Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/FiSCmdKJRr-YPjxcFigpeVUFVps.roa
File:                     FiSCmdKJRr-YPjxcFigpeVUFVps.roa (raw, json)
Hash identifier:          acaY8ohPIqVg5UZOHMawmFt422sokwSlIOa32vVbDkM=
Subject key identifier:   16:24:82:99:D2:89:46:BF:98:3E:3C:5C:16:28:29:79:55:05:56:9B
Certificate issuer:       /CN=126c660b30f5692b2b16e289b24901c518fda520
Certificate serial:       019426D95BF12B3E8D77E40B11FA84B6FAD5
Authority key identifier: 12:6C:66:0B:30:F5:69:2B:2B:16:E2:89:B2:49:01:C5:18:FD:A5:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EmxmCzD1aSsrFuKJskkBxRj9pSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/FiSCmdKJRr-YPjxcFigpeVUFVps.roa
Signing time:             Thu 02 Jan 2025 11:49:26 +0000
ROA not before:           Thu 02 Jan 2025 11:49:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     53356
IP address blocks:        80.254.236.0/22 maxlen: 24
                          185.220.28.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/EmxmCzD1aSsrFuKJskkBxRj9pSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/EmxmCzD1aSsrFuKJskkBxRj9pSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EmxmCzD1aSsrFuKJskkBxRj9pSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 14:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:5b:f1:2b:3e:8d:77:e4:0b:11:fa:84:b6:fa:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=126c660b30f5692b2b16e289b24901c518fda520
        Validity
            Not Before: Jan  2 11:49:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=16248299d28946bf983e3c5c162829795505569b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:79:37:41:80:85:83:ea:f6:4e:63:88:2a:ee:
                    b1:3f:6e:d3:83:a5:d5:44:3b:94:79:fd:b5:6b:97:
                    05:e7:86:11:06:cc:01:e6:7a:03:06:fd:88:a2:17:
                    7c:3b:1e:23:0a:15:1d:1e:cf:e9:05:2e:85:6a:a8:
                    af:57:df:da:3c:21:ce:cd:9a:6a:5c:5f:bf:6b:ba:
                    59:5d:71:da:98:fd:2a:ba:5e:d8:4b:16:d0:e6:9b:
                    08:5b:c9:6e:d8:a0:cf:a5:f5:c6:59:e8:a7:85:80:
                    38:21:3d:e7:8e:4f:2b:f5:2b:56:4f:e7:32:96:08:
                    02:4a:bd:2c:a1:47:6f:9b:2b:62:2a:69:24:c7:84:
                    e5:fc:5d:cf:4d:32:b4:86:29:28:46:35:3a:c0:a9:
                    07:c5:7c:a4:b3:43:72:51:f6:67:b9:06:0b:d2:94:
                    3d:5e:77:3d:a2:60:2c:91:59:fb:39:78:bf:40:7f:
                    d3:13:e1:8a:37:52:d9:fd:86:bf:b1:55:37:d3:68:
                    d5:8b:3b:43:a7:7e:f7:6a:56:29:00:dd:5d:2f:94:
                    d6:fe:25:66:04:3e:72:05:88:80:2c:5d:33:6f:0f:
                    ba:86:ef:6e:79:7d:3d:a6:0c:80:ee:4c:b6:e4:93:
                    18:af:86:d2:a8:99:5c:45:2c:16:8d:9c:f7:e5:86:
                    c4:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:24:82:99:D2:89:46:BF:98:3E:3C:5C:16:28:29:79:55:05:56:9B
            X509v3 Authority Key Identifier:
                keyid:12:6C:66:0B:30:F5:69:2B:2B:16:E2:89:B2:49:01:C5:18:FD:A5:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EmxmCzD1aSsrFuKJskkBxRj9pSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/FiSCmdKJRr-YPjxcFigpeVUFVps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/EmxmCzD1aSsrFuKJskkBxRj9pSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.254.236.0/22
                  185.220.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         58:b9:0c:f2:12:b4:05:d2:7c:49:94:f4:ce:4e:f2:d0:d6:27:
         c3:46:04:2e:46:26:36:93:d8:c3:f4:6e:9e:a7:ad:60:19:8b:
         06:22:3f:81:35:72:24:d4:c9:1c:eb:1a:7e:83:6d:a2:9d:96:
         db:ce:f7:ba:ef:c3:b7:a4:34:86:6f:a9:ca:ff:df:5f:cc:95:
         6d:fe:7a:00:6b:4a:dc:89:64:41:d8:97:3a:64:71:47:2a:4e:
         74:fa:29:1b:3f:96:a1:23:a0:2b:71:0a:a5:eb:61:00:6e:78:
         eb:b7:c7:9e:44:87:b0:6b:23:94:3f:bf:4b:64:09:6f:4e:ba:
         bf:60:9b:eb:32:64:0a:30:7f:72:b0:e0:ea:f9:aa:33:81:7b:
         00:5a:40:4d:e9:a9:c8:8a:9f:b7:bf:85:17:18:63:7c:38:ea:
         6e:f7:92:3e:ec:ea:4c:b6:05:14:43:e0:1f:8d:87:0d:a6:28:
         17:0f:bd:58:06:05:d5:bd:12:05:73:03:e1:24:a8:1e:d2:95:
         2a:04:8c:ea:26:4a:1d:54:63:c7:c1:2d:fb:27:12:56:16:cf:
         ac:3b:c8:8c:81:b9:c5:7d:a7:44:fb:0e:b9:dc:e7:f2:f9:52:
         d5:f8:dc:44:3b:a1:ae:e1:91:9e:93:3b:7c:0f:08:ac:53:4b:
         23:47:52:e7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQm2VvxKz6Nd+QLEfqEtvrVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyNmM2NjBiMzBmNTY5MmIyYjE2ZTI4OWIyNDkwMWM1MThm
ZGE1MjAwHhcNMjUwMTAyMTE0OTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjI0ODI5OWQyODk0NmJmOTgzZTNjNWMxNjI4Mjk3OTU1MDU1NjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy3k3QYCFg+r2TmOIKu6xP27Tg6XV
RDuUef21a5cF54YRBswB5noDBv2Iohd8Ox4jChUdHs/pBS6FaqivV9/aPCHOzZpq
XF+/a7pZXXHamP0qul7YSxbQ5psIW8lu2KDPpfXGWeinhYA4IT3njk8r9StWT+cy
lggCSr0soUdvmytiKmkkx4Tl/F3PTTK0hikoRjU6wKkHxXyks0NyUfZnuQYL0pQ9
Xnc9omAskVn7OXi/QH/TE+GKN1LZ/Ya/sVU302jViztDp373alYpAN1dL5TW/iVm
BD5yBYiALF0zbw+6hu9ueX09pgyA7ky25JMYr4bSqJlcRSwWjZz35YbEmQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBYkgpnSiUa/mD48XBYoKXlVBVabMB8GA1UdIwQY
MBaAFBJsZgsw9WkrKxbiibJJAcUY/aUgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRW14bUN6RDFhU3NyRnVLSnNra0J4Umo5cFNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9kYjc4N2YtYzI3YS00ZjIzLTk5YjIt
NDM4YWNiNzJmYzViLzEvRmlTQ21kS0pSci1ZUGp4Y0ZpZ3BlVlVGVnBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9kYjc4N2YtYzI3YS00ZjIzLTk5YjItNDM4YWNiNzJmYzVi
LzEvRW14bUN6RDFhU3NyRnVLSnNra0J4Umo5cFNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCUP7sAwQC
udwcMA0GCSqGSIb3DQEBCwUAA4IBAQBYuQzyErQF0nxJlPTOTvLQ1ifDRgQuRiY2
k9jD9G6ep61gGYsGIj+BNXIk1Mkc6xp+g22inZbbzve678O3pDSGb6nK/99fzJVt
/noAa0rciWRB2Jc6ZHFHKk50+ikbP5ahI6ArcQql62EAbnjrt8eeRIewayOUP79L
ZAlvTrq/YJvrMmQKMH9ysODq+aozgXsAWkBN6anIip+3v4UXGGN8OOpu95I+7OpM
tgUUQ+AfjYcNpigXD71YBgXVvRIFcwPhJKge0pUqBIzqJkodVGPHwS37JxJWFs+s
O8iMgbnFfadE+w653Ofy+VLV+NxEO6Gu4ZGekzt8DwisU0sjR1Ln
-----END CERTIFICATE-----