Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/a9a51a-e8e3-497a-aba2-e799c23aac20/1/4Lqe88CYtrJZ1_QwsLbbBZVtRAc.roa
File:                     4Lqe88CYtrJZ1_QwsLbbBZVtRAc.roa (raw, json)
Hash identifier:          4DmhBXf2oC0XIM1RLi3zAk7AYqn+M5oHIj926WSgGgs=
Subject key identifier:   E0:BA:9E:F3:C0:98:B6:B2:59:D7:F4:30:B0:B6:DB:05:95:6D:44:07
Certificate issuer:       /CN=4364e7b0eef204835c7df2a89f60c02be1d89add
Certificate serial:       0197E9F7EC6F662F8040BFF08BE35446AC7F
Authority key identifier: 43:64:E7:B0:EE:F2:04:83:5C:7D:F2:A8:9F:60:C0:2B:E1:D8:9A:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q2TnsO7yBINcffKon2DAK-HYmt0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/a9a51a-e8e3-497a-aba2-e799c23aac20/1/4Lqe88CYtrJZ1_QwsLbbBZVtRAc.roa
Signing time:             Tue 08 Jul 2025 12:17:08 +0000
ROA not before:           Tue 08 Jul 2025 12:17:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213500
IP address blocks:        94.232.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/a9a51a-e8e3-497a-aba2-e799c23aac20/1/Q2TnsO7yBINcffKon2DAK-HYmt0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/a9a51a-e8e3-497a-aba2-e799c23aac20/1/Q2TnsO7yBINcffKon2DAK-HYmt0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q2TnsO7yBINcffKon2DAK-HYmt0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 21:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e9:f7:ec:6f:66:2f:80:40:bf:f0:8b:e3:54:46:ac:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4364e7b0eef204835c7df2a89f60c02be1d89add
        Validity
            Not Before: Jul  8 12:17:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e0ba9ef3c098b6b259d7f430b0b6db05956d4407
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:58:92:a1:63:9e:6b:9d:6a:2b:00:8c:4f:c7:
                    a3:df:48:81:70:a1:55:97:05:47:a1:4b:75:11:d8:
                    e1:c4:ae:06:80:cf:d4:f3:2d:c8:30:6c:4b:a7:1e:
                    42:c1:86:6e:0b:77:d3:c4:d0:18:5b:2e:b5:ef:90:
                    68:6e:77:d1:f0:d1:ca:76:ca:c4:56:45:c1:71:1e:
                    68:7c:85:c7:6d:aa:75:80:57:5b:07:14:dc:b8:51:
                    b9:4c:0d:3b:be:8a:fe:4c:fe:fd:61:8a:38:48:bb:
                    3e:9d:42:22:47:f3:9a:4d:4d:78:46:2f:81:80:1f:
                    b0:08:5f:f5:25:a6:1c:75:0a:80:d9:bc:be:bf:c5:
                    24:49:e1:7c:12:21:d2:d8:67:25:93:0e:74:30:b5:
                    39:32:c5:45:73:08:6d:31:ba:2a:c9:62:59:12:f4:
                    1a:48:bd:74:1c:ae:ea:4a:88:03:d4:ac:c4:a0:79:
                    d4:5d:dc:dc:9c:d8:82:07:21:cc:43:1c:3d:c6:7f:
                    b5:cc:5d:8b:19:7c:f9:46:ed:51:be:fc:59:dd:ba:
                    16:95:61:8f:5e:93:56:ab:c0:27:cd:46:ce:48:91:
                    da:fe:f2:eb:32:e7:f7:30:34:fd:40:28:87:06:2c:
                    b3:d9:16:fc:bf:80:ef:e5:1b:97:a7:22:3b:c8:4e:
                    3e:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:BA:9E:F3:C0:98:B6:B2:59:D7:F4:30:B0:B6:DB:05:95:6D:44:07
            X509v3 Authority Key Identifier:
                keyid:43:64:E7:B0:EE:F2:04:83:5C:7D:F2:A8:9F:60:C0:2B:E1:D8:9A:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q2TnsO7yBINcffKon2DAK-HYmt0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/a9a51a-e8e3-497a-aba2-e799c23aac20/1/4Lqe88CYtrJZ1_QwsLbbBZVtRAc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/a9a51a-e8e3-497a-aba2-e799c23aac20/1/Q2TnsO7yBINcffKon2DAK-HYmt0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.232.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:8d:68:54:41:5a:3b:e3:d1:d0:53:a3:49:89:a1:1f:49:36:
         1a:a0:23:12:a0:93:26:08:71:82:11:62:3b:72:db:97:b5:42:
         45:9a:d4:4f:29:8c:7e:87:34:3c:16:6e:23:c4:61:ac:e3:69:
         6f:e0:48:2c:aa:08:8e:93:5d:df:26:ce:ac:11:06:d3:f1:75:
         6c:59:2a:66:c4:3f:42:49:d8:17:56:02:7a:1f:9e:ab:52:39:
         32:08:9a:29:76:9c:34:94:39:bc:f7:60:65:0a:74:15:9c:79:
         05:b9:05:f5:72:ad:51:a6:61:ba:ca:e1:ed:f7:5b:97:ff:a2:
         ba:dd:f8:51:7b:28:77:30:6c:71:ba:d4:5f:56:d6:de:8c:01:
         0a:12:c4:cf:10:37:ad:d6:51:9d:94:75:88:22:2f:56:1c:38:
         aa:8b:7b:5f:59:39:32:ac:11:61:52:78:05:44:a6:ab:28:40:
         a9:35:fe:62:fb:6a:d7:11:89:ca:f2:1a:e1:9c:a1:05:05:a8:
         ee:2d:73:a9:13:61:98:6c:d0:87:cf:c9:0d:91:15:c7:69:04:
         a1:fe:52:9f:ab:0f:98:60:fd:83:ba:a0:7b:11:db:71:79:41:
         77:3b:b2:89:d2:c5:b0:73:40:06:61:2a:e8:ca:fd:a8:b7:48:
         5a:f6:87:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfp9+xvZi+AQL/wi+NURqx/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzNjRlN2IwZWVmMjA0ODM1YzdkZjJhODlmNjBjMDJiZTFk
ODlhZGQwHhcNMjUwNzA4MTIxNzA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGJhOWVmM2MwOThiNmIyNTlkN2Y0MzBiMGI2ZGIwNTk1NmQ0NDA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA21iSoWOea51qKwCMT8ej30iBcKFV
lwVHoUt1EdjhxK4GgM/U8y3IMGxLpx5CwYZuC3fTxNAYWy6175BobnfR8NHKdsrE
VkXBcR5ofIXHbap1gFdbBxTcuFG5TA07vor+TP79YYo4SLs+nUIiR/OaTU14Ri+B
gB+wCF/1JaYcdQqA2by+v8UkSeF8EiHS2Gclkw50MLU5MsVFcwhtMboqyWJZEvQa
SL10HK7qSogD1KzEoHnUXdzcnNiCByHMQxw9xn+1zF2LGXz5Ru1RvvxZ3boWlWGP
XpNWq8AnzUbOSJHa/vLrMuf3MDT9QCiHBiyz2Rb8v4Dv5RuXpyI7yE4+6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOC6nvPAmLayWdf0MLC22wWVbUQHMB8GA1UdIwQY
MBaAFENk57Du8gSDXH3yqJ9gwCvh2JrdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTJUbnNPN3lCSU5jZmZLb24yREFLLUhZbXQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9hOWE1MWEtZThlMy00OTdhLWFiYTIt
ZTc5OWMyM2FhYzIwLzEvNExxZTg4Q1l0ckpaMV9Rd3NMYmJCWlZ0UkFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9hOWE1MWEtZThlMy00OTdhLWFiYTItZTc5OWMyM2FhYzIw
LzEvUTJUbnNPN3lCSU5jZmZLb24yREFLLUhZbXQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXuj8MA0G
CSqGSIb3DQEBCwUAA4IBAQALjWhUQVo749HQU6NJiaEfSTYaoCMSoJMmCHGCEWI7
ctuXtUJFmtRPKYx+hzQ8Fm4jxGGs42lv4EgsqgiOk13fJs6sEQbT8XVsWSpmxD9C
SdgXVgJ6H56rUjkyCJopdpw0lDm892BlCnQVnHkFuQX1cq1RpmG6yuHt91uX/6K6
3fhReyh3MGxxutRfVtbejAEKEsTPEDet1lGdlHWIIi9WHDiqi3tfWTkyrBFhUngF
RKarKECpNf5i+2rXEYnK8hrhnKEFBajuLXOpE2GYbNCHz8kNkRXHaQSh/lKfqw+Y
YP2DuqB7EdtxeUF3O7KJ0sWwc0AGYSroyv2ot0ha9od8
-----END CERTIFICATE-----