Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/ad6c83-e5fd-4417-bff9-eb68efc4748b/1/FMnMJSika8qzHn3rA1gugh6bskk.roa
File:                     FMnMJSika8qzHn3rA1gugh6bskk.roa (raw, json)
Hash identifier:          ifB+hpHW1Zidp1iRq+x5utdXKTTiyitHTNMMB+oocZw=
Subject key identifier:   14:C9:CC:25:28:A4:6B:CA:B3:1E:7D:EB:03:58:2E:82:1E:9B:B2:49
Certificate issuer:       /CN=ca37af095113dadd5bc51bdebbf0ad34d6eedb64
Certificate serial:       01941F8C1CF431BBFD1C72815F846918B8DC
Authority key identifier: CA:37:AF:09:51:13:DA:DD:5B:C5:1B:DE:BB:F0:AD:34:D6:EE:DB:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yjevCVET2t1bxRveu_CtNNbu22Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/ad6c83-e5fd-4417-bff9-eb68efc4748b/1/FMnMJSika8qzHn3rA1gugh6bskk.roa
Signing time:             Wed 01 Jan 2025 01:47:43 +0000
ROA not before:           Wed 01 Jan 2025 01:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29551
IP address blocks:        195.114.10.0/23 maxlen: 24
                          2001:67c:6fc::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/ad6c83-e5fd-4417-bff9-eb68efc4748b/1/yjevCVET2t1bxRveu_CtNNbu22Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/ad6c83-e5fd-4417-bff9-eb68efc4748b/1/yjevCVET2t1bxRveu_CtNNbu22Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yjevCVET2t1bxRveu_CtNNbu22Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:1c:f4:31:bb:fd:1c:72:81:5f:84:69:18:b8:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca37af095113dadd5bc51bdebbf0ad34d6eedb64
        Validity
            Not Before: Jan  1 01:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=14c9cc2528a46bcab31e7deb03582e821e9bb249
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:33:74:2e:71:09:17:ca:c8:36:41:0d:94:9a:
                    f5:16:81:fa:7f:0d:b6:78:a8:49:e8:94:5f:4e:73:
                    d1:11:94:de:2b:c6:94:90:ab:6c:19:5e:8e:86:d7:
                    92:b4:72:94:83:09:75:a6:a4:18:a6:7b:28:6e:c9:
                    38:e3:82:af:62:8f:f9:59:5e:95:b0:4a:07:e7:93:
                    6f:92:67:08:9f:9d:d6:5d:50:81:5a:22:e8:4d:41:
                    f2:fe:07:71:77:e1:fa:dd:57:64:9b:50:ca:24:5b:
                    1f:75:94:34:b4:39:0a:51:07:a0:e3:6d:4a:93:1b:
                    4e:ec:ad:2f:3f:be:bf:b8:e1:74:20:4f:c7:6c:f8:
                    46:a3:a7:1a:6b:50:77:e5:94:87:61:ef:29:47:99:
                    1b:4f:95:3b:d4:34:67:e8:d4:06:8e:02:25:a5:58:
                    eb:66:15:ee:f0:cc:ae:41:3a:b1:c3:aa:0f:cb:49:
                    06:35:38:8d:a0:d9:a4:fc:d3:82:da:d0:b6:0a:9d:
                    f6:82:76:dc:5b:98:48:4b:78:d0:e8:81:4b:95:e0:
                    f4:f8:1a:98:39:3d:d9:5c:4a:47:d0:85:f5:f6:62:
                    69:be:12:72:41:af:36:10:2d:7c:cb:32:cd:fb:18:
                    51:85:99:37:5e:91:5b:5b:cc:c6:f6:ef:28:59:39:
                    11:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:C9:CC:25:28:A4:6B:CA:B3:1E:7D:EB:03:58:2E:82:1E:9B:B2:49
            X509v3 Authority Key Identifier:
                keyid:CA:37:AF:09:51:13:DA:DD:5B:C5:1B:DE:BB:F0:AD:34:D6:EE:DB:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yjevCVET2t1bxRveu_CtNNbu22Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/ad6c83-e5fd-4417-bff9-eb68efc4748b/1/FMnMJSika8qzHn3rA1gugh6bskk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/ad6c83-e5fd-4417-bff9-eb68efc4748b/1/yjevCVET2t1bxRveu_CtNNbu22Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.114.10.0/23
                IPv6:
                  2001:67c:6fc::/48

    Signature Algorithm: sha256WithRSAEncryption
         7b:ae:b7:ad:34:1c:3d:ee:4a:62:0b:20:3c:6e:da:51:11:1d:
         e2:62:c8:cd:2e:ab:e6:9f:4a:90:64:07:98:b1:b3:ef:c4:ac:
         f6:3f:ea:98:e7:a8:22:06:cc:0d:71:40:57:24:c3:f9:f8:39:
         93:a5:93:7b:d5:79:ac:20:ac:ce:63:1a:ee:d1:58:f9:2c:67:
         12:ce:e3:12:93:43:aa:46:3d:a1:e4:aa:9d:06:a3:d2:60:9d:
         6d:c7:83:bc:3d:9b:cb:5a:b6:bd:04:52:7a:c0:94:2b:cb:93:
         25:31:2e:87:17:68:2c:2f:43:0d:2e:bb:81:c8:09:27:35:78:
         2f:0e:06:de:a1:49:a9:e1:58:f7:c7:48:be:81:7a:f6:ac:27:
         8d:8a:0a:37:74:e4:25:68:b3:aa:82:9f:d1:b6:2a:24:16:41:
         06:24:07:a2:e9:9f:f3:a4:82:be:aa:50:31:cb:4f:60:8d:dd:
         2d:65:ed:83:43:e4:6c:7a:6a:11:d0:20:12:8a:fa:55:cc:de:
         18:ac:2b:b9:4c:49:4c:e2:2b:d3:26:78:d3:10:b9:b1:7c:5e:
         eb:71:e1:ae:84:36:1b:ad:1b:ea:72:61:ea:64:16:16:9b:7f:
         4a:ab:6b:35:59:f6:c6:35:cf:9b:5a:45:ea:1a:20:81:93:3a:
         cd:48:d1:96
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQfjBz0Mbv9HHKBX4RpGLjcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhMzdhZjA5NTExM2RhZGQ1YmM1MWJkZWJiZjBhZDM0ZDZl
ZWRiNjQwHhcNMjUwMTAxMDE0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGM5Y2MyNTI4YTQ2YmNhYjMxZTdkZWIwMzU4MmU4MjFlOWJiMjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDN0LnEJF8rINkENlJr1FoH6fw22
eKhJ6JRfTnPREZTeK8aUkKtsGV6OhteStHKUgwl1pqQYpnsobsk444KvYo/5WV6V
sEoH55NvkmcIn53WXVCBWiLoTUHy/gdxd+H63Vdkm1DKJFsfdZQ0tDkKUQeg421K
kxtO7K0vP76/uOF0IE/HbPhGo6caa1B35ZSHYe8pR5kbT5U71DRn6NQGjgIlpVjr
ZhXu8MyuQTqxw6oPy0kGNTiNoNmk/NOC2tC2Cp32gnbcW5hIS3jQ6IFLleD0+BqY
OT3ZXEpH0IX19mJpvhJyQa82EC18yzLN+xhRhZk3XpFbW8zG9u8oWTkRVwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBTJzCUopGvKsx596wNYLoIem7JJMB8GA1UdIwQY
MBaAFMo3rwlRE9rdW8Ub3rvwrTTW7ttkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWpldkNWRVQydDFieFJ2ZXVfQ3ROTmJ1MjJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC9hZDZjODMtZTVmZC00NDE3LWJmZjkt
ZWI2OGVmYzQ3NDhiLzEvRk1uTUpTaWthOHF6SG4zckExZ3VnaDZic2trLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC9hZDZjODMtZTVmZC00NDE3LWJmZjktZWI2OGVmYzQ3NDhi
LzEveWpldkNWRVQydDFieFJ2ZXVfQ3ROTmJ1MjJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBw3IKMA8E
AgACMAkDBwAgAQZ8BvwwDQYJKoZIhvcNAQELBQADggEBAHuut600HD3uSmILIDxu
2lERHeJiyM0uq+afSpBkB5ixs+/ErPY/6pjnqCIGzA1xQFckw/n4OZOlk3vVeawg
rM5jGu7RWPksZxLO4xKTQ6pGPaHkqp0Go9JgnW3Hg7w9m8tatr0EUnrAlCvLkyUx
LocXaCwvQw0uu4HICSc1eC8OBt6hSanhWPfHSL6BevasJ42KCjd05CVos6qCn9G2
KiQWQQYkB6Lpn/Okgr6qUDHLT2CN3S1l7YND5Gx6ahHQIBKK+lXM3hisK7lMSUzi
K9MmeNMQubF8Xutx4a6ENhutG+pyYepkFhabf0qrazVZ9sY1z5taReoaIIGTOs1I
0ZY=
-----END CERTIFICATE-----