Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FkULrHP0-g6i2vs6nZAFJWdp7l4.roa
File:                     FkULrHP0-g6i2vs6nZAFJWdp7l4.roa (raw, json)
Hash identifier:          aXfDzIu7X9wZ2L5JUCtBcYTuYorOfY8VxTlZFtA5V/U=
Subject key identifier:   16:45:0B:AC:73:F4:FA:0E:A2:DA:FB:3A:9D:90:05:25:67:69:EE:5E
Certificate issuer:       /CN=17067977efd14bc89fb0daba03bb0f600fbb0184
Certificate serial:       019676B0C5598FECD850F39DFE89EED42590
Authority key identifier: 17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FkULrHP0-g6i2vs6nZAFJWdp7l4.roa
Signing time:             Sun 27 Apr 2025 10:00:18 +0000
ROA not before:           Sun 27 Apr 2025 10:00:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29802
IP address blocks:        86.110.33.0/24 maxlen: 24
                          86.110.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 06 May 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:76:b0:c5:59:8f:ec:d8:50:f3:9d:fe:89:ee:d4:25:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17067977efd14bc89fb0daba03bb0f600fbb0184
        Validity
            Not Before: Apr 27 10:00:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=16450bac73f4fa0ea2dafb3a9d9005256769ee5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:9c:57:2c:2b:eb:fb:b9:64:a4:5a:18:ff:db:
                    65:14:42:db:0e:07:db:9f:20:4c:ab:e8:d8:c0:c3:
                    cd:ff:e5:ac:1e:f3:ca:6c:db:5d:0c:20:26:d1:29:
                    6a:60:5a:e4:fe:92:fd:26:29:e3:4c:49:3f:09:34:
                    9b:c7:2c:ee:3b:fe:1e:47:3d:fb:ea:b2:d5:c6:70:
                    55:0e:3d:9c:fc:00:dc:6c:9b:21:0e:90:7d:21:ef:
                    42:70:69:3a:00:01:ea:ca:05:7f:82:5b:ba:6c:38:
                    64:ce:7b:b9:de:85:2f:7b:ea:a3:c5:41:3a:97:04:
                    cc:f5:95:9e:45:9d:7f:b1:e2:c0:17:8e:af:8c:c8:
                    fd:d9:64:cc:41:10:5a:04:90:d7:f2:ce:2c:54:3e:
                    0c:ca:6a:42:71:b0:b9:c7:68:34:4d:e7:c0:56:d1:
                    c5:64:05:56:76:e7:60:ab:0b:b4:88:fd:19:1d:db:
                    ea:c2:14:6a:cc:5e:5f:cb:e7:d7:d6:dc:66:f2:e1:
                    eb:3c:b4:a8:75:3a:ac:a5:01:c7:b3:97:9a:b6:0b:
                    88:fe:ed:54:cc:44:44:89:77:76:3a:ba:d0:d0:82:
                    69:da:84:0a:bf:d6:58:ee:7f:84:1f:54:b9:74:40:
                    e4:dc:27:a3:bb:90:5d:24:7f:3b:05:aa:d9:3b:35:
                    ec:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:45:0B:AC:73:F4:FA:0E:A2:DA:FB:3A:9D:90:05:25:67:69:EE:5E
            X509v3 Authority Key Identifier:
                keyid:17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FkULrHP0-g6i2vs6nZAFJWdp7l4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.110.33.0/24
                  86.110.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:d7:a6:7b:05:27:58:de:d5:8b:9e:38:39:b3:d0:d6:55:9b:
         a3:3d:18:44:95:99:e0:0e:8f:40:eb:e4:a0:da:e4:ce:e8:c8:
         72:85:9a:d6:17:ba:ca:61:80:09:db:80:1f:c0:d8:76:82:db:
         14:8e:aa:27:1f:62:35:62:61:da:2b:6f:38:02:e0:0b:4e:da:
         b1:8d:ed:b1:c2:77:e3:ec:9d:89:a7:04:b4:07:32:4e:8e:dd:
         10:52:68:77:51:c4:e7:8c:25:5c:74:78:6b:e3:36:3b:15:b2:
         cf:8e:98:5d:4e:59:0f:36:06:e2:ae:60:64:17:98:f7:a9:be:
         e3:f0:41:45:55:35:7c:ef:21:e7:71:81:4b:9c:e3:ec:53:b3:
         8f:aa:03:cd:1f:bc:ab:11:d1:7b:0e:cb:25:e9:31:10:60:06:
         82:5d:55:71:91:cd:d8:15:28:fe:b1:a3:47:ad:2c:51:b3:bb:
         06:3e:fd:55:f1:89:7c:f4:a6:9a:2b:1f:b4:bd:26:f1:15:7a:
         77:d9:00:c1:a3:90:db:19:79:b6:c0:5c:a9:83:37:ac:a8:5f:
         8b:ec:5c:ef:2d:34:6f:4b:f3:3f:de:69:7b:d2:f8:10:c3:75:
         63:5a:c3:29:1e:ca:31:89:ae:80:fc:dc:4d:e3:86:bc:fc:4a:
         f4:c8:1e:32
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZZ2sMVZj+zYUPOd/onu1CWQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MDY3OTc3ZWZkMTRiYzg5ZmIwZGFiYTAzYmIwZjYwMGZi
YjAxODQwHhcNMjUwNDI3MTAwMDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjQ1MGJhYzczZjRmYTBlYTJkYWZiM2E5ZDkwMDUyNTY3NjllZTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu5xXLCvr+7lkpFoY/9tlFELbDgfb
nyBMq+jYwMPN/+WsHvPKbNtdDCAm0SlqYFrk/pL9JinjTEk/CTSbxyzuO/4eRz37
6rLVxnBVDj2c/ADcbJshDpB9Ie9CcGk6AAHqygV/glu6bDhkznu53oUve+qjxUE6
lwTM9ZWeRZ1/seLAF46vjMj92WTMQRBaBJDX8s4sVD4MympCcbC5x2g0TefAVtHF
ZAVWdudgqwu0iP0ZHdvqwhRqzF5fy+fX1txm8uHrPLSodTqspQHHs5eatguI/u1U
zEREiXd2OrrQ0IJp2oQKv9ZY7n+EH1S5dEDk3Ceju5BdJH87BarZOzXsZQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBZFC6xz9PoOotr7Op2QBSVnae5eMB8GA1UdIwQY
MBaAFBcGeXfv0UvIn7DaugO7D2APuwGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUt
ZDFhNzc3MmRiMDc2LzEvRmtVTHJIUDAtZzZpMnZzNm5aQUZKV2RwN2w0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUtZDFhNzc3MmRiMDc2
LzEvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVm4hAwQA
Vm4+MA0GCSqGSIb3DQEBCwUAA4IBAQBB16Z7BSdY3tWLnjg5s9DWVZujPRhElZng
Do9A6+Sg2uTO6MhyhZrWF7rKYYAJ24AfwNh2gtsUjqonH2I1YmHaK284AuALTtqx
je2xwnfj7J2JpwS0BzJOjt0QUmh3UcTnjCVcdHhr4zY7FbLPjphdTlkPNgbirmBk
F5j3qb7j8EFFVTV87yHncYFLnOPsU7OPqgPNH7yrEdF7Dssl6TEQYAaCXVVxkc3Y
FSj+saNHrSxRs7sGPv1V8Yl89KaaKx+0vSbxFXp32QDBo5DbGXm2wFypgzesqF+L
7FzvLTRvS/M/3ml70vgQw3VjWsMpHsoxia6A/NxN44a8/Er0yB4y
-----END CERTIFICATE-----