Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/d7fadc-1ebf-42da-9b22-a60c20c8f717/1/FXe_JPwCxokWG0F8sL8Vx_t96gE.roa
File:                     FXe_JPwCxokWG0F8sL8Vx_t96gE.roa (raw, json)
Hash identifier:          9THWoynL84G88vnVxVYdONxnlu6uMlCDE+r39l01xOU=
Subject key identifier:   15:77:BF:24:FC:02:C6:89:16:1B:41:7C:B0:BF:15:C7:FB:7D:EA:01
Certificate issuer:       /CN=002c8865bc2a07e4acfeb263b4d9cf62460fd523
Certificate serial:       01942521A2DF0C2C044DFDE36EF449A0843D
Authority key identifier: 00:2C:88:65:BC:2A:07:E4:AC:FE:B2:63:B4:D9:CF:62:46:0F:D5:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ACyIZbwqB-Ss_rJjtNnPYkYP1SM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/d7fadc-1ebf-42da-9b22-a60c20c8f717/1/FXe_JPwCxokWG0F8sL8Vx_t96gE.roa
Signing time:             Thu 02 Jan 2025 03:49:08 +0000
ROA not before:           Thu 02 Jan 2025 03:49:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47282
IP address blocks:        185.99.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/d7fadc-1ebf-42da-9b22-a60c20c8f717/1/ACyIZbwqB-Ss_rJjtNnPYkYP1SM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/d7fadc-1ebf-42da-9b22-a60c20c8f717/1/ACyIZbwqB-Ss_rJjtNnPYkYP1SM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ACyIZbwqB-Ss_rJjtNnPYkYP1SM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:a2:df:0c:2c:04:4d:fd:e3:6e:f4:49:a0:84:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=002c8865bc2a07e4acfeb263b4d9cf62460fd523
        Validity
            Not Before: Jan  2 03:49:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1577bf24fc02c689161b417cb0bf15c7fb7dea01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:67:35:05:5e:d5:2c:9f:3b:f9:03:f8:b6:25:
                    50:44:de:8b:da:b6:1d:8b:6e:bd:b4:72:45:f3:6a:
                    3f:59:f2:f3:04:ef:7e:fc:9b:2a:14:a2:70:42:38:
                    93:16:3b:94:47:68:1a:79:e4:25:cc:b4:32:1d:6b:
                    50:f7:9d:fd:43:4b:87:0f:55:b0:82:9b:25:ed:3d:
                    dc:87:5a:a3:3a:76:89:41:7c:60:7d:1c:08:58:ae:
                    87:f7:cc:97:bd:fe:8d:88:e3:c4:ef:96:92:57:41:
                    96:80:ec:14:81:3c:13:c2:b5:2c:cf:4a:db:f2:38:
                    c6:cb:20:df:23:81:e8:c3:9c:1b:d6:2d:ac:6d:89:
                    70:b1:76:d0:ed:00:49:b6:9a:18:de:79:51:ad:8a:
                    b3:24:cd:61:c9:1a:5a:7a:15:d9:b1:db:7d:b9:5a:
                    63:2a:b1:26:93:1e:d8:88:9a:7b:9b:8c:0c:02:44:
                    e4:d8:dd:ed:67:83:3d:72:7a:f2:4f:43:16:aa:5a:
                    c7:47:97:67:95:04:5d:49:c7:8d:78:e8:9f:4a:70:
                    1b:ee:db:c6:fd:73:46:a7:12:22:c4:e3:42:0a:66:
                    99:0c:49:6e:38:1a:bb:79:0e:ec:e3:ef:f0:6e:dd:
                    66:24:62:f1:dd:0a:85:74:b2:77:65:a6:2b:ea:88:
                    64:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:77:BF:24:FC:02:C6:89:16:1B:41:7C:B0:BF:15:C7:FB:7D:EA:01
            X509v3 Authority Key Identifier:
                keyid:00:2C:88:65:BC:2A:07:E4:AC:FE:B2:63:B4:D9:CF:62:46:0F:D5:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ACyIZbwqB-Ss_rJjtNnPYkYP1SM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/d7fadc-1ebf-42da-9b22-a60c20c8f717/1/FXe_JPwCxokWG0F8sL8Vx_t96gE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/d7fadc-1ebf-42da-9b22-a60c20c8f717/1/ACyIZbwqB-Ss_rJjtNnPYkYP1SM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.99.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:cb:09:e9:36:ca:7d:40:c1:3f:b8:84:a8:fb:94:65:5c:89:
         10:5f:ba:61:43:12:b8:09:d7:68:1c:44:d5:a8:0e:ec:ac:09:
         4b:e7:d5:05:df:df:37:c0:16:d1:6e:dd:c9:f2:1c:f0:0b:69:
         7d:f0:d8:a0:b2:a4:ae:9d:05:9c:9b:99:aa:46:a2:c5:c5:64:
         43:b6:ab:f9:e8:20:e4:cf:ab:13:e5:68:ba:97:f3:12:48:bb:
         e5:c5:30:7c:69:6b:86:8a:a7:82:82:e8:a8:27:b7:24:7b:17:
         77:2d:6e:af:e6:40:2e:8e:5b:18:20:0e:d5:e1:4d:4b:99:3e:
         b3:a1:43:4e:9d:08:e2:bd:70:16:c1:f9:ba:bf:0b:58:ef:28:
         0e:fe:3b:7f:dc:52:0c:e9:a9:e6:e8:dd:51:48:00:72:c0:f4:
         ec:b8:e9:de:bf:14:9c:4e:0d:74:28:85:f4:ac:d9:71:41:5e:
         08:0e:b1:2e:10:3d:11:44:a3:b5:fc:ea:88:f9:09:6c:07:fc:
         9d:03:b1:5d:40:f8:1e:dc:8d:e3:f1:0d:c0:4a:d9:cb:ca:08:
         ee:70:42:ef:6c:98:46:1a:cf:f1:5c:95:d1:45:19:d2:e5:92:
         9b:d3:cc:dd:ef:5d:70:91:c7:31:95:51:26:56:15:73:40:18:
         1e:bc:50:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIaLfDCwETf3jbvRJoIQ9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwMmM4ODY1YmMyYTA3ZTRhY2ZlYjI2M2I0ZDljZjYyNDYw
ZmQ1MjMwHhcNMjUwMTAyMDM0OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTc3YmYyNGZjMDJjNjg5MTYxYjQxN2NiMGJmMTVjN2ZiN2RlYTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAimc1BV7VLJ87+QP4tiVQRN6L2rYd
i269tHJF82o/WfLzBO9+/JsqFKJwQjiTFjuUR2gaeeQlzLQyHWtQ9539Q0uHD1Ww
gpsl7T3ch1qjOnaJQXxgfRwIWK6H98yXvf6NiOPE75aSV0GWgOwUgTwTwrUsz0rb
8jjGyyDfI4How5wb1i2sbYlwsXbQ7QBJtpoY3nlRrYqzJM1hyRpaehXZsdt9uVpj
KrEmkx7YiJp7m4wMAkTk2N3tZ4M9cnryT0MWqlrHR5dnlQRdSceNeOifSnAb7tvG
/XNGpxIixONCCmaZDEluOBq7eQ7s4+/wbt1mJGLx3QqFdLJ3ZaYr6ohkiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBV3vyT8AsaJFhtBfLC/Fcf7feoBMB8GA1UdIwQY
MBaAFAAsiGW8KgfkrP6yY7TZz2JGD9UjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUN5SVpid3FCLVNzX3JKanROblBZa1lQMVNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi9kN2ZhZGMtMWViZi00MmRhLTliMjIt
YTYwYzIwYzhmNzE3LzEvRlhlX0pQd0N4b2tXRzBGOHNMOFZ4X3Q5NmdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi9kN2ZhZGMtMWViZi00MmRhLTliMjItYTYwYzIwYzhmNzE3
LzEvQUN5SVpid3FCLVNzX3JKanROblBZa1lQMVNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWMHMA0G
CSqGSIb3DQEBCwUAA4IBAQBRywnpNsp9QME/uISo+5RlXIkQX7phQxK4CddoHETV
qA7srAlL59UF3983wBbRbt3J8hzwC2l98NigsqSunQWcm5mqRqLFxWRDtqv56CDk
z6sT5Wi6l/MSSLvlxTB8aWuGiqeCguioJ7ckexd3LW6v5kAujlsYIA7V4U1LmT6z
oUNOnQjivXAWwfm6vwtY7ygO/jt/3FIM6anm6N1RSABywPTsuOnevxScTg10KIX0
rNlxQV4IDrEuED0RRKO1/OqI+QlsB/ydA7FdQPge3I3j8Q3AStnLygjucELvbJhG
Gs/xXJXRRRnS5ZKb08zd711wkccxlVEmVhVzQBgevFCK
-----END CERTIFICATE-----