Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/31a2df-dcde-49f2-8f1e-2fecdd88e575/1/4s3hROVHIfdQW1zrE0_XVXAmY2c.roa
File:                     4s3hROVHIfdQW1zrE0_XVXAmY2c.roa (raw, json)
Hash identifier:          i4TgoGKmNUHSJjgB9VX/nCXZ0zJ1F0VWgBoyx+eKmGw=
Subject key identifier:   E2:CD:E1:44:E5:47:21:F7:50:5B:5C:EB:13:4F:D7:55:70:26:63:67
Certificate issuer:       /CN=b004f5869f5675f65f9b10cff4b65f74f76bed17
Certificate serial:       018E7F1D85F3744F1E80CAF99D6E5875C1D4
Authority key identifier: B0:04:F5:86:9F:56:75:F6:5F:9B:10:CF:F4:B6:5F:74:F7:6B:ED:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sAT1hp9WdfZfmxDP9LZfdPdr7Rc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/31a2df-dcde-49f2-8f1e-2fecdd88e575/1/4s3hROVHIfdQW1zrE0_XVXAmY2c.roa
Signing time:             Wed 27 Mar 2024 08:53:45 +0000
ROA not before:           Wed 27 Mar 2024 08:53:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215227
IP address blocks:        193.107.245.0/24 maxlen: 24
                          2a14:2140::/29 maxlen: 29
                          2a14:2140::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/31a2df-dcde-49f2-8f1e-2fecdd88e575/1/sAT1hp9WdfZfmxDP9LZfdPdr7Rc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/31a2df-dcde-49f2-8f1e-2fecdd88e575/1/sAT1hp9WdfZfmxDP9LZfdPdr7Rc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sAT1hp9WdfZfmxDP9LZfdPdr7Rc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 17:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7f:1d:85:f3:74:4f:1e:80:ca:f9:9d:6e:58:75:c1:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b004f5869f5675f65f9b10cff4b65f74f76bed17
        Validity
            Not Before: Mar 27 08:53:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2cde144e54721f7505b5ceb134fd75570266367
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:59:82:d7:30:44:bc:db:35:99:41:2c:01:c2:
                    78:83:a8:bf:25:92:64:86:73:65:c7:da:cf:65:1a:
                    ed:e0:35:85:55:da:02:dc:bc:24:21:ce:dc:18:fd:
                    bd:e5:df:00:a4:7d:6f:df:5d:ab:82:ef:e2:4e:6b:
                    e9:55:4e:9f:07:d1:c6:55:19:45:8c:bb:ad:4e:2f:
                    94:d7:32:d7:70:ef:bc:60:d6:bf:b5:d3:99:74:9f:
                    8a:3a:f7:28:54:75:a3:1a:cb:af:88:11:55:06:06:
                    4b:26:9d:27:db:17:e6:6e:ab:0e:f3:67:cb:41:4d:
                    f8:bc:a3:ba:63:e1:48:f0:27:a8:0e:73:84:3a:2d:
                    7a:33:c1:a4:04:12:9a:06:e3:ae:78:0e:30:f5:6f:
                    b4:7e:9e:c0:d9:ea:b9:6f:80:5c:38:49:cd:d2:ea:
                    a4:18:fd:c7:86:5e:14:e6:dc:af:d2:b7:4b:a0:d0:
                    4f:57:18:5f:2d:74:cc:27:a9:b8:a2:89:f6:3d:1f:
                    a6:96:14:c6:67:b8:0f:6e:f8:23:bc:5a:15:ca:58:
                    74:bf:17:3b:92:d0:6f:a4:9e:1e:fd:41:38:f7:9b:
                    74:72:16:cc:2a:45:ee:b6:73:f6:26:8c:8b:f0:29:
                    e1:f3:90:1c:4d:b7:f4:ee:6f:6e:79:5a:b9:f7:e4:
                    59:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:CD:E1:44:E5:47:21:F7:50:5B:5C:EB:13:4F:D7:55:70:26:63:67
            X509v3 Authority Key Identifier:
                keyid:B0:04:F5:86:9F:56:75:F6:5F:9B:10:CF:F4:B6:5F:74:F7:6B:ED:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sAT1hp9WdfZfmxDP9LZfdPdr7Rc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/31a2df-dcde-49f2-8f1e-2fecdd88e575/1/4s3hROVHIfdQW1zrE0_XVXAmY2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/31a2df-dcde-49f2-8f1e-2fecdd88e575/1/sAT1hp9WdfZfmxDP9LZfdPdr7Rc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.107.245.0/24
                IPv6:
                  2a14:2140::/29

    Signature Algorithm: sha256WithRSAEncryption
         98:93:9a:ff:4f:57:5d:87:ae:8b:ef:c1:b9:81:10:94:f6:7e:
         f3:d4:8a:2c:04:c8:65:0b:0f:45:e0:30:53:85:5b:d0:74:95:
         84:02:ee:d8:ce:a4:45:d2:c7:bb:94:cc:8b:fa:d0:39:dc:46:
         90:18:cf:50:cc:78:76:75:aa:7f:19:9b:8c:cd:fc:e4:3b:65:
         b9:2f:d5:b6:df:99:a4:4c:33:91:b6:8a:3a:82:44:8c:60:ae:
         fa:1e:6c:67:ad:9d:0d:6a:19:b9:91:6c:c0:10:41:b7:5b:e7:
         1d:b5:87:a7:06:82:da:a5:d5:bb:52:ba:59:a6:f5:e1:b2:a2:
         db:a9:13:57:9f:e3:88:7c:e9:03:a2:96:b4:b8:41:b8:a3:49:
         f6:d8:f9:a4:5a:f8:65:0c:df:18:2d:fa:c5:2f:62:85:03:b4:
         cf:a3:93:9f:c4:d7:71:f0:9b:2d:4e:aa:1a:93:ee:f4:85:f6:
         92:0f:c6:3f:52:4a:20:c8:c7:08:f9:ec:a9:0c:35:cb:c3:de:
         9c:cd:f9:70:8f:e9:88:b7:ce:e4:ec:61:5d:4b:0d:cb:c9:cf:
         1b:37:d7:96:82:c9:fe:f4:2c:3b:2b:a2:82:4d:ef:f4:61:88:
         da:08:b0:61:2a:4d:91:00:49:f9:12:6d:ec:dd:9b:e3:75:a1:
         1c:3f:64:89
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY5/HYXzdE8egMr5nW5YdcHUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwMDRmNTg2OWY1Njc1ZjY1ZjliMTBjZmY0YjY1Zjc0Zjc2
YmVkMTcwHhcNMjQwMzI3MDg1MzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmNkZTE0NGU1NDcyMWY3NTA1YjVjZWIxMzRmZDc1NTcwMjY2MzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk1mC1zBEvNs1mUEsAcJ4g6i/JZJk
hnNlx9rPZRrt4DWFVdoC3LwkIc7cGP295d8ApH1v312rgu/iTmvpVU6fB9HGVRlF
jLutTi+U1zLXcO+8YNa/tdOZdJ+KOvcoVHWjGsuviBFVBgZLJp0n2xfmbqsO82fL
QU34vKO6Y+FI8CeoDnOEOi16M8GkBBKaBuOueA4w9W+0fp7A2eq5b4BcOEnN0uqk
GP3Hhl4U5tyv0rdLoNBPVxhfLXTMJ6m4oon2PR+mlhTGZ7gPbvgjvFoVylh0vxc7
ktBvpJ4e/UE495t0chbMKkXutnP2JoyL8Cnh85AcTbf07m9ueVq59+RZyQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOLN4UTlRyH3UFtc6xNP11VwJmNnMB8GA1UdIwQY
MBaAFLAE9YafVnX2X5sQz/S2X3T3a+0XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0FUMWhwOVdkZlpmbXhEUDlMWmZkUGRyN1JjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC8zMWEyZGYtZGNkZS00OWYyLThmMWUt
MmZlY2RkODhlNTc1LzEvNHMzaFJPVkhJZmRRVzF6ckUwX1hWWEFtWTJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC8zMWEyZGYtZGNkZS00OWYyLThmMWUtMmZlY2RkODhlNTc1
LzEvc0FUMWhwOVdkZlpmbXhEUDlMWmZkUGRyN1JjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwWv1MA0E
AgACMAcDBQMqFCFAMA0GCSqGSIb3DQEBCwUAA4IBAQCYk5r/T1ddh66L78G5gRCU
9n7z1IosBMhlCw9F4DBThVvQdJWEAu7YzqRF0se7lMyL+tA53EaQGM9QzHh2dap/
GZuMzfzkO2W5L9W235mkTDORtoo6gkSMYK76HmxnrZ0Nahm5kWzAEEG3W+cdtYen
BoLapdW7UrpZpvXhsqLbqRNXn+OIfOkDopa0uEG4o0n22PmkWvhlDN8YLfrFL2KF
A7TPo5OfxNdx8JstTqoak+70hfaSD8Y/UkogyMcI+eypDDXLw96czflwj+mIt87k
7GFdSw3Lyc8bN9eWgsn+9Cw7K6KCTe/0YYjaCLBhKk2RAEn5Em3s3ZvjdaEcP2SJ
-----END CERTIFICATE-----