Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/FCfaGXhqmqdSlhOKGCgcKXSv8bk.roa
File:                     FCfaGXhqmqdSlhOKGCgcKXSv8bk.roa (raw, json)
Hash identifier:          csO5m4EWKbYu19HdJgGhtZXt4/VQIoZHc1jaE2hIcrA=
Subject key identifier:   14:27:DA:19:78:6A:9A:A7:52:96:13:8A:18:28:1C:29:74:AF:F1:B9
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       0194258FA96BCC206CD1A87977FFDE8E526C
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/FCfaGXhqmqdSlhOKGCgcKXSv8bk.roa
Signing time:             Thu 02 Jan 2025 05:49:19 +0000
ROA not before:           Thu 02 Jan 2025 05:49:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215360
IP address blocks:        90.156.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 13:02:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:a9:6b:cc:20:6c:d1:a8:79:77:ff:de:8e:52:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 05:49:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1427da19786a9aa75296138a18281c2974aff1b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:af:64:b6:32:7d:eb:0b:e6:ac:34:ee:52:4d:
                    6f:e4:2b:c2:dd:f6:11:5b:80:fa:ff:be:71:88:b2:
                    de:70:b5:52:25:91:8d:09:a2:13:fe:65:aa:cb:b7:
                    63:8e:93:b7:28:86:f6:af:3b:24:a8:9f:3b:7e:73:
                    dc:6d:43:fb:36:5a:12:3b:7c:02:93:e8:8a:99:59:
                    c0:5a:0b:c7:78:eb:de:30:81:9d:a0:75:16:b8:92:
                    b9:90:9a:34:96:d9:d5:d7:2c:15:e8:c2:b0:c6:d4:
                    8a:7a:dd:31:1d:c7:9d:35:c0:4f:db:4e:04:e7:65:
                    cb:99:56:08:a1:c4:53:7b:18:99:f1:06:21:5a:62:
                    f2:7b:48:8b:e4:b7:c2:16:35:16:0a:33:e6:00:70:
                    e5:42:a8:7d:78:96:fa:01:c9:21:f5:e2:fb:31:82:
                    5a:e8:45:67:51:51:15:f2:a3:4f:03:13:b7:39:73:
                    e3:49:6d:b0:ba:74:98:d8:37:1d:c2:29:6c:bb:9f:
                    80:cc:8b:f3:f5:95:a8:38:69:c2:9f:01:78:8d:f8:
                    3a:7c:ce:57:3c:f8:40:b5:ab:c4:c5:6c:d2:4f:85:
                    e0:9a:d7:e2:64:71:75:2f:99:28:ee:0b:c8:13:49:
                    91:53:62:ac:89:71:1d:f4:12:68:cc:10:2a:c7:7c:
                    c2:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:27:DA:19:78:6A:9A:A7:52:96:13:8A:18:28:1C:29:74:AF:F1:B9
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/FCfaGXhqmqdSlhOKGCgcKXSv8bk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  90.156.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:d6:06:fb:4c:ab:32:48:8c:94:c9:28:8a:11:73:4f:27:16:
         9c:4d:fc:d9:64:5c:f2:34:0f:19:49:68:93:98:0b:32:93:d9:
         da:f7:e9:d5:c3:e3:3f:89:87:fa:84:c7:1f:f3:88:ca:9a:05:
         71:82:6f:9b:85:19:ad:2e:8a:90:b5:43:d3:d6:74:8d:f7:ff:
         f7:f0:98:c5:12:a1:41:8f:d0:6d:7b:33:58:a6:1f:cd:a4:c1:
         a9:2a:9d:af:7e:fe:b8:78:df:cd:4a:2d:bc:ea:c8:2e:c2:cc:
         39:77:4a:b7:b0:a8:ef:88:ae:23:31:1f:48:68:f9:66:8b:d5:
         32:9e:e7:f1:2e:d2:2b:ab:b4:65:65:e5:e7:ef:52:6d:c5:ba:
         10:50:e1:ea:cf:53:7f:db:d7:6f:75:f9:70:79:9a:5a:a7:78:
         92:a0:d7:3b:73:c9:87:41:b5:5b:aa:d0:6f:7e:4f:28:ae:cf:
         a1:c2:b1:bc:ba:a4:7d:53:9d:f5:24:1c:17:54:c0:5e:af:86:
         f7:05:a7:9b:93:2a:a7:75:5b:ca:1c:00:33:44:bd:ec:ae:8c:
         a8:f4:15:f0:cd:4f:63:66:3f:5d:fd:e9:29:a2:60:6c:26:9f:
         af:48:08:21:1c:aa:0b:5d:d8:d7:e4:a5:cb:05:f9:56:32:dc:
         b6:93:bb:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj6lrzCBs0ah5d//ejlJsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjUwMTAyMDU0OTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDI3ZGExOTc4NmE5YWE3NTI5NjEzOGExODI4MWMyOTc0YWZmMWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsq9ktjJ96wvmrDTuUk1v5CvC3fYR
W4D6/75xiLLecLVSJZGNCaIT/mWqy7djjpO3KIb2rzskqJ87fnPcbUP7NloSO3wC
k+iKmVnAWgvHeOveMIGdoHUWuJK5kJo0ltnV1ywV6MKwxtSKet0xHcedNcBP204E
52XLmVYIocRTexiZ8QYhWmLye0iL5LfCFjUWCjPmAHDlQqh9eJb6Ackh9eL7MYJa
6EVnUVEV8qNPAxO3OXPjSW2wunSY2Dcdwilsu5+AzIvz9ZWoOGnCnwF4jfg6fM5X
PPhAtavExWzST4XgmtfiZHF1L5ko7gvIE0mRU2KsiXEd9BJozBAqx3zCdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBQn2hl4apqnUpYTihgoHCl0r/G5MB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvRkNmYUdYaHFtcWRTbGhPS0dDZ2NLWFN2OGJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWpyTMA0G
CSqGSIb3DQEBCwUAA4IBAQAO1gb7TKsySIyUySiKEXNPJxacTfzZZFzyNA8ZSWiT
mAsyk9na9+nVw+M/iYf6hMcf84jKmgVxgm+bhRmtLoqQtUPT1nSN9//38JjFEqFB
j9BtezNYph/NpMGpKp2vfv64eN/NSi286sguwsw5d0q3sKjviK4jMR9IaPlmi9Uy
nufxLtIrq7RlZeXn71JtxboQUOHqz1N/29dvdflweZpap3iSoNc7c8mHQbVbqtBv
fk8ors+hwrG8uqR9U531JBwXVMBer4b3BaebkyqndVvKHAAzRL3sroyo9BXwzU9j
Zj9d/ekpomBsJp+vSAghHKoLXdjX5KXLBflWMty2k7um
-----END CERTIFICATE-----