Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/ef5856-bbc0-45a4-891e-b2dcc1863e8b/1/fiBm-H6MZf3doc0iQRwx1WfOBtU.roa
File:                     fiBm-H6MZf3doc0iQRwx1WfOBtU.roa (raw, json)
Hash identifier:          lFEwHkm3foVU/vLtJDQi6VsIU7NhnRJ+voXn3vgZZsQ=
Subject key identifier:   7E:20:66:F8:7E:8C:65:FD:DD:A1:CD:22:41:1C:31:D5:67:CE:06:D5
Certificate issuer:       /CN=99e7209a8c9b176fbf623edf3ee0b82007fc2c40
Certificate serial:       019424B3823D3205C3AE3D83836C3FAD92F8
Authority key identifier: 99:E7:20:9A:8C:9B:17:6F:BF:62:3E:DF:3E:E0:B8:20:07:FC:2C:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mecgmoybF2-_Yj7fPuC4IAf8LEA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/ef5856-bbc0-45a4-891e-b2dcc1863e8b/1/fiBm-H6MZf3doc0iQRwx1WfOBtU.roa
Signing time:             Thu 02 Jan 2025 01:48:51 +0000
ROA not before:           Thu 02 Jan 2025 01:48:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47686
IP address blocks:        94.100.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/ef5856-bbc0-45a4-891e-b2dcc1863e8b/1/mecgmoybF2-_Yj7fPuC4IAf8LEA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/ef5856-bbc0-45a4-891e-b2dcc1863e8b/1/mecgmoybF2-_Yj7fPuC4IAf8LEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mecgmoybF2-_Yj7fPuC4IAf8LEA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 20:22:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:82:3d:32:05:c3:ae:3d:83:83:6c:3f:ad:92:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99e7209a8c9b176fbf623edf3ee0b82007fc2c40
        Validity
            Not Before: Jan  2 01:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7e2066f87e8c65fddda1cd22411c31d567ce06d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:3a:84:cb:91:29:61:5e:5e:3c:55:9a:e1:4a:
                    6a:ec:36:09:7c:83:07:dc:77:7c:e1:b5:63:5e:04:
                    47:dd:63:26:e8:c9:f8:62:78:d7:4a:ff:5a:12:81:
                    77:97:f2:82:0a:0e:42:1a:13:34:39:0e:f8:66:ea:
                    a9:8c:4d:7e:1e:d9:8d:5d:32:98:64:7f:da:81:5b:
                    13:57:9f:b9:6f:5f:00:0d:7d:47:89:8b:76:37:be:
                    a2:33:f7:f5:18:a0:2b:d1:57:aa:69:de:fb:67:52:
                    e6:a6:5c:43:60:9e:ca:3d:3b:89:69:6d:6d:35:ef:
                    95:54:df:a2:54:14:5f:ee:0d:a0:a6:18:c1:8d:36:
                    12:e3:1d:6e:d2:00:14:72:45:cc:cf:ef:00:28:99:
                    f2:e4:21:9c:55:5c:54:6b:13:66:35:ef:38:47:3d:
                    04:34:de:f0:38:94:f2:b2:26:b3:54:a3:11:1d:b0:
                    69:74:dd:1c:7f:be:95:f5:5a:13:29:54:8a:97:3d:
                    66:3b:e0:02:7f:61:ea:b8:cb:a6:f2:b2:cd:bf:de:
                    9c:72:fb:64:b1:51:e2:1a:7a:65:60:21:10:1f:5a:
                    69:0c:47:b9:db:8a:23:eb:d4:79:89:21:a3:bb:d6:
                    e0:b9:ce:de:19:81:30:cc:cb:39:c3:83:48:4f:43:
                    36:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:20:66:F8:7E:8C:65:FD:DD:A1:CD:22:41:1C:31:D5:67:CE:06:D5
            X509v3 Authority Key Identifier:
                keyid:99:E7:20:9A:8C:9B:17:6F:BF:62:3E:DF:3E:E0:B8:20:07:FC:2C:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mecgmoybF2-_Yj7fPuC4IAf8LEA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/ef5856-bbc0-45a4-891e-b2dcc1863e8b/1/fiBm-H6MZf3doc0iQRwx1WfOBtU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/ef5856-bbc0-45a4-891e-b2dcc1863e8b/1/mecgmoybF2-_Yj7fPuC4IAf8LEA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.100.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:ad:e6:78:10:bb:13:e8:c2:83:ff:8a:10:95:b5:37:1a:5d:
         91:35:a6:32:f7:a1:c2:fd:bd:18:a2:c8:c6:37:4b:af:9f:ae:
         e1:76:bd:94:91:cd:04:da:fb:89:f4:c2:cc:8c:78:c0:6f:d3:
         41:28:8a:9f:c1:e0:f6:ea:98:38:80:88:e8:53:e8:ff:e2:ed:
         13:2f:4b:95:7d:cd:7b:3c:c0:a7:2e:3b:0f:a8:ef:68:b4:27:
         ab:89:cf:65:1d:a5:77:9c:37:34:6a:fc:20:00:cb:c5:c2:3e:
         2b:f7:d4:4a:20:de:be:53:b5:b6:5e:98:41:1c:1f:ee:38:8a:
         85:ef:fa:3b:67:31:06:98:ff:68:b8:b8:46:96:5f:e1:e8:6a:
         27:f8:54:f2:bb:bb:35:16:ad:46:37:f0:76:c2:58:1d:f8:11:
         bd:78:54:6e:e0:37:87:51:45:1f:40:cb:f9:4b:8f:dc:35:e5:
         f3:29:f8:08:59:6b:c4:06:6e:fd:4b:d3:52:56:aa:33:53:a0:
         7e:4c:7e:cc:08:1d:82:a7:1d:bf:6a:bf:78:af:ae:4c:be:dd:
         9e:53:fe:3f:2d:0c:8c:90:5f:25:23:40:27:bd:f2:f9:5f:6b:
         92:2a:bd:f0:30:fd:2d:4d:7b:6b:a5:02:f1:1c:6e:48:d2:44:
         67:d3:5d:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks4I9MgXDrj2Dg2w/rZL4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5ZTcyMDlhOGM5YjE3NmZiZjYyM2VkZjNlZTBiODIwMDdm
YzJjNDAwHhcNMjUwMTAyMDE0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTIwNjZmODdlOGM2NWZkZGRhMWNkMjI0MTFjMzFkNTY3Y2UwNmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+zqEy5EpYV5ePFWa4Upq7DYJfIMH
3Hd84bVjXgRH3WMm6Mn4YnjXSv9aEoF3l/KCCg5CGhM0OQ74ZuqpjE1+HtmNXTKY
ZH/agVsTV5+5b18ADX1HiYt2N76iM/f1GKAr0Veqad77Z1LmplxDYJ7KPTuJaW1t
Ne+VVN+iVBRf7g2gphjBjTYS4x1u0gAUckXMz+8AKJny5CGcVVxUaxNmNe84Rz0E
NN7wOJTysiazVKMRHbBpdN0cf76V9VoTKVSKlz1mO+ACf2HquMum8rLNv96ccvtk
sVHiGnplYCEQH1ppDEe524oj69R5iSGju9bguc7eGYEwzMs5w4NIT0M23wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH4gZvh+jGX93aHNIkEcMdVnzgbVMB8GA1UdIwQY
MBaAFJnnIJqMmxdvv2I+3z7guCAH/CxAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWVjZ21veWJGMi1fWWo3ZlB1QzRJQWY4TEVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi9lZjU4NTYtYmJjMC00NWE0LTg5MWUt
YjJkY2MxODYzZThiLzEvZmlCbS1INk1aZjNkb2MwaVFSd3gxV2ZPQnRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi9lZjU4NTYtYmJjMC00NWE0LTg5MWUtYjJkY2MxODYzZThi
LzEvbWVjZ21veWJGMi1fWWo3ZlB1QzRJQWY4TEVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXmRoMA0G
CSqGSIb3DQEBCwUAA4IBAQBOreZ4ELsT6MKD/4oQlbU3Gl2RNaYy96HC/b0YosjG
N0uvn67hdr2Ukc0E2vuJ9MLMjHjAb9NBKIqfweD26pg4gIjoU+j/4u0TL0uVfc17
PMCnLjsPqO9otCeric9lHaV3nDc0avwgAMvFwj4r99RKIN6+U7W2XphBHB/uOIqF
7/o7ZzEGmP9ouLhGll/h6Gon+FTyu7s1Fq1GN/B2wlgd+BG9eFRu4DeHUUUfQMv5
S4/cNeXzKfgIWWvEBm79S9NSVqozU6B+TH7MCB2Cpx2/ar94r65Mvt2eU/4/LQyM
kF8lI0AnvfL5X2uSKr3wMP0tTXtrpQLxHG5I0kRn012n
-----END CERTIFICATE-----