Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/fiamMH5Wv1hnmrjb7mWJkbWrx0M.roa
File:                     fiamMH5Wv1hnmrjb7mWJkbWrx0M.roa (raw, json)
Hash identifier:          z8g9ug3WI51Xgy4zn+hX78whALpWkgVMKUh3J1+Ygus=
Subject key identifier:   7E:26:A6:30:7E:56:BF:58:67:9A:B8:DB:EE:65:89:91:B5:AB:C7:43
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019835760E52F25B0AB7C80F122D921B2A37
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/fiamMH5Wv1hnmrjb7mWJkbWrx0M.roa
Signing time:             Wed 23 Jul 2025 04:06:26 +0000
ROA not before:           Wed 23 Jul 2025 04:06:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20326
IP address blocks:        89.106.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 14:37:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:35:76:0e:52:f2:5b:0a:b7:c8:0f:12:2d:92:1b:2a:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jul 23 04:06:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7e26a6307e56bf58679ab8dbee658991b5abc743
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:d8:72:a9:98:4a:fa:df:ca:0c:ea:03:93:65:
                    c7:08:99:d4:bb:0e:c9:6c:86:6c:27:f8:50:b2:72:
                    1f:a2:95:04:e4:a4:d5:f9:55:57:ac:61:1c:03:d6:
                    82:c7:8b:89:80:ab:8e:89:d1:06:43:a6:34:f9:ba:
                    78:ac:f5:57:bb:55:24:18:18:40:74:c6:3a:d0:b0:
                    83:16:23:f1:c9:5c:1e:55:49:48:5c:e6:0c:fb:cc:
                    5e:2d:ee:39:6f:38:3b:ac:db:6a:58:7d:d2:6c:c4:
                    5d:0d:a2:ac:46:46:aa:fb:2a:8f:05:b2:db:e1:cc:
                    e7:61:75:d4:f6:81:9f:b7:a1:93:c8:e2:46:c9:68:
                    76:2b:7d:5f:32:16:6d:f3:d8:38:5d:82:75:70:cf:
                    27:94:a5:a5:4a:bf:b7:35:06:59:f0:46:eb:07:28:
                    fb:9e:ed:3f:aa:6f:63:71:48:f7:59:30:e4:a9:15:
                    f7:c7:17:e3:c0:3a:4c:31:a2:ba:4f:4a:dc:08:67:
                    6d:86:40:73:e4:36:a0:57:c1:ce:80:f7:17:64:fb:
                    ea:b7:94:cb:36:3f:7b:17:5d:c3:6e:c8:f0:48:9e:
                    39:9d:44:07:47:3a:66:6f:ff:2f:81:d3:c8:7f:8c:
                    e0:32:3a:73:58:43:f0:69:e8:71:55:25:4c:bd:e3:
                    4e:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:26:A6:30:7E:56:BF:58:67:9A:B8:DB:EE:65:89:91:B5:AB:C7:43
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/fiamMH5Wv1hnmrjb7mWJkbWrx0M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:eb:4d:e6:36:5f:f1:46:5c:c2:9d:df:05:c9:9a:a1:31:a7:
         0e:ef:eb:49:72:48:98:cf:3e:6a:b4:66:14:9c:98:8f:7f:f2:
         79:cd:e5:ac:05:26:fd:62:b4:df:1c:e6:80:cc:1c:65:83:88:
         9a:95:e7:91:55:7d:6b:4f:49:9e:08:bd:f4:d0:1c:f9:03:4c:
         3e:a5:a3:b2:5a:c2:d6:f0:7e:1f:52:df:57:07:46:f7:16:69:
         9c:56:ea:d4:2b:d1:20:24:a6:fd:e8:7f:9a:77:8e:cc:ce:39:
         c4:2a:74:96:d2:b6:42:a7:9f:94:17:bc:aa:52:77:3c:4e:a0:
         63:0b:85:60:28:06:70:6c:7a:c2:6b:57:90:00:07:43:3d:90:
         44:a7:57:6e:08:5a:d5:03:23:56:4f:b1:b8:39:d1:68:93:c1:
         88:33:85:38:29:61:a1:d4:79:bd:9b:70:41:1a:59:40:12:a7:
         27:f0:50:2e:ef:3e:b3:13:c9:88:9c:b0:7d:5b:25:c9:24:cf:
         99:55:9f:3e:d8:fc:29:47:a9:57:e8:8c:be:cf:ac:21:6a:75:
         cb:d9:13:17:a0:bf:f9:b4:34:5a:ba:36:89:f5:2d:22:af:b1:
         48:b8:54:52:c1:fb:e4:dc:e5:a9:34:7c:75:cc:45:17:d1:b9:
         2d:62:43:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZg1dg5S8lsKt8gPEi2SGyo3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNzIzMDQwNjI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTI2YTYzMDdlNTZiZjU4Njc5YWI4ZGJlZTY1ODk5MWI1YWJjNzQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNhyqZhK+t/KDOoDk2XHCJnUuw7J
bIZsJ/hQsnIfopUE5KTV+VVXrGEcA9aCx4uJgKuOidEGQ6Y0+bp4rPVXu1UkGBhA
dMY60LCDFiPxyVweVUlIXOYM+8xeLe45bzg7rNtqWH3SbMRdDaKsRkaq+yqPBbLb
4cznYXXU9oGft6GTyOJGyWh2K31fMhZt89g4XYJ1cM8nlKWlSr+3NQZZ8EbrByj7
nu0/qm9jcUj3WTDkqRX3xxfjwDpMMaK6T0rcCGdthkBz5DagV8HOgPcXZPvqt5TL
Nj97F13DbsjwSJ45nUQHRzpmb/8vgdPIf4zgMjpzWEPwaehxVSVMveNOAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH4mpjB+Vr9YZ5q42+5liZG1q8dDMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvZmlhbU1INVd2MWhubXJqYjdtV0prYldyeDBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWWpKMA0G
CSqGSIb3DQEBCwUAA4IBAQCj603mNl/xRlzCnd8FyZqhMacO7+tJckiYzz5qtGYU
nJiPf/J5zeWsBSb9YrTfHOaAzBxlg4ialeeRVX1rT0meCL300Bz5A0w+paOyWsLW
8H4fUt9XB0b3FmmcVurUK9EgJKb96H+ad47MzjnEKnSW0rZCp5+UF7yqUnc8TqBj
C4VgKAZwbHrCa1eQAAdDPZBEp1duCFrVAyNWT7G4OdFok8GIM4U4KWGh1Hm9m3BB
GllAEqcn8FAu7z6zE8mInLB9WyXJJM+ZVZ8+2PwpR6lX6Iy+z6whanXL2RMXoL/5
tDRaujaJ9S0ir7FIuFRSwfvk3OWpNHx1zEUX0bktYkOa
-----END CERTIFICATE-----