Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/02c5ec-7c6f-4ae2-9897-3059c89b72ea/1/eHPqpiMAvfqI-We9VzdWjZPR_bY.roa
File:                     eHPqpiMAvfqI-We9VzdWjZPR_bY.roa (raw, json)
Hash identifier:          2EtKDvjgQC4QGGaHfks3HUfVQC7NvALc/OB3oROL6rM=
Subject key identifier:   78:73:EA:A6:23:00:BD:FA:88:F9:67:BD:57:37:56:8D:93:D1:FD:B6
Certificate issuer:       /CN=4c54ecce6cbc9c54929eaa4b22b337b0fd9b36bf
Certificate serial:       01941F8C83910B964A643E8816F0EAA139DF
Authority key identifier: 4C:54:EC:CE:6C:BC:9C:54:92:9E:AA:4B:22:B3:37:B0:FD:9B:36:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TFTszmy8nFSSnqpLIrM3sP2bNr8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/02c5ec-7c6f-4ae2-9897-3059c89b72ea/1/eHPqpiMAvfqI-We9VzdWjZPR_bY.roa
Signing time:             Wed 01 Jan 2025 01:48:09 +0000
ROA not before:           Wed 01 Jan 2025 01:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        195.82.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/02c5ec-7c6f-4ae2-9897-3059c89b72ea/1/TFTszmy8nFSSnqpLIrM3sP2bNr8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/02c5ec-7c6f-4ae2-9897-3059c89b72ea/1/TFTszmy8nFSSnqpLIrM3sP2bNr8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TFTszmy8nFSSnqpLIrM3sP2bNr8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:83:91:0b:96:4a:64:3e:88:16:f0:ea:a1:39:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c54ecce6cbc9c54929eaa4b22b337b0fd9b36bf
        Validity
            Not Before: Jan  1 01:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7873eaa62300bdfa88f967bd5737568d93d1fdb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:f5:f0:fa:5a:29:9c:51:bf:31:f4:6a:ef:20:
                    0a:de:4b:b1:23:66:74:c4:d8:70:4c:cd:c8:6c:54:
                    2d:8f:f9:f7:c1:a4:dc:89:f4:e6:f2:57:e4:3b:9a:
                    fc:21:86:f1:05:ab:db:99:fd:38:b3:0a:55:24:35:
                    25:99:88:80:d5:50:ad:10:8a:00:e4:61:4b:87:84:
                    fb:e7:76:7b:40:88:c9:b6:58:8f:d7:50:87:56:5a:
                    6c:37:ba:20:e8:eb:38:60:48:07:a5:5c:74:97:e6:
                    ee:2b:96:26:9a:36:77:eb:11:59:14:fd:50:7d:fa:
                    de:75:5f:a8:fc:80:96:6e:eb:50:e7:bf:ec:24:24:
                    cc:26:34:12:2e:01:8a:65:2e:da:18:01:6b:69:e1:
                    4a:f1:a4:b2:59:c1:5a:d9:f9:33:6a:4e:08:ab:75:
                    e2:ee:32:78:ef:40:35:7c:3b:44:f0:6a:2b:02:09:
                    88:4a:57:44:38:38:b5:8a:b3:37:07:00:65:bf:1d:
                    bd:26:43:bf:3e:fd:f5:d8:bb:fb:7a:35:38:30:31:
                    65:5a:40:9f:44:9a:85:73:1a:c8:3f:00:61:de:1e:
                    da:df:45:ad:81:9c:88:dc:14:c4:bd:7f:e7:53:6c:
                    4a:c6:2c:c8:ed:0f:30:7f:b3:1d:64:68:f8:93:f6:
                    5e:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:73:EA:A6:23:00:BD:FA:88:F9:67:BD:57:37:56:8D:93:D1:FD:B6
            X509v3 Authority Key Identifier:
                keyid:4C:54:EC:CE:6C:BC:9C:54:92:9E:AA:4B:22:B3:37:B0:FD:9B:36:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TFTszmy8nFSSnqpLIrM3sP2bNr8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/02c5ec-7c6f-4ae2-9897-3059c89b72ea/1/eHPqpiMAvfqI-We9VzdWjZPR_bY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/02c5ec-7c6f-4ae2-9897-3059c89b72ea/1/TFTszmy8nFSSnqpLIrM3sP2bNr8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.82.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:5c:81:6c:7e:29:44:3e:75:9d:d1:7e:d9:41:73:ae:21:6b:
         dd:97:7b:8d:43:86:16:f7:4e:6b:2c:bb:15:9d:9c:35:35:7b:
         2e:a0:c7:61:94:e1:16:d3:e1:01:5d:9b:92:0a:e0:5f:b2:3a:
         c6:f0:c8:ac:18:ec:ee:36:d9:40:4c:7e:b5:9f:55:6f:05:67:
         97:13:63:a8:f6:63:42:8e:06:7a:77:12:c4:5e:97:8a:b1:d8:
         04:ef:01:a6:d4:60:21:1f:74:18:32:d9:eb:64:05:08:05:b7:
         1f:38:7e:cb:ed:a4:05:9d:6a:6b:98:24:fe:a7:e0:71:d1:be:
         57:3c:0f:c9:03:cc:fa:fe:0e:b9:ca:01:88:b6:48:52:03:c0:
         a6:66:17:b3:e2:01:15:3d:82:06:ed:85:ce:aa:1f:79:44:ad:
         5e:ce:14:de:55:87:40:76:61:8d:58:d1:b7:dd:5f:8d:86:6e:
         21:07:ad:8e:66:9c:28:64:4e:cb:d5:28:cc:02:76:45:d3:1c:
         bd:0e:f9:66:5a:e9:22:75:49:04:db:11:bf:bd:8b:89:06:fc:
         c8:6d:84:21:f8:37:85:90:7b:10:8d:d6:5a:63:7e:82:53:27:
         d4:5d:5a:a7:a0:f3:15:b3:b6:a3:4c:bc:3f:e2:19:d8:ab:72:
         52:c8:30:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjIORC5ZKZD6IFvDqoTnfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjNTRlY2NlNmNiYzljNTQ5MjllYWE0YjIyYjMzN2IwZmQ5
YjM2YmYwHhcNMjUwMTAxMDE0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODczZWFhNjIzMDBiZGZhODhmOTY3YmQ1NzM3NTY4ZDkzZDFmZGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtfXw+lopnFG/MfRq7yAK3kuxI2Z0
xNhwTM3IbFQtj/n3waTcifTm8lfkO5r8IYbxBavbmf04swpVJDUlmYiA1VCtEIoA
5GFLh4T753Z7QIjJtliP11CHVlpsN7og6Os4YEgHpVx0l+buK5YmmjZ36xFZFP1Q
ffredV+o/ICWbutQ57/sJCTMJjQSLgGKZS7aGAFraeFK8aSyWcFa2fkzak4Iq3Xi
7jJ470A1fDtE8GorAgmISldEODi1irM3BwBlvx29JkO/Pv312Lv7ejU4MDFlWkCf
RJqFcxrIPwBh3h7a30WtgZyI3BTEvX/nU2xKxizI7Q8wf7MdZGj4k/ZePQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHhz6qYjAL36iPlnvVc3Vo2T0f22MB8GA1UdIwQY
MBaAFExU7M5svJxUkp6qSyKzN7D9mza/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEZUc3pteThuRlNTbnFwTElyTTNzUDJiTnI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8wMmM1ZWMtN2M2Zi00YWUyLTk4OTct
MzA1OWM4OWI3MmVhLzEvZUhQcXBpTUF2ZnFJLVdlOVZ6ZFdqWlBSX2JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8wMmM1ZWMtN2M2Zi00YWUyLTk4OTctMzA1OWM4OWI3MmVh
LzEvVEZUc3pteThuRlNTbnFwTElyTTNzUDJiTnI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1JhMA0G
CSqGSIb3DQEBCwUAA4IBAQBtXIFsfilEPnWd0X7ZQXOuIWvdl3uNQ4YW905rLLsV
nZw1NXsuoMdhlOEW0+EBXZuSCuBfsjrG8MisGOzuNtlATH61n1VvBWeXE2Oo9mNC
jgZ6dxLEXpeKsdgE7wGm1GAhH3QYMtnrZAUIBbcfOH7L7aQFnWprmCT+p+Bx0b5X
PA/JA8z6/g65ygGItkhSA8CmZhez4gEVPYIG7YXOqh95RK1ezhTeVYdAdmGNWNG3
3V+Nhm4hB62OZpwoZE7L1SjMAnZF0xy9DvlmWukidUkE2xG/vYuJBvzIbYQh+DeF
kHsQjdZaY36CUyfUXVqnoPMVs7ajTLw/4hnYq3JSyDB2
-----END CERTIFICATE-----