Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/4Gkx1Ksm5skmWoKeKzwyFR6iIEU.roa
File:                     4Gkx1Ksm5skmWoKeKzwyFR6iIEU.roa (raw, json)
Hash identifier:          K6Gy7WCRCOTiiyM+8D0YBvuG4JplAsU9OoJmUxlqsNQ=
Subject key identifier:   E0:69:31:D4:AB:26:E6:C9:26:5A:82:9E:2B:3C:32:15:1E:A2:20:45
Certificate issuer:       /CN=d5f065c8bdb78ff294f7c5454971dbfabfb6c184
Certificate serial:       019006E90B9B0D4F46AE9C316906DB0A31B9
Authority key identifier: D5:F0:65:C8:BD:B7:8F:F2:94:F7:C5:45:49:71:DB:FA:BF:B6:C1:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1fBlyL23j_KU98VFSXHb-r-2wYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/4Gkx1Ksm5skmWoKeKzwyFR6iIEU.roa
Signing time:             Tue 11 Jun 2024 10:47:34 +0000
ROA not before:           Tue 11 Jun 2024 10:47:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        193.178.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/1fBlyL23j_KU98VFSXHb-r-2wYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/1fBlyL23j_KU98VFSXHb-r-2wYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1fBlyL23j_KU98VFSXHb-r-2wYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 04:03:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:06:e9:0b:9b:0d:4f:46:ae:9c:31:69:06:db:0a:31:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5f065c8bdb78ff294f7c5454971dbfabfb6c184
        Validity
            Not Before: Jun 11 10:47:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e06931d4ab26e6c9265a829e2b3c32151ea22045
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:91:ba:6b:15:30:71:62:32:b8:e4:c9:ff:b9:
                    f0:53:8a:c4:0c:67:4c:15:f9:97:af:c1:78:b7:20:
                    53:78:9a:1c:bc:bd:e8:dd:60:4e:23:61:61:23:e1:
                    76:eb:ab:94:7c:d3:7e:16:b8:36:28:dd:37:a9:bf:
                    92:d7:27:31:36:9e:d3:b6:ba:b1:c5:7b:f7:28:d3:
                    91:ab:de:f7:62:71:8a:8a:81:5d:ef:74:99:8c:56:
                    b0:33:e1:a1:db:83:ed:3a:4f:b8:07:85:cc:04:4e:
                    16:6a:27:53:45:b4:87:d1:09:1c:ad:5c:68:4a:d5:
                    da:c3:af:33:0d:fe:5e:fc:12:58:ab:cb:e4:da:26:
                    47:db:86:9f:80:77:33:bf:b9:78:c7:31:70:b8:77:
                    09:4f:25:eb:b5:81:c6:b8:9b:4d:f5:4c:f2:f5:02:
                    d2:85:30:75:c0:1c:0f:8b:d5:00:b3:2d:4d:1f:89:
                    fe:3b:44:36:41:8a:35:1a:14:d2:7a:2e:63:a8:40:
                    7e:ba:84:eb:10:47:06:09:c8:97:16:df:15:7f:23:
                    01:c9:85:18:7a:45:4f:63:fd:0b:4f:e5:fd:a8:d9:
                    40:4f:50:3d:91:dd:c8:8d:19:f7:c5:45:07:15:27:
                    4f:22:a9:a4:ab:45:70:67:30:ed:e1:50:f4:0f:c0:
                    d2:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:69:31:D4:AB:26:E6:C9:26:5A:82:9E:2B:3C:32:15:1E:A2:20:45
            X509v3 Authority Key Identifier:
                keyid:D5:F0:65:C8:BD:B7:8F:F2:94:F7:C5:45:49:71:DB:FA:BF:B6:C1:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1fBlyL23j_KU98VFSXHb-r-2wYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/4Gkx1Ksm5skmWoKeKzwyFR6iIEU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/1fBlyL23j_KU98VFSXHb-r-2wYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.178.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:fd:5a:5c:e8:64:b4:70:28:40:3f:aa:1a:16:8c:fe:a8:15:
         92:a6:94:e4:11:52:47:12:55:33:56:4f:1a:bd:99:01:b5:5a:
         f8:ff:ec:8a:b1:93:1e:cf:ac:35:12:ea:f6:e9:f1:f9:dd:97:
         a1:c9:34:9c:c0:e5:a5:bb:ce:06:97:95:cf:02:1c:f0:12:6b:
         7f:64:6e:c3:89:57:46:9f:66:a4:8d:57:03:87:6b:56:2e:a8:
         e8:ed:9e:fe:ff:87:1a:c8:f5:6f:27:68:a0:34:4d:65:14:1b:
         bf:b3:08:68:6b:01:dc:84:4d:8b:fc:6f:83:07:73:ce:3e:2e:
         ab:79:60:49:c1:73:79:ff:73:b8:10:86:ed:58:a5:86:08:2a:
         14:eb:08:bb:5f:78:b5:f1:36:13:b8:18:92:ce:c4:c0:30:dc:
         81:d2:4b:07:09:98:3d:ef:92:c1:3d:c8:02:b6:04:34:2e:72:
         04:c1:76:9b:84:60:57:8d:e9:f7:ab:d0:d0:2b:db:ee:d2:73:
         fb:9b:bc:47:cb:4e:a2:d9:64:8f:6d:09:84:a7:a5:f8:35:83:
         c9:3c:e5:5a:f0:f1:24:de:42:39:c7:b6:6c:86:17:17:da:4b:
         e2:3c:73:5f:d4:7a:b8:bd:08:c7:34:65:10:44:11:c9:6b:90:
         5e:14:ac:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAG6QubDU9GrpwxaQbbCjG5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1ZjA2NWM4YmRiNzhmZjI5NGY3YzU0NTQ5NzFkYmZhYmZi
NmMxODQwHhcNMjQwNjExMTA0NzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDY5MzFkNGFiMjZlNmM5MjY1YTgyOWUyYjNjMzIxNTFlYTIyMDQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspG6axUwcWIyuOTJ/7nwU4rEDGdM
FfmXr8F4tyBTeJocvL3o3WBOI2FhI+F266uUfNN+Frg2KN03qb+S1ycxNp7Ttrqx
xXv3KNORq973YnGKioFd73SZjFawM+Gh24PtOk+4B4XMBE4WaidTRbSH0QkcrVxo
StXaw68zDf5e/BJYq8vk2iZH24afgHczv7l4xzFwuHcJTyXrtYHGuJtN9Uzy9QLS
hTB1wBwPi9UAsy1NH4n+O0Q2QYo1GhTSei5jqEB+uoTrEEcGCciXFt8VfyMByYUY
ekVPY/0LT+X9qNlAT1A9kd3IjRn3xUUHFSdPIqmkq0VwZzDt4VD0D8DSPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOBpMdSrJubJJlqCnis8MhUeoiBFMB8GA1UdIwQY
MBaAFNXwZci9t4/ylPfFRUlx2/q/tsGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWZCbHlMMjNqX0tVOThWRlNYSGItci0yd1lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9mMjc3ZWEtNzI2YS00MDUyLThlNWIt
MzVhNWRjMmM3OTJjLzEvNEdreDFLc201c2ttV29LZUt6d3lGUjZpSUVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9mMjc3ZWEtNzI2YS00MDUyLThlNWItMzVhNWRjMmM3OTJj
LzEvMWZCbHlMMjNqX0tVOThWRlNYSGItci0yd1lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbJzMA0G
CSqGSIb3DQEBCwUAA4IBAQBl/Vpc6GS0cChAP6oaFoz+qBWSppTkEVJHElUzVk8a
vZkBtVr4/+yKsZMez6w1Eur26fH53ZehyTScwOWlu84Gl5XPAhzwEmt/ZG7DiVdG
n2akjVcDh2tWLqjo7Z7+/4cayPVvJ2igNE1lFBu/swhoawHchE2L/G+DB3POPi6r
eWBJwXN5/3O4EIbtWKWGCCoU6wi7X3i18TYTuBiSzsTAMNyB0ksHCZg975LBPcgC
tgQ0LnIEwXabhGBXjen3q9DQK9vu0nP7m7xHy06i2WSPbQmEp6X4NYPJPOVa8PEk
3kI5x7ZshhcX2kviPHNf1Hq4vQjHNGUQRBHJa5BeFKz6
-----END CERTIFICATE-----