Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/45d284-a373-4552-bc8a-743112b0e771/1/FsCfl3c4Ltiv9Zcfet8sFDK261w.roa
File:                     FsCfl3c4Ltiv9Zcfet8sFDK261w.roa (raw, json)
Hash identifier:          0KkSs+dGUlPIvwsEqtO4YX2lHrkRDey49/pmSeBkBNg=
Subject key identifier:   16:C0:9F:97:77:38:2E:D8:AF:F5:97:1F:7A:DF:2C:14:32:B6:EB:5C
Certificate issuer:       /CN=50bb158d29e37500d5c3a25dada149b2a503f6a5
Certificate serial:       019427B624054B4FC0F8903B5247DA4F72AB
Authority key identifier: 50:BB:15:8D:29:E3:75:00:D5:C3:A2:5D:AD:A1:49:B2:A5:03:F6:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ULsVjSnjdQDVw6JdraFJsqUD9qU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/45d284-a373-4552-bc8a-743112b0e771/1/FsCfl3c4Ltiv9Zcfet8sFDK261w.roa
Signing time:             Thu 02 Jan 2025 15:50:35 +0000
ROA not before:           Thu 02 Jan 2025 15:50:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5413
IP address blocks:        185.121.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/45d284-a373-4552-bc8a-743112b0e771/1/ULsVjSnjdQDVw6JdraFJsqUD9qU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/45d284-a373-4552-bc8a-743112b0e771/1/ULsVjSnjdQDVw6JdraFJsqUD9qU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ULsVjSnjdQDVw6JdraFJsqUD9qU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 20:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:24:05:4b:4f:c0:f8:90:3b:52:47:da:4f:72:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50bb158d29e37500d5c3a25dada149b2a503f6a5
        Validity
            Not Before: Jan  2 15:50:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=16c09f9777382ed8aff5971f7adf2c1432b6eb5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:67:ae:5c:21:30:da:e1:30:3e:62:65:0e:47:
                    d2:5a:2a:0a:06:38:87:b3:eb:53:d2:27:4f:d6:aa:
                    65:9f:0e:32:94:ff:51:43:b9:07:e5:a3:8d:71:ab:
                    d7:7f:13:f3:49:ad:6f:cd:2c:65:f6:33:e8:6b:3a:
                    96:8d:d6:97:7f:1a:a8:6b:ba:0f:d2:7b:e9:77:9a:
                    cd:b8:ed:4a:e3:77:9f:96:34:db:60:85:ea:c6:c0:
                    56:f2:db:df:42:aa:45:b6:6d:cd:aa:d0:11:eb:ad:
                    bb:2f:10:57:8a:ba:94:14:08:bf:33:60:da:d6:f6:
                    3a:26:b6:e3:40:48:0b:2a:86:7b:92:cf:0a:69:cd:
                    9d:d2:8d:17:7d:0f:2c:8e:55:ad:1b:2f:3e:e4:49:
                    d8:a3:be:6b:34:a6:99:74:0f:ce:3b:3b:61:35:96:
                    6d:a3:8f:55:75:16:cb:06:9d:8b:6a:8f:7c:c6:53:
                    d5:b1:b4:9c:b7:10:40:0a:79:ea:22:8a:90:b6:ea:
                    84:c2:b7:b2:51:82:50:4f:a3:f8:65:74:39:8a:86:
                    f9:f7:78:8b:7d:ca:90:b6:be:b3:e8:71:d5:5e:91:
                    5d:ef:3a:e2:35:4b:3f:56:6b:b7:b2:59:22:16:fe:
                    a8:da:77:ef:86:78:15:a8:c6:09:aa:43:18:ed:44:
                    31:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:C0:9F:97:77:38:2E:D8:AF:F5:97:1F:7A:DF:2C:14:32:B6:EB:5C
            X509v3 Authority Key Identifier:
                keyid:50:BB:15:8D:29:E3:75:00:D5:C3:A2:5D:AD:A1:49:B2:A5:03:F6:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ULsVjSnjdQDVw6JdraFJsqUD9qU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/45d284-a373-4552-bc8a-743112b0e771/1/FsCfl3c4Ltiv9Zcfet8sFDK261w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/45d284-a373-4552-bc8a-743112b0e771/1/ULsVjSnjdQDVw6JdraFJsqUD9qU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.121.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:8c:2b:e5:b9:99:19:be:eb:0c:7f:a7:81:51:cd:0c:5d:a7:
         55:6a:fc:78:9b:f4:dd:43:7f:0a:aa:6e:c5:fd:16:eb:15:8d:
         ac:56:2a:d7:33:a4:89:9d:93:99:de:6c:7f:1a:f9:9d:0a:e2:
         19:19:2d:14:1e:ea:19:bc:9e:f6:1e:81:a2:3d:d3:02:a9:42:
         d6:d0:69:e5:28:b1:36:d2:7b:9d:89:81:10:12:1a:7f:b0:ca:
         18:8c:35:6e:a8:87:43:57:1e:6f:56:63:45:df:7d:ec:fd:9d:
         d1:f1:14:9b:13:2a:c6:2f:fe:7d:2f:ad:58:3e:b4:54:9b:39:
         89:cd:00:c8:56:b3:0b:54:e4:72:64:1c:45:f6:21:6b:03:03:
         90:1f:dc:57:65:e5:30:43:42:b7:7c:ef:90:f2:5a:31:53:ca:
         76:34:5d:f7:17:31:4e:3f:af:44:22:0b:f1:71:93:3a:0b:a3:
         c3:1e:b8:52:94:e6:09:d3:2d:66:06:a8:5d:0d:ca:6b:80:a4:
         51:ce:3b:30:95:be:78:52:34:96:37:86:64:04:4c:98:0b:58:
         03:be:7b:27:2e:c9:02:98:71:b3:e8:25:a4:e7:bc:85:45:e7:
         52:9d:31:6f:61:3b:d6:17:29:47:fd:4a:60:70:48:88:96:8b:
         dd:98:86:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntiQFS0/A+JA7UkfaT3KrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwYmIxNThkMjllMzc1MDBkNWMzYTI1ZGFkYTE0OWIyYTUw
M2Y2YTUwHhcNMjUwMTAyMTU1MDM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmMwOWY5Nzc3MzgyZWQ4YWZmNTk3MWY3YWRmMmMxNDMyYjZlYjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjmeuXCEw2uEwPmJlDkfSWioKBjiH
s+tT0idP1qplnw4ylP9RQ7kH5aONcavXfxPzSa1vzSxl9jPoazqWjdaXfxqoa7oP
0nvpd5rNuO1K43efljTbYIXqxsBW8tvfQqpFtm3NqtAR6627LxBXirqUFAi/M2Da
1vY6JrbjQEgLKoZ7ks8Kac2d0o0XfQ8sjlWtGy8+5EnYo75rNKaZdA/OOzthNZZt
o49VdRbLBp2Lao98xlPVsbSctxBACnnqIoqQtuqEwreyUYJQT6P4ZXQ5iob593iL
fcqQtr6z6HHVXpFd7zriNUs/Vmu3slkiFv6o2nfvhngVqMYJqkMY7UQx6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBbAn5d3OC7Yr/WXH3rfLBQytutcMB8GA1UdIwQY
MBaAFFC7FY0p43UA1cOiXa2hSbKlA/alMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUxzVmpTbmpkUURWdzZKZHJhRkpzcVVEOXFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi80NWQyODQtYTM3My00NTUyLWJjOGEt
NzQzMTEyYjBlNzcxLzEvRnNDZmwzYzRMdGl2OVpjZmV0OHNGREsyNjF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi80NWQyODQtYTM3My00NTUyLWJjOGEtNzQzMTEyYjBlNzcx
LzEvVUxzVmpTbmpkUURWdzZKZHJhRkpzcVVEOXFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXlaMA0G
CSqGSIb3DQEBCwUAA4IBAQA2jCvluZkZvusMf6eBUc0MXadVavx4m/TdQ38Kqm7F
/RbrFY2sVirXM6SJnZOZ3mx/GvmdCuIZGS0UHuoZvJ72HoGiPdMCqULW0GnlKLE2
0nudiYEQEhp/sMoYjDVuqIdDVx5vVmNF333s/Z3R8RSbEyrGL/59L61YPrRUmzmJ
zQDIVrMLVORyZBxF9iFrAwOQH9xXZeUwQ0K3fO+Q8loxU8p2NF33FzFOP69EIgvx
cZM6C6PDHrhSlOYJ0y1mBqhdDcprgKRRzjswlb54UjSWN4ZkBEyYC1gDvnsnLskC
mHGz6CWk57yFRedSnTFvYTvWFylH/UpgcEiIlovdmIZ1
-----END CERTIFICATE-----