Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/92ea9f-b12e-4dd5-9bd3-b77dc8dc1c7e/1/FukUNQ-1MuiT_YZ8AK4IiNn3ZEM.roa
File:                     FukUNQ-1MuiT_YZ8AK4IiNn3ZEM.roa (raw, json)
Hash identifier:          Q+TDgTJT6+GCL8Icb4N9FEYd+k8ybFyashs6L8F6jRA=
Subject key identifier:   16:E9:14:35:0F:B5:32:E8:93:FD:86:7C:00:AE:08:88:D9:F7:64:43
Certificate issuer:       /CN=3eb903284a1d15dc158ad7182ea0bce786ceb2ad
Certificate serial:       019420682D35BBF687B2F0E1A84C8A574057
Authority key identifier: 3E:B9:03:28:4A:1D:15:DC:15:8A:D7:18:2E:A0:BC:E7:86:CE:B2:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PrkDKEodFdwVitcYLqC854bOsq0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/92ea9f-b12e-4dd5-9bd3-b77dc8dc1c7e/1/FukUNQ-1MuiT_YZ8AK4IiNn3ZEM.roa
Signing time:             Wed 01 Jan 2025 05:48:05 +0000
ROA not before:           Wed 01 Jan 2025 05:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201209
IP address blocks:        185.61.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/92ea9f-b12e-4dd5-9bd3-b77dc8dc1c7e/1/PrkDKEodFdwVitcYLqC854bOsq0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/92ea9f-b12e-4dd5-9bd3-b77dc8dc1c7e/1/PrkDKEodFdwVitcYLqC854bOsq0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PrkDKEodFdwVitcYLqC854bOsq0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:2d:35:bb:f6:87:b2:f0:e1:a8:4c:8a:57:40:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3eb903284a1d15dc158ad7182ea0bce786ceb2ad
        Validity
            Not Before: Jan  1 05:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=16e914350fb532e893fd867c00ae0888d9f76443
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:e2:10:f5:fb:69:fa:87:10:42:57:28:58:da:
                    45:73:7c:99:00:b3:95:21:44:81:0d:fa:07:f3:39:
                    2b:7f:4f:66:90:4f:35:2c:2c:52:c8:4a:0e:84:cf:
                    16:a6:a4:49:16:88:1f:57:80:5a:61:9d:1c:d7:6d:
                    59:be:55:a1:fc:1e:92:ef:20:06:69:ba:0d:f8:21:
                    35:b8:5d:0a:cc:07:f1:76:84:75:c8:d4:5c:74:d4:
                    19:e6:f7:60:2d:63:a1:43:3b:43:2b:61:a8:f0:0b:
                    86:6d:ef:00:9f:9f:4b:62:a7:b7:99:86:b8:a1:ba:
                    86:de:a7:d0:37:a6:df:e8:d3:29:9a:d9:b8:88:f9:
                    28:20:8d:3e:5c:f0:23:c3:49:e8:d7:e2:ce:76:72:
                    57:17:31:59:d3:f1:29:66:7a:6f:24:48:f9:37:ce:
                    e6:00:33:2a:9b:db:bd:8f:72:21:32:98:d5:ec:a9:
                    58:de:b6:cf:37:4f:20:fe:1c:68:3a:07:6f:0b:21:
                    00:c4:d7:e7:00:0c:b2:e5:1c:91:ab:7e:c3:be:43:
                    1c:af:e1:1e:d7:0a:e9:f3:c9:e2:51:89:18:9e:80:
                    1b:da:10:71:71:7d:2c:aa:dc:df:53:a4:25:08:a2:
                    06:bb:84:74:eb:61:19:e9:9e:f2:47:98:25:db:9e:
                    0c:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:E9:14:35:0F:B5:32:E8:93:FD:86:7C:00:AE:08:88:D9:F7:64:43
            X509v3 Authority Key Identifier:
                keyid:3E:B9:03:28:4A:1D:15:DC:15:8A:D7:18:2E:A0:BC:E7:86:CE:B2:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PrkDKEodFdwVitcYLqC854bOsq0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/92ea9f-b12e-4dd5-9bd3-b77dc8dc1c7e/1/FukUNQ-1MuiT_YZ8AK4IiNn3ZEM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/92ea9f-b12e-4dd5-9bd3-b77dc8dc1c7e/1/PrkDKEodFdwVitcYLqC854bOsq0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.61.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:2b:30:63:cf:20:96:61:c5:e3:c4:9d:0f:53:c2:05:cb:5d:
         39:ab:60:a5:42:03:7b:c7:16:de:ba:3f:87:85:2a:1e:f4:56:
         9b:06:44:73:2a:ca:16:83:d6:c4:06:fb:d3:54:57:4b:12:14:
         ff:17:fc:5a:bc:ff:de:4d:56:b4:0c:3e:52:7e:6e:b7:b7:b1:
         df:ac:14:90:a0:07:8f:ed:58:52:9c:ef:ed:d3:fb:87:62:be:
         b2:ae:74:b4:48:38:ea:be:43:69:c8:39:d6:9a:db:b4:16:81:
         e9:2f:ed:9b:d2:8c:8c:ea:37:dc:4b:4f:54:29:54:28:7a:68:
         58:cd:2d:76:2f:27:1b:07:91:5c:9a:b0:b8:0b:f2:f2:e3:25:
         13:35:79:e7:6f:d6:73:58:58:1e:63:f4:4b:db:ff:eb:d2:80:
         83:e9:1d:76:3b:76:bd:8b:c6:d3:5b:64:b0:d7:8d:a5:6c:a9:
         93:7a:90:e4:cc:ac:da:7c:78:f2:aa:7e:d7:e4:e4:dd:58:28:
         5c:e5:b8:d9:f4:26:9e:13:ee:2e:a7:33:9e:83:4e:4f:92:6b:
         b5:2a:be:48:f3:cc:2e:4f:32:1c:e3:41:8e:c2:2f:5e:d0:60:
         2d:66:bc:20:63:70:7e:cd:b4:0f:8a:d8:34:65:a8:e1:c3:92:
         d3:aa:dc:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaC01u/aHsvDhqEyKV0BXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYjkwMzI4NGExZDE1ZGMxNThhZDcxODJlYTBiY2U3ODZj
ZWIyYWQwHhcNMjUwMTAxMDU0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmU5MTQzNTBmYjUzMmU4OTNmZDg2N2MwMGFlMDg4OGQ5Zjc2NDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOIQ9ftp+ocQQlcoWNpFc3yZALOV
IUSBDfoH8zkrf09mkE81LCxSyEoOhM8WpqRJFogfV4BaYZ0c121ZvlWh/B6S7yAG
aboN+CE1uF0KzAfxdoR1yNRcdNQZ5vdgLWOhQztDK2Go8AuGbe8An59LYqe3mYa4
obqG3qfQN6bf6NMpmtm4iPkoII0+XPAjw0no1+LOdnJXFzFZ0/EpZnpvJEj5N87m
ADMqm9u9j3IhMpjV7KlY3rbPN08g/hxoOgdvCyEAxNfnAAyy5RyRq37DvkMcr+Ee
1wrp88niUYkYnoAb2hBxcX0sqtzfU6QlCKIGu4R062EZ6Z7yR5gl254MOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBbpFDUPtTLok/2GfACuCIjZ92RDMB8GA1UdIwQY
MBaAFD65AyhKHRXcFYrXGC6gvOeGzrKtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHJrREtFb2RGZHdWaXRjWUxxQzg1NGJPc3EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi85MmVhOWYtYjEyZS00ZGQ1LTliZDMt
Yjc3ZGM4ZGMxYzdlLzEvRnVrVU5RLTFNdWlUX1laOEFLNElpTm4zWkVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi85MmVhOWYtYjEyZS00ZGQ1LTliZDMtYjc3ZGM4ZGMxYzdl
LzEvUHJrREtFb2RGZHdWaXRjWUxxQzg1NGJPc3EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuT0GMA0G
CSqGSIb3DQEBCwUAA4IBAQA7KzBjzyCWYcXjxJ0PU8IFy105q2ClQgN7xxbeuj+H
hSoe9FabBkRzKsoWg9bEBvvTVFdLEhT/F/xavP/eTVa0DD5Sfm63t7HfrBSQoAeP
7VhSnO/t0/uHYr6yrnS0SDjqvkNpyDnWmtu0FoHpL+2b0oyM6jfcS09UKVQoemhY
zS12LycbB5FcmrC4C/Ly4yUTNXnnb9ZzWFgeY/RL2//r0oCD6R12O3a9i8bTW2Sw
142lbKmTepDkzKzafHjyqn7X5OTdWChc5bjZ9CaeE+4upzOeg05Pkmu1Kr5I88wu
TzIc40GOwi9e0GAtZrwgY3B+zbQPitg0Zajhw5LTqtz9
-----END CERTIFICATE-----