Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/d6c86d-6c65-4a25-a8fa-38d4f3211896/1/k4dQJ7-jKSguo9QTFiGGSFlDIA4.roa
File:                     k4dQJ7-jKSguo9QTFiGGSFlDIA4.roa (raw, json)
Hash identifier:          vVUC1sskQ2EVDv7ng7m2kyIjKuQOQt8EpXvCoNU9tDs=
Subject key identifier:   93:87:50:27:BF:A3:29:28:2E:A3:D4:13:16:21:86:48:59:43:20:0E
Certificate issuer:       /CN=1a4f8001c30cac546e3f92103b4b12732dfcbf52
Certificate serial:       018CC725781CD2612C1BB95E095112152F5F
Authority key identifier: 1A:4F:80:01:C3:0C:AC:54:6E:3F:92:10:3B:4B:12:73:2D:FC:BF:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gk-AAcMMrFRuP5IQO0sScy38v1I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/d6c86d-6c65-4a25-a8fa-38d4f3211896/1/k4dQJ7-jKSguo9QTFiGGSFlDIA4.roa
Signing time:             Mon 01 Jan 2024 22:29:30 +0000
ROA not before:           Mon 01 Jan 2024 22:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34476
IP address blocks:        195.49.239.0/24 maxlen: 24
                          195.49.238.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/d6c86d-6c65-4a25-a8fa-38d4f3211896/1/Gk-AAcMMrFRuP5IQO0sScy38v1I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/d6c86d-6c65-4a25-a8fa-38d4f3211896/1/Gk-AAcMMrFRuP5IQO0sScy38v1I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gk-AAcMMrFRuP5IQO0sScy38v1I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:78:1c:d2:61:2c:1b:b9:5e:09:51:12:15:2f:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a4f8001c30cac546e3f92103b4b12732dfcbf52
        Validity
            Not Before: Jan  1 22:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93875027bfa329282ea3d413162186485943200e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:25:bc:05:8d:54:6a:d8:d6:f7:0b:e7:d3:18:
                    ab:ba:78:49:7f:d2:d8:55:43:8e:83:18:ee:8b:1e:
                    26:3f:75:f4:33:45:cb:a0:26:80:ae:e6:eb:61:74:
                    75:f3:65:28:f5:a7:2f:93:42:bf:1e:91:d2:09:79:
                    44:03:e7:f5:2c:ae:dd:24:25:d2:25:ab:a9:e1:74:
                    4c:fb:60:49:50:d3:a7:ae:c0:28:09:c9:ce:49:5f:
                    52:6f:5e:39:bb:01:be:04:d5:43:5d:45:6d:94:c3:
                    49:9d:5f:6c:91:07:61:16:a9:1f:14:fe:33:b7:e7:
                    9a:f6:f9:4b:2e:ea:79:5a:ba:d9:04:15:fa:6a:31:
                    85:d1:fe:d6:92:33:0a:77:3b:9c:9f:23:5f:f2:f4:
                    50:0e:b4:26:32:c4:93:0a:a5:78:54:73:83:f4:20:
                    82:42:52:d3:39:df:9a:a0:3c:fb:ba:47:9a:b1:c5:
                    96:3d:2a:5f:28:ce:6e:eb:5f:c0:b1:60:2c:dd:87:
                    a8:9d:a1:f4:6c:16:ba:44:5a:17:fb:0d:ea:9f:be:
                    0e:f9:02:2d:c6:da:9d:b9:33:b6:8c:ba:34:ac:82:
                    18:96:ca:92:d9:98:03:6b:68:0f:99:3a:63:dd:a3:
                    4c:18:4c:56:45:3e:39:c9:30:b2:d2:ad:f2:5a:d9:
                    a5:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:87:50:27:BF:A3:29:28:2E:A3:D4:13:16:21:86:48:59:43:20:0E
            X509v3 Authority Key Identifier:
                keyid:1A:4F:80:01:C3:0C:AC:54:6E:3F:92:10:3B:4B:12:73:2D:FC:BF:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gk-AAcMMrFRuP5IQO0sScy38v1I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/d6c86d-6c65-4a25-a8fa-38d4f3211896/1/k4dQJ7-jKSguo9QTFiGGSFlDIA4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/d6c86d-6c65-4a25-a8fa-38d4f3211896/1/Gk-AAcMMrFRuP5IQO0sScy38v1I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.49.238.0/23

    Signature Algorithm: sha256WithRSAEncryption
         29:ef:c6:91:71:9f:33:3d:ce:cc:98:59:84:e5:14:f1:18:68:
         71:33:90:80:1a:98:c8:e8:b3:89:cf:38:a7:2f:d2:40:b4:5e:
         8c:ec:66:2b:f5:3b:0f:f3:07:d2:89:7e:81:58:6f:e5:57:90:
         a7:aa:d0:6a:bb:72:65:35:75:1a:35:0b:62:9b:90:32:86:c3:
         4d:c0:72:2d:1a:80:e2:05:60:7d:fc:43:b1:8d:86:5c:37:4f:
         a6:35:ed:45:66:c5:31:1f:94:57:88:8c:d4:af:f8:91:e8:30:
         a2:c0:c5:d6:d7:08:3d:5c:8e:cc:eb:bd:d0:a5:ca:af:6c:10:
         f0:fc:38:8d:ed:a7:e8:c6:9b:10:cd:c0:c3:77:64:5c:1b:23:
         ac:1a:90:f6:f0:76:b6:96:22:7b:b9:6d:29:c5:f7:19:ef:2e:
         eb:e6:92:7c:45:39:0f:b5:00:37:d0:89:f0:c3:0b:d6:7e:62:
         fb:90:89:b5:22:8c:29:01:fb:28:6c:8f:86:ea:78:6d:50:51:
         0b:11:aa:d5:da:03:6f:1a:c7:12:a5:77:7f:11:c4:cf:46:4e:
         15:39:3c:6d:8b:09:5e:e0:ba:0d:70:17:30:9c:50:0c:4b:20:
         d8:a6:25:40:0c:88:d3:d0:c2:77:7b:04:2d:ff:42:a7:e9:0c:
         b4:4b:70:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJXgc0mEsG7leCVESFS9fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNGY4MDAxYzMwY2FjNTQ2ZTNmOTIxMDNiNGIxMjczMmRm
Y2JmNTIwHhcNMjQwMTAxMjIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Mzg3NTAyN2JmYTMyOTI4MmVhM2Q0MTMxNjIxODY0ODU5NDMyMDBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjiW8BY1UatjW9wvn0xirunhJf9LY
VUOOgxjuix4mP3X0M0XLoCaArubrYXR182Uo9acvk0K/HpHSCXlEA+f1LK7dJCXS
Jaup4XRM+2BJUNOnrsAoCcnOSV9Sb145uwG+BNVDXUVtlMNJnV9skQdhFqkfFP4z
t+ea9vlLLup5WrrZBBX6ajGF0f7WkjMKdzucnyNf8vRQDrQmMsSTCqV4VHOD9CCC
QlLTOd+aoDz7ukeascWWPSpfKM5u61/AsWAs3YeonaH0bBa6RFoX+w3qn74O+QIt
xtqduTO2jLo0rIIYlsqS2ZgDa2gPmTpj3aNMGExWRT45yTCy0q3yWtmlGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJOHUCe/oykoLqPUExYhhkhZQyAOMB8GA1UdIwQY
MBaAFBpPgAHDDKxUbj+SEDtLEnMt/L9SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2stQUFjTU1yRlJ1UDVJUU8wc1NjeTM4djFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9kNmM4NmQtNmM2NS00YTI1LWE4ZmEt
MzhkNGYzMjExODk2LzEvazRkUUo3LWpLU2d1bzlRVEZpR0dTRmxESUE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9kNmM4NmQtNmM2NS00YTI1LWE4ZmEtMzhkNGYzMjExODk2
LzEvR2stQUFjTU1yRlJ1UDVJUU8wc1NjeTM4djFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwzHuMA0G
CSqGSIb3DQEBCwUAA4IBAQAp78aRcZ8zPc7MmFmE5RTxGGhxM5CAGpjI6LOJzzin
L9JAtF6M7GYr9TsP8wfSiX6BWG/lV5CnqtBqu3JlNXUaNQtim5AyhsNNwHItGoDi
BWB9/EOxjYZcN0+mNe1FZsUxH5RXiIzUr/iR6DCiwMXW1wg9XI7M673QpcqvbBDw
/DiN7afoxpsQzcDDd2RcGyOsGpD28Ha2liJ7uW0pxfcZ7y7r5pJ8RTkPtQA30Inw
wwvWfmL7kIm1IowpAfsobI+G6nhtUFELEarV2gNvGscSpXd/EcTPRk4VOTxtiwle
4LoNcBcwnFAMSyDYpiVADIjT0MJ3ewQt/0Kn6Qy0S3Cn
-----END CERTIFICATE-----