Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/4bA4xJi3rnmPJiYTXAJyFqK-McI.roa
File:                     4bA4xJi3rnmPJiYTXAJyFqK-McI.roa (raw, json)
Hash identifier:          90ZJI7uh+8l/Z+BX9V+I778vgasAq5nN2v7bGQdlNdg=
Subject key identifier:   E1:B0:38:C4:98:B7:AE:79:8F:26:26:13:5C:02:72:16:A2:BE:31:C2
Certificate issuer:       /CN=8e626c909eb4951154bcee8221e43951b4257624
Certificate serial:       01914194523229C8D0E35DF64B21613F70EB
Authority key identifier: 8E:62:6C:90:9E:B4:95:11:54:BC:EE:82:21:E4:39:51:B4:25:76:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/4bA4xJi3rnmPJiYTXAJyFqK-McI.roa
Signing time:             Sun 11 Aug 2024 13:15:24 +0000
ROA not before:           Sun 11 Aug 2024 13:15:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     268624
IP address blocks:        77.246.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:41:94:52:32:29:c8:d0:e3:5d:f6:4b:21:61:3f:70:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e626c909eb4951154bcee8221e43951b4257624
        Validity
            Not Before: Aug 11 13:15:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1b038c498b7ae798f2626135c027216a2be31c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:6b:9e:ce:e5:8c:44:6b:0a:b0:00:8c:ee:9a:
                    15:70:88:96:c6:c7:f5:8e:af:3b:e6:ec:4c:d5:43:
                    15:47:d4:8f:92:ae:f1:f2:6b:5b:8f:5f:90:44:ae:
                    11:f8:f1:35:a8:62:f1:eb:eb:6b:8c:e2:7c:0a:53:
                    4e:7f:6c:f7:71:03:6e:ae:97:2d:ff:42:35:bc:22:
                    5d:8e:88:b0:5e:03:7b:e6:89:fa:3e:66:f9:fe:a1:
                    62:47:d4:21:27:b8:8f:5a:2c:c7:ac:a0:51:55:51:
                    26:47:f3:38:da:de:a8:46:56:cd:ae:c1:41:47:88:
                    3f:4a:35:6f:27:2b:2c:42:0f:4c:81:a8:f6:db:c9:
                    94:8c:52:cc:9a:b6:e0:97:be:e4:b3:98:13:8f:ae:
                    98:f2:5b:ba:99:78:c6:16:ca:c4:d0:cb:85:0b:82:
                    59:e0:1d:fd:12:12:b4:87:3d:ea:b7:83:bd:74:69:
                    b9:6e:17:f0:f3:35:dd:36:36:94:e4:0c:46:68:9d:
                    18:6a:8a:d6:fd:81:79:a7:85:1d:7a:5f:63:0e:fd:
                    b6:35:82:2a:de:c7:65:0a:fc:87:21:f1:9d:aa:94:
                    ed:93:94:cf:d3:ab:03:ec:5d:fc:98:4c:9f:56:c9:
                    57:c2:0c:9a:ad:5d:07:11:58:df:2d:07:e1:8d:df:
                    39:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:B0:38:C4:98:B7:AE:79:8F:26:26:13:5C:02:72:16:A2:BE:31:C2
            X509v3 Authority Key Identifier:
                keyid:8E:62:6C:90:9E:B4:95:11:54:BC:EE:82:21:E4:39:51:B4:25:76:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/4bA4xJi3rnmPJiYTXAJyFqK-McI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.246.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:57:2d:a5:99:fc:37:34:02:06:d5:d8:d1:63:0b:d9:a3:5d:
         1f:67:a0:08:09:66:ce:ef:c0:02:87:d5:9a:8e:9b:6e:5a:34:
         4b:36:44:f6:a1:56:73:a5:0d:49:f8:ac:22:8a:42:8f:ce:7a:
         44:a2:0a:34:80:70:09:ce:02:fc:4c:b3:c3:c4:7d:45:b6:5b:
         58:b3:d5:eb:6d:71:39:a3:0e:c2:25:93:59:a3:75:19:bd:97:
         e5:fe:02:c1:05:5c:fe:e0:71:0a:1e:75:9a:00:c2:0b:71:63:
         75:2c:0b:50:59:cb:41:8b:4c:85:51:b2:fb:85:ea:ca:90:a6:
         aa:28:1f:e9:03:28:42:6c:c9:9e:e5:2a:2e:a7:f9:b4:d2:3d:
         b9:ce:1c:5b:07:50:8f:6d:a4:2b:5e:82:30:a3:ed:e6:75:57:
         66:7b:85:df:f3:f9:0d:c3:90:2d:7f:31:d1:a1:a8:60:09:43:
         fe:e6:08:76:27:3e:e1:93:95:6b:9e:68:30:3c:87:bf:3b:51:
         3c:c4:f7:e3:cc:2b:bf:84:57:20:3d:bd:d3:ec:f8:6a:de:fd:
         58:e5:25:be:b9:6e:9e:34:d9:72:59:a7:d1:46:d7:45:f9:5c:
         66:d6:e3:ab:db:23:74:9c:1d:57:9b:7e:f5:2f:5d:dd:12:d6:
         5a:69:17:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFBlFIyKcjQ4132SyFhP3DrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlNjI2YzkwOWViNDk1MTE1NGJjZWU4MjIxZTQzOTUxYjQy
NTc2MjQwHhcNMjQwODExMTMxNTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWIwMzhjNDk4YjdhZTc5OGYyNjI2MTM1YzAyNzIxNmEyYmUzMWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0muezuWMRGsKsACM7poVcIiWxsf1
jq875uxM1UMVR9SPkq7x8mtbj1+QRK4R+PE1qGLx6+trjOJ8ClNOf2z3cQNurpct
/0I1vCJdjoiwXgN75on6Pmb5/qFiR9QhJ7iPWizHrKBRVVEmR/M42t6oRlbNrsFB
R4g/SjVvJyssQg9Mgaj228mUjFLMmrbgl77ks5gTj66Y8lu6mXjGFsrE0MuFC4JZ
4B39EhK0hz3qt4O9dGm5bhfw8zXdNjaU5AxGaJ0YaorW/YF5p4Udel9jDv22NYIq
3sdlCvyHIfGdqpTtk5TP06sD7F38mEyfVslXwgyarV0HEVjfLQfhjd853wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOGwOMSYt655jyYmE1wCchaivjHCMB8GA1UdIwQY
MBaAFI5ibJCetJURVLzugiHkOVG0JXYkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvam1Kc2tKNjBsUkZVdk82Q0llUTVVYlFsZGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9mZTQyNjYtN2Y1NC00ZmIzLWI4MTAt
ZTk3ZDFkMDIyMGFmLzEvNGJBNHhKaTNybm1QSmlZVFhBSnlGcUstTWNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9mZTQyNjYtN2Y1NC00ZmIzLWI4MTAtZTk3ZDFkMDIyMGFm
LzEvam1Kc2tKNjBsUkZVdk82Q0llUTVVYlFsZGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATfb1MA0G
CSqGSIb3DQEBCwUAA4IBAQCMVy2lmfw3NAIG1djRYwvZo10fZ6AICWbO78ACh9Wa
jptuWjRLNkT2oVZzpQ1J+KwiikKPznpEogo0gHAJzgL8TLPDxH1FtltYs9XrbXE5
ow7CJZNZo3UZvZfl/gLBBVz+4HEKHnWaAMILcWN1LAtQWctBi0yFUbL7herKkKaq
KB/pAyhCbMme5Soup/m00j25zhxbB1CPbaQrXoIwo+3mdVdme4Xf8/kNw5AtfzHR
oahgCUP+5gh2Jz7hk5VrnmgwPIe/O1E8xPfjzCu/hFcgPb3T7Phq3v1Y5SW+uW6e
NNlyWafRRtdF+Vxm1uOr2yN0nB1Xm371L13dEtZaaRdL
-----END CERTIFICATE-----