Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/1d0171-3307-4531-a73a-146a69b6d8e4/1/FxOU5mcs5zu6It7tyYPtggiNpMw.roa
File:                     FxOU5mcs5zu6It7tyYPtggiNpMw.roa (raw, json)
Hash identifier:          HYzosP3W6gjE2lC2/EeCUTPjqHpatsBGbz79rZD00GQ=
Subject key identifier:   17:13:94:E6:67:2C:E7:3B:BA:22:DE:ED:C9:83:ED:82:08:8D:A4:CC
Certificate issuer:       /CN=b5a263d18eb5c540f7478825bb72efac6f28f82b
Certificate serial:       0194221FB93BE70ABBCEB60C10B00757835C
Authority key identifier: B5:A2:63:D1:8E:B5:C5:40:F7:47:88:25:BB:72:EF:AC:6F:28:F8:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/taJj0Y61xUD3R4glu3LvrG8o-Cs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/1d0171-3307-4531-a73a-146a69b6d8e4/1/FxOU5mcs5zu6It7tyYPtggiNpMw.roa
Signing time:             Wed 01 Jan 2025 13:48:11 +0000
ROA not before:           Wed 01 Jan 2025 13:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12779
IP address blocks:        195.74.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/1d0171-3307-4531-a73a-146a69b6d8e4/1/taJj0Y61xUD3R4glu3LvrG8o-Cs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/1d0171-3307-4531-a73a-146a69b6d8e4/1/taJj0Y61xUD3R4glu3LvrG8o-Cs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/taJj0Y61xUD3R4glu3LvrG8o-Cs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:b9:3b:e7:0a:bb:ce:b6:0c:10:b0:07:57:83:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5a263d18eb5c540f7478825bb72efac6f28f82b
        Validity
            Not Before: Jan  1 13:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=171394e6672ce73bba22deedc983ed82088da4cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:92:78:df:3b:1e:93:90:d6:78:a1:25:8f:23:
                    f4:37:43:97:a4:67:ed:c2:f4:00:20:ae:90:73:8b:
                    cd:8d:9d:b7:cd:77:27:18:d3:52:84:3e:15:1b:02:
                    b7:9f:89:69:e8:86:e5:57:ef:05:c6:dd:a0:f7:21:
                    45:b1:d2:f8:87:d0:29:7d:b8:c1:71:57:db:46:36:
                    8c:b9:51:f8:f1:4c:96:87:07:d3:10:ce:60:44:f8:
                    58:c0:78:6e:58:0a:ea:ce:3b:bc:dc:9c:7b:82:9c:
                    4e:49:1a:03:72:fb:62:45:10:24:15:79:39:43:e1:
                    e2:f6:cd:c2:cd:44:a1:7a:64:f6:9a:d6:50:80:4b:
                    cf:49:16:29:02:88:f3:0c:b1:17:ed:d8:ac:31:57:
                    52:79:f4:67:f4:d0:40:e9:1e:99:a8:5d:d2:8f:5b:
                    13:c2:42:d6:06:e5:b1:24:83:2b:d8:ca:a4:f7:5e:
                    2b:2a:d7:a2:46:de:fb:7f:bb:29:36:13:e8:ab:42:
                    fe:c0:8c:c9:3a:df:21:d4:1f:c3:47:ee:1d:a8:fc:
                    f7:bd:2c:da:0f:7f:de:99:98:cc:56:29:79:2b:18:
                    6b:f3:b7:f4:20:5c:23:3f:2a:ae:53:07:22:13:bf:
                    57:69:98:9c:0b:17:bd:51:12:ed:9d:94:99:a1:67:
                    d2:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:13:94:E6:67:2C:E7:3B:BA:22:DE:ED:C9:83:ED:82:08:8D:A4:CC
            X509v3 Authority Key Identifier:
                keyid:B5:A2:63:D1:8E:B5:C5:40:F7:47:88:25:BB:72:EF:AC:6F:28:F8:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/taJj0Y61xUD3R4glu3LvrG8o-Cs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/1d0171-3307-4531-a73a-146a69b6d8e4/1/FxOU5mcs5zu6It7tyYPtggiNpMw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/1d0171-3307-4531-a73a-146a69b6d8e4/1/taJj0Y61xUD3R4glu3LvrG8o-Cs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.74.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:73:ac:15:53:22:11:af:55:8b:f7:85:78:14:7a:c4:e8:4f:
         69:0f:b9:a6:76:85:e3:84:66:a6:52:c1:0c:4c:7f:9b:9f:09:
         87:9d:66:a0:44:f5:42:ef:72:fa:d5:a4:d2:f4:5b:d8:30:76:
         a2:d8:f2:0f:29:9a:19:95:d4:d8:10:00:e2:00:56:81:70:c7:
         84:6f:12:45:54:4b:d4:8b:ab:05:41:b0:1b:81:64:6b:54:a8:
         ae:4d:23:c0:01:ea:5b:01:c6:63:af:52:f1:b9:3d:e5:b8:d6:
         13:6b:c5:48:83:03:7b:fd:7c:76:b7:97:8e:e2:69:43:52:89:
         bb:f6:1e:b5:92:77:e8:55:90:4a:3a:6e:97:bb:c9:f7:9f:10:
         fa:ac:7d:c0:22:ed:49:4e:ce:34:88:75:7d:94:16:4b:eb:a0:
         12:1b:8a:11:8a:18:9d:ab:93:9e:3a:24:ba:8c:11:eb:41:12:
         c7:a0:76:7b:ab:f3:ee:8c:17:37:9c:80:f2:35:a1:c4:e1:77:
         ee:72:71:da:c0:ee:22:40:67:0f:ff:a5:c2:b9:96:4f:0e:37:
         5a:6e:d7:b9:2d:d3:21:73:5a:ac:2a:d2:22:96:b2:b0:39:22:
         53:40:de:94:aa:b5:67:de:d4:09:a1:df:05:22:66:51:79:ff:
         0c:1b:b3:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH7k75wq7zrYMELAHV4NcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1YTI2M2QxOGViNWM1NDBmNzQ3ODgyNWJiNzJlZmFjNmYy
OGY4MmIwHhcNMjUwMTAxMTM0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzEzOTRlNjY3MmNlNzNiYmEyMmRlZWRjOTgzZWQ4MjA4OGRhNGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo5J43zsek5DWeKEljyP0N0OXpGft
wvQAIK6Qc4vNjZ23zXcnGNNShD4VGwK3n4lp6IblV+8Fxt2g9yFFsdL4h9ApfbjB
cVfbRjaMuVH48UyWhwfTEM5gRPhYwHhuWArqzju83Jx7gpxOSRoDcvtiRRAkFXk5
Q+Hi9s3CzUShemT2mtZQgEvPSRYpAojzDLEX7disMVdSefRn9NBA6R6ZqF3Sj1sT
wkLWBuWxJIMr2Mqk914rKteiRt77f7spNhPoq0L+wIzJOt8h1B/DR+4dqPz3vSza
D3/emZjMVil5Kxhr87f0IFwjPyquUwciE79XaZicCxe9URLtnZSZoWfS/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBcTlOZnLOc7uiLe7cmD7YIIjaTMMB8GA1UdIwQY
MBaAFLWiY9GOtcVA90eIJbty76xvKPgrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGFKajBZNjF4VUQzUjRnbHUzTHZyRzhvLUNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC8xZDAxNzEtMzMwNy00NTMxLWE3M2Et
MTQ2YTY5YjZkOGU0LzEvRnhPVTVtY3M1enU2SXQ3dHlZUHRnZ2lOcE13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC8xZDAxNzEtMzMwNy00NTMxLWE3M2EtMTQ2YTY5YjZkOGU0
LzEvdGFKajBZNjF4VUQzUjRnbHUzTHZyRzhvLUNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0pRMA0G
CSqGSIb3DQEBCwUAA4IBAQAPc6wVUyIRr1WL94V4FHrE6E9pD7mmdoXjhGamUsEM
TH+bnwmHnWagRPVC73L61aTS9FvYMHai2PIPKZoZldTYEADiAFaBcMeEbxJFVEvU
i6sFQbAbgWRrVKiuTSPAAepbAcZjr1LxuT3luNYTa8VIgwN7/Xx2t5eO4mlDUom7
9h61knfoVZBKOm6Xu8n3nxD6rH3AIu1JTs40iHV9lBZL66ASG4oRihidq5OeOiS6
jBHrQRLHoHZ7q/PujBc3nIDyNaHE4XfucnHawO4iQGcP/6XCuZZPDjdabte5LdMh
c1qsKtIilrKwOSJTQN6UqrVn3tQJod8FImZRef8MG7MK
-----END CERTIFICATE-----