Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/4jKaVB-LfLQCzkTYjVHTGVrvLiU.roa
File:                     4jKaVB-LfLQCzkTYjVHTGVrvLiU.roa (raw, json)
Hash identifier:          Dbf5cUJDTFeC16IHWdH+FZOyuiR9fHmIqJ0f+7DT0tY=
Subject key identifier:   E2:32:9A:54:1F:8B:7C:B4:02:CE:44:D8:8D:51:D3:19:5A:EF:2E:25
Certificate issuer:       /CN=b343514630dc17f3fe9b51dd434184d0b62b03c0
Certificate serial:       0194214413F06FE68C3B33A2B2C4615354C2
Authority key identifier: B3:43:51:46:30:DC:17:F3:FE:9B:51:DD:43:41:84:D0:B6:2B:03:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/4jKaVB-LfLQCzkTYjVHTGVrvLiU.roa
Signing time:             Wed 01 Jan 2025 09:48:16 +0000
ROA not before:           Wed 01 Jan 2025 09:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60231
IP address blocks:        93.189.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:13:f0:6f:e6:8c:3b:33:a2:b2:c4:61:53:54:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b343514630dc17f3fe9b51dd434184d0b62b03c0
        Validity
            Not Before: Jan  1 09:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e2329a541f8b7cb402ce44d88d51d3195aef2e25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:89:09:dc:89:05:a1:44:42:a7:3d:15:e6:6c:
                    bf:c7:04:09:29:9f:71:29:37:fd:ba:aa:49:6b:14:
                    70:f6:63:0e:96:63:d0:b5:29:cc:88:8a:cf:d7:23:
                    1c:7c:96:a1:3d:8a:4b:87:fb:3a:52:74:f0:89:8b:
                    6e:cb:31:2a:19:65:ee:be:76:dd:a6:d1:5b:78:1e:
                    b5:d4:11:e2:e5:26:9c:3d:78:bb:64:c8:90:33:ae:
                    3e:9b:1c:5d:9d:b6:16:29:4d:6e:f4:01:0a:ac:1a:
                    41:a3:cd:4f:5c:ab:0e:6f:66:39:fc:2c:10:d1:e5:
                    fb:d6:68:3c:ec:74:9f:1c:ce:a6:ae:27:12:51:26:
                    29:39:dc:53:7b:fa:11:2a:64:a8:b0:50:08:33:6a:
                    53:4e:1b:31:dc:3e:0a:92:65:38:2f:1f:dc:a6:22:
                    b5:48:93:79:d2:c1:65:16:57:f3:2f:27:85:22:08:
                    e7:0a:87:0c:75:4a:89:cb:69:56:3b:78:0f:ef:9b:
                    0b:a7:d7:aa:4c:8d:f4:d9:bf:28:e8:44:21:c1:e3:
                    3d:8c:69:3a:ac:34:1b:5e:95:e1:40:0f:70:bd:f0:
                    c4:63:36:16:be:e5:0f:b3:60:1a:6b:a1:2e:41:ab:
                    ea:a4:0b:68:fe:6e:b2:48:4e:b9:bd:e0:8a:f0:0d:
                    1e:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:32:9A:54:1F:8B:7C:B4:02:CE:44:D8:8D:51:D3:19:5A:EF:2E:25
            X509v3 Authority Key Identifier:
                keyid:B3:43:51:46:30:DC:17:F3:FE:9B:51:DD:43:41:84:D0:B6:2B:03:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/4jKaVB-LfLQCzkTYjVHTGVrvLiU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.189.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:0a:f2:a0:68:eb:7e:f7:f1:ed:a3:f7:fb:21:71:82:db:4e:
         9f:03:17:51:4e:c7:dd:b8:36:ae:1e:13:34:d7:60:bd:c1:29:
         99:e9:c3:f0:3e:4a:98:c6:f2:3f:8b:cb:8a:60:cd:82:91:62:
         c3:58:c3:e8:58:e1:ee:e0:e6:19:1b:d7:68:6c:84:3e:15:90:
         87:4b:de:98:01:3d:be:4e:34:86:0c:09:5c:fd:c5:f6:7f:8d:
         13:e5:39:22:91:fb:6e:6c:69:32:63:cc:cc:ed:c9:a0:f3:77:
         0a:e4:97:8b:ef:79:0f:ac:8c:9d:82:49:fc:a1:51:28:e6:14:
         7f:80:a8:4a:20:b6:b9:4c:b9:77:58:21:25:bd:49:86:fc:48:
         a9:a2:74:27:cc:85:49:37:77:18:92:30:9c:9d:3e:45:1b:dd:
         5e:03:20:0f:d4:a2:01:2e:44:70:ba:5b:5f:70:e1:bb:6f:41:
         32:02:84:ef:5b:c8:df:15:3a:83:3a:29:64:cc:75:ba:ef:61:
         15:d5:ee:28:7b:2b:90:ec:19:8e:78:46:a5:35:00:81:a9:e8:
         9a:c5:99:1d:c1:71:03:3f:35:c0:fc:52:80:a5:99:f5:01:e7:
         e2:51:4b:12:06:1d:d5:c5:04:b1:01:0e:b9:be:b6:7f:ae:67:
         bf:ac:c7:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRBPwb+aMOzOissRhU1TCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzNDM1MTQ2MzBkYzE3ZjNmZTliNTFkZDQzNDE4NGQwYjYy
YjAzYzAwHhcNMjUwMTAxMDk0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjMyOWE1NDFmOGI3Y2I0MDJjZTQ0ZDg4ZDUxZDMxOTVhZWYyZTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzIkJ3IkFoURCpz0V5my/xwQJKZ9x
KTf9uqpJaxRw9mMOlmPQtSnMiIrP1yMcfJahPYpLh/s6UnTwiYtuyzEqGWXuvnbd
ptFbeB611BHi5SacPXi7ZMiQM64+mxxdnbYWKU1u9AEKrBpBo81PXKsOb2Y5/CwQ
0eX71mg87HSfHM6mricSUSYpOdxTe/oRKmSosFAIM2pTThsx3D4KkmU4Lx/cpiK1
SJN50sFlFlfzLyeFIgjnCocMdUqJy2lWO3gP75sLp9eqTI302b8o6EQhweM9jGk6
rDQbXpXhQA9wvfDEYzYWvuUPs2Aaa6EuQavqpAto/m6ySE65veCK8A0e6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOIymlQfi3y0As5E2I1R0xla7y4lMB8GA1UdIwQY
MBaAFLNDUUYw3Bfz/ptR3UNBhNC2KwPAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczBOUlJqRGNGX1AtbTFIZFEwR0UwTFlyQThBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMzgwNDYtN2JlMC00MDE3LWE5OGIt
YTcyNDdlOWQ1ZjNhLzEvNGpLYVZCLUxmTFFDemtUWWpWSFRHVnJ2TGlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMzgwNDYtN2JlMC00MDE3LWE5OGItYTcyNDdlOWQ1ZjNh
LzEvczBOUlJqRGNGX1AtbTFIZFEwR0UwTFlyQThBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXb2UMA0G
CSqGSIb3DQEBCwUAA4IBAQAQCvKgaOt+9/Hto/f7IXGC206fAxdRTsfduDauHhM0
12C9wSmZ6cPwPkqYxvI/i8uKYM2CkWLDWMPoWOHu4OYZG9dobIQ+FZCHS96YAT2+
TjSGDAlc/cX2f40T5TkikftubGkyY8zM7cmg83cK5JeL73kPrIydgkn8oVEo5hR/
gKhKILa5TLl3WCElvUmG/EiponQnzIVJN3cYkjCcnT5FG91eAyAP1KIBLkRwultf
cOG7b0EyAoTvW8jfFTqDOilkzHW672EV1e4oeyuQ7BmOeEalNQCBqeiaxZkdwXED
PzXA/FKApZn1AefiUUsSBh3VxQSxAQ65vrZ/rme/rMfp
-----END CERTIFICATE-----