Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/FAnVPdZJq-F5tPbJdZlOrfHA0HI.roa
File:                     FAnVPdZJq-F5tPbJdZlOrfHA0HI.roa (raw, json)
Hash identifier:          oiyCxnnmoEXkJzXvWvbIjTgRJMu2oeQxpPsZMwrF/Y8=
Subject key identifier:   14:09:D5:3D:D6:49:AB:E1:79:B4:F6:C9:75:99:4E:AD:F1:C0:D0:72
Certificate issuer:       /CN=c378bc3bd350eedc4f377c224556b250da6dde6f
Certificate serial:       019782BF32BE4A155065FFCFA8AE420490E9
Authority key identifier: C3:78:BC:3B:D3:50:EE:DC:4F:37:7C:22:45:56:B2:50:DA:6D:DE:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/FAnVPdZJq-F5tPbJdZlOrfHA0HI.roa
Signing time:             Wed 18 Jun 2025 11:14:17 +0000
ROA not before:           Wed 18 Jun 2025 11:14:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        93.127.156.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 14:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:82:bf:32:be:4a:15:50:65:ff:cf:a8:ae:42:04:90:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c378bc3bd350eedc4f377c224556b250da6dde6f
        Validity
            Not Before: Jun 18 11:14:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1409d53dd649abe179b4f6c975994eadf1c0d072
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:7f:a3:88:e7:70:40:24:5c:b6:69:52:22:b1:
                    47:6b:33:99:c0:36:14:5e:8d:9d:88:2c:e2:de:e6:
                    f7:b7:19:48:2b:17:20:51:d4:28:8e:90:04:e6:02:
                    23:b3:5b:b4:ca:a9:18:32:4b:9c:ed:bf:75:86:04:
                    a8:0f:00:d5:63:e7:57:1b:89:8d:bd:5c:f5:f8:cb:
                    d0:56:fb:36:8a:af:ef:03:6f:ba:ce:6f:09:52:f2:
                    78:2f:00:54:ab:c8:e4:0a:46:5b:9d:41:ee:27:b9:
                    9c:f8:59:8d:db:02:b2:1a:f7:f9:6c:76:25:e0:48:
                    97:a2:f7:3b:7e:18:ba:bd:75:b2:fd:28:aa:b7:2c:
                    7f:6f:9d:7b:a1:65:8a:dd:2f:d3:c3:43:e8:b3:b2:
                    a5:5b:d3:b6:6d:76:80:0a:ad:44:d8:92:b6:a9:86:
                    fc:e8:db:dc:f9:21:2c:f2:60:59:c8:a3:c9:ff:20:
                    01:3e:17:0d:18:ed:44:f2:69:8f:9d:66:0c:d2:f6:
                    c3:1c:00:1d:b4:81:28:12:01:32:75:ce:0e:2c:30:
                    6b:86:32:9c:0f:cf:3c:4b:a4:e2:94:98:a8:34:db:
                    e2:8e:8c:96:1b:41:f6:13:a9:cb:97:6f:98:74:c3:
                    30:31:f0:71:82:0c:82:70:0d:32:6b:0b:65:3c:fd:
                    c9:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:09:D5:3D:D6:49:AB:E1:79:B4:F6:C9:75:99:4E:AD:F1:C0:D0:72
            X509v3 Authority Key Identifier:
                keyid:C3:78:BC:3B:D3:50:EE:DC:4F:37:7C:22:45:56:B2:50:DA:6D:DE:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/FAnVPdZJq-F5tPbJdZlOrfHA0HI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.127.156.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2a:fe:48:22:0f:a0:d5:66:75:d8:50:ca:f7:83:08:2c:b5:6f:
         3d:2a:13:04:9b:bf:85:e1:e5:a5:ce:03:da:6e:52:3a:a3:12:
         96:83:07:bc:1b:3f:05:59:24:0f:16:82:45:1c:75:8a:38:81:
         3c:39:31:53:1f:f7:0b:34:9e:75:7d:c6:c1:08:1f:ec:ce:2d:
         f5:1b:32:a8:ff:5a:69:97:a1:a7:54:d0:a4:35:a1:53:8a:69:
         ce:21:77:45:f2:c5:85:69:ee:69:9a:21:2c:5b:90:f4:c3:68:
         e3:11:08:cf:80:bf:00:8e:42:3f:c9:43:3c:4f:ff:19:ec:67:
         dd:a0:75:51:ba:26:f2:ca:7b:bd:60:7c:8d:e4:9b:de:5e:6e:
         de:27:7d:6f:4c:fa:15:53:58:84:40:c5:36:58:7c:e0:4b:c1:
         f6:17:d0:3b:9c:bc:77:99:8c:3e:b3:54:3c:14:2b:76:7c:d7:
         71:d6:4c:7f:55:2a:63:39:44:29:24:c8:1f:00:9d:cf:fc:33:
         05:1b:e8:99:0d:02:9a:80:5d:30:80:c1:8a:7b:f4:be:ae:bd:
         63:42:9a:a3:10:2b:58:38:ed:a5:52:11:6e:ec:92:4f:cf:69:
         74:32:ca:9f:00:29:be:77:f3:de:50:1f:53:d2:1a:cd:74:82:
         34:47:dc:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeCvzK+ShVQZf/PqK5CBJDpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNzhiYzNiZDM1MGVlZGM0ZjM3N2MyMjQ1NTZiMjUwZGE2
ZGRlNmYwHhcNMjUwNjE4MTExNDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDA5ZDUzZGQ2NDlhYmUxNzliNGY2Yzk3NTk5NGVhZGYxYzBkMDcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsn+jiOdwQCRctmlSIrFHazOZwDYU
Xo2diCzi3ub3txlIKxcgUdQojpAE5gIjs1u0yqkYMkuc7b91hgSoDwDVY+dXG4mN
vVz1+MvQVvs2iq/vA2+6zm8JUvJ4LwBUq8jkCkZbnUHuJ7mc+FmN2wKyGvf5bHYl
4EiXovc7fhi6vXWy/Siqtyx/b517oWWK3S/Tw0Pos7KlW9O2bXaACq1E2JK2qYb8
6Nvc+SEs8mBZyKPJ/yABPhcNGO1E8mmPnWYM0vbDHAAdtIEoEgEydc4OLDBrhjKc
D888S6TilJioNNvijoyWG0H2E6nLl2+YdMMwMfBxggyCcA0yawtlPP3J4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBQJ1T3WSavhebT2yXWZTq3xwNByMB8GA1UdIwQY
MBaAFMN4vDvTUO7cTzd8IkVWslDabd5vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzNpOE85TlE3dHhQTjN3aVJWYXlVTnB0M204LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9iZTY2ZTQtZjE0Yi00YjMxLWJkYWYt
NDQxNDU1OGZkY2JiLzEvRkFuVlBkWkpxLUY1dFBiSmRabE9yZkhBMEhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9iZTY2ZTQtZjE0Yi00YjMxLWJkYWYtNDQxNDU1OGZkY2Ji
LzEvdzNpOE85TlE3dHhQTjN3aVJWYXlVTnB0M204LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXX+cMA0G
CSqGSIb3DQEBCwUAA4IBAQAq/kgiD6DVZnXYUMr3gwgstW89KhMEm7+F4eWlzgPa
blI6oxKWgwe8Gz8FWSQPFoJFHHWKOIE8OTFTH/cLNJ51fcbBCB/szi31GzKo/1pp
l6GnVNCkNaFTimnOIXdF8sWFae5pmiEsW5D0w2jjEQjPgL8AjkI/yUM8T/8Z7Gfd
oHVRuibyynu9YHyN5JveXm7eJ31vTPoVU1iEQMU2WHzgS8H2F9A7nLx3mYw+s1Q8
FCt2fNdx1kx/VSpjOUQpJMgfAJ3P/DMFG+iZDQKagF0wgMGKe/S+rr1jQpqjECtY
OO2lUhFu7JJPz2l0MsqfACm+d/PeUB9T0hrNdII0R9xl
-----END CERTIFICATE-----