Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/288416-a46e-49c3-9337-249ce0c312b3/1/FL4VCP2ebS0KpzdEEjgpeOZ0WHU.roa
File:                     FL4VCP2ebS0KpzdEEjgpeOZ0WHU.roa (raw, json)
Hash identifier:          a8hxfR30jfZG7itjDgkJbvAUR1rTEz6wQmvQZHvY+Vg=
Subject key identifier:   14:BE:15:08:FD:9E:6D:2D:0A:A7:37:44:12:38:29:78:E6:74:58:75
Certificate issuer:       /CN=bfaea358aeeeb7d0b9e0f93d23f67d29a7ec62c8
Certificate serial:       01946A2E9D64897644C04B3DB5BAB71B3EA1
Authority key identifier: BF:AE:A3:58:AE:EE:B7:D0:B9:E0:F9:3D:23:F6:7D:29:A7:EC:62:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v66jWK7ut9C54Pk9I_Z9KafsYsg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/288416-a46e-49c3-9337-249ce0c312b3/1/FL4VCP2ebS0KpzdEEjgpeOZ0WHU.roa
Signing time:             Wed 15 Jan 2025 13:37:07 +0000
ROA not before:           Wed 15 Jan 2025 13:37:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41540
IP address blocks:        194.246.120.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/288416-a46e-49c3-9337-249ce0c312b3/1/v66jWK7ut9C54Pk9I_Z9KafsYsg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/288416-a46e-49c3-9337-249ce0c312b3/1/v66jWK7ut9C54Pk9I_Z9KafsYsg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v66jWK7ut9C54Pk9I_Z9KafsYsg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 13:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:6a:2e:9d:64:89:76:44:c0:4b:3d:b5:ba:b7:1b:3e:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfaea358aeeeb7d0b9e0f93d23f67d29a7ec62c8
        Validity
            Not Before: Jan 15 13:37:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=14be1508fd9e6d2d0aa7374412382978e6745875
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:bf:f0:79:3b:50:74:18:d1:39:cf:a4:60:1a:
                    3e:07:b5:4c:d2:94:76:2a:aa:f5:4e:50:68:60:bf:
                    73:7e:f4:b7:5d:75:31:c9:6b:86:8d:d1:8b:b6:e7:
                    af:a6:d1:3e:82:1d:90:47:8f:2c:10:3b:78:36:41:
                    15:c7:a9:fd:51:4f:45:ed:d4:bf:df:73:a3:05:9e:
                    a2:86:78:9f:f0:4e:c8:38:9a:07:10:08:b2:50:6c:
                    ae:18:e9:ca:7e:9b:bd:ec:fc:79:50:d0:b5:35:9e:
                    55:31:31:ab:ec:94:a1:db:f4:eb:a7:ad:10:5a:39:
                    9e:84:3f:d6:f3:e0:ec:42:05:b7:fe:ad:1a:7f:02:
                    2f:f2:4d:05:46:c2:6e:93:a7:9a:2c:cf:8c:eb:06:
                    5d:16:c0:b1:7e:f0:14:59:96:a4:2d:89:77:30:99:
                    cd:74:a9:df:61:b4:04:20:73:20:65:56:94:8e:7f:
                    ff:37:a5:dc:ec:af:58:dd:0c:d8:01:55:89:ab:8d:
                    02:5c:04:60:d9:a4:e2:0a:b1:6a:3e:59:72:ee:86:
                    fa:f5:d4:b8:9d:9e:cb:28:cc:44:e4:7a:c9:90:bb:
                    39:47:fc:7e:01:fc:c4:50:9a:a4:33:b2:83:98:ec:
                    c9:da:37:6d:a3:81:2a:8d:e1:e9:21:90:1f:e7:07:
                    4a:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:BE:15:08:FD:9E:6D:2D:0A:A7:37:44:12:38:29:78:E6:74:58:75
            X509v3 Authority Key Identifier:
                keyid:BF:AE:A3:58:AE:EE:B7:D0:B9:E0:F9:3D:23:F6:7D:29:A7:EC:62:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v66jWK7ut9C54Pk9I_Z9KafsYsg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/288416-a46e-49c3-9337-249ce0c312b3/1/FL4VCP2ebS0KpzdEEjgpeOZ0WHU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/288416-a46e-49c3-9337-249ce0c312b3/1/v66jWK7ut9C54Pk9I_Z9KafsYsg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.246.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:c7:3d:00:a5:ef:b5:49:f7:ae:09:b8:08:8e:9a:96:b2:83:
         a6:bc:4f:8e:63:bb:17:9c:6a:05:8a:72:dc:b0:75:86:ec:04:
         f5:9f:12:ff:9f:1f:d0:dc:e5:b7:d9:da:58:4a:3e:2a:51:16:
         52:e0:9b:b9:18:08:37:05:c9:0d:75:21:3b:8d:f3:71:5c:57:
         7c:06:9f:b5:fe:e6:f7:3f:56:15:42:9c:00:db:ae:a6:74:d7:
         00:54:eb:ba:42:d1:62:14:86:27:5f:0b:8a:7b:0b:4e:45:31:
         8c:9d:2e:c1:72:e4:29:7d:b3:ea:d2:50:f4:9a:62:db:3b:e5:
         ef:cd:ab:d4:02:6f:33:90:6a:9e:44:d5:d5:fa:1f:02:9f:eb:
         33:78:0f:82:6c:c8:35:1e:a5:9c:0f:1a:33:71:0c:61:9b:40:
         bc:e6:3c:f0:09:24:6c:bb:69:e7:02:29:22:ad:03:82:ff:54:
         99:b0:fc:08:6a:a5:19:b3:b2:1c:84:93:7b:3d:a9:11:1d:ea:
         77:fa:89:fa:6f:b0:5f:f1:ad:88:b1:f5:f9:d7:76:d7:05:af:
         93:59:e9:7c:ef:c0:14:f7:a3:c0:22:92:a5:48:4c:6d:aa:9a:
         bb:2d:6d:3e:66:56:65:3e:6d:9a:b0:b3:f4:50:b3:23:7b:39:
         c7:fd:39:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRqLp1kiXZEwEs9tbq3Gz6hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYWVhMzU4YWVlZWI3ZDBiOWUwZjkzZDIzZjY3ZDI5YTdl
YzYyYzgwHhcNMjUwMTE1MTMzNzA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGJlMTUwOGZkOWU2ZDJkMGFhNzM3NDQxMjM4Mjk3OGU2NzQ1ODc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuL/weTtQdBjROc+kYBo+B7VM0pR2
Kqr1TlBoYL9zfvS3XXUxyWuGjdGLtuevptE+gh2QR48sEDt4NkEVx6n9UU9F7dS/
33OjBZ6ihnif8E7IOJoHEAiyUGyuGOnKfpu97Px5UNC1NZ5VMTGr7JSh2/Trp60Q
WjmehD/W8+DsQgW3/q0afwIv8k0FRsJuk6eaLM+M6wZdFsCxfvAUWZakLYl3MJnN
dKnfYbQEIHMgZVaUjn//N6Xc7K9Y3QzYAVWJq40CXARg2aTiCrFqPlly7ob69dS4
nZ7LKMxE5HrJkLs5R/x+AfzEUJqkM7KDmOzJ2jdto4EqjeHpIZAf5wdKQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBS+FQj9nm0tCqc3RBI4KXjmdFh1MB8GA1UdIwQY
MBaAFL+uo1iu7rfQueD5PSP2fSmn7GLIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjY2aldLN3V0OUM1NFBrOUlfWjlLYWZzWXNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC8yODg0MTYtYTQ2ZS00OWMzLTkzMzct
MjQ5Y2UwYzMxMmIzLzEvRkw0VkNQMmViUzBLcHpkRUVqZ3BlT1owV0hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC8yODg0MTYtYTQ2ZS00OWMzLTkzMzctMjQ5Y2UwYzMxMmIz
LzEvdjY2aldLN3V0OUM1NFBrOUlfWjlLYWZzWXNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwvZ4MA0G
CSqGSIb3DQEBCwUAA4IBAQAlxz0Ape+1SfeuCbgIjpqWsoOmvE+OY7sXnGoFinLc
sHWG7AT1nxL/nx/Q3OW32dpYSj4qURZS4Ju5GAg3BckNdSE7jfNxXFd8Bp+1/ub3
P1YVQpwA266mdNcAVOu6QtFiFIYnXwuKewtORTGMnS7BcuQpfbPq0lD0mmLbO+Xv
zavUAm8zkGqeRNXV+h8Cn+szeA+CbMg1HqWcDxozcQxhm0C85jzwCSRsu2nnAiki
rQOC/1SZsPwIaqUZs7IchJN7PakRHep3+on6b7Bf8a2IsfX513bXBa+TWel878AU
96PAIpKlSExtqpq7LW0+ZlZlPm2asLP0ULMjeznH/Tnv
-----END CERTIFICATE-----