Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/e5e379-656d-4622-a7bc-ea26e746a0ad/1/g4grZmuORaKS7qXdfY2Tw1BKwR8.roa
File:                     g4grZmuORaKS7qXdfY2Tw1BKwR8.roa (raw, json)
Hash identifier:          J3nP1OMrsWuilznvZEcg4t0c4Ea3mup5IdWbWJUSouo=
Subject key identifier:   83:88:2B:66:6B:8E:45:A2:92:EE:A5:DD:7D:8D:93:C3:50:4A:C1:1F
Certificate issuer:       /CN=0146b429f8c49611fcfea1efa1a51b9c0eddb6e7
Certificate serial:       0194221FA72C1DCA158BE2A1324BCB16DB47
Authority key identifier: 01:46:B4:29:F8:C4:96:11:FC:FE:A1:EF:A1:A5:1B:9C:0E:DD:B6:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AUa0KfjElhH8_qHvoaUbnA7dtuc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/e5e379-656d-4622-a7bc-ea26e746a0ad/1/g4grZmuORaKS7qXdfY2Tw1BKwR8.roa
Signing time:             Wed 01 Jan 2025 13:48:07 +0000
ROA not before:           Wed 01 Jan 2025 13:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34358
IP address blocks:        193.105.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/e5e379-656d-4622-a7bc-ea26e746a0ad/1/AUa0KfjElhH8_qHvoaUbnA7dtuc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/e5e379-656d-4622-a7bc-ea26e746a0ad/1/AUa0KfjElhH8_qHvoaUbnA7dtuc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AUa0KfjElhH8_qHvoaUbnA7dtuc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 04:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:a7:2c:1d:ca:15:8b:e2:a1:32:4b:cb:16:db:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0146b429f8c49611fcfea1efa1a51b9c0eddb6e7
        Validity
            Not Before: Jan  1 13:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=83882b666b8e45a292eea5dd7d8d93c3504ac11f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:ff:82:7c:6d:7c:9f:56:f9:65:8d:06:5a:e1:
                    14:48:e6:48:36:46:33:0e:39:0a:e2:9a:45:df:72:
                    96:83:4f:08:e3:4a:bb:b2:14:d2:68:d3:cb:50:40:
                    35:9c:19:ad:9e:7c:a6:0b:f3:b5:1a:a8:67:d1:26:
                    d0:7f:8e:d6:9c:52:d9:f0:fe:0a:ca:d1:39:12:a1:
                    65:6d:28:65:57:e0:77:9c:2d:b4:22:5c:5f:cb:db:
                    c3:29:d7:c6:45:b4:b7:5d:ba:c8:01:f4:d4:04:6c:
                    67:17:78:ea:9b:56:cc:74:06:e3:c4:13:f3:41:2c:
                    9d:b9:d9:e3:3d:81:87:8c:cd:18:8e:ec:e6:6d:08:
                    99:74:d8:b3:6c:82:29:51:0c:ad:11:55:30:6f:e4:
                    10:27:a0:5b:6b:55:c4:b3:48:0c:e1:be:19:8e:82:
                    63:ea:d2:6f:7f:11:cf:bb:2b:ea:35:b0:ce:3c:6f:
                    ae:79:06:31:ce:e5:0b:7d:10:2b:d3:f9:f7:ef:79:
                    c3:b9:bb:3b:ac:2b:c1:0c:1a:97:04:25:81:2a:e0:
                    bc:2f:f9:e4:da:97:37:f9:5f:c2:40:1e:f5:a2:f7:
                    bd:d2:cb:92:ac:a8:5c:cf:37:8b:34:cb:f8:1a:90:
                    c3:d0:7f:78:ff:94:23:56:bc:b9:d0:d3:14:67:7a:
                    52:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:88:2B:66:6B:8E:45:A2:92:EE:A5:DD:7D:8D:93:C3:50:4A:C1:1F
            X509v3 Authority Key Identifier:
                keyid:01:46:B4:29:F8:C4:96:11:FC:FE:A1:EF:A1:A5:1B:9C:0E:DD:B6:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AUa0KfjElhH8_qHvoaUbnA7dtuc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/e5e379-656d-4622-a7bc-ea26e746a0ad/1/g4grZmuORaKS7qXdfY2Tw1BKwR8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/e5e379-656d-4622-a7bc-ea26e746a0ad/1/AUa0KfjElhH8_qHvoaUbnA7dtuc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:bb:f7:a3:bd:16:94:a1:a4:04:d7:78:ce:12:d4:a8:bf:9b:
         df:91:62:be:ea:37:84:14:1e:cc:68:8c:1d:d1:3c:80:29:8c:
         b1:2c:2f:4d:22:a1:48:9e:76:54:cd:ba:f1:32:c0:38:4f:d2:
         3b:d4:fa:48:6f:50:81:26:cc:37:6b:fd:22:d5:a8:22:02:35:
         c8:b6:66:76:df:5b:7e:19:25:9d:4c:17:c6:42:4a:aa:47:5d:
         98:11:f1:01:29:3c:28:89:47:0a:57:2f:bf:1f:a1:de:f7:48:
         1c:cc:57:48:7e:cd:b7:d9:db:df:7b:61:b0:41:c1:4c:ab:ab:
         0e:8e:37:90:a6:bc:ef:0c:31:97:b0:64:9e:c6:cf:9f:27:08:
         dd:9b:36:8e:15:11:33:d8:20:55:e5:ec:e6:28:9b:32:1d:ca:
         42:5f:57:da:3e:35:2d:b1:16:9f:87:bf:18:52:f7:6a:10:f8:
         1f:8c:e7:72:3c:a1:55:5b:7f:e1:ff:c7:1b:2a:57:68:a1:61:
         72:40:c1:0e:b6:d3:b3:eb:ad:09:81:92:56:e7:39:8c:64:2d:
         e2:0c:68:db:ca:29:07:23:27:8e:04:7d:e3:f2:d8:ba:be:33:
         53:bd:1f:78:83:57:0c:db:9f:24:f9:b3:d3:9b:57:7a:59:a0:
         66:60:4a:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH6csHcoVi+KhMkvLFttHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNDZiNDI5ZjhjNDk2MTFmY2ZlYTFlZmExYTUxYjljMGVk
ZGI2ZTcwHhcNMjUwMTAxMTM0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Mzg4MmI2NjZiOGU0NWEyOTJlZWE1ZGQ3ZDhkOTNjMzUwNGFjMTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvP+CfG18n1b5ZY0GWuEUSOZINkYz
DjkK4ppF33KWg08I40q7shTSaNPLUEA1nBmtnnymC/O1Gqhn0SbQf47WnFLZ8P4K
ytE5EqFlbShlV+B3nC20Ilxfy9vDKdfGRbS3XbrIAfTUBGxnF3jqm1bMdAbjxBPz
QSydudnjPYGHjM0YjuzmbQiZdNizbIIpUQytEVUwb+QQJ6Bba1XEs0gM4b4ZjoJj
6tJvfxHPuyvqNbDOPG+ueQYxzuULfRAr0/n373nDubs7rCvBDBqXBCWBKuC8L/nk
2pc3+V/CQB71ove90suSrKhczzeLNMv4GpDD0H94/5QjVry50NMUZ3pS5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIOIK2ZrjkWiku6l3X2Nk8NQSsEfMB8GA1UdIwQY
MBaAFAFGtCn4xJYR/P6h76GlG5wO3bbnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVVhMEtmakVsaEg4X3FIdm9hVWJuQTdkdHVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC9lNWUzNzktNjU2ZC00NjIyLWE3YmMt
ZWEyNmU3NDZhMGFkLzEvZzRnclptdU9SYUtTN3FYZGZZMlR3MUJLd1I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC9lNWUzNzktNjU2ZC00NjIyLWE3YmMtZWEyNmU3NDZhMGFk
LzEvQVVhMEtmakVsaEg4X3FIdm9hVWJuQTdkdHVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWlHMA0G
CSqGSIb3DQEBCwUAA4IBAQAeu/ejvRaUoaQE13jOEtSov5vfkWK+6jeEFB7MaIwd
0TyAKYyxLC9NIqFInnZUzbrxMsA4T9I71PpIb1CBJsw3a/0i1agiAjXItmZ231t+
GSWdTBfGQkqqR12YEfEBKTwoiUcKVy+/H6He90gczFdIfs232dvfe2GwQcFMq6sO
jjeQprzvDDGXsGSexs+fJwjdmzaOFREz2CBV5ezmKJsyHcpCX1faPjUtsRafh78Y
UvdqEPgfjOdyPKFVW3/h/8cbKldooWFyQMEOttOz660JgZJW5zmMZC3iDGjbyikH
IyeOBH3j8ti6vjNTvR94g1cM258k+bPTm1d6WaBmYEpy
-----END CERTIFICATE-----