Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/7dfa04-7c2c-4ac3-a66b-0c180a0841ab/1/4t4qbE7XJHOMxDritWykDWYFs3s.roa
File:                     4t4qbE7XJHOMxDritWykDWYFs3s.roa (raw, json)
Hash identifier:          Dc7SLcgR5MN0wArZWbaFYHX16jk4EspKC824JBr2dQQ=
Subject key identifier:   E2:DE:2A:6C:4E:D7:24:73:8C:C4:3A:E2:B5:6C:A4:0D:66:05:B3:7B
Certificate issuer:       /CN=48679a22d0dbc980d5d59b333679f939b9ae3f25
Certificate serial:       018CC5DCF82DE8015E5DBEB8366E27E160A5
Authority key identifier: 48:67:9A:22:D0:DB:C9:80:D5:D5:9B:33:36:79:F9:39:B9:AE:3F:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SGeaItDbyYDV1ZszNnn5ObmuPyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/7dfa04-7c2c-4ac3-a66b-0c180a0841ab/1/4t4qbE7XJHOMxDritWykDWYFs3s.roa
Signing time:             Mon 01 Jan 2024 16:30:42 +0000
ROA not before:           Mon 01 Jan 2024 16:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50156
IP address blocks:        195.200.224.0/23 maxlen: 23
                          195.200.225.0/24 maxlen: 24
                          2001:67c:344::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/7dfa04-7c2c-4ac3-a66b-0c180a0841ab/1/SGeaItDbyYDV1ZszNnn5ObmuPyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/7dfa04-7c2c-4ac3-a66b-0c180a0841ab/1/SGeaItDbyYDV1ZszNnn5ObmuPyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SGeaItDbyYDV1ZszNnn5ObmuPyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 13:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:f8:2d:e8:01:5e:5d:be:b8:36:6e:27:e1:60:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=48679a22d0dbc980d5d59b333679f939b9ae3f25
        Validity
            Not Before: Jan  1 16:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2de2a6c4ed724738cc43ae2b56ca40d6605b37b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:a6:43:ae:e5:20:34:f5:9f:bb:0a:9e:38:b8:
                    65:1b:31:66:59:e3:70:3e:a3:66:ea:a5:05:d5:70:
                    8c:a6:c5:e5:bc:e1:2f:43:4e:00:34:65:c0:88:54:
                    be:c9:2e:4f:30:a5:2c:34:5a:10:19:b1:de:28:7a:
                    43:3d:9c:e1:c2:bc:5b:b1:f6:a0:e5:08:26:4b:fe:
                    7f:52:9a:39:a6:2c:89:5d:11:62:38:ec:27:34:00:
                    7f:09:f3:1f:d0:c7:ce:d0:c2:ab:b1:1d:03:93:d6:
                    c9:97:7d:f2:94:16:bb:13:a9:b5:44:f3:9e:cd:15:
                    6f:82:48:4a:17:a2:81:7d:0f:c2:39:e0:bb:8e:29:
                    1e:c1:03:7f:37:f4:bb:e4:7b:6f:27:e7:df:e3:e8:
                    20:de:f0:da:c5:d4:b7:3f:ff:49:be:cb:66:0b:61:
                    4d:1a:58:cb:c5:72:74:8b:49:89:95:36:ff:8e:ef:
                    ec:31:c4:05:f0:f0:a0:71:c5:56:61:ee:a8:18:4e:
                    bd:fe:55:ef:87:95:63:8a:2c:5d:39:33:fd:1c:71:
                    29:e0:b2:57:59:ae:69:76:b5:53:41:f7:f9:d7:43:
                    05:6e:00:ad:02:72:0c:e5:db:0f:a0:ce:40:3a:82:
                    b6:71:4d:18:2e:6b:ff:e1:09:d9:57:71:6e:24:aa:
                    d3:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:DE:2A:6C:4E:D7:24:73:8C:C4:3A:E2:B5:6C:A4:0D:66:05:B3:7B
            X509v3 Authority Key Identifier:
                keyid:48:67:9A:22:D0:DB:C9:80:D5:D5:9B:33:36:79:F9:39:B9:AE:3F:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SGeaItDbyYDV1ZszNnn5ObmuPyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/7dfa04-7c2c-4ac3-a66b-0c180a0841ab/1/4t4qbE7XJHOMxDritWykDWYFs3s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/7dfa04-7c2c-4ac3-a66b-0c180a0841ab/1/SGeaItDbyYDV1ZszNnn5ObmuPyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.200.224.0/23
                IPv6:
                  2001:67c:344::/48

    Signature Algorithm: sha256WithRSAEncryption
         b9:d7:e2:99:9c:ac:15:94:a8:aa:da:0b:e2:28:e9:ad:21:56:
         6c:a7:99:ec:96:06:b5:fb:98:c0:d9:46:dc:bd:fa:d5:c4:cf:
         bf:d9:34:a8:19:50:aa:36:e7:5f:37:02:5b:fc:4d:6f:a7:5a:
         25:21:8b:40:2e:98:19:19:32:2b:21:a7:27:fd:00:ee:46:f2:
         d5:49:df:97:08:ae:16:37:fc:b5:5c:e1:43:2a:83:fd:db:77:
         ca:75:ef:80:01:84:e9:ac:fa:19:8c:56:11:4f:a2:7e:de:da:
         d0:6a:22:54:22:00:35:ca:c2:5e:2f:e1:0e:7f:46:b7:71:45:
         c1:20:11:fc:09:44:cb:63:b2:0b:26:72:6c:35:96:da:21:27:
         09:ee:4e:b7:3b:80:2a:91:3e:dc:56:ca:91:13:4c:5a:82:e7:
         c4:df:bb:fc:be:df:52:64:8b:3d:b4:c4:8c:cc:fb:a3:5b:eb:
         2c:d4:9a:14:c8:50:9d:c7:fb:c5:6e:6c:16:b3:a8:f2:b8:b0:
         a3:dc:e1:f0:58:7e:81:09:00:f8:f0:13:95:4b:f9:c8:19:be:
         88:26:4b:a4:82:35:b3:d3:bf:e9:91:8e:bd:33:3f:3f:54:13:
         b3:97:69:1f:68:39:0c:7c:d0:17:59:9d:e3:b4:e0:e4:32:38:
         b9:71:62:2e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzF3Pgt6AFeXb64Nm4n4WClMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4Njc5YTIyZDBkYmM5ODBkNWQ1OWIzMzM2NzlmOTM5Yjlh
ZTNmMjUwHhcNMjQwMTAxMTYzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmRlMmE2YzRlZDcyNDczOGNjNDNhZTJiNTZjYTQwZDY2MDViMzdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhqZDruUgNPWfuwqeOLhlGzFmWeNw
PqNm6qUF1XCMpsXlvOEvQ04ANGXAiFS+yS5PMKUsNFoQGbHeKHpDPZzhwrxbsfag
5QgmS/5/Upo5piyJXRFiOOwnNAB/CfMf0MfO0MKrsR0Dk9bJl33ylBa7E6m1RPOe
zRVvgkhKF6KBfQ/COeC7jikewQN/N/S75HtvJ+ff4+gg3vDaxdS3P/9JvstmC2FN
GljLxXJ0i0mJlTb/ju/sMcQF8PCgccVWYe6oGE69/lXvh5VjiixdOTP9HHEp4LJX
Wa5pdrVTQff510MFbgCtAnIM5dsPoM5AOoK2cU0YLmv/4QnZV3FuJKrTAwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOLeKmxO1yRzjMQ64rVspA1mBbN7MB8GA1UdIwQY
MBaAFEhnmiLQ28mA1dWbMzZ5+Tm5rj8lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0dlYUl0RGJ5WURWMVpzek5ubjVPYm11UHlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83ZGZhMDQtN2MyYy00YWMzLWE2NmIt
MGMxODBhMDg0MWFiLzEvNHQ0cWJFN1hKSE9NeERyaXRXeWtEV1lGczNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83ZGZhMDQtN2MyYy00YWMzLWE2NmItMGMxODBhMDg0MWFi
LzEvU0dlYUl0RGJ5WURWMVpzek5ubjVPYm11UHlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBw8jgMA8E
AgACMAkDBwAgAQZ8A0QwDQYJKoZIhvcNAQELBQADggEBALnX4pmcrBWUqKraC+Io
6a0hVmynmeyWBrX7mMDZRty9+tXEz7/ZNKgZUKo25183Alv8TW+nWiUhi0AumBkZ
Mishpyf9AO5G8tVJ35cIrhY3/LVc4UMqg/3bd8p174ABhOms+hmMVhFPon7e2tBq
IlQiADXKwl4v4Q5/RrdxRcEgEfwJRMtjsgsmcmw1ltohJwnuTrc7gCqRPtxWypET
TFqC58Tfu/y+31Jkiz20xIzM+6Nb6yzUmhTIUJ3H+8VubBazqPK4sKPc4fBYfoEJ
APjwE5VL+cgZvogmS6SCNbPTv+mRjr0zPz9UE7OXaR9oOQx80BdZneO04OQyOLlx
Yi4=
-----END CERTIFICATE-----