Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/566532-b077-4889-9fe6-6576c6d9aa69/1/FUgWL_lEitw648dAxbpzgHtUVSg.roa
File:                     FUgWL_lEitw648dAxbpzgHtUVSg.roa (raw, json)
Hash identifier:          wprSxLZeem8Akk4r6OWoOul/6l4o4VUD6WM3B2aSMl8=
Subject key identifier:   15:48:16:2F:F9:44:8A:DC:3A:E3:C7:40:C5:BA:73:80:7B:54:55:28
Certificate issuer:       /CN=b18156818642dc8f04e40f8677568d663ccf4b1b
Certificate serial:       019866E2AFF65992DD01E802C90378C77F06
Authority key identifier: B1:81:56:81:86:42:DC:8F:04:E4:0F:86:77:56:8D:66:3C:CF:4B:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sYFWgYZC3I8E5A-Gd1aNZjzPSxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/566532-b077-4889-9fe6-6576c6d9aa69/1/FUgWL_lEitw648dAxbpzgHtUVSg.roa
Signing time:             Fri 01 Aug 2025 18:26:28 +0000
ROA not before:           Fri 01 Aug 2025 18:26:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58199
IP address blocks:        193.8.46.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/566532-b077-4889-9fe6-6576c6d9aa69/1/sYFWgYZC3I8E5A-Gd1aNZjzPSxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/566532-b077-4889-9fe6-6576c6d9aa69/1/sYFWgYZC3I8E5A-Gd1aNZjzPSxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sYFWgYZC3I8E5A-Gd1aNZjzPSxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 12 Aug 2025 11:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:66:e2:af:f6:59:92:dd:01:e8:02:c9:03:78:c7:7f:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b18156818642dc8f04e40f8677568d663ccf4b1b
        Validity
            Not Before: Aug  1 18:26:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1548162ff9448adc3ae3c740c5ba73807b545528
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:68:38:65:d9:03:af:da:ac:c3:67:45:55:3a:
                    cd:cd:6a:60:1f:f5:af:9d:14:e0:37:c5:ca:b4:d6:
                    fa:f7:72:48:2a:9b:54:49:1e:ec:38:b7:48:70:94:
                    2b:fb:a6:39:4c:1e:50:f8:5f:05:2b:b9:b2:80:2b:
                    51:a6:1f:d3:e4:d3:7b:d7:a7:ba:4a:ff:1f:8b:a5:
                    81:4b:19:ac:83:b2:1d:92:d0:c0:3c:83:0d:d5:b5:
                    ab:f1:78:7d:27:51:6b:e0:ec:d1:d9:93:5b:68:ea:
                    84:83:51:e0:6d:28:01:b0:21:2d:14:78:70:ec:d4:
                    b9:1d:03:12:3b:df:63:de:0f:82:a6:11:e1:f4:5c:
                    05:45:f5:2f:ff:4e:32:eb:70:aa:f8:8a:85:64:13:
                    33:67:09:65:31:57:8d:77:3c:6d:88:72:ad:b8:e9:
                    ea:7d:b2:bc:95:62:ee:0c:45:17:39:25:63:d4:04:
                    f8:10:68:50:25:79:ae:58:ad:74:79:43:bf:94:c9:
                    e3:ae:ff:c9:4a:fd:27:b0:aa:dd:ce:1e:c3:9c:68:
                    68:af:38:d0:07:c8:96:34:e3:9c:0a:ef:43:f7:f4:
                    44:97:69:19:67:64:1f:a9:62:59:30:7d:14:e2:f3:
                    ba:61:9b:40:82:9b:c2:19:4a:23:0d:eb:40:48:88:
                    f3:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:48:16:2F:F9:44:8A:DC:3A:E3:C7:40:C5:BA:73:80:7B:54:55:28
            X509v3 Authority Key Identifier:
                keyid:B1:81:56:81:86:42:DC:8F:04:E4:0F:86:77:56:8D:66:3C:CF:4B:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sYFWgYZC3I8E5A-Gd1aNZjzPSxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/566532-b077-4889-9fe6-6576c6d9aa69/1/FUgWL_lEitw648dAxbpzgHtUVSg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/566532-b077-4889-9fe6-6576c6d9aa69/1/sYFWgYZC3I8E5A-Gd1aNZjzPSxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.46.0/23

    Signature Algorithm: sha256WithRSAEncryption
         33:d5:b0:74:7a:27:34:ca:1c:a7:f7:14:3d:c8:17:aa:33:97:
         3f:c8:14:b2:24:97:01:15:47:c2:bf:54:c7:98:b3:38:5c:9c:
         54:8f:40:42:4e:6a:7f:bd:c7:5e:16:67:99:73:34:18:41:37:
         46:c5:77:5a:e9:38:93:98:5b:d1:a5:62:d3:2b:bd:c0:92:6c:
         ef:ec:53:48:bf:8b:02:6b:28:c2:8b:37:c9:73:8f:c0:1d:8a:
         29:a1:3a:07:8c:d1:07:8f:40:ea:2b:94:8a:ca:b5:41:ac:62:
         a6:46:38:08:34:93:96:2c:a1:6d:7d:44:ab:fa:71:1d:94:e2:
         99:ac:51:e8:71:de:85:48:03:17:d4:bb:e3:0a:2d:ea:de:56:
         bc:1a:ef:f1:47:06:0c:dd:16:66:b3:71:93:4a:7f:f3:b0:5f:
         d8:e7:e2:33:7a:eb:18:2d:e1:8e:6b:6c:95:8d:b3:fa:fa:bf:
         c1:52:4c:ce:b1:3d:41:8c:32:e4:73:06:7f:9b:78:1d:2e:62:
         a0:80:07:51:7f:86:4b:78:7f:fc:6d:f8:43:dd:0e:2b:aa:f4:
         39:cf:10:91:16:7a:b0:17:03:8a:72:fa:67:f5:5b:94:56:24:
         b8:79:6c:ab:e6:db:d2:a3:ea:41:5b:63:df:65:da:59:64:e2:
         85:80:73:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhm4q/2WZLdAegCyQN4x38GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxODE1NjgxODY0MmRjOGYwNGU0MGY4Njc3NTY4ZDY2M2Nj
ZjRiMWIwHhcNMjUwODAxMTgyNjI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTQ4MTYyZmY5NDQ4YWRjM2FlM2M3NDBjNWJhNzM4MDdiNTQ1NTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGg4ZdkDr9qsw2dFVTrNzWpgH/Wv
nRTgN8XKtNb693JIKptUSR7sOLdIcJQr+6Y5TB5Q+F8FK7mygCtRph/T5NN716e6
Sv8fi6WBSxmsg7IdktDAPIMN1bWr8Xh9J1Fr4OzR2ZNbaOqEg1HgbSgBsCEtFHhw
7NS5HQMSO99j3g+CphHh9FwFRfUv/04y63Cq+IqFZBMzZwllMVeNdzxtiHKtuOnq
fbK8lWLuDEUXOSVj1AT4EGhQJXmuWK10eUO/lMnjrv/JSv0nsKrdzh7DnGhorzjQ
B8iWNOOcCu9D9/REl2kZZ2QfqWJZMH0U4vO6YZtAgpvCGUojDetASIjzOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBVIFi/5RIrcOuPHQMW6c4B7VFUoMB8GA1UdIwQY
MBaAFLGBVoGGQtyPBOQPhndWjWY8z0sbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1lGV2dZWkMzSThFNUEtR2QxYU5aanpQU3hzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC81NjY1MzItYjA3Ny00ODg5LTlmZTYt
NjU3NmM2ZDlhYTY5LzEvRlVnV0xfbEVpdHc2NDhkQXhicHpnSHRVVlNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC81NjY1MzItYjA3Ny00ODg5LTlmZTYtNjU3NmM2ZDlhYTY5
LzEvc1lGV2dZWkMzSThFNUEtR2QxYU5aanpQU3hzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwQguMA0G
CSqGSIb3DQEBCwUAA4IBAQAz1bB0eic0yhyn9xQ9yBeqM5c/yBSyJJcBFUfCv1TH
mLM4XJxUj0BCTmp/vcdeFmeZczQYQTdGxXda6TiTmFvRpWLTK73Akmzv7FNIv4sC
ayjCizfJc4/AHYopoToHjNEHj0DqK5SKyrVBrGKmRjgINJOWLKFtfUSr+nEdlOKZ
rFHocd6FSAMX1LvjCi3q3la8Gu/xRwYM3RZms3GTSn/zsF/Y5+IzeusYLeGOa2yV
jbP6+r/BUkzOsT1BjDLkcwZ/m3gdLmKggAdRf4ZLeH/8bfhD3Q4rqvQ5zxCRFnqw
FwOKcvpn9VuUViS4eWyr5tvSo+pBW2PfZdpZZOKFgHPL
-----END CERTIFICATE-----