Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/7c1b17-b7b5-4401-b0a7-974720889ffa/1/4qD1Oc9Rkwf3nkPKdA3PqgFhBVg.roa
File:                     4qD1Oc9Rkwf3nkPKdA3PqgFhBVg.roa (raw, json)
Hash identifier:          FAYdaSueDZBgvCYn8/TIySq6P0JIfXLy0IlKcRVzUNU=
Subject key identifier:   E2:A0:F5:39:CF:51:93:07:F7:9E:43:CA:74:0D:CF:AA:01:61:05:58
Certificate issuer:       /CN=4b99cd612420b8593491d8686ce4c4af85b90ad5
Certificate serial:       0197EE02A09A0D7B41DCA55889AA709877FE
Authority key identifier: 4B:99:CD:61:24:20:B8:59:34:91:D8:68:6C:E4:C4:AF:85:B9:0A:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S5nNYSQguFk0kdhobOTEr4W5CtU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/7c1b17-b7b5-4401-b0a7-974720889ffa/1/4qD1Oc9Rkwf3nkPKdA3PqgFhBVg.roa
Signing time:             Wed 09 Jul 2025 07:07:18 +0000
ROA not before:           Wed 09 Jul 2025 07:07:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24593
IP address blocks:        193.110.162.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/7c1b17-b7b5-4401-b0a7-974720889ffa/1/S5nNYSQguFk0kdhobOTEr4W5CtU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/7c1b17-b7b5-4401-b0a7-974720889ffa/1/S5nNYSQguFk0kdhobOTEr4W5CtU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S5nNYSQguFk0kdhobOTEr4W5CtU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 16:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ee:02:a0:9a:0d:7b:41:dc:a5:58:89:aa:70:98:77:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b99cd612420b8593491d8686ce4c4af85b90ad5
        Validity
            Not Before: Jul  9 07:07:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e2a0f539cf519307f79e43ca740dcfaa01610558
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:3a:60:34:54:69:5f:d7:c6:1d:dc:ef:ff:fa:
                    41:78:d5:7a:da:ee:c5:17:88:ac:ca:1c:0b:df:3b:
                    56:cb:02:1e:1a:e4:39:94:2b:a7:a6:b5:86:62:e7:
                    9d:71:97:da:e5:e0:a9:98:4d:5c:c3:4e:bf:82:2e:
                    00:f2:ba:83:d8:f7:7b:5c:37:7b:02:3e:35:a4:fd:
                    78:5a:0b:99:15:3f:0b:60:81:f2:c7:33:24:64:da:
                    26:0e:62:73:15:8a:2f:e4:bf:02:86:21:aa:0e:c0:
                    7b:db:ce:dc:06:a5:91:a9:81:95:b4:a7:d3:cf:5a:
                    f9:64:b9:b1:5d:3b:4c:12:62:6c:0e:20:1f:63:5f:
                    34:cd:26:ed:28:80:1f:f0:f8:37:39:2a:6e:37:4d:
                    53:8d:86:84:11:ec:39:0e:83:e8:30:20:74:c7:ca:
                    3d:a6:37:e0:42:77:73:10:6b:44:c8:d7:e0:a9:79:
                    4f:83:ad:a0:b8:ee:f5:5d:cd:cd:53:20:1d:d3:cd:
                    5b:2f:8e:25:13:94:d1:f8:18:e9:75:a1:53:1e:c2:
                    a7:5e:e5:31:01:d2:23:22:a1:2d:7e:23:9d:0d:4c:
                    a9:7f:6c:b1:99:01:e0:2f:53:79:3d:72:c6:c2:1d:
                    41:9c:f6:5c:f3:95:d3:7d:7f:66:ed:5b:dc:8f:1c:
                    cd:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:A0:F5:39:CF:51:93:07:F7:9E:43:CA:74:0D:CF:AA:01:61:05:58
            X509v3 Authority Key Identifier:
                keyid:4B:99:CD:61:24:20:B8:59:34:91:D8:68:6C:E4:C4:AF:85:B9:0A:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S5nNYSQguFk0kdhobOTEr4W5CtU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/7c1b17-b7b5-4401-b0a7-974720889ffa/1/4qD1Oc9Rkwf3nkPKdA3PqgFhBVg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/7c1b17-b7b5-4401-b0a7-974720889ffa/1/S5nNYSQguFk0kdhobOTEr4W5CtU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.110.162.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3b:3a:8f:ea:81:80:61:08:fe:0b:8f:ad:c1:02:fd:a8:0b:72:
         76:23:1c:5d:8d:f4:fc:c7:ab:d2:6a:77:4c:d2:fb:ea:d8:f3:
         f3:9d:b5:ad:4f:3b:78:05:2c:2b:38:38:f5:3f:87:e9:66:a3:
         d5:4e:e0:00:5b:3c:48:11:57:54:41:ea:88:47:54:6d:a2:62:
         6b:d4:f6:a3:76:d9:44:84:86:50:e8:93:4f:68:76:40:93:e7:
         25:72:5c:a2:57:f9:3c:16:6d:64:92:78:64:d0:ad:1e:ab:5b:
         b1:7c:9e:76:4f:52:58:2a:f9:87:cb:01:c0:c2:45:7c:2f:16:
         63:de:42:db:23:24:dd:53:12:b1:08:20:f7:39:fc:b2:c1:87:
         c0:92:85:3e:d5:58:25:a3:ff:a7:63:a8:f6:41:c3:33:3b:2a:
         86:52:79:6a:a0:a1:d2:d8:eb:fb:74:6f:e5:99:84:d3:e4:4f:
         5d:74:0f:b1:3c:fa:d9:9e:b6:f2:79:0d:d3:9c:1d:33:61:0c:
         21:c7:ef:b3:29:21:d6:40:63:1d:75:f5:0d:37:56:32:a8:0e:
         41:00:27:02:d1:da:f8:03:16:a1:66:b5:95:ef:56:f2:9d:58:
         e1:22:43:cf:49:09:f4:47:79:96:9d:80:42:d6:e9:de:94:24:
         cb:0b:5a:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfuAqCaDXtB3KVYiapwmHf+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiOTljZDYxMjQyMGI4NTkzNDkxZDg2ODZjZTRjNGFmODVi
OTBhZDUwHhcNMjUwNzA5MDcwNzE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmEwZjUzOWNmNTE5MzA3Zjc5ZTQzY2E3NDBkY2ZhYTAxNjEwNTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzpgNFRpX9fGHdzv//pBeNV62u7F
F4isyhwL3ztWywIeGuQ5lCunprWGYuedcZfa5eCpmE1cw06/gi4A8rqD2Pd7XDd7
Aj41pP14WguZFT8LYIHyxzMkZNomDmJzFYov5L8ChiGqDsB7287cBqWRqYGVtKfT
z1r5ZLmxXTtMEmJsDiAfY180zSbtKIAf8Pg3OSpuN01TjYaEEew5DoPoMCB0x8o9
pjfgQndzEGtEyNfgqXlPg62guO71Xc3NUyAd081bL44lE5TR+BjpdaFTHsKnXuUx
AdIjIqEtfiOdDUypf2yxmQHgL1N5PXLGwh1BnPZc85XTfX9m7VvcjxzNzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOKg9TnPUZMH955DynQNz6oBYQVYMB8GA1UdIwQY
MBaAFEuZzWEkILhZNJHYaGzkxK+FuQrVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzVuTllTUWd1Rmswa2Rob2JPVEVyNFc1Q3RVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS83YzFiMTctYjdiNS00NDAxLWIwYTct
OTc0NzIwODg5ZmZhLzEvNHFEMU9jOVJrd2YzbmtQS2RBM1BxZ0ZoQlZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS83YzFiMTctYjdiNS00NDAxLWIwYTctOTc0NzIwODg5ZmZh
LzEvUzVuTllTUWd1Rmswa2Rob2JPVEVyNFc1Q3RVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwW6iMA0G
CSqGSIb3DQEBCwUAA4IBAQA7Oo/qgYBhCP4Lj63BAv2oC3J2IxxdjfT8x6vSandM
0vvq2PPznbWtTzt4BSwrODj1P4fpZqPVTuAAWzxIEVdUQeqIR1RtomJr1PajdtlE
hIZQ6JNPaHZAk+clclyiV/k8Fm1kknhk0K0eq1uxfJ52T1JYKvmHywHAwkV8LxZj
3kLbIyTdUxKxCCD3OfyywYfAkoU+1Vglo/+nY6j2QcMzOyqGUnlqoKHS2Ov7dG/l
mYTT5E9ddA+xPPrZnrbyeQ3TnB0zYQwhx++zKSHWQGMddfUNN1YyqA5BACcC0dr4
AxahZrWV71bynVjhIkPPSQn0R3mWnYBC1unelCTLC1qv
-----END CERTIFICATE-----