Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/FaNFrKPAGgcSOLTXTAQ43hERgWE.roa
File:                     FaNFrKPAGgcSOLTXTAQ43hERgWE.roa (raw, json)
Hash identifier:          g7g8XRNbZcsf1JFHCmw60QIP667onu3pwC+jbU1OFCg=
Subject key identifier:   15:A3:45:AC:A3:C0:1A:07:12:38:B4:D7:4C:04:38:DE:11:11:81:61
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       0194851532BD834DAF0F4B78E2E7657DC0F4
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/FaNFrKPAGgcSOLTXTAQ43hERgWE.roa
Signing time:             Mon 20 Jan 2025 18:59:06 +0000
ROA not before:           Mon 20 Jan 2025 18:59:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58061
IP address blocks:        185.109.21.0/24 maxlen: 24
                          213.108.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:85:15:32:bd:83:4d:af:0f:4b:78:e2:e7:65:7d:c0:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan 20 18:59:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=15a345aca3c01a071238b4d74c0438de11118161
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:3e:69:31:08:18:cb:4c:4a:d5:f7:bd:bd:05:
                    6f:1d:63:67:68:a5:13:a9:51:ee:a2:c0:2d:24:db:
                    b8:05:48:e7:62:b9:30:dd:2e:32:86:ea:cf:08:8f:
                    d9:ac:c9:8a:95:98:e6:b6:ec:64:84:a3:8f:19:e6:
                    4a:6f:8c:54:de:1a:53:3a:7c:28:2c:13:4b:c3:6c:
                    fc:b8:4c:37:f1:08:e9:8f:00:5e:d6:c9:6a:3b:64:
                    81:9c:1e:1d:a8:c5:78:89:ca:87:34:43:59:e0:93:
                    be:8a:f3:67:24:b1:30:44:d8:d3:fd:a1:a8:bc:78:
                    de:00:db:54:e1:6f:14:f6:cb:ae:35:d6:fb:45:a3:
                    07:c3:e0:bf:78:61:93:bf:e4:15:29:0d:80:1f:57:
                    d6:13:59:de:1d:63:70:1f:8c:f7:bf:8f:1c:1b:2b:
                    0a:2a:bb:1b:b1:b7:cd:e3:e4:52:55:a9:14:7f:9a:
                    ad:67:ec:bd:0e:f1:c3:c2:16:66:73:c1:89:0f:6c:
                    66:78:ff:48:7f:f4:3f:c4:ff:f8:82:51:7a:90:79:
                    1e:2f:03:87:97:33:28:5c:56:45:2e:8b:38:f0:6d:
                    0d:bc:cd:c2:a5:b3:c9:ab:68:24:8f:28:ea:4f:91:
                    38:5a:01:23:cd:73:08:2a:80:82:b3:fa:91:91:2f:
                    04:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:A3:45:AC:A3:C0:1A:07:12:38:B4:D7:4C:04:38:DE:11:11:81:61
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/FaNFrKPAGgcSOLTXTAQ43hERgWE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.109.21.0/24
                  213.108.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:24:12:34:a6:18:e9:76:eb:35:b4:ad:ee:3c:c7:97:ab:fe:
         24:7f:de:81:81:9e:55:19:73:55:b4:f4:89:a1:c3:9d:24:be:
         43:27:36:f3:15:3e:2d:14:ac:a8:81:7b:ab:e1:6d:4d:88:dc:
         ee:47:30:51:4f:6f:91:ac:42:b0:44:09:0d:62:0f:48:06:76:
         83:dc:65:58:99:af:be:9c:09:ee:f9:a4:7b:4d:45:8d:9a:01:
         fb:13:c7:b0:98:18:25:5e:4e:50:21:13:04:38:0e:ec:a2:1e:
         34:2c:a6:1c:cf:18:b0:2d:7d:05:00:99:9c:3c:b8:f7:87:24:
         75:20:ed:1f:3b:82:06:e1:b2:66:6a:2b:10:a5:39:26:37:58:
         48:d3:f7:7e:b8:30:ff:09:17:c1:6f:d7:84:95:6a:fd:a5:6c:
         86:a5:d6:6b:93:af:dc:49:66:e5:19:fd:9c:9c:92:7d:9d:7c:
         40:bb:ac:ad:a8:93:6e:b3:76:40:4a:0b:08:60:8c:c7:4a:c1:
         8f:66:31:bb:cc:0b:61:c7:da:d9:58:18:b3:e6:91:f0:62:c1:
         0c:ac:33:8c:37:6b:f2:b0:a3:7e:47:a2:b9:9c:0b:f8:6b:c0:
         b5:07:2a:a6:e7:6b:4a:30:71:a5:43:bd:ee:76:3a:d6:97:bd:
         0b:b3:ff:d4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZSFFTK9g02vD0t44udlfcD0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwMTIwMTg1OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWEzNDVhY2EzYzAxYTA3MTIzOGI0ZDc0YzA0MzhkZTExMTE4MTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqz5pMQgYy0xK1fe9vQVvHWNnaKUT
qVHuosAtJNu4BUjnYrkw3S4yhurPCI/ZrMmKlZjmtuxkhKOPGeZKb4xU3hpTOnwo
LBNLw2z8uEw38QjpjwBe1slqO2SBnB4dqMV4icqHNENZ4JO+ivNnJLEwRNjT/aGo
vHjeANtU4W8U9suuNdb7RaMHw+C/eGGTv+QVKQ2AH1fWE1neHWNwH4z3v48cGysK
KrsbsbfN4+RSVakUf5qtZ+y9DvHDwhZmc8GJD2xmeP9If/Q/xP/4glF6kHkeLwOH
lzMoXFZFLos48G0NvM3CpbPJq2gkjyjqT5E4WgEjzXMIKoCCs/qRkS8EFwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBWjRayjwBoHEji010wEON4REYFhMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvRmFORnJLUEFHZ2NTT0xUWFRBUTQzaEVSZ1dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuW0VAwQA
1WzHMA0GCSqGSIb3DQEBCwUAA4IBAQB5JBI0phjpdus1tK3uPMeXq/4kf96BgZ5V
GXNVtPSJocOdJL5DJzbzFT4tFKyogXur4W1NiNzuRzBRT2+RrEKwRAkNYg9IBnaD
3GVYma++nAnu+aR7TUWNmgH7E8ewmBglXk5QIRMEOA7soh40LKYczxiwLX0FAJmc
PLj3hyR1IO0fO4IG4bJmaisQpTkmN1hI0/d+uDD/CRfBb9eElWr9pWyGpdZrk6/c
SWblGf2cnJJ9nXxAu6ytqJNus3ZASgsIYIzHSsGPZjG7zAthx9rZWBiz5pHwYsEM
rDOMN2vysKN+R6K5nAv4a8C1Byqm52tKMHGlQ73udjrWl70Ls//U
-----END CERTIFICATE-----