Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/FtnIOxjDGUuxWrPY5cqQncUsnNw.roa
File:                     FtnIOxjDGUuxWrPY5cqQncUsnNw.roa (raw, json)
Hash identifier:          2Ec3gvjeLRCweYa9aB6WpfOigbgmZ70pa1XMozzGYt0=
Subject key identifier:   16:D9:C8:3B:18:C3:19:4B:B1:5A:B3:D8:E5:CA:90:9D:C5:2C:9C:DC
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019422205C151155910A85686D3644DE31C2
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/FtnIOxjDGUuxWrPY5cqQncUsnNw.roa
Signing time:             Wed 01 Jan 2025 13:48:53 +0000
ROA not before:           Wed 01 Jan 2025 13:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216396
IP address blocks:        194.5.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:5c:15:11:55:91:0a:85:68:6d:36:44:de:31:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  1 13:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=16d9c83b18c3194bb15ab3d8e5ca909dc52c9cdc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:eb:5b:af:5f:1a:30:82:67:71:0d:ee:a2:ff:
                    ae:1c:52:22:fd:61:77:29:a5:4d:0e:6a:ea:21:08:
                    3d:18:59:2c:53:f3:cd:a7:d3:23:c6:78:0d:dd:fd:
                    32:9b:57:2a:78:fc:03:39:a4:9a:a8:fc:5d:bc:81:
                    ed:0a:29:c8:6b:79:43:74:6c:e0:54:96:6b:2e:aa:
                    e1:d7:30:27:09:05:43:7c:6c:f9:eb:2d:a1:65:0c:
                    38:9a:4d:c0:98:28:d7:d0:49:93:71:8d:1d:5a:09:
                    44:c9:e6:20:bc:1a:34:f9:5a:d0:51:81:3e:8d:bb:
                    30:31:8d:69:73:e9:d2:58:c3:e4:95:3d:58:3a:33:
                    80:c7:a8:8d:20:7b:ca:8e:b2:1b:22:71:ae:f4:0a:
                    c4:41:47:c5:84:7e:26:bf:80:1d:dd:e8:f4:41:7d:
                    b1:15:6c:02:f8:bd:c6:26:ca:46:45:76:f0:bb:f1:
                    4f:74:43:b7:f2:ef:8d:28:e7:3d:1f:55:68:6a:75:
                    23:97:fb:b4:e3:20:cc:43:a7:e0:1d:d1:32:aa:6e:
                    e1:79:93:41:5f:7b:1f:dd:5c:65:d6:c9:d4:a5:ad:
                    0d:8e:6f:5a:2e:b2:97:4b:06:92:19:c6:e5:27:21:
                    94:bb:b6:64:81:ed:cc:0b:26:37:0f:36:6a:58:71:
                    a0:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:D9:C8:3B:18:C3:19:4B:B1:5A:B3:D8:E5:CA:90:9D:C5:2C:9C:DC
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/FtnIOxjDGUuxWrPY5cqQncUsnNw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:34:e6:a1:5b:03:40:b9:a8:91:9f:9d:e3:9e:09:d0:2b:33:
         d5:50:a4:61:b0:a2:eb:f3:b4:bb:dd:37:ba:df:d3:7d:49:b3:
         3e:92:17:ef:09:ed:4d:eb:68:27:1f:95:f4:4d:a4:2b:43:06:
         df:ff:bb:61:b2:27:2c:85:97:5d:61:85:4a:d4:a8:29:a9:bb:
         d0:77:74:cf:34:e1:26:17:81:5b:86:a3:f5:5f:2f:ee:41:20:
         35:44:95:a7:e1:44:ac:a8:41:98:29:c7:5c:69:4b:13:f0:ee:
         0f:c5:b0:58:39:4a:df:f8:d3:5b:8e:d7:17:e6:53:3d:61:cd:
         3d:ac:53:35:1b:02:7e:a5:38:12:3c:91:07:2a:86:4c:5e:e0:
         77:17:d0:fa:00:2b:cd:26:9f:99:9e:c6:24:49:be:99:a0:83:
         fa:5e:e2:3a:75:d6:9e:52:4b:e2:1b:7a:f3:46:f8:fd:04:d5:
         3a:c9:65:c5:3a:ef:be:b7:6a:26:74:8c:f8:e7:2a:ad:c9:f8:
         ea:d8:d2:c8:45:74:f1:c1:a1:88:d5:b5:b6:27:96:69:ee:c0:
         cd:6c:4f:d0:ac:87:c9:40:3a:ff:16:f6:3d:11:87:2c:58:bc:
         72:24:24:7a:81:63:77:81:f2:47:f5:7d:f3:cd:24:ab:5e:46:
         96:5f:ab:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIFwVEVWRCoVobTZE3jHCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMTAxMTM0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmQ5YzgzYjE4YzMxOTRiYjE1YWIzZDhlNWNhOTA5ZGM1MmM5Y2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+tbr18aMIJncQ3uov+uHFIi/WF3
KaVNDmrqIQg9GFksU/PNp9MjxngN3f0ym1cqePwDOaSaqPxdvIHtCinIa3lDdGzg
VJZrLqrh1zAnCQVDfGz56y2hZQw4mk3AmCjX0EmTcY0dWglEyeYgvBo0+VrQUYE+
jbswMY1pc+nSWMPklT1YOjOAx6iNIHvKjrIbInGu9ArEQUfFhH4mv4Ad3ej0QX2x
FWwC+L3GJspGRXbwu/FPdEO38u+NKOc9H1VoanUjl/u04yDMQ6fgHdEyqm7heZNB
X3sf3Vxl1snUpa0Njm9aLrKXSwaSGcblJyGUu7Zkge3MCyY3DzZqWHGgQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBbZyDsYwxlLsVqz2OXKkJ3FLJzcMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvRnRuSU94akRHVXV4V3JQWTVjcVFuY1Vzbk53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgVBMA0G
CSqGSIb3DQEBCwUAA4IBAQB4NOahWwNAuaiRn53jngnQKzPVUKRhsKLr87S73Te6
39N9SbM+khfvCe1N62gnH5X0TaQrQwbf/7thsicshZddYYVK1KgpqbvQd3TPNOEm
F4FbhqP1Xy/uQSA1RJWn4USsqEGYKcdcaUsT8O4PxbBYOUrf+NNbjtcX5lM9Yc09
rFM1GwJ+pTgSPJEHKoZMXuB3F9D6ACvNJp+ZnsYkSb6ZoIP6XuI6ddaeUkviG3rz
Rvj9BNU6yWXFOu++t2omdIz45yqtyfjq2NLIRXTxwaGI1bW2J5Zp7sDNbE/QrIfJ
QDr/FvY9EYcsWLxyJCR6gWN3gfJH9X3zzSSrXkaWX6sx
-----END CERTIFICATE-----