Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/3b7c43-4241-44d4-8534-409d0f9c8a04/1/FnExCvLDVdYuTR08kgWAavX-Pk0.roa
File:                     FnExCvLDVdYuTR08kgWAavX-Pk0.roa (raw, json)
Hash identifier:          AIJMjDttEuZdQI2f5T19fqAfcHk4SoNhDhOU5X3/Gj8=
Subject key identifier:   16:71:31:0A:F2:C3:55:D6:2E:4D:1D:3C:92:05:80:6A:F5:FE:3E:4D
Certificate issuer:       /CN=bd8f133d1095cd31205c7a3462248cc9941203ac
Certificate serial:       0194258F729B3ABB2091A5288F4B9B6C54F9
Authority key identifier: BD:8F:13:3D:10:95:CD:31:20:5C:7A:34:62:24:8C:C9:94:12:03:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vY8TPRCVzTEgXHo0YiSMyZQSA6w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/3b7c43-4241-44d4-8534-409d0f9c8a04/1/FnExCvLDVdYuTR08kgWAavX-Pk0.roa
Signing time:             Thu 02 Jan 2025 05:49:05 +0000
ROA not before:           Thu 02 Jan 2025 05:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34396
IP address blocks:        195.200.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/3b7c43-4241-44d4-8534-409d0f9c8a04/1/vY8TPRCVzTEgXHo0YiSMyZQSA6w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/3b7c43-4241-44d4-8534-409d0f9c8a04/1/vY8TPRCVzTEgXHo0YiSMyZQSA6w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vY8TPRCVzTEgXHo0YiSMyZQSA6w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:72:9b:3a:bb:20:91:a5:28:8f:4b:9b:6c:54:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd8f133d1095cd31205c7a3462248cc9941203ac
        Validity
            Not Before: Jan  2 05:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1671310af2c355d62e4d1d3c9205806af5fe3e4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:5b:fd:8e:8e:0f:bb:f8:af:84:29:2c:cc:5a:
                    5f:1b:a7:58:1e:1b:73:84:38:fe:75:f3:18:06:59:
                    34:81:be:c5:b3:71:90:0c:da:6d:d2:5e:ff:d8:53:
                    09:ca:21:cd:04:4e:0f:70:96:71:ae:b8:93:f7:0c:
                    8b:d5:77:7d:00:5f:8e:1c:39:1e:01:78:9b:02:cc:
                    57:56:74:2d:b5:56:6c:7e:08:ed:27:61:91:00:e9:
                    5d:46:be:92:b6:19:19:eb:a4:58:10:4a:8c:e8:19:
                    04:c0:ac:7d:7d:3c:b0:fe:b3:c9:33:f9:1d:fb:48:
                    a0:d3:bf:91:ff:6f:de:d1:e5:97:bf:c6:96:86:7c:
                    fa:7d:7b:75:20:a1:07:86:ac:21:38:ca:8f:fa:42:
                    7b:99:dd:a7:9c:f0:38:36:6e:ab:1c:ea:be:78:2c:
                    82:98:c3:b7:bf:21:f4:f4:88:4d:d3:13:24:13:cf:
                    5e:65:a8:76:57:0b:a2:1d:5e:3d:0f:12:43:04:be:
                    45:44:92:8d:a6:b0:aa:aa:3b:25:48:a1:1b:6a:a5:
                    72:64:1e:b6:25:4b:c6:16:f0:0b:a9:a2:b7:c1:97:
                    da:c2:d6:bb:9b:50:0c:5a:31:92:d2:8b:12:66:b8:
                    5b:8e:a3:cf:8e:b1:53:6b:c7:6f:ac:ef:b4:a3:89:
                    c3:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:71:31:0A:F2:C3:55:D6:2E:4D:1D:3C:92:05:80:6A:F5:FE:3E:4D
            X509v3 Authority Key Identifier:
                keyid:BD:8F:13:3D:10:95:CD:31:20:5C:7A:34:62:24:8C:C9:94:12:03:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vY8TPRCVzTEgXHo0YiSMyZQSA6w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/3b7c43-4241-44d4-8534-409d0f9c8a04/1/FnExCvLDVdYuTR08kgWAavX-Pk0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/3b7c43-4241-44d4-8534-409d0f9c8a04/1/vY8TPRCVzTEgXHo0YiSMyZQSA6w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.200.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:a0:ff:d1:b1:fd:96:d2:03:96:f5:eb:cf:05:f2:01:5f:d1:
         7e:b9:ca:f4:6a:3c:91:d1:6d:b4:3b:b7:0f:5c:cf:fc:d6:9b:
         87:06:48:be:01:2b:7c:d0:c0:52:d3:e6:3f:b1:56:2d:39:83:
         eb:04:5b:8a:7e:80:71:31:cf:e0:59:35:6d:c2:83:8f:52:d3:
         bc:e8:cb:4b:13:97:6b:3b:fb:40:17:8f:10:14:d8:b2:75:8c:
         cf:7d:74:1b:48:f0:42:25:e8:52:a7:b9:bc:2e:db:58:39:eb:
         fc:09:9b:19:a7:d0:c1:d9:9c:56:0c:a3:05:3e:33:44:ce:a7:
         9c:32:13:f9:a1:02:33:a8:fe:b5:21:ea:fd:14:4f:3d:5f:a4:
         8d:b0:35:3b:b3:2e:3f:76:f3:54:52:bb:37:09:ca:83:53:e3:
         cd:51:0e:01:79:a2:3b:b8:3e:8f:c3:3c:30:16:52:c2:0a:d2:
         84:0f:b9:23:cf:c4:e5:52:7f:d0:56:b0:03:0e:f4:68:dd:27:
         7c:85:d0:d5:8c:78:a5:b5:74:c6:a7:f0:24:ee:8f:9a:9d:26:
         40:23:e7:2c:25:b9:92:5a:9b:d1:27:ce:6c:60:01:75:ec:23:
         5f:3f:ea:d9:87:83:ca:b4:70:9b:76:89:a6:44:0b:b4:92:2b:
         2c:ef:e1:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj3KbOrsgkaUoj0ubbFT5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkOGYxMzNkMTA5NWNkMzEyMDVjN2EzNDYyMjQ4Y2M5OTQx
MjAzYWMwHhcNMjUwMTAyMDU0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjcxMzEwYWYyYzM1NWQ2MmU0ZDFkM2M5MjA1ODA2YWY1ZmUzZTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlFv9jo4Pu/ivhCkszFpfG6dYHhtz
hDj+dfMYBlk0gb7Fs3GQDNpt0l7/2FMJyiHNBE4PcJZxrriT9wyL1Xd9AF+OHDke
AXibAsxXVnQttVZsfgjtJ2GRAOldRr6SthkZ66RYEEqM6BkEwKx9fTyw/rPJM/kd
+0ig07+R/2/e0eWXv8aWhnz6fXt1IKEHhqwhOMqP+kJ7md2nnPA4Nm6rHOq+eCyC
mMO3vyH09IhN0xMkE89eZah2VwuiHV49DxJDBL5FRJKNprCqqjslSKEbaqVyZB62
JUvGFvALqaK3wZfawta7m1AMWjGS0osSZrhbjqPPjrFTa8dvrO+0o4nDjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBZxMQryw1XWLk0dPJIFgGr1/j5NMB8GA1UdIwQY
MBaAFL2PEz0Qlc0xIFx6NGIkjMmUEgOsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlk4VFBSQ1Z6VEVnWEhvMFlpU015WlFTQTZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC8zYjdjNDMtNDI0MS00NGQ0LTg1MzQt
NDA5ZDBmOWM4YTA0LzEvRm5FeEN2TERWZFl1VFIwOGtnV0FhdlgtUGswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC8zYjdjNDMtNDI0MS00NGQ0LTg1MzQtNDA5ZDBmOWM4YTA0
LzEvdlk4VFBSQ1Z6VEVnWEhvMFlpU015WlFTQTZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw8hRMA0G
CSqGSIb3DQEBCwUAA4IBAQCXoP/Rsf2W0gOW9evPBfIBX9F+ucr0ajyR0W20O7cP
XM/81puHBki+ASt80MBS0+Y/sVYtOYPrBFuKfoBxMc/gWTVtwoOPUtO86MtLE5dr
O/tAF48QFNiydYzPfXQbSPBCJehSp7m8LttYOev8CZsZp9DB2ZxWDKMFPjNEzqec
MhP5oQIzqP61Ier9FE89X6SNsDU7sy4/dvNUUrs3CcqDU+PNUQ4BeaI7uD6Pwzww
FlLCCtKED7kjz8TlUn/QVrADDvRo3Sd8hdDVjHiltXTGp/Ak7o+anSZAI+csJbmS
WpvRJ85sYAF17CNfP+rZh4PKtHCbdommRAu0kiss7+Ez
-----END CERTIFICATE-----