Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/fcJodtei5pxvPcqYhbOGHjXRQdg.roa
File:                     fcJodtei5pxvPcqYhbOGHjXRQdg.roa (raw, json)
Hash identifier:          G5C7lP5sQIqwLa6diYehrCc+r5xt8sSAa0ZmGiBdMAA=
Subject key identifier:   7D:C2:68:76:D7:A2:E6:9C:6F:3D:CA:98:85:B3:86:1E:35:D1:41:D8
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01989DD4CA4F909B515A9689546D4E0EFFB8
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/fcJodtei5pxvPcqYhbOGHjXRQdg.roa
Signing time:             Tue 12 Aug 2025 10:30:25 +0000
ROA not before:           Tue 12 Aug 2025 10:30:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     26141
IP address blocks:        45.90.237.0/24 maxlen: 24
                          194.26.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:9d:d4:ca:4f:90:9b:51:5a:96:89:54:6d:4e:0e:ff:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Aug 12 10:30:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7dc26876d7a2e69c6f3dca9885b3861e35d141d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:f4:8c:5f:06:17:cd:19:d2:db:b7:ec:76:3b:
                    11:e8:23:d7:e7:a3:77:4c:b8:e4:ed:42:13:dc:cc:
                    e3:f1:17:e1:a3:60:5f:da:3a:ec:28:aa:00:93:31:
                    1a:3e:d2:44:92:4d:9c:81:f4:0f:11:3e:b9:8d:3f:
                    9d:b2:02:b6:30:0f:da:31:05:79:32:09:7a:ab:3f:
                    14:bf:a8:75:c7:52:36:fb:e0:c4:d9:bd:2c:13:90:
                    a1:51:b8:e5:ae:68:63:96:7a:7e:e6:04:df:67:be:
                    be:b3:ab:77:f3:72:64:13:46:d3:7c:2d:c1:54:cd:
                    90:ff:6c:12:40:d8:cc:60:64:47:d6:12:0f:38:0e:
                    7d:59:ce:7d:8b:47:84:19:6a:24:c6:e8:fd:d7:14:
                    06:85:81:2a:08:a6:87:fa:c8:02:01:31:6b:4f:93:
                    2d:ef:47:3d:08:99:83:7a:0a:48:ad:7e:b7:d4:d3:
                    ef:a0:a0:de:b7:ad:90:83:a3:51:c8:95:e8:ef:9f:
                    af:84:0c:ae:d7:51:91:ea:9c:1c:54:b3:32:d2:f9:
                    2c:b9:a1:87:b9:70:ec:2b:18:9a:96:32:3a:13:a7:
                    72:45:62:02:8c:07:9e:1a:1b:8c:e2:01:d8:86:66:
                    98:5c:33:c0:c5:5c:37:46:5c:14:da:ab:81:4f:1f:
                    ae:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:C2:68:76:D7:A2:E6:9C:6F:3D:CA:98:85:B3:86:1E:35:D1:41:D8
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/fcJodtei5pxvPcqYhbOGHjXRQdg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.237.0/24
                  194.26.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:56:80:a6:13:86:ee:b6:4b:61:f0:a6:30:16:45:22:47:ce:
         2c:14:3b:46:e6:5c:4a:b0:bb:49:42:29:b0:4b:52:1d:ef:c2:
         e8:1c:5c:a5:ce:46:5a:ee:82:8b:3a:da:a9:b5:73:db:84:70:
         6f:56:ca:d1:aa:1b:7f:d3:bf:0b:97:6d:43:11:7c:6e:24:c6:
         8a:cb:c3:44:75:5c:ed:25:a4:88:a2:26:16:65:30:87:41:15:
         50:07:9a:86:f3:86:25:c9:12:79:9d:cf:e9:4f:88:f6:c8:b5:
         6a:d1:d4:68:97:40:62:b9:23:34:02:a8:a0:ee:d4:d7:c8:43:
         50:b5:86:08:a0:e4:88:7b:3f:c2:bb:85:b7:cb:9e:7a:c7:6a:
         27:57:5c:2b:6f:6a:64:a7:17:fb:13:7b:94:79:0f:d1:8e:cf:
         08:f7:95:0e:e3:7c:0c:bb:19:53:80:4e:61:28:03:9d:e6:8c:
         48:6f:e7:26:43:c5:27:f9:1b:c3:92:db:2b:35:60:7d:26:d3:
         e7:0b:f6:79:a5:67:c4:a0:51:1f:e9:7e:e7:e1:9d:49:82:1d:
         da:c8:df:c5:e7:f6:2b:9c:5a:77:a1:b7:50:13:d4:0c:1e:db:
         f2:1b:6b:f3:a3:de:34:3a:b4:01:da:58:3a:c6:1f:38:0e:90:
         ae:05:a6:c5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZid1MpPkJtRWpaJVG1ODv+4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwODEyMTAzMDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGMyNjg3NmQ3YTJlNjljNmYzZGNhOTg4NWIzODYxZTM1ZDE0MWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8fSMXwYXzRnS27fsdjsR6CPX56N3
TLjk7UIT3Mzj8Rfho2Bf2jrsKKoAkzEaPtJEkk2cgfQPET65jT+dsgK2MA/aMQV5
Mgl6qz8Uv6h1x1I2++DE2b0sE5ChUbjlrmhjlnp+5gTfZ76+s6t383JkE0bTfC3B
VM2Q/2wSQNjMYGRH1hIPOA59Wc59i0eEGWokxuj91xQGhYEqCKaH+sgCATFrT5Mt
70c9CJmDegpIrX631NPvoKDet62Qg6NRyJXo75+vhAyu11GR6pwcVLMy0vksuaGH
uXDsKxialjI6E6dyRWICjAeeGhuM4gHYhmaYXDPAxVw3RlwU2quBTx+uuwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH3CaHbXouacbz3KmIWzhh410UHYMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvZmNKb2R0ZWk1cHh2UGNxWWhiT0dIalhSUWRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVrtAwQA
whpkMA0GCSqGSIb3DQEBCwUAA4IBAQCoVoCmE4butkth8KYwFkUiR84sFDtG5lxK
sLtJQimwS1Id78LoHFylzkZa7oKLOtqptXPbhHBvVsrRqht/078Ll21DEXxuJMaK
y8NEdVztJaSIoiYWZTCHQRVQB5qG84YlyRJ5nc/pT4j2yLVq0dRol0BiuSM0Aqig
7tTXyENQtYYIoOSIez/Cu4W3y556x2onV1wrb2pkpxf7E3uUeQ/Rjs8I95UO43wM
uxlTgE5hKAOd5oxIb+cmQ8Un+RvDktsrNWB9JtPnC/Z5pWfEoFEf6X7n4Z1Jgh3a
yN/F5/YrnFp3obdQE9QMHtvyG2vzo940OrQB2lg6xh84DpCuBabF
-----END CERTIFICATE-----