Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/16e022-4da8-4684-85e6-f4f1f93e0467/1/FeklVC0qNHXfj0J3Hp8Z9ArWnx4.roa
File:                     FeklVC0qNHXfj0J3Hp8Z9ArWnx4.roa (raw, json)
Hash identifier:          zhU/XsLgugYmejL0TFrTVwxSx58qhIKNoUYntYLxICw=
Subject key identifier:   15:E9:25:54:2D:2A:34:75:DF:8F:42:77:1E:9F:19:F4:0A:D6:9F:1E
Certificate issuer:       /CN=543c5c34a62ffbed8fc0f0ec01b42c0c50ee7ef7
Certificate serial:       019421B21DEFD87049EB801D3DADE3393371
Authority key identifier: 54:3C:5C:34:A6:2F:FB:ED:8F:C0:F0:EC:01:B4:2C:0C:50:EE:7E:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VDxcNKYv--2PwPDsAbQsDFDufvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/16e022-4da8-4684-85e6-f4f1f93e0467/1/FeklVC0qNHXfj0J3Hp8Z9ArWnx4.roa
Signing time:             Wed 01 Jan 2025 11:48:28 +0000
ROA not before:           Wed 01 Jan 2025 11:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197695
IP address blocks:        91.204.72.0/24 maxlen: 24
                          91.204.73.0/24 maxlen: 24
                          91.204.74.0/24 maxlen: 24
                          91.204.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/16e022-4da8-4684-85e6-f4f1f93e0467/1/VDxcNKYv--2PwPDsAbQsDFDufvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/16e022-4da8-4684-85e6-f4f1f93e0467/1/VDxcNKYv--2PwPDsAbQsDFDufvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VDxcNKYv--2PwPDsAbQsDFDufvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:1d:ef:d8:70:49:eb:80:1d:3d:ad:e3:39:33:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=543c5c34a62ffbed8fc0f0ec01b42c0c50ee7ef7
        Validity
            Not Before: Jan  1 11:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=15e925542d2a3475df8f42771e9f19f40ad69f1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:fc:32:39:16:f5:fb:39:d6:e9:64:5a:42:11:
                    6b:e8:da:13:99:b5:47:87:92:17:90:d8:c7:6a:50:
                    2d:cf:a8:72:bc:eb:1c:a4:c6:63:47:f2:b7:2b:b6:
                    bb:55:c6:e0:8e:3a:b2:eb:6b:8d:29:81:ae:83:79:
                    8d:fa:7e:46:ff:6d:88:b2:70:40:19:fa:3e:60:47:
                    24:4d:eb:ed:f3:01:7f:df:24:f7:1f:f1:6f:67:73:
                    26:ae:7b:54:45:a2:2d:35:85:a7:5f:19:ef:97:d0:
                    ab:43:a3:c5:18:54:80:59:91:7f:6f:b3:be:b4:3f:
                    9d:45:61:5f:46:3e:77:1d:f7:4d:9d:24:c1:77:ec:
                    f5:f6:15:ad:a3:71:2e:cf:b7:a5:90:97:7b:8e:0f:
                    b9:69:09:a3:f0:3d:aa:36:3f:88:c8:96:4f:97:cc:
                    f5:de:3a:e8:5d:6c:9c:d0:58:eb:41:7f:c9:e6:3e:
                    45:b5:3a:0b:71:f9:e1:b1:7b:96:24:90:4b:b9:81:
                    38:28:56:d2:61:c2:09:c1:80:90:8b:a5:9a:5f:a6:
                    cf:2f:68:8f:c2:4f:ff:44:95:dd:db:83:93:d2:37:
                    ce:10:3f:36:f9:ee:a9:f0:c8:16:d6:68:cd:1e:fa:
                    7c:c3:e8:fd:27:a3:7f:ce:4f:08:4a:79:f3:e2:cc:
                    5d:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:E9:25:54:2D:2A:34:75:DF:8F:42:77:1E:9F:19:F4:0A:D6:9F:1E
            X509v3 Authority Key Identifier:
                keyid:54:3C:5C:34:A6:2F:FB:ED:8F:C0:F0:EC:01:B4:2C:0C:50:EE:7E:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VDxcNKYv--2PwPDsAbQsDFDufvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/16e022-4da8-4684-85e6-f4f1f93e0467/1/FeklVC0qNHXfj0J3Hp8Z9ArWnx4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/16e022-4da8-4684-85e6-f4f1f93e0467/1/VDxcNKYv--2PwPDsAbQsDFDufvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.204.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         45:19:ac:7d:cf:ad:92:78:df:49:b8:ba:88:54:08:58:bb:df:
         b7:0f:3c:3e:0e:14:20:f0:a1:19:b5:ed:aa:14:a9:22:da:76:
         27:40:e4:28:36:16:d8:92:bd:19:7a:ea:56:78:04:6d:b3:a0:
         f1:c8:7a:38:f8:8d:91:ec:9b:31:90:38:5a:b4:7c:91:3c:a0:
         ed:b7:8f:16:e4:fd:0e:e4:b9:7d:f1:16:f1:43:c4:a2:7f:44:
         90:bb:c0:53:fe:df:8f:92:57:3c:bf:aa:24:c5:67:31:54:7f:
         ee:a4:07:7c:48:54:5e:20:ef:22:78:08:ed:e9:fc:07:d7:3e:
         a8:54:49:81:75:9c:a2:7b:08:dd:70:92:70:ca:4e:5b:e2:cf:
         b8:8d:74:40:1f:06:ab:8c:cb:18:b0:a8:12:8f:ea:51:22:be:
         e4:ca:ce:0a:2c:7d:f9:70:25:c0:a0:62:8f:c9:96:60:8a:d2:
         f7:31:0a:99:42:37:ff:ad:15:41:35:47:a1:0c:b9:ee:30:35:
         2c:91:17:8b:98:de:dd:d0:38:c1:6c:2f:5a:96:ee:cd:94:64:
         6d:fe:7b:52:f4:95:ae:57:fc:e5:57:d5:39:3b:c2:f1:e7:7c:
         db:04:f4:97:5e:4d:bb:4e:e5:be:3f:97:1c:84:c1:53:6a:22:
         95:48:24:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsh3v2HBJ64AdPa3jOTNxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0M2M1YzM0YTYyZmZiZWQ4ZmMwZjBlYzAxYjQyYzBjNTBl
ZTdlZjcwHhcNMjUwMTAxMTE0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWU5MjU1NDJkMmEzNDc1ZGY4ZjQyNzcxZTlmMTlmNDBhZDY5ZjFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/wyORb1+znW6WRaQhFr6NoTmbVH
h5IXkNjHalAtz6hyvOscpMZjR/K3K7a7Vcbgjjqy62uNKYGug3mN+n5G/22IsnBA
Gfo+YEckTevt8wF/3yT3H/FvZ3MmrntURaItNYWnXxnvl9CrQ6PFGFSAWZF/b7O+
tD+dRWFfRj53HfdNnSTBd+z19hWto3Euz7elkJd7jg+5aQmj8D2qNj+IyJZPl8z1
3jroXWyc0FjrQX/J5j5FtToLcfnhsXuWJJBLuYE4KFbSYcIJwYCQi6WaX6bPL2iP
wk//RJXd24OT0jfOED82+e6p8MgW1mjNHvp8w+j9J6N/zk8ISnnz4sxd0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBXpJVQtKjR1349Cdx6fGfQK1p8eMB8GA1UdIwQY
MBaAFFQ8XDSmL/vtj8Dw7AG0LAxQ7n73MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkR4Y05LWXYtLTJQd1BEc0FiUXNERkR1ZnZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS8xNmUwMjItNGRhOC00Njg0LTg1ZTYt
ZjRmMWY5M2UwNDY3LzEvRmVrbFZDMHFOSFhmajBKM0hwOFo5QXJXbng0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS8xNmUwMjItNGRhOC00Njg0LTg1ZTYtZjRmMWY5M2UwNDY3
LzEvVkR4Y05LWXYtLTJQd1BEc0FiUXNERkR1ZnZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW8xIMA0G
CSqGSIb3DQEBCwUAA4IBAQBFGax9z62SeN9JuLqIVAhYu9+3Dzw+DhQg8KEZte2q
FKki2nYnQOQoNhbYkr0ZeupWeARts6DxyHo4+I2R7JsxkDhatHyRPKDtt48W5P0O
5Ll98RbxQ8Sif0SQu8BT/t+Pklc8v6okxWcxVH/upAd8SFReIO8ieAjt6fwH1z6o
VEmBdZyiewjdcJJwyk5b4s+4jXRAHwarjMsYsKgSj+pRIr7kys4KLH35cCXAoGKP
yZZgitL3MQqZQjf/rRVBNUehDLnuMDUskReLmN7d0DjBbC9alu7NlGRt/ntS9JWu
V/zlV9U5O8Lx53zbBPSXXk27TuW+P5cchMFTaiKVSCSw
-----END CERTIFICATE-----