Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/FcWaMRl7T8w9syI_2zNcu9ZnlDo.roa
File:                     FcWaMRl7T8w9syI_2zNcu9ZnlDo.roa (raw, json)
Hash identifier:          2TygQ/qXptWWLCHZj2ejtPF4UB1EmdJeqcsePlqen4U=
Subject key identifier:   15:C5:9A:31:19:7B:4F:CC:3D:B3:22:3F:DB:33:5C:BB:D6:67:94:3A
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       019720003A832044CAD5C87805A57F76BF5C
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/FcWaMRl7T8w9syI_2zNcu9ZnlDo.roa
Signing time:             Fri 30 May 2025 07:02:55 +0000
ROA not before:           Fri 30 May 2025 07:02:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207804
IP address blocks:        192.121.26.0/24 maxlen: 24
                          2a01:280:3c8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 04:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:20:00:3a:83:20:44:ca:d5:c8:78:05:a5:7f:76:bf:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: May 30 07:02:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=15c59a31197b4fcc3db3223fdb335cbbd667943a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:14:63:34:f1:87:62:cf:28:e1:a7:85:5a:41:
                    a4:f2:e9:17:6a:cb:51:ce:99:fb:2b:b6:46:6a:07:
                    ef:5c:8a:4c:df:03:1b:5b:94:20:3f:20:b3:72:59:
                    0c:97:5e:05:66:ea:9b:fd:90:b5:11:61:14:91:45:
                    12:6b:59:d1:a9:7c:f5:f4:66:64:d0:b5:d5:54:35:
                    65:3e:f3:cf:4e:9b:3d:e3:95:3e:2a:b1:95:bb:9c:
                    72:27:bb:fb:56:48:a8:8c:05:c7:76:02:5b:85:e4:
                    b3:49:68:21:7b:1b:78:21:db:b0:3b:72:31:1f:57:
                    f5:38:0d:e8:38:f1:ad:01:6d:af:75:8a:a6:96:cb:
                    a8:c1:18:aa:94:b9:86:8f:da:bc:a3:55:04:88:9d:
                    c6:cb:5c:b8:be:79:95:b2:2d:e1:cf:41:6c:ee:fd:
                    3e:1a:f8:63:6b:b0:73:f0:a4:30:77:c8:78:9f:03:
                    65:be:cf:82:41:23:8d:cb:d5:46:f4:71:02:7c:b7:
                    e4:02:c9:64:20:86:b1:ba:0d:2f:08:48:f1:78:b9:
                    77:f9:33:b1:91:a3:97:79:26:e6:66:cd:b7:73:64:
                    5b:1f:a4:1b:28:31:c0:4b:51:9c:ca:cd:64:91:a4:
                    c9:50:c5:25:ea:80:36:99:f0:31:39:07:1f:12:0d:
                    d2:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:C5:9A:31:19:7B:4F:CC:3D:B3:22:3F:DB:33:5C:BB:D6:67:94:3A
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/FcWaMRl7T8w9syI_2zNcu9ZnlDo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.121.26.0/24
                IPv6:
                  2a01:280:3c8::/48

    Signature Algorithm: sha256WithRSAEncryption
         05:f1:39:35:99:5d:0d:2d:bd:11:c2:58:09:e9:41:f6:df:7f:
         68:1d:11:65:f1:ad:bb:72:30:e9:a6:3c:74:30:2b:99:a1:cd:
         83:67:fb:59:1d:34:53:70:77:97:4a:3a:8b:7f:14:59:b6:8a:
         ed:34:e5:ca:76:cb:20:69:df:4d:1b:4b:3a:71:cc:73:62:af:
         b3:41:81:9a:e0:9e:07:4e:50:8c:e2:41:08:b6:9e:42:8e:31:
         3c:1c:36:83:30:4a:5d:88:d7:87:57:1a:cc:48:ff:9f:28:7e:
         25:55:f9:ef:55:b4:25:a6:89:b0:41:85:1e:8b:26:ab:3c:ea:
         e6:a8:80:94:8a:27:cc:ae:5e:75:1f:fe:18:fb:97:e7:93:c3:
         6b:b6:aa:a4:8e:fd:2d:2c:34:27:42:53:82:a1:08:47:29:cf:
         41:36:1a:0b:29:14:55:76:c3:a0:df:e0:2d:ba:75:22:d4:15:
         85:17:43:91:06:4c:19:d0:0a:1b:b6:a0:08:fa:d5:a8:42:ec:
         cf:e9:8e:01:d7:28:4f:a6:82:6d:ca:18:0a:dd:09:e3:fe:61:
         a4:17:b8:89:fb:d6:ed:c7:9d:78:dc:7b:75:27:8e:f2:6f:f5:
         a7:76:88:65:c0:a0:2e:ad:7b:b0:55:aa:5e:10:6a:91:61:d3:
         17:ba:d6:1a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZcgADqDIETK1ch4BaV/dr9cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUwNTMwMDcwMjU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWM1OWEzMTE5N2I0ZmNjM2RiMzIyM2ZkYjMzNWNiYmQ2Njc5NDNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphRjNPGHYs8o4aeFWkGk8ukXastR
zpn7K7ZGagfvXIpM3wMbW5QgPyCzclkMl14FZuqb/ZC1EWEUkUUSa1nRqXz19GZk
0LXVVDVlPvPPTps945U+KrGVu5xyJ7v7VkiojAXHdgJbheSzSWghext4IduwO3Ix
H1f1OA3oOPGtAW2vdYqmlsuowRiqlLmGj9q8o1UEiJ3Gy1y4vnmVsi3hz0Fs7v0+
Gvhja7Bz8KQwd8h4nwNlvs+CQSONy9VG9HECfLfkAslkIIaxug0vCEjxeLl3+TOx
kaOXeSbmZs23c2RbH6QbKDHAS1Gcys1kkaTJUMUl6oA2mfAxOQcfEg3SWQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBXFmjEZe0/MPbMiP9szXLvWZ5Q6MB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvRmNXYU1SbDdUOHc5c3lJXzJ6TmN1OVpubERvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwHkaMA8E
AgACMAkDBwAqAQKAA8gwDQYJKoZIhvcNAQELBQADggEBAAXxOTWZXQ0tvRHCWAnp
Qfbff2gdEWXxrbtyMOmmPHQwK5mhzYNn+1kdNFNwd5dKOot/FFm2iu005cp2yyBp
300bSzpxzHNir7NBgZrgngdOUIziQQi2nkKOMTwcNoMwSl2I14dXGsxI/58ofiVV
+e9VtCWmibBBhR6LJqs86uaogJSKJ8yuXnUf/hj7l+eTw2u2qqSO/S0sNCdCU4Kh
CEcpz0E2GgspFFV2w6Df4C26dSLUFYUXQ5EGTBnQChu2oAj61ahC7M/pjgHXKE+m
gm3KGArdCeP+YaQXuIn71u3HnXjce3UnjvJv9ad2iGXAoC6te7BVql4QapFh0xe6
1ho=
-----END CERTIFICATE-----