Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/dae8b0-97d0-48d4-9b26-0137b1f75d02/1/4-VMs7WjnHapNWAogJtHgkJT3FU.roa
File:                     4-VMs7WjnHapNWAogJtHgkJT3FU.roa (raw, json)
Hash identifier:          gSDXueJPuBUvKo0WOnGXmd8a/t7YwU/fLnYXo72JtQQ=
Subject key identifier:   E3:E5:4C:B3:B5:A3:9C:76:A9:35:60:28:80:9B:47:82:42:53:DC:55
Certificate issuer:       /CN=248f5e26f1c08f4486c9911c8b609eae8b6cb74d
Certificate serial:       01942369AC85AC12B987A2E75D230DA0FBED
Authority key identifier: 24:8F:5E:26:F1:C0:8F:44:86:C9:91:1C:8B:60:9E:AE:8B:6C:B7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JI9eJvHAj0SGyZEci2Cerotst00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/dae8b0-97d0-48d4-9b26-0137b1f75d02/1/4-VMs7WjnHapNWAogJtHgkJT3FU.roa
Signing time:             Wed 01 Jan 2025 19:48:35 +0000
ROA not before:           Wed 01 Jan 2025 19:48:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20922
IP address blocks:        193.188.192.0/23 maxlen: 23
                          193.188.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/dae8b0-97d0-48d4-9b26-0137b1f75d02/1/JI9eJvHAj0SGyZEci2Cerotst00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/dae8b0-97d0-48d4-9b26-0137b1f75d02/1/JI9eJvHAj0SGyZEci2Cerotst00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JI9eJvHAj0SGyZEci2Cerotst00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 01:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:ac:85:ac:12:b9:87:a2:e7:5d:23:0d:a0:fb:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=248f5e26f1c08f4486c9911c8b609eae8b6cb74d
        Validity
            Not Before: Jan  1 19:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e3e54cb3b5a39c76a9356028809b47824253dc55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:2f:6f:9d:e6:dd:3c:3f:2c:98:08:7d:2a:da:
                    13:95:19:30:69:50:15:3e:2f:6e:db:8d:c4:d0:fd:
                    b8:32:ff:3e:5f:e2:ad:65:91:1c:c1:d6:b0:8b:fd:
                    1f:1c:d9:fc:48:79:29:dd:66:94:de:55:ae:13:e6:
                    4c:09:14:f1:da:a9:da:42:89:6d:3d:84:4c:b8:aa:
                    02:77:33:51:8a:ae:d2:49:fa:8d:dd:72:60:33:2e:
                    ad:fe:14:2b:0b:ab:b4:82:89:b7:ab:cd:54:ac:5d:
                    50:a5:23:c1:3a:ec:fc:72:56:72:c4:92:c7:1c:82:
                    73:81:f0:87:e3:e8:c3:9b:e1:ea:4e:ba:b6:44:62:
                    30:2d:7c:4c:d4:52:15:2e:de:24:1c:c7:a8:16:7a:
                    3b:16:70:b6:28:fb:5d:d8:e8:b9:3c:8f:f8:68:08:
                    27:6a:2a:3a:40:f9:22:e0:11:a7:8c:62:3a:8a:8f:
                    a7:25:eb:e3:8a:6f:16:10:49:b0:d9:4b:a1:0c:2f:
                    6a:56:9b:38:5c:87:d0:cd:c9:5a:e4:c1:d1:5e:e0:
                    61:09:f9:d6:7a:2e:1e:2f:3d:2b:7f:08:c7:8c:9d:
                    6b:da:7e:11:b5:35:e5:64:6b:2a:c0:81:9f:e9:d3:
                    70:18:70:b6:b6:15:37:c2:43:80:46:f0:24:9d:d2:
                    d0:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:E5:4C:B3:B5:A3:9C:76:A9:35:60:28:80:9B:47:82:42:53:DC:55
            X509v3 Authority Key Identifier:
                keyid:24:8F:5E:26:F1:C0:8F:44:86:C9:91:1C:8B:60:9E:AE:8B:6C:B7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JI9eJvHAj0SGyZEci2Cerotst00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/dae8b0-97d0-48d4-9b26-0137b1f75d02/1/4-VMs7WjnHapNWAogJtHgkJT3FU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/dae8b0-97d0-48d4-9b26-0137b1f75d02/1/JI9eJvHAj0SGyZEci2Cerotst00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.188.192.0/23

    Signature Algorithm: sha256WithRSAEncryption
         07:31:1c:17:40:53:a7:c9:9b:00:c8:24:b4:57:cd:ce:6b:69:
         38:ca:18:49:18:17:c1:4f:54:bb:0d:0c:a7:ca:9c:a0:cd:c5:
         1a:7d:39:ee:c3:ef:34:81:ab:f0:49:11:0e:50:ff:63:fe:97:
         d3:00:a2:e4:15:b4:1a:56:14:a6:87:e1:c0:32:4c:97:42:bf:
         2a:61:2e:51:67:2b:f4:d8:0b:59:e2:1d:cf:61:92:e2:75:d4:
         47:65:a5:a0:20:aa:4a:6c:ae:ff:ad:18:90:1f:5c:9b:5c:a3:
         ca:32:f9:9d:ee:52:5f:45:71:3f:2c:7d:60:fa:9b:d6:2a:33:
         6c:2c:4d:bd:ce:08:06:e4:e6:63:04:c0:86:c3:0c:f8:af:ac:
         b9:b0:43:60:d6:fb:8e:49:ee:b7:d1:ea:4a:7b:2f:b7:ef:a3:
         76:70:8e:14:ce:86:e3:3a:df:82:0f:6b:97:6d:40:89:13:bc:
         f0:ef:05:22:46:89:a7:6a:23:d0:d8:05:9d:ca:a6:6f:d4:b9:
         df:ab:93:2d:b8:fc:f9:1a:71:20:86:c8:5f:10:e9:98:5e:03:
         ce:d8:f1:2e:56:1a:56:32:18:a1:64:bd:5b:e2:f9:a7:03:3f:
         d1:9c:cb:92:0d:7b:e0:bc:96:09:f6:98:73:04:35:c2:ba:77:
         0a:07:b1:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaayFrBK5h6LnXSMNoPvtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0OGY1ZTI2ZjFjMDhmNDQ4NmM5OTExYzhiNjA5ZWFlOGI2
Y2I3NGQwHhcNMjUwMTAxMTk0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2U1NGNiM2I1YTM5Yzc2YTkzNTYwMjg4MDliNDc4MjQyNTNkYzU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwy9vnebdPD8smAh9KtoTlRkwaVAV
Pi9u243E0P24Mv8+X+KtZZEcwdawi/0fHNn8SHkp3WaU3lWuE+ZMCRTx2qnaQolt
PYRMuKoCdzNRiq7SSfqN3XJgMy6t/hQrC6u0gom3q81UrF1QpSPBOuz8clZyxJLH
HIJzgfCH4+jDm+HqTrq2RGIwLXxM1FIVLt4kHMeoFno7FnC2KPtd2Oi5PI/4aAgn
aio6QPki4BGnjGI6io+nJevjim8WEEmw2UuhDC9qVps4XIfQzcla5MHRXuBhCfnW
ei4eLz0rfwjHjJ1r2n4RtTXlZGsqwIGf6dNwGHC2thU3wkOARvAkndLQrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOPlTLO1o5x2qTVgKICbR4JCU9xVMB8GA1UdIwQY
MBaAFCSPXibxwI9EhsmRHItgnq6LbLdNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkk5ZUp2SEFqMFNHeVpFY2kyQ2Vyb3RzdDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi9kYWU4YjAtOTdkMC00OGQ0LTliMjYt
MDEzN2IxZjc1ZDAyLzEvNC1WTXM3V2puSGFwTldBb2dKdEhna0pUM0ZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi9kYWU4YjAtOTdkMC00OGQ0LTliMjYtMDEzN2IxZjc1ZDAy
LzEvSkk5ZUp2SEFqMFNHeVpFY2kyQ2Vyb3RzdDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwbzAMA0G
CSqGSIb3DQEBCwUAA4IBAQAHMRwXQFOnyZsAyCS0V83Oa2k4yhhJGBfBT1S7DQyn
ypygzcUafTnuw+80gavwSREOUP9j/pfTAKLkFbQaVhSmh+HAMkyXQr8qYS5RZyv0
2AtZ4h3PYZLiddRHZaWgIKpKbK7/rRiQH1ybXKPKMvmd7lJfRXE/LH1g+pvWKjNs
LE29zggG5OZjBMCGwwz4r6y5sENg1vuOSe630epKey+376N2cI4UzobjOt+CD2uX
bUCJE7zw7wUiRomnaiPQ2AWdyqZv1Lnfq5MtuPz5GnEghshfEOmYXgPO2PEuVhpW
MhihZL1b4vmnAz/RnMuSDXvgvJYJ9phzBDXCuncKB7Gh
-----END CERTIFICATE-----