Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/a33f9a-9bc3-430d-bb7c-5ec794b0e69c/1/4HeGJXZKaxYnfIehfTqageiX3_o.roa
File:                     4HeGJXZKaxYnfIehfTqageiX3_o.roa (raw, json)
Hash identifier:          0kWEjVhCRHuilzTpdiApQWbZjblZ/HsQQVKE/q937Lg=
Subject key identifier:   E0:77:86:25:76:4A:6B:16:27:7C:87:A1:7D:3A:9A:81:E8:97:DF:FA
Certificate issuer:       /CN=2f102815d27e6511746d4a3e9fd1359cd982a866
Certificate serial:       018CC80198543B4B2006697D3D1F3D642142
Authority key identifier: 2F:10:28:15:D2:7E:65:11:74:6D:4A:3E:9F:D1:35:9C:D9:82:A8:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LxAoFdJ-ZRF0bUo-n9E1nNmCqGY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/a33f9a-9bc3-430d-bb7c-5ec794b0e69c/1/4HeGJXZKaxYnfIehfTqageiX3_o.roa
Signing time:             Tue 02 Jan 2024 02:29:56 +0000
ROA not before:           Tue 02 Jan 2024 02:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208842
IP address blocks:        91.209.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/a33f9a-9bc3-430d-bb7c-5ec794b0e69c/1/LxAoFdJ-ZRF0bUo-n9E1nNmCqGY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/a33f9a-9bc3-430d-bb7c-5ec794b0e69c/1/LxAoFdJ-ZRF0bUo-n9E1nNmCqGY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LxAoFdJ-ZRF0bUo-n9E1nNmCqGY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:98:54:3b:4b:20:06:69:7d:3d:1f:3d:64:21:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f102815d27e6511746d4a3e9fd1359cd982a866
        Validity
            Not Before: Jan  2 02:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0778625764a6b16277c87a17d3a9a81e897dffa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:6d:de:7a:c3:eb:5d:cf:91:e2:45:3b:3b:7c:
                    13:f6:e2:3d:43:8e:1d:60:19:25:11:38:3f:fa:5e:
                    82:bc:9e:bd:56:a2:5a:6f:1f:23:b6:f2:bd:21:44:
                    c0:bf:df:75:3a:f5:57:66:c6:ae:ff:36:28:83:23:
                    2e:32:9d:b3:a6:80:f9:d7:b3:57:de:a7:c0:09:de:
                    07:f4:91:da:f2:80:6c:a1:6d:89:9a:81:0d:50:a9:
                    01:ac:63:fd:83:d5:ad:d0:86:f3:f4:82:d0:08:5d:
                    51:50:55:dd:b0:df:3c:10:e7:26:b9:36:64:0d:0a:
                    0c:51:f1:47:41:b7:68:46:43:2f:13:29:0f:fc:20:
                    4a:53:bd:77:6e:38:07:e4:4d:55:92:87:31:e8:7c:
                    35:4a:10:3c:a0:f8:a7:ec:47:85:03:af:77:09:74:
                    a2:d0:d4:9e:15:60:92:c9:fe:f6:e2:f8:a0:0d:66:
                    a6:0f:d5:17:ac:af:0a:00:23:6b:0d:90:b8:6b:1e:
                    e0:cf:19:b3:00:1b:06:cd:52:c6:22:3b:1f:a4:f2:
                    c1:16:60:3f:2f:9e:61:cc:88:df:38:05:ac:fd:cd:
                    f1:15:6d:43:ae:6c:e3:3e:31:dc:05:04:ee:58:fc:
                    ff:2e:db:da:29:79:a6:b4:eb:13:14:68:65:95:3f:
                    29:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:77:86:25:76:4A:6B:16:27:7C:87:A1:7D:3A:9A:81:E8:97:DF:FA
            X509v3 Authority Key Identifier:
                keyid:2F:10:28:15:D2:7E:65:11:74:6D:4A:3E:9F:D1:35:9C:D9:82:A8:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LxAoFdJ-ZRF0bUo-n9E1nNmCqGY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/a33f9a-9bc3-430d-bb7c-5ec794b0e69c/1/4HeGJXZKaxYnfIehfTqageiX3_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/a33f9a-9bc3-430d-bb7c-5ec794b0e69c/1/LxAoFdJ-ZRF0bUo-n9E1nNmCqGY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:13:17:db:d4:1c:ca:bf:05:be:c8:1f:9c:3b:44:6d:a2:16:
         0d:bb:be:5e:92:17:08:1e:8d:a9:a2:7f:72:f9:bf:4f:57:6c:
         e0:61:68:05:fd:79:50:97:63:13:9c:73:f6:ac:a4:0c:b7:2c:
         77:4b:d4:18:fc:a8:fa:f3:17:45:81:76:8b:a6:50:0e:d8:e8:
         1b:10:8c:5b:d3:15:b8:7d:7d:16:49:11:c6:21:91:1d:93:28:
         88:c6:f8:92:4a:97:42:94:2b:64:aa:af:7a:4d:eb:a0:92:27:
         9d:a0:cc:78:41:66:27:19:56:de:fa:25:4a:a8:76:c3:fc:1d:
         b0:f5:ea:54:84:32:ab:e1:d3:c2:20:78:8e:9d:c9:6e:ee:b5:
         32:b7:cb:a8:1f:87:f8:14:8d:22:e1:dd:ba:03:a2:8a:c4:81:
         e8:d8:7e:aa:81:7e:84:50:cc:8a:03:ef:c6:2c:c9:71:88:81:
         48:91:e5:74:b6:cd:90:4b:b8:4a:1e:41:96:8c:c2:3e:44:32:
         2e:6c:bf:51:76:ef:88:6e:1b:65:9c:55:dc:ce:92:0e:a4:70:
         1c:49:91:ee:59:10:c0:6e:5b:12:23:a3:c6:7b:60:d8:aa:93:
         06:2e:1f:d7:0c:67:71:80:5f:35:49:bd:f9:82:d5:22:d1:ca:
         c1:9d:db:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAZhUO0sgBml9PR89ZCFCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmMTAyODE1ZDI3ZTY1MTE3NDZkNGEzZTlmZDEzNTljZDk4
MmE4NjYwHhcNMjQwMTAyMDIyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDc3ODYyNTc2NGE2YjE2Mjc3Yzg3YTE3ZDNhOWE4MWU4OTdkZmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkm3eesPrXc+R4kU7O3wT9uI9Q44d
YBklETg/+l6CvJ69VqJabx8jtvK9IUTAv991OvVXZsau/zYogyMuMp2zpoD517NX
3qfACd4H9JHa8oBsoW2JmoENUKkBrGP9g9Wt0Ibz9ILQCF1RUFXdsN88EOcmuTZk
DQoMUfFHQbdoRkMvEykP/CBKU713bjgH5E1Vkocx6Hw1ShA8oPin7EeFA693CXSi
0NSeFWCSyf724vigDWamD9UXrK8KACNrDZC4ax7gzxmzABsGzVLGIjsfpPLBFmA/
L55hzIjfOAWs/c3xFW1DrmzjPjHcBQTuWPz/LtvaKXmmtOsTFGhllT8pPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOB3hiV2SmsWJ3yHoX06moHol9/6MB8GA1UdIwQY
MBaAFC8QKBXSfmURdG1KPp/RNZzZgqhmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHhBb0ZkSi1aUkYwYlVvLW45RTFuTm1DcUdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9hMzNmOWEtOWJjMy00MzBkLWJiN2Mt
NWVjNzk0YjBlNjljLzEvNEhlR0pYWktheFluZkllaGZUcWFnZWlYM19vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9hMzNmOWEtOWJjMy00MzBkLWJiN2MtNWVjNzk0YjBlNjlj
LzEvTHhBb0ZkSi1aUkYwYlVvLW45RTFuTm1DcUdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9EEMA0G
CSqGSIb3DQEBCwUAA4IBAQBsExfb1BzKvwW+yB+cO0RtohYNu75ekhcIHo2pon9y
+b9PV2zgYWgF/XlQl2MTnHP2rKQMtyx3S9QY/Kj68xdFgXaLplAO2OgbEIxb0xW4
fX0WSRHGIZEdkyiIxviSSpdClCtkqq96TeugkiedoMx4QWYnGVbe+iVKqHbD/B2w
9epUhDKr4dPCIHiOnclu7rUyt8uoH4f4FI0i4d26A6KKxIHo2H6qgX6EUMyKA+/G
LMlxiIFIkeV0ts2QS7hKHkGWjMI+RDIubL9Rdu+IbhtlnFXczpIOpHAcSZHuWRDA
blsSI6PGe2DYqpMGLh/XDGdxgF81Sb35gtUi0crBndsH
-----END CERTIFICATE-----