Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/b57852-1fd7-40fd-91ff-12518429fa63/1/4CVL3cK_gP_O9HYDaI3gEWUqH44.roa
File:                     4CVL3cK_gP_O9HYDaI3gEWUqH44.roa (raw, json)
Hash identifier:          15JGgsaM9f2K1x9ilfRS8PM5sgIhp/3TPbmOSDZvUDM=
Subject key identifier:   E0:25:4B:DD:C2:BF:80:FF:CE:F4:76:03:68:8D:E0:11:65:2A:1F:8E
Certificate issuer:       /CN=a15b19638611f3e1f7644a7e3bb71d0ca374919e
Certificate serial:       019193545244FD2B11FD95CBEDA2F8C4B630
Authority key identifier: A1:5B:19:63:86:11:F3:E1:F7:64:4A:7E:3B:B7:1D:0C:A3:74:91:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oVsZY4YR8-H3ZEp-O7cdDKN0kZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/b57852-1fd7-40fd-91ff-12518429fa63/1/4CVL3cK_gP_O9HYDaI3gEWUqH44.roa
Signing time:             Tue 27 Aug 2024 10:14:22 +0000
ROA not before:           Tue 27 Aug 2024 10:14:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49556
IP address blocks:        195.158.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/b57852-1fd7-40fd-91ff-12518429fa63/1/oVsZY4YR8-H3ZEp-O7cdDKN0kZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/b57852-1fd7-40fd-91ff-12518429fa63/1/oVsZY4YR8-H3ZEp-O7cdDKN0kZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oVsZY4YR8-H3ZEp-O7cdDKN0kZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:93:54:52:44:fd:2b:11:fd:95:cb:ed:a2:f8:c4:b6:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a15b19638611f3e1f7644a7e3bb71d0ca374919e
        Validity
            Not Before: Aug 27 10:14:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0254bddc2bf80ffcef47603688de011652a1f8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:da:3c:99:52:2b:0f:5c:99:ab:1b:5b:9d:40:
                    89:ba:bb:6c:2a:11:56:34:2c:05:5e:3a:b5:2b:3e:
                    09:2f:2c:9e:cc:f4:65:2f:37:e3:8e:ca:03:64:4e:
                    23:91:52:a3:dd:22:a3:9a:a4:07:a2:df:f1:e8:09:
                    39:bd:b1:9c:85:85:76:65:c5:2f:ee:2d:1c:be:c7:
                    a8:0c:59:c9:3f:fc:f9:1a:0e:c2:5e:8d:bf:05:59:
                    e7:17:ba:28:79:db:26:18:d6:3f:47:25:68:f7:84:
                    64:60:5b:ae:57:9d:55:9b:44:38:2a:96:bb:12:04:
                    87:ef:15:99:c6:65:ff:4c:d8:d0:82:6b:4b:6c:06:
                    20:06:c6:b5:2d:15:aa:8d:1c:89:f6:e7:ca:97:ce:
                    89:f9:cc:ff:a7:1b:9e:60:e1:a0:5c:a2:bd:19:19:
                    22:99:5e:df:a7:e2:ce:3d:30:14:da:d0:6b:ee:ce:
                    92:02:64:57:dc:a4:a3:2c:81:0d:e7:4b:3a:f5:fe:
                    a1:ee:16:3f:90:91:7e:87:8c:c0:0e:f1:2d:30:b9:
                    86:70:20:eb:4a:db:d6:24:9b:2c:23:73:83:27:6a:
                    dc:8d:19:8b:1c:e2:39:a3:80:f7:68:c4:34:88:37:
                    d2:cc:16:dc:c3:0f:dd:9c:ce:ef:de:19:00:ea:25:
                    09:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:25:4B:DD:C2:BF:80:FF:CE:F4:76:03:68:8D:E0:11:65:2A:1F:8E
            X509v3 Authority Key Identifier:
                keyid:A1:5B:19:63:86:11:F3:E1:F7:64:4A:7E:3B:B7:1D:0C:A3:74:91:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oVsZY4YR8-H3ZEp-O7cdDKN0kZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/b57852-1fd7-40fd-91ff-12518429fa63/1/4CVL3cK_gP_O9HYDaI3gEWUqH44.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/b57852-1fd7-40fd-91ff-12518429fa63/1/oVsZY4YR8-H3ZEp-O7cdDKN0kZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.158.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:d9:f6:d5:7f:89:09:a1:41:e5:ee:ee:b7:9d:a9:f9:e3:d8:
         4e:81:d0:31:65:05:f7:19:b3:91:0d:8d:57:9d:fa:08:c1:de:
         a7:48:6e:7c:7c:9b:ee:96:02:11:ed:00:58:29:1f:14:a8:e6:
         c3:de:f9:28:0b:de:12:91:9d:61:c8:a3:c0:f4:6e:28:18:9d:
         a0:21:3b:54:13:ed:b1:4a:95:81:d5:91:81:39:96:49:03:fc:
         da:7d:7d:00:96:f2:e9:db:f9:76:ac:9f:db:57:3c:15:88:1a:
         8e:05:3d:f0:89:88:11:ae:23:43:de:3f:38:f0:86:19:cb:43:
         d2:94:3f:ff:9e:bb:21:ad:22:30:ce:08:71:dd:91:ac:79:fa:
         55:82:e7:2d:09:79:a5:c4:88:39:96:27:f6:62:e6:85:41:d8:
         f0:3e:b8:9e:ad:25:b3:86:d9:57:38:9e:2d:4f:b4:89:a6:ed:
         e4:45:12:77:7d:34:ef:b2:59:54:5c:c5:c9:0a:c1:e7:f9:3c:
         4a:a2:3b:c6:cd:f2:e0:43:d2:c5:2f:04:38:a6:ce:9a:4b:58:
         a0:75:fd:48:12:6d:22:31:fc:b9:f3:f7:a9:86:34:3d:17:98:
         05:0e:e3:40:e8:e2:a4:55:0a:40:72:f5:ef:94:e1:f2:a0:48:
         91:da:b5:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGTVFJE/SsR/ZXL7aL4xLYwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExNWIxOTYzODYxMWYzZTFmNzY0NGE3ZTNiYjcxZDBjYTM3
NDkxOWUwHhcNMjQwODI3MTAxNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDI1NGJkZGMyYmY4MGZmY2VmNDc2MDM2ODhkZTAxMTY1MmExZjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNo8mVIrD1yZqxtbnUCJurtsKhFW
NCwFXjq1Kz4JLyyezPRlLzfjjsoDZE4jkVKj3SKjmqQHot/x6Ak5vbGchYV2ZcUv
7i0cvseoDFnJP/z5Gg7CXo2/BVnnF7ooedsmGNY/RyVo94RkYFuuV51Vm0Q4Kpa7
EgSH7xWZxmX/TNjQgmtLbAYgBsa1LRWqjRyJ9ufKl86J+cz/pxueYOGgXKK9GRki
mV7fp+LOPTAU2tBr7s6SAmRX3KSjLIEN50s69f6h7hY/kJF+h4zADvEtMLmGcCDr
StvWJJssI3ODJ2rcjRmLHOI5o4D3aMQ0iDfSzBbcww/dnM7v3hkA6iUJFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOAlS93Cv4D/zvR2A2iN4BFlKh+OMB8GA1UdIwQY
MBaAFKFbGWOGEfPh92RKfju3HQyjdJGeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1ZzWlk0WVI4LUgzWkVwLU83Y2RES04wa1o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9iNTc4NTItMWZkNy00MGZkLTkxZmYt
MTI1MTg0MjlmYTYzLzEvNENWTDNjS19nUF9POUhZRGFJM2dFV1VxSDQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9iNTc4NTItMWZkNy00MGZkLTkxZmYtMTI1MTg0MjlmYTYz
LzEvb1ZzWlk0WVI4LUgzWkVwLU83Y2RES04wa1o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw57mMA0G
CSqGSIb3DQEBCwUAA4IBAQA+2fbVf4kJoUHl7u63nan549hOgdAxZQX3GbORDY1X
nfoIwd6nSG58fJvulgIR7QBYKR8UqObD3vkoC94SkZ1hyKPA9G4oGJ2gITtUE+2x
SpWB1ZGBOZZJA/zafX0AlvLp2/l2rJ/bVzwViBqOBT3wiYgRriND3j848IYZy0PS
lD//nrshrSIwzghx3ZGsefpVguctCXmlxIg5lif2YuaFQdjwPrierSWzhtlXOJ4t
T7SJpu3kRRJ3fTTvsllUXMXJCsHn+TxKojvGzfLgQ9LFLwQ4ps6aS1igdf1IEm0i
Mfy58/ephjQ9F5gFDuNA6OKkVQpAcvXvlOHyoEiR2rV1
-----END CERTIFICATE-----