Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/FyVCiGbLJSBkf5SNpdoloG526FE.roa
File:                     FyVCiGbLJSBkf5SNpdoloG526FE.roa (raw, json)
Hash identifier:          VnPqj34HHub1v/mG4QcZZ1hYiej1gLrZJ2l3nkLuzSg=
Subject key identifier:   17:25:42:88:66:CB:25:20:64:7F:94:8D:A5:DA:25:A0:6E:76:E8:51
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       019427B38FF66FA33715E4FE4C73DD38A71F
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/FyVCiGbLJSBkf5SNpdoloG526FE.roa
Signing time:             Thu 02 Jan 2025 15:47:46 +0000
ROA not before:           Thu 02 Jan 2025 15:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7393
IP address blocks:        176.110.110.0/24 maxlen: 24
                          193.37.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b3:8f:f6:6f:a3:37:15:e4:fe:4c:73:dd:38:a7:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Jan  2 15:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1725428866cb2520647f948da5da25a06e76e851
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:57:6b:b5:1b:e7:54:2f:20:8f:ce:13:ec:c9:
                    7f:2c:4c:e2:1c:72:87:73:55:c5:22:0d:ff:d7:6f:
                    2f:02:6a:68:55:d3:7f:28:4c:48:4d:b9:06:6a:47:
                    ce:f6:a8:d1:99:9c:68:9c:37:a4:21:51:ff:64:5a:
                    c9:a1:4b:d5:f9:a5:d9:34:5a:f3:76:c4:41:96:8b:
                    cc:7f:1e:19:65:4c:4f:01:97:09:79:5c:28:e2:1a:
                    cc:d9:91:52:bc:b3:25:d2:9a:64:62:f3:89:0c:76:
                    99:f0:96:ac:61:b4:e8:69:ef:f4:ea:52:97:23:50:
                    37:4b:3a:fd:14:2f:69:d4:a6:e1:2f:b9:8b:e5:5e:
                    95:63:cd:ac:bb:06:5a:e8:89:ca:58:62:db:01:9c:
                    6c:89:ae:86:50:26:68:15:ef:9a:a2:ec:8b:3a:84:
                    f6:65:87:36:ef:a8:8f:fc:6a:3c:fa:32:68:1d:f0:
                    25:07:73:05:91:63:5f:66:66:75:0c:bb:67:8d:53:
                    bf:59:22:ff:e0:72:5f:b4:c0:e6:ee:aa:a1:ad:47:
                    3d:cf:6c:5f:89:e2:ca:4d:d6:a3:e6:94:e8:ab:c8:
                    8c:1e:e7:5b:80:e9:95:21:c8:4f:0f:04:27:4e:6a:
                    e0:67:92:76:9e:e5:37:1d:d6:ce:08:02:a3:57:08:
                    4c:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:25:42:88:66:CB:25:20:64:7F:94:8D:A5:DA:25:A0:6E:76:E8:51
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/FyVCiGbLJSBkf5SNpdoloG526FE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.110.110.0/24
                  193.37.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:99:a8:e5:cb:f7:bd:96:66:5f:dd:f5:4f:48:91:16:fc:01:
         13:1c:21:6b:4f:e7:3d:13:69:8c:fd:54:56:75:92:39:83:93:
         39:61:7f:eb:4d:22:29:1d:14:37:b9:20:28:33:54:1a:49:68:
         c8:c2:b2:44:a8:4a:05:49:9c:f3:a7:ae:67:eb:b7:78:4b:e4:
         8d:c9:d4:d9:43:78:0e:39:60:fe:a1:26:ea:b8:0f:39:36:9e:
         4d:83:35:e9:04:17:71:9d:3a:03:61:06:74:7d:ab:74:0a:a9:
         d4:30:9a:fc:0b:66:14:ce:fd:8a:9a:2d:f2:05:74:75:ae:86:
         5a:f9:69:59:fb:16:d0:e4:1a:53:0a:f3:92:84:50:83:e4:cf:
         d8:30:a5:a8:2e:1c:6d:f4:8e:43:26:c5:6a:f6:77:03:98:2f:
         d2:0d:b7:b0:b2:38:f0:c5:3c:00:3d:90:da:ae:c6:f6:97:ff:
         59:68:2f:c2:68:f9:1c:f3:32:86:c8:3b:40:83:2e:47:f5:ea:
         e8:cc:66:17:92:39:f0:b1:72:69:be:81:4e:0e:ac:05:28:5f:
         71:fc:4e:5e:af:78:62:a4:e9:a9:11:50:0b:86:7d:f6:a4:a2:
         51:f7:8d:d4:6c:8d:92:3a:0f:02:77:ea:60:39:7e:c6:26:88:
         32:50:d6:8f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQns4/2b6M3FeT+THPdOKcfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjUwMTAyMTU0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzI1NDI4ODY2Y2IyNTIwNjQ3Zjk0OGRhNWRhMjVhMDZlNzZlODUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyFdrtRvnVC8gj84T7Ml/LEziHHKH
c1XFIg3/128vAmpoVdN/KExITbkGakfO9qjRmZxonDekIVH/ZFrJoUvV+aXZNFrz
dsRBlovMfx4ZZUxPAZcJeVwo4hrM2ZFSvLMl0ppkYvOJDHaZ8JasYbToae/06lKX
I1A3Szr9FC9p1KbhL7mL5V6VY82suwZa6InKWGLbAZxsia6GUCZoFe+aouyLOoT2
ZYc276iP/Go8+jJoHfAlB3MFkWNfZmZ1DLtnjVO/WSL/4HJftMDm7qqhrUc9z2xf
ieLKTdaj5pToq8iMHudbgOmVIchPDwQnTmrgZ5J2nuU3HdbOCAKjVwhM/wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBclQohmyyUgZH+UjaXaJaBuduhRMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvRnlWQ2lHYkxKU0JrZjVTTnBkb2xvRzUyNkZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsG5uAwQA
wSX5MA0GCSqGSIb3DQEBCwUAA4IBAQB4majly/e9lmZf3fVPSJEW/AETHCFrT+c9
E2mM/VRWdZI5g5M5YX/rTSIpHRQ3uSAoM1QaSWjIwrJEqEoFSZzzp65n67d4S+SN
ydTZQ3gOOWD+oSbquA85Np5NgzXpBBdxnToDYQZ0fat0CqnUMJr8C2YUzv2Kmi3y
BXR1roZa+WlZ+xbQ5BpTCvOShFCD5M/YMKWoLhxt9I5DJsVq9ncDmC/SDbewsjjw
xTwAPZDarsb2l/9ZaC/CaPkc8zKGyDtAgy5H9erozGYXkjnwsXJpvoFODqwFKF9x
/E5er3hipOmpEVALhn32pKJR943UbI2SOg8Cd+pgOX7GJogyUNaP
-----END CERTIFICATE-----