Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/F5FaMdQw0MwW_Giq48Id-E6jckU.roa
File:                     F5FaMdQw0MwW_Giq48Id-E6jckU.roa (raw, json)
Hash identifier:          ycVnq2WGmWZbnOTWd7xSopOSJK6+V+w/gf05ZEHAXvs=
Subject key identifier:   17:91:5A:31:D4:30:D0:CC:16:FC:68:AA:E3:C2:1D:F8:4E:A3:72:45
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       0196CACE6755ED8F6EBFFB0D7A57647192DE
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/F5FaMdQw0MwW_Giq48Id-E6jckU.roa
Signing time:             Tue 13 May 2025 18:00:46 +0000
ROA not before:           Tue 13 May 2025 18:00:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34989
IP address blocks:        80.71.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 15 May 2025 12:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ca:ce:67:55:ed:8f:6e:bf:fb:0d:7a:57:64:71:92:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: May 13 18:00:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=17915a31d430d0cc16fc68aae3c21df84ea37245
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:ba:1a:f2:8d:11:ff:a1:77:0c:db:54:2e:0e:
                    15:d3:24:9b:f1:68:68:22:0d:09:a0:f3:dc:42:c7:
                    bf:e9:2b:81:f1:95:83:51:70:80:c8:b9:8d:14:f3:
                    5d:6b:c2:b7:93:38:1f:41:bd:f5:78:4f:09:8a:aa:
                    74:6b:cb:c9:42:b6:e6:6e:f8:4c:ef:74:31:8c:3b:
                    1c:13:52:3b:78:ec:76:fd:75:b1:3b:0c:fa:4e:83:
                    d9:16:8c:85:12:58:76:42:05:3e:9d:0e:4d:a9:14:
                    9a:05:c7:73:41:32:36:4b:53:fa:c0:72:86:fb:18:
                    e3:d7:78:b3:b9:f3:f3:52:fe:e8:12:fb:c4:c3:8a:
                    b0:13:50:17:80:5f:5e:cf:04:1e:ce:03:07:03:f8:
                    03:b6:fe:34:4c:51:96:09:44:d5:c7:79:bf:0d:99:
                    dd:8e:8b:ba:b7:77:00:b4:9d:0c:1a:ca:47:40:cb:
                    fe:89:48:8a:2c:b6:ed:fd:88:c8:51:df:43:7e:ba:
                    30:de:8c:18:2b:48:6c:d7:98:b4:18:8b:5b:d0:c7:
                    ce:17:d9:eb:dd:1e:eb:d6:c3:08:cb:0e:d6:8c:9b:
                    23:6c:e9:86:68:5b:ce:ab:41:32:02:a1:b5:5b:c5:
                    cc:08:79:2a:e4:c5:bc:dd:2c:44:74:61:52:fe:c9:
                    3d:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:91:5A:31:D4:30:D0:CC:16:FC:68:AA:E3:C2:1D:F8:4E:A3:72:45
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/F5FaMdQw0MwW_Giq48Id-E6jckU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.71.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:32:72:98:ff:3f:0b:c6:e0:87:b8:3d:a5:e7:bb:14:9c:29:
         f0:47:0b:0f:44:b9:11:e3:9f:f5:4d:b6:19:08:87:3c:2b:8a:
         71:17:f3:51:8a:fe:5e:e1:96:fa:fe:89:58:35:2c:91:94:2f:
         df:28:8c:3b:81:c0:72:d8:65:50:f4:fb:fe:13:c5:ed:d8:3e:
         2c:3f:66:b7:50:28:00:fc:17:d0:d6:5d:ba:89:d9:a2:e5:f1:
         d2:7d:d3:e9:45:29:94:9c:a4:f1:ad:6f:68:28:b2:b0:f5:fd:
         a7:f3:e3:a3:3a:70:85:9e:f0:b3:28:e4:7f:f0:26:7e:e1:5b:
         dd:a4:34:d3:90:0b:4e:db:6b:fe:ad:2a:8c:05:e1:7b:8d:b7:
         56:3d:2d:d6:c5:a9:cc:0a:33:b8:74:6f:4f:11:c7:9f:11:8b:
         f5:c7:36:f2:b1:0b:0e:69:66:05:50:d9:51:7c:c9:ff:91:21:
         1b:1d:cb:43:43:13:93:00:78:3d:7a:0d:e8:06:77:a3:48:18:
         d4:a0:11:b4:0c:82:1e:bf:57:34:15:86:64:bc:d7:19:6b:6d:
         5a:08:30:cb:dd:bd:a4:5b:8b:89:a8:ed:11:6d:23:80:e5:6b:
         59:55:49:ad:11:cd:c3:ae:62:c1:0a:62:0c:cd:27:8e:39:07:
         d3:31:51:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbKzmdV7Y9uv/sNeldkcZLeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjUwNTEzMTgwMDQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzkxNWEzMWQ0MzBkMGNjMTZmYzY4YWFlM2MyMWRmODRlYTM3MjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzboa8o0R/6F3DNtULg4V0ySb8Who
Ig0JoPPcQse/6SuB8ZWDUXCAyLmNFPNda8K3kzgfQb31eE8Jiqp0a8vJQrbmbvhM
73QxjDscE1I7eOx2/XWxOwz6ToPZFoyFElh2QgU+nQ5NqRSaBcdzQTI2S1P6wHKG
+xjj13izufPzUv7oEvvEw4qwE1AXgF9ezwQezgMHA/gDtv40TFGWCUTVx3m/DZnd
jou6t3cAtJ0MGspHQMv+iUiKLLbt/YjIUd9Dfrow3owYK0hs15i0GItb0MfOF9nr
3R7r1sMIyw7WjJsjbOmGaFvOq0EyAqG1W8XMCHkq5MW83SxEdGFS/sk9WwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBeRWjHUMNDMFvxoquPCHfhOo3JFMB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEvRjVGYU1kUXcwTXdXX0dpcTQ4SWQtRTZqY2tVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEfmMA0G
CSqGSIb3DQEBCwUAA4IBAQADMnKY/z8LxuCHuD2l57sUnCnwRwsPRLkR45/1TbYZ
CIc8K4pxF/NRiv5e4Zb6/olYNSyRlC/fKIw7gcBy2GVQ9Pv+E8Xt2D4sP2a3UCgA
/BfQ1l26idmi5fHSfdPpRSmUnKTxrW9oKLKw9f2n8+OjOnCFnvCzKOR/8CZ+4Vvd
pDTTkAtO22v+rSqMBeF7jbdWPS3WxanMCjO4dG9PEcefEYv1xzbysQsOaWYFUNlR
fMn/kSEbHctDQxOTAHg9eg3oBnejSBjUoBG0DIIev1c0FYZkvNcZa21aCDDL3b2k
W4uJqO0RbSOA5WtZVUmtEc3DrmLBCmIMzSeOOQfTMVH2
-----END CERTIFICATE-----