Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/bd6a19-2595-4df9-84b5-ebadbc34a124/1/4fy3vWdarcLkTpJwYhN0-mujCFw.roa
File:                     4fy3vWdarcLkTpJwYhN0-mujCFw.roa (raw, json)
Hash identifier:          7wuNe9z7h5OV3utTfrlA+yDD7ovgc0KJaIDtfaZjsCo=
Subject key identifier:   E1:FC:B7:BD:67:5A:AD:C2:E4:4E:92:70:62:13:74:FA:6B:A3:08:5C
Certificate issuer:       /CN=40665ce80820a47ce3b83f480289554a58a45df4
Certificate serial:       018D3CB80DB2882A6662983E9F000BF4AAE3
Authority key identifier: 40:66:5C:E8:08:20:A4:7C:E3:B8:3F:48:02:89:55:4A:58:A4:5D:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QGZc6AggpHzjuD9IAolVSlikXfQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/bd6a19-2595-4df9-84b5-ebadbc34a124/1/4fy3vWdarcLkTpJwYhN0-mujCFw.roa
Signing time:             Wed 24 Jan 2024 18:25:11 +0000
ROA not before:           Wed 24 Jan 2024 18:25:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35478
IP address blocks:        195.216.248.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/bd6a19-2595-4df9-84b5-ebadbc34a124/1/QGZc6AggpHzjuD9IAolVSlikXfQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/bd6a19-2595-4df9-84b5-ebadbc34a124/1/QGZc6AggpHzjuD9IAolVSlikXfQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QGZc6AggpHzjuD9IAolVSlikXfQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3c:b8:0d:b2:88:2a:66:62:98:3e:9f:00:0b:f4:aa:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40665ce80820a47ce3b83f480289554a58a45df4
        Validity
            Not Before: Jan 24 18:25:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1fcb7bd675aadc2e44e9270621374fa6ba3085c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:f8:23:42:cf:17:e3:a5:16:77:cb:14:40:26:
                    3a:cf:c8:bd:64:b0:5a:82:26:83:2d:58:fd:20:c0:
                    3d:33:2d:cb:36:00:c1:b5:28:9b:0a:ab:32:22:7e:
                    92:3b:cd:63:44:43:6f:f5:1c:17:21:8d:fc:77:24:
                    ad:6e:c9:20:07:a7:a8:52:a1:7a:c8:48:09:bd:d0:
                    45:d3:8e:1f:10:00:74:89:da:92:56:76:e5:af:2d:
                    b9:78:9d:43:85:cf:65:01:71:c0:ba:f0:aa:e3:43:
                    17:72:4b:e5:c3:9e:de:43:ef:12:f4:ee:11:87:6a:
                    70:6d:33:f0:a4:3c:40:2a:c1:08:39:59:98:9d:8b:
                    af:75:33:7b:16:7a:f2:1a:62:3a:86:72:5f:31:6d:
                    9c:1a:f9:5e:57:df:7c:69:2f:59:18:e2:ff:17:c1:
                    df:b7:79:df:17:e1:f8:ab:3c:1a:09:b2:60:01:0a:
                    69:86:03:05:1c:e7:ec:7b:07:e3:6a:01:d2:95:e2:
                    94:53:8b:74:db:95:98:f5:5a:ef:36:70:99:bd:d5:
                    05:a9:c8:59:5f:27:13:8d:c1:27:7d:d7:ba:c0:dc:
                    fb:4c:79:be:5b:51:b1:45:a8:9d:e9:db:6e:34:e6:
                    da:35:2e:38:f2:03:bd:6a:00:73:19:e5:a3:e2:a9:
                    e0:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:FC:B7:BD:67:5A:AD:C2:E4:4E:92:70:62:13:74:FA:6B:A3:08:5C
            X509v3 Authority Key Identifier:
                keyid:40:66:5C:E8:08:20:A4:7C:E3:B8:3F:48:02:89:55:4A:58:A4:5D:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QGZc6AggpHzjuD9IAolVSlikXfQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/bd6a19-2595-4df9-84b5-ebadbc34a124/1/4fy3vWdarcLkTpJwYhN0-mujCFw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/bd6a19-2595-4df9-84b5-ebadbc34a124/1/QGZc6AggpHzjuD9IAolVSlikXfQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.216.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:7e:b0:68:ac:d5:2b:04:f3:74:43:8b:3d:c9:5a:54:8d:b6:
         6f:62:8a:ce:64:d4:e7:e7:e3:e9:ca:5e:c9:70:7e:5e:78:2e:
         77:0c:1c:34:1b:e4:79:ac:49:d1:85:d6:55:0a:5c:31:af:a8:
         b2:75:08:42:37:d7:4f:65:06:67:16:d4:25:2e:4d:c0:ce:df:
         35:63:c4:13:ee:37:df:d8:6e:8e:56:56:90:e3:1b:a3:35:8a:
         3e:d8:94:e0:a8:1a:bd:1e:59:ee:4b:b5:01:eb:38:50:06:97:
         49:56:d1:5c:d7:47:e2:3a:1b:7a:88:bc:2d:05:8b:20:eb:6c:
         d8:07:47:b9:e9:49:30:e3:3a:6a:4c:9e:2e:2d:53:62:55:a3:
         45:73:37:7a:e8:8f:f8:e9:c4:fa:c6:60:8d:61:a4:e0:45:fd:
         5c:04:4a:c2:50:b7:eb:c6:b8:d2:e9:65:47:d8:5b:cc:53:4e:
         e7:51:e8:56:56:be:4b:4d:af:ec:b7:f9:07:34:46:fb:1a:62:
         6b:11:26:9b:a8:09:7d:d1:af:65:f6:09:75:83:b3:94:a1:24:
         24:6f:8d:83:60:d1:1e:2e:8c:02:b2:39:1b:d5:05:5b:b7:c2:
         56:c6:03:ff:3a:65:ce:6d:9c:5a:a1:e2:29:63:41:39:93:04:
         4b:81:14:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY08uA2yiCpmYpg+nwAL9KrjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwNjY1Y2U4MDgyMGE0N2NlM2I4M2Y0ODAyODk1NTRhNThh
NDVkZjQwHhcNMjQwMTI0MTgyNTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWZjYjdiZDY3NWFhZGMyZTQ0ZTkyNzA2MjEzNzRmYTZiYTMwODVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuPgjQs8X46UWd8sUQCY6z8i9ZLBa
giaDLVj9IMA9My3LNgDBtSibCqsyIn6SO81jRENv9RwXIY38dyStbskgB6eoUqF6
yEgJvdBF044fEAB0idqSVnblry25eJ1Dhc9lAXHAuvCq40MXckvlw57eQ+8S9O4R
h2pwbTPwpDxAKsEIOVmYnYuvdTN7FnryGmI6hnJfMW2cGvleV998aS9ZGOL/F8Hf
t3nfF+H4qzwaCbJgAQpphgMFHOfsewfjagHSleKUU4t025WY9VrvNnCZvdUFqchZ
XycTjcEnfde6wNz7THm+W1GxRaid6dtuNObaNS448gO9agBzGeWj4qngmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOH8t71nWq3C5E6ScGITdPprowhcMB8GA1UdIwQY
MBaAFEBmXOgIIKR847g/SAKJVUpYpF30MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUdaYzZBZ2dwSHpqdUQ5SUFvbFZTbGlrWGZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9iZDZhMTktMjU5NS00ZGY5LTg0YjUt
ZWJhZGJjMzRhMTI0LzEvNGZ5M3ZXZGFyY0xrVHBKd1loTjAtbXVqQ0Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9iZDZhMTktMjU5NS00ZGY5LTg0YjUtZWJhZGJjMzRhMTI0
LzEvUUdaYzZBZ2dwSHpqdUQ5SUFvbFZTbGlrWGZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9j4MA0G
CSqGSIb3DQEBCwUAA4IBAQB+frBorNUrBPN0Q4s9yVpUjbZvYorOZNTn5+Ppyl7J
cH5eeC53DBw0G+R5rEnRhdZVClwxr6iydQhCN9dPZQZnFtQlLk3Azt81Y8QT7jff
2G6OVlaQ4xujNYo+2JTgqBq9HlnuS7UB6zhQBpdJVtFc10fiOht6iLwtBYsg62zY
B0e56Ukw4zpqTJ4uLVNiVaNFczd66I/46cT6xmCNYaTgRf1cBErCULfrxrjS6WVH
2FvMU07nUehWVr5LTa/st/kHNEb7GmJrESabqAl90a9l9gl1g7OUoSQkb42DYNEe
LowCsjkb1QVbt8JWxgP/OmXObZxaoeIpY0E5kwRLgRRl
-----END CERTIFICATE-----