Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/2369b8-8d82-4157-b65f-163cd8bbf431/1/FxBrUL7_KSfQrfruqQVZqRk7Rmk.roa
File:                     FxBrUL7_KSfQrfruqQVZqRk7Rmk.roa (raw, json)
Hash identifier:          59wCR4yUkK5BTHNqIvhVY4CfjGm6wMEpZNvkPe7ynN4=
Subject key identifier:   17:10:6B:50:BE:FF:29:27:D0:AD:FA:EE:A9:05:59:A9:19:3B:46:69
Certificate issuer:       /CN=5cd4e2fc2b41e856dba5ba62235ba641a0d81b48
Certificate serial:       019427B4099F9ADF819C095E70DC7077087F
Authority key identifier: 5C:D4:E2:FC:2B:41:E8:56:DB:A5:BA:62:23:5B:A6:41:A0:D8:1B:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XNTi_CtB6FbbpbpiI1umQaDYG0g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/2369b8-8d82-4157-b65f-163cd8bbf431/1/FxBrUL7_KSfQrfruqQVZqRk7Rmk.roa
Signing time:             Thu 02 Jan 2025 15:48:17 +0000
ROA not before:           Thu 02 Jan 2025 15:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29081
IP address blocks:        195.42.106.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/2369b8-8d82-4157-b65f-163cd8bbf431/1/XNTi_CtB6FbbpbpiI1umQaDYG0g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/2369b8-8d82-4157-b65f-163cd8bbf431/1/XNTi_CtB6FbbpbpiI1umQaDYG0g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XNTi_CtB6FbbpbpiI1umQaDYG0g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b4:09:9f:9a:df:81:9c:09:5e:70:dc:70:77:08:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5cd4e2fc2b41e856dba5ba62235ba641a0d81b48
        Validity
            Not Before: Jan  2 15:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=17106b50beff2927d0adfaeea90559a9193b4669
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:b5:a5:3b:42:3c:11:d6:fc:db:39:b8:0f:53:
                    2c:b9:96:fd:53:d7:74:40:7d:4d:97:5b:76:11:76:
                    ec:d1:86:5b:d3:46:28:7a:5f:7a:e3:c4:26:c5:bf:
                    95:ae:cb:a4:5e:d6:71:2d:66:64:81:89:e6:d5:02:
                    da:71:6d:b1:e1:e1:f7:48:9f:62:dc:c1:60:76:7c:
                    94:4b:07:5b:72:b9:8b:08:30:8a:94:d6:d9:57:8f:
                    42:32:86:02:fe:c5:9e:8d:c1:ec:79:01:03:5b:fb:
                    e4:8c:8f:05:05:53:a7:89:be:73:ee:fe:a2:7d:49:
                    41:32:3d:30:84:82:56:54:0c:22:10:07:18:55:26:
                    34:82:32:b2:53:5c:f4:bf:13:cf:d6:9e:be:74:0f:
                    0d:b8:02:8b:98:42:87:f4:d4:fe:5b:8e:cc:93:25:
                    57:4b:7b:80:8a:d4:2c:1c:bc:e2:02:31:05:c2:93:
                    ed:d0:5b:a3:14:b6:5b:f3:d7:bb:e8:2e:59:4f:d1:
                    7f:b7:29:0e:84:54:97:aa:78:c9:c9:db:e8:72:e5:
                    0f:87:40:7a:35:e0:28:0b:ae:f1:00:e4:fe:a1:2e:
                    ed:db:fe:09:5f:d3:a7:82:d7:6d:79:9a:8e:86:2a:
                    8b:08:12:5a:2d:9f:fa:c4:47:66:a1:96:7e:38:a6:
                    ea:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:10:6B:50:BE:FF:29:27:D0:AD:FA:EE:A9:05:59:A9:19:3B:46:69
            X509v3 Authority Key Identifier:
                keyid:5C:D4:E2:FC:2B:41:E8:56:DB:A5:BA:62:23:5B:A6:41:A0:D8:1B:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XNTi_CtB6FbbpbpiI1umQaDYG0g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/2369b8-8d82-4157-b65f-163cd8bbf431/1/FxBrUL7_KSfQrfruqQVZqRk7Rmk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/2369b8-8d82-4157-b65f-163cd8bbf431/1/XNTi_CtB6FbbpbpiI1umQaDYG0g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.42.106.0/23

    Signature Algorithm: sha256WithRSAEncryption
         23:3c:85:b2:e7:14:5a:63:86:36:26:73:2f:f3:d4:67:af:ac:
         6e:49:11:2c:34:13:84:b3:64:6f:53:2f:a3:5a:cb:84:d9:71:
         fb:fd:7c:0a:19:7b:a5:55:d8:9b:48:e2:ac:f4:3f:1b:3f:e1:
         15:b8:8e:85:a8:79:ac:1a:15:bf:dd:98:1c:41:1d:d4:45:36:
         58:f5:db:0b:71:de:de:9e:58:cc:28:f5:c7:f2:8b:89:a8:2b:
         dd:91:2a:82:05:dc:38:fb:7c:e7:b3:36:1e:8d:6d:c2:d8:bc:
         48:29:39:6e:99:b4:f3:d8:f5:c7:10:58:43:9b:7f:bd:74:9c:
         f2:ef:1c:34:02:7f:df:d1:29:26:80:2e:cc:74:a7:1c:fe:13:
         39:7f:f5:f9:1c:ca:06:54:74:b6:68:d4:ff:c4:91:60:1c:63:
         69:62:ae:db:4b:37:00:5b:f6:a8:af:60:4e:48:12:92:63:cd:
         29:a3:91:97:4d:b7:aa:cf:c1:9e:7a:2d:e5:c6:bc:5b:35:38:
         55:98:6c:bf:0b:42:ae:22:ee:06:ac:a5:10:6a:b8:5c:8b:47:
         5c:6c:fc:b6:dd:22:04:7b:b1:b6:57:0b:37:e0:12:1c:8f:6f:
         e8:fc:d8:c3:a0:80:3d:d1:29:28:2d:08:53:20:d5:41:49:8d:
         9e:18:6a:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntAmfmt+BnAlecNxwdwh/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjZDRlMmZjMmI0MWU4NTZkYmE1YmE2MjIzNWJhNjQxYTBk
ODFiNDgwHhcNMjUwMTAyMTU0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzEwNmI1MGJlZmYyOTI3ZDBhZGZhZWVhOTA1NTlhOTE5M2I0NjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAprWlO0I8Edb82zm4D1MsuZb9U9d0
QH1Nl1t2EXbs0YZb00Yoel9648Qmxb+VrsukXtZxLWZkgYnm1QLacW2x4eH3SJ9i
3MFgdnyUSwdbcrmLCDCKlNbZV49CMoYC/sWejcHseQEDW/vkjI8FBVOnib5z7v6i
fUlBMj0whIJWVAwiEAcYVSY0gjKyU1z0vxPP1p6+dA8NuAKLmEKH9NT+W47MkyVX
S3uAitQsHLziAjEFwpPt0FujFLZb89e76C5ZT9F/tykOhFSXqnjJydvocuUPh0B6
NeAoC67xAOT+oS7t2/4JX9OngtdteZqOhiqLCBJaLZ/6xEdmoZZ+OKbqYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBcQa1C+/ykn0K367qkFWakZO0ZpMB8GA1UdIwQY
MBaAFFzU4vwrQehW26W6YiNbpkGg2BtIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWE5UaV9DdEI2RmJicGJwaUkxdW1RYURZRzBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8yMzY5YjgtOGQ4Mi00MTU3LWI2NWYt
MTYzY2Q4YmJmNDMxLzEvRnhCclVMN19LU2ZRcmZydXFRVlpxUms3Um1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8yMzY5YjgtOGQ4Mi00MTU3LWI2NWYtMTYzY2Q4YmJmNDMx
LzEvWE5UaV9DdEI2RmJicGJwaUkxdW1RYURZRzBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwypqMA0G
CSqGSIb3DQEBCwUAA4IBAQAjPIWy5xRaY4Y2JnMv89Rnr6xuSREsNBOEs2RvUy+j
WsuE2XH7/XwKGXulVdibSOKs9D8bP+EVuI6FqHmsGhW/3ZgcQR3URTZY9dsLcd7e
nljMKPXH8ouJqCvdkSqCBdw4+3znszYejW3C2LxIKTlumbTz2PXHEFhDm3+9dJzy
7xw0An/f0SkmgC7MdKcc/hM5f/X5HMoGVHS2aNT/xJFgHGNpYq7bSzcAW/aor2BO
SBKSY80po5GXTbeqz8Geei3lxrxbNThVmGy/C0KuIu4GrKUQarhci0dcbPy23SIE
e7G2Vws34BIcj2/o/NjDoIA90SkoLQhTINVBSY2eGGr9
-----END CERTIFICATE-----