdpm/futDStGf1PwlqcpTFnYI1nQFuQLJpk
NkpCnofx1i7RufqPQWFJuwTNGi9ExIFQoinR6+WA1KLLZGWaYepNTCyh08MlJsJr
lcL0mh5ZYUwjHnXiI2gvUZ2KrdfRY9LwEDGBzN3qDYSCDLUNhLWWa6Oa+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBflPnA7UkmoNltcAL321KN33WkLMB8GA1UdIwQY
MBaAFBqRVOHFV4sP74q7d5+BF+ZOiE0YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3BGVTRjVlhpd192aXJ0M240RVg1azZJVFJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS81NGJhYzgtYmY1MC00NGQyLWFkNDIt
Mzg4ZDhhZDJhNWJiLzEvRi1VLWNEdFNTYWcyVzF3QXZmYlVvM2ZkYVFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS81NGJhYzgtYmY1MC00NGQyLWFkNDItMzg4ZDhhZDJhNWJi
LzEvR3BGVTRjVlhpd192aXJ0M240RVg1azZJVFJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbBiMA0G
CSqGSIb3DQEBCwUAA4IBAQBH8S60bNVhCgCnzw7Bn5GwMKjt9A+ozxmIDuVDtjf/
yoR4c4gPiN8v6KeoV62DucHPkbEn0d3NQc7++fdxVqQcGE9XAkHqjWp6wZ9jpEmN
YF2bm5q8iFYzyp903UmQKIxiS2Si10hEuU9azVXCexTyNXRqVKxsvAAlCUEL/4zH
VSdDRsXfUU8Wcgxgrmee56oEwS3fHfrXqZ/YUOlcJyACV61HRdjD2FHomNrX+o0V
mOfAwFehK8rh8YGg8ZJ2zL3gtI7XkJ+8DD0PD9zGEwxww4fevbEviBq16nOwtX8v
xIurm969aR3wZNRv6xpDU6QpZI2JYOvoCm0M2oWSNpr9
-----END CERTIFICATE-----