Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/FjCA5Ak9pc8iYQAo2kd8vxWMg2c.roa
File:                     FjCA5Ak9pc8iYQAo2kd8vxWMg2c.roa (raw, json)
Hash identifier:          LWHCt8fi0ffLNOHRJ69hCW6DNWkN+nY4S8kMpRaQ7ss=
Subject key identifier:   16:30:80:E4:09:3D:A5:CF:22:61:00:28:DA:47:7C:BF:15:8C:83:67
Certificate issuer:       /CN=99ce569a14c2db3772f23187ce68e6541ec0048e
Certificate serial:       01958E11DBD0A998377048F78C0F6509187B
Authority key identifier: 99:CE:56:9A:14:C2:DB:37:72:F2:31:87:CE:68:E6:54:1E:C0:04:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/FjCA5Ak9pc8iYQAo2kd8vxWMg2c.roa
Signing time:             Thu 13 Mar 2025 05:54:49 +0000
ROA not before:           Thu 13 Mar 2025 05:54:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210539
IP address blocks:        185.162.90.0/24 maxlen: 24
                          185.170.128.0/24 maxlen: 24
                          185.170.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 17:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:8e:11:db:d0:a9:98:37:70:48:f7:8c:0f:65:09:18:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99ce569a14c2db3772f23187ce68e6541ec0048e
        Validity
            Not Before: Mar 13 05:54:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=163080e4093da5cf22610028da477cbf158c8367
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:12:af:1f:d8:52:7e:b8:e5:4b:87:3b:0d:0c:
                    41:7a:ea:01:d0:4d:33:6c:6c:31:6e:ae:61:1b:6e:
                    4e:7c:ab:c1:24:15:bc:e3:c2:fe:c1:64:1c:47:49:
                    91:3d:fa:23:3c:a0:f7:19:91:6c:88:dc:ec:76:be:
                    48:37:3b:c4:b8:75:2b:18:55:de:b3:dd:cf:ac:36:
                    04:02:bb:bc:67:13:bd:95:d0:27:73:60:03:72:fa:
                    20:f2:cb:b0:3c:e7:3d:16:67:f6:0e:d5:5f:2f:c6:
                    54:84:49:8e:c1:b9:bd:c4:3f:ce:d3:fb:2c:6d:de:
                    d4:a2:e2:bd:c2:c7:fc:f9:c7:f8:99:5a:77:c0:a3:
                    9e:b3:43:78:46:db:d6:cb:e0:4e:37:b2:81:4b:ff:
                    8f:d9:40:c4:f2:bc:aa:41:10:f4:57:50:02:c4:47:
                    e0:ef:da:58:c6:ad:18:eb:2d:e3:b3:42:8b:b0:07:
                    08:f4:f7:cf:54:7b:a7:e7:86:7f:09:1b:a8:74:5e:
                    65:e6:88:d9:c0:9a:de:36:41:f3:4f:4c:30:5a:a4:
                    3b:67:c4:d4:82:c9:64:bb:fe:3f:61:dd:26:7d:34:
                    28:63:e6:f3:e0:c6:6b:4d:74:1c:14:22:b8:34:78:
                    b9:23:ed:c5:53:ff:77:e5:59:9e:bb:a4:cb:b0:7d:
                    2b:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:30:80:E4:09:3D:A5:CF:22:61:00:28:DA:47:7C:BF:15:8C:83:67
            X509v3 Authority Key Identifier:
                keyid:99:CE:56:9A:14:C2:DB:37:72:F2:31:87:CE:68:E6:54:1E:C0:04:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/FjCA5Ak9pc8iYQAo2kd8vxWMg2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.162.90.0/24
                  185.170.128.0/24
                  185.170.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:53:3f:c0:e8:f6:68:26:91:f7:ce:22:af:73:35:5b:26:54:
         49:f9:93:1a:50:95:c4:41:93:f1:d4:d7:67:c8:23:4c:2e:e1:
         ca:df:d2:2c:6c:21:2e:aa:99:6b:ba:69:07:f7:4b:48:bb:29:
         44:18:8d:1b:96:9d:34:90:97:d4:12:a0:bc:3c:eb:15:78:dd:
         72:9f:c0:80:ff:a6:36:90:7f:51:54:9b:2e:ad:a4:9b:3a:90:
         d6:6c:0a:6a:2c:e0:1f:b0:ad:8f:68:7b:60:30:41:6d:f1:4f:
         72:26:d9:75:a3:79:94:78:84:95:52:e1:f8:c1:d5:67:90:bf:
         a0:a2:be:ee:96:f2:31:ee:6c:97:fa:f7:9a:bf:e5:b0:30:7a:
         c9:86:ba:6b:ed:c8:cf:2d:71:79:e8:a3:f7:ee:b6:bf:ae:0d:
         c4:00:e7:56:df:cc:de:8e:55:92:21:c6:28:82:93:fc:07:97:
         1f:05:e0:e6:45:1c:43:b2:30:a6:26:fc:53:28:43:54:fb:d0:
         df:8d:fe:99:fc:19:d0:40:48:8f:2e:f4:8e:22:96:7e:8a:4e:
         74:4b:e4:e7:df:50:cc:83:04:39:e9:74:91:36:99:b1:51:da:
         6a:b9:a7:59:1e:76:e3:6d:a5:70:c1:49:63:cc:bb:4d:48:7c:
         a4:a8:7f:23
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZWOEdvQqZg3cEj3jA9lCRh7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5Y2U1NjlhMTRjMmRiMzc3MmYyMzE4N2NlNjhlNjU0MWVj
MDA0OGUwHhcNMjUwMzEzMDU1NDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjMwODBlNDA5M2RhNWNmMjI2MTAwMjhkYTQ3N2NiZjE1OGM4MzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuBKvH9hSfrjlS4c7DQxBeuoB0E0z
bGwxbq5hG25OfKvBJBW848L+wWQcR0mRPfojPKD3GZFsiNzsdr5INzvEuHUrGFXe
s93PrDYEAru8ZxO9ldAnc2ADcvog8suwPOc9Fmf2DtVfL8ZUhEmOwbm9xD/O0/ss
bd7UouK9wsf8+cf4mVp3wKOes0N4RtvWy+BON7KBS/+P2UDE8ryqQRD0V1ACxEfg
79pYxq0Y6y3js0KLsAcI9PfPVHun54Z/CRuodF5l5ojZwJreNkHzT0wwWqQ7Z8TU
gslku/4/Yd0mfTQoY+bz4MZrTXQcFCK4NHi5I+3FU/935Vmeu6TLsH0rTwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBYwgOQJPaXPImEAKNpHfL8VjINnMB8GA1UdIwQY
MBaAFJnOVpoUwts3cvIxh85o5lQewASOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWM1V21oVEMyemR5OGpHSHptam1WQjdBQkk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi9jYzZlOTktNmU1Zi00MDFiLTkxMmQt
MTA5NTU0NGM2YzUwLzEvRmpDQTVBazlwYzhpWVFBbzJrZDh2eFdNZzJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi9jYzZlOTktNmU1Zi00MDFiLTkxMmQtMTA5NTU0NGM2YzUw
LzEvbWM1V21oVEMyemR5OGpHSHptam1WQjdBQkk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAuaJaAwQA
uaqAAwQAuaqCMA0GCSqGSIb3DQEBCwUAA4IBAQBLUz/A6PZoJpH3ziKvczVbJlRJ
+ZMaUJXEQZPx1NdnyCNMLuHK39IsbCEuqplrumkH90tIuylEGI0blp00kJfUEqC8
POsVeN1yn8CA/6Y2kH9RVJsuraSbOpDWbApqLOAfsK2PaHtgMEFt8U9yJtl1o3mU
eISVUuH4wdVnkL+gor7ulvIx7myX+veav+WwMHrJhrpr7cjPLXF56KP37ra/rg3E
AOdW38zejlWSIcYogpP8B5cfBeDmRRxDsjCmJvxTKENU+9Dfjf6Z/BnQQEiPLvSO
IpZ+ik50S+Tn31DMgwQ56XSRNpmxUdpquadZHnbjbaVwwUljzLtNSHykqH8j
-----END CERTIFICATE-----