Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/6a9b24-d4d3-40c1-8173-93b914701470/1/fNli-LiQ9awKyhQw-GNSvJ_42w0.roa
File:                     fNli-LiQ9awKyhQw-GNSvJ_42w0.roa (raw, json)
Hash identifier:          L98lyb6k01PaEjUwasFWjyw8Arv6ILhrmJTj2kl/6vk=
Subject key identifier:   7C:D9:62:F8:B8:90:F5:AC:0A:CA:14:30:F8:63:52:BC:9F:F8:DB:0D
Certificate issuer:       /CN=2e6276136254830bb4907e98c258e493b42aaa3a
Certificate serial:       019427464D11B3F6CD580C696BEB387F6113
Authority key identifier: 2E:62:76:13:62:54:83:0B:B4:90:7E:98:C2:58:E4:93:B4:2A:AA:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmJ2E2JUgwu0kH6Ywljkk7Qqqjo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/6a9b24-d4d3-40c1-8173-93b914701470/1/fNli-LiQ9awKyhQw-GNSvJ_42w0.roa
Signing time:             Thu 02 Jan 2025 13:48:26 +0000
ROA not before:           Thu 02 Jan 2025 13:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15576
IP address blocks:        194.11.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/6a9b24-d4d3-40c1-8173-93b914701470/1/LmJ2E2JUgwu0kH6Ywljkk7Qqqjo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/6a9b24-d4d3-40c1-8173-93b914701470/1/LmJ2E2JUgwu0kH6Ywljkk7Qqqjo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmJ2E2JUgwu0kH6Ywljkk7Qqqjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:46:4d:11:b3:f6:cd:58:0c:69:6b:eb:38:7f:61:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6276136254830bb4907e98c258e493b42aaa3a
        Validity
            Not Before: Jan  2 13:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7cd962f8b890f5ac0aca1430f86352bc9ff8db0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:f9:0b:fe:6f:65:a4:86:48:ab:2b:14:71:4c:
                    5d:eb:0e:10:fb:d0:07:42:4b:ff:29:28:a5:1f:56:
                    7e:a6:89:1e:ac:71:35:62:75:44:d6:27:5d:c1:97:
                    07:0a:ec:5c:14:5b:c9:48:3e:f5:db:41:41:48:a0:
                    83:79:1c:d8:90:a7:14:14:8a:88:dc:98:f3:0f:90:
                    8c:b7:01:02:f3:71:a2:82:31:df:41:ae:f5:db:af:
                    42:a8:48:12:87:67:10:69:75:d1:61:f5:8c:ca:38:
                    88:f7:f2:44:33:d9:70:a5:d1:08:cb:86:04:b3:ed:
                    0e:eb:9b:c1:96:c9:c2:a5:15:7a:19:ee:74:66:4a:
                    e3:61:8a:ca:18:ff:6f:22:62:7a:50:05:e1:05:a2:
                    b5:93:d2:b9:6c:b5:73:7c:35:88:2f:ae:6a:05:02:
                    97:a1:04:b0:a3:09:ec:cf:70:d3:b2:a7:e6:cc:aa:
                    4a:a9:7b:af:8f:0f:0c:c1:59:81:41:cc:c2:6a:06:
                    4e:8d:48:ae:50:5d:21:2c:f1:c3:f2:25:47:f6:4b:
                    f9:55:30:60:a4:66:23:b5:63:30:57:31:d0:b6:c7:
                    a7:87:ad:9c:7f:f6:8a:21:97:1a:da:fe:71:1d:f6:
                    27:88:ef:7a:04:12:18:20:5f:6a:ff:de:73:03:9d:
                    5c:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:D9:62:F8:B8:90:F5:AC:0A:CA:14:30:F8:63:52:BC:9F:F8:DB:0D
            X509v3 Authority Key Identifier:
                keyid:2E:62:76:13:62:54:83:0B:B4:90:7E:98:C2:58:E4:93:B4:2A:AA:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmJ2E2JUgwu0kH6Ywljkk7Qqqjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/6a9b24-d4d3-40c1-8173-93b914701470/1/fNli-LiQ9awKyhQw-GNSvJ_42w0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/6a9b24-d4d3-40c1-8173-93b914701470/1/LmJ2E2JUgwu0kH6Ywljkk7Qqqjo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.11.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:d6:d2:a8:90:97:1a:a8:33:b9:dd:1d:09:da:d7:0f:48:bf:
         1d:03:b9:ef:e0:9c:4f:38:c2:74:32:15:30:13:5d:63:b1:9c:
         fa:eb:75:f6:a9:32:5a:a8:9a:69:a4:b6:08:73:e8:b1:9d:44:
         57:f9:e8:13:c9:ec:ec:d3:89:09:84:71:71:55:d9:09:1c:36:
         35:be:d1:6e:06:23:e0:49:26:73:22:2f:22:a5:87:6a:f7:43:
         58:33:7a:e0:a5:56:ef:32:a1:b1:8c:5e:d2:be:21:6c:98:20:
         0d:a8:86:ac:cf:3e:84:f7:55:ce:ff:09:6e:3e:2b:22:5e:59:
         40:8b:41:11:ae:c5:7f:de:1e:ed:92:73:4e:13:51:e5:83:31:
         5e:52:54:a9:28:a8:eb:05:fb:ba:d4:00:c7:e5:65:ca:33:d3:
         91:d2:a9:32:80:3e:6c:b3:65:5b:df:0a:53:59:9c:b8:e7:f5:
         1e:a3:c6:75:ae:5a:d8:4a:b6:2e:ec:00:f7:1a:76:18:92:73:
         49:27:9c:92:c1:0a:10:9c:13:2f:c0:0a:b9:9b:aa:d7:dc:61:
         d0:5a:78:0a:56:4d:77:fc:6b:a4:ee:f2:6e:3e:2b:1e:ed:7e:
         d5:a9:7f:e9:66:a2:ef:39:ad:f8:68:e0:be:1b:8a:ea:a9:71:
         ab:77:28:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnRk0Rs/bNWAxpa+s4f2ETMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNjI3NjEzNjI1NDgzMGJiNDkwN2U5OGMyNThlNDkzYjQy
YWFhM2EwHhcNMjUwMTAyMTM0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2Q5NjJmOGI4OTBmNWFjMGFjYTE0MzBmODYzNTJiYzlmZjhkYjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8/kL/m9lpIZIqysUcUxd6w4Q+9AH
Qkv/KSilH1Z+pokerHE1YnVE1iddwZcHCuxcFFvJSD7120FBSKCDeRzYkKcUFIqI
3JjzD5CMtwEC83GigjHfQa71269CqEgSh2cQaXXRYfWMyjiI9/JEM9lwpdEIy4YE
s+0O65vBlsnCpRV6Ge50ZkrjYYrKGP9vImJ6UAXhBaK1k9K5bLVzfDWIL65qBQKX
oQSwownsz3DTsqfmzKpKqXuvjw8MwVmBQczCagZOjUiuUF0hLPHD8iVH9kv5VTBg
pGYjtWMwVzHQtsenh62cf/aKIZca2v5xHfYniO96BBIYIF9q/95zA51c4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHzZYvi4kPWsCsoUMPhjUryf+NsNMB8GA1UdIwQY
MBaAFC5idhNiVIMLtJB+mMJY5JO0Kqo6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1KMkUySlVnd3Uwa0g2WXdsamtrN1FxcWpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC82YTliMjQtZDRkMy00MGMxLTgxNzMt
OTNiOTE0NzAxNDcwLzEvZk5saS1MaVE5YXdLeWhRdy1HTlN2Sl80MncwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC82YTliMjQtZDRkMy00MGMxLTgxNzMtOTNiOTE0NzAxNDcw
LzEvTG1KMkUySlVnd3Uwa0g2WXdsamtrN1FxcWpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgugMA0G
CSqGSIb3DQEBCwUAA4IBAQBt1tKokJcaqDO53R0J2tcPSL8dA7nv4JxPOMJ0MhUw
E11jsZz663X2qTJaqJpppLYIc+ixnURX+egTyezs04kJhHFxVdkJHDY1vtFuBiPg
SSZzIi8ipYdq90NYM3rgpVbvMqGxjF7SviFsmCANqIaszz6E91XO/wluPisiXllA
i0ERrsV/3h7tknNOE1HlgzFeUlSpKKjrBfu61ADH5WXKM9OR0qkygD5ss2Vb3wpT
WZy45/Ueo8Z1rlrYSrYu7AD3GnYYknNJJ5ySwQoQnBMvwAq5m6rX3GHQWngKVk13
/Guk7vJuPise7X7VqX/pZqLvOa34aOC+G4rqqXGrdyjj
-----END CERTIFICATE-----