Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/6_4Zh3O6ZTreuktkHjfNsOfp20c.roa
File:                     6_4Zh3O6ZTreuktkHjfNsOfp20c.roa (raw, json)
Hash identifier:          IHBYXC/iSuYVHMlBmOHgNgl61Qvof4DId2NC68M2Wf4=
Subject key identifier:   EB:FE:19:87:73:BA:65:3A:DE:BA:4B:64:1E:37:CD:B0:E7:E9:DB:47
Certificate issuer:       /CN=4cf8ffc088591e4f243baafa21b4298bfb366026
Certificate serial:       019428279044772954694EA57622FB19E37F
Authority key identifier: 4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/6_4Zh3O6ZTreuktkHjfNsOfp20c.roa
Signing time:             Thu 02 Jan 2025 17:54:28 +0000
ROA not before:           Thu 02 Jan 2025 17:54:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     141420
IP address blocks:        193.118.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 11:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:90:44:77:29:54:69:4e:a5:76:22:fb:19:e3:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cf8ffc088591e4f243baafa21b4298bfb366026
        Validity
            Not Before: Jan  2 17:54:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ebfe198773ba653adeba4b641e37cdb0e7e9db47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:af:0b:39:3c:a2:67:5b:41:1d:6f:5f:18:e1:
                    86:c9:0c:5e:1f:01:08:fd:da:a1:dd:2e:af:db:94:
                    4f:d4:32:37:a3:1d:96:59:70:01:3e:4c:05:cc:a3:
                    1f:7b:5c:4b:6c:28:5c:57:0b:aa:94:43:1d:94:f0:
                    10:8b:46:cc:f5:4d:47:74:ea:97:76:1d:c2:a1:c1:
                    22:70:8e:c5:f9:42:37:7d:3a:e0:d3:5d:5c:9a:37:
                    43:85:a4:e1:6a:e7:82:5a:d7:48:59:03:98:f9:d3:
                    39:57:59:ea:e6:1a:7d:c4:8a:c4:a7:37:40:b3:eb:
                    52:28:4b:fd:a3:bf:cc:98:29:4c:ca:5b:78:d4:bc:
                    5c:b8:5b:55:8a:f7:03:87:93:6b:74:8e:b8:c7:ab:
                    78:ca:eb:93:d0:fe:62:47:78:0d:35:0a:d6:ac:ae:
                    93:eb:c5:b4:4a:43:98:c7:f4:23:90:1d:73:17:b8:
                    65:eb:0e:f8:b7:9e:a1:d7:a4:5c:c4:2e:61:1e:98:
                    33:23:6f:6b:9d:3f:fc:4a:e5:5a:a8:82:85:5d:21:
                    d8:42:d8:91:cb:86:40:87:59:7c:e0:34:56:a0:01:
                    1a:dc:c5:87:45:05:47:dd:54:d8:f8:c7:a5:62:8f:
                    2b:88:98:b8:4d:40:fb:48:b6:c6:ef:88:83:8e:17:
                    b8:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:FE:19:87:73:BA:65:3A:DE:BA:4B:64:1E:37:CD:B0:E7:E9:DB:47
            X509v3 Authority Key Identifier:
                keyid:4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/6_4Zh3O6ZTreuktkHjfNsOfp20c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.118.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:a6:91:ee:e5:88:b2:9f:00:ce:2f:58:7e:10:9e:44:f0:3d:
         fb:39:d7:a9:73:1d:21:f2:7c:ac:d7:0e:14:86:fa:db:5f:12:
         1a:ab:54:78:bd:b4:5b:4e:00:e9:a8:9c:0b:06:4d:54:8d:62:
         ce:d5:bd:79:bb:e4:d3:22:e1:d1:c7:2f:b3:21:46:48:5b:9a:
         98:bd:ec:ee:19:8f:ab:e6:f4:0f:85:c2:b7:d5:35:bd:ab:a4:
         76:70:f1:50:9f:60:50:50:d1:78:d6:71:3c:bd:bb:99:94:64:
         00:c7:c7:6a:26:5f:cd:82:56:fc:2c:d5:6b:3b:bb:86:17:05:
         47:d2:b0:16:d9:82:59:58:0c:32:06:83:16:60:a3:03:cd:df:
         0a:d0:26:c9:bc:ef:a5:61:97:6d:96:f8:08:11:2c:f6:e3:b9:
         8f:06:f8:f4:d5:d7:4b:6e:85:98:0b:5f:f5:0a:ad:5a:52:f0:
         4e:67:0b:38:5c:c0:18:c5:36:06:4e:d7:86:1d:1c:d8:52:39:
         8c:29:a8:0d:c6:cf:47:5a:8c:e4:a0:e7:b8:09:cb:c8:d7:3d:
         68:b5:1d:6b:db:e7:22:8c:3d:ac:98:2d:c1:db:ca:12:59:79:
         20:00:a3:cd:6e:3f:c1:54:a4:e4:07:f8:38:99:fb:3d:d2:af:
         4a:35:57:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJ5BEdylUaU6ldiL7GeN/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZjhmZmMwODg1OTFlNGYyNDNiYWFmYTIxYjQyOThiZmIz
NjYwMjYwHhcNMjUwMTAyMTc1NDI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmZlMTk4NzczYmE2NTNhZGViYTRiNjQxZTM3Y2RiMGU3ZTlkYjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvq8LOTyiZ1tBHW9fGOGGyQxeHwEI
/dqh3S6v25RP1DI3ox2WWXABPkwFzKMfe1xLbChcVwuqlEMdlPAQi0bM9U1HdOqX
dh3CocEicI7F+UI3fTrg011cmjdDhaThaueCWtdIWQOY+dM5V1nq5hp9xIrEpzdA
s+tSKEv9o7/MmClMylt41LxcuFtVivcDh5NrdI64x6t4yuuT0P5iR3gNNQrWrK6T
68W0SkOYx/QjkB1zF7hl6w74t56h16RcxC5hHpgzI29rnT/8SuVaqIKFXSHYQtiR
y4ZAh1l84DRWoAEa3MWHRQVH3VTY+MelYo8riJi4TUD7SLbG74iDjhe4swIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOv+GYdzumU63rpLZB43zbDn6dtHMB8GA1UdIwQY
MBaAFEz4/8CIWR5PJDuq+iG0KYv7NmAmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMt
YjNiNzhiMGI2NmVhLzEvNl80WmgzTzZaVHJldWt0a0hqZk5zT2ZwMjBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMtYjNiNzhiMGI2NmVh
LzEvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwXaoMA0G
CSqGSIb3DQEBCwUAA4IBAQBappHu5YiynwDOL1h+EJ5E8D37Odepcx0h8nys1w4U
hvrbXxIaq1R4vbRbTgDpqJwLBk1UjWLO1b15u+TTIuHRxy+zIUZIW5qYvezuGY+r
5vQPhcK31TW9q6R2cPFQn2BQUNF41nE8vbuZlGQAx8dqJl/Nglb8LNVrO7uGFwVH
0rAW2YJZWAwyBoMWYKMDzd8K0CbJvO+lYZdtlvgIESz247mPBvj01ddLboWYC1/1
Cq1aUvBOZws4XMAYxTYGTteGHRzYUjmMKagNxs9HWozkoOe4CcvI1z1otR1r2+ci
jD2smC3B28oSWXkgAKPNbj/BVKTkB/g4mfs90q9KNVf9
-----END CERTIFICATE-----