Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/9eaf1e-c9ec-466d-8371-aabadd0719ba/1/4AyO1EsWajzjJOpGb6KWd4MRzFc.roa
File:                     4AyO1EsWajzjJOpGb6KWd4MRzFc.roa (raw, json)
Hash identifier:          QqPdgK249hlLfUgs0vol3FLlNVPNw1L2bsk3gX0Kl28=
Subject key identifier:   E0:0C:8E:D4:4B:16:6A:3C:E3:24:EA:46:6F:A2:96:77:83:11:CC:57
Certificate issuer:       /CN=0747a36d7768a7b30a4eecbb6964c8c237d74401
Certificate serial:       018CC9BA69647C7AEEABF1E6A7D3CEA0FC3F
Authority key identifier: 07:47:A3:6D:77:68:A7:B3:0A:4E:EC:BB:69:64:C8:C2:37:D7:44:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B0ejbXdop7MKTuy7aWTIwjfXRAE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/9eaf1e-c9ec-466d-8371-aabadd0719ba/1/4AyO1EsWajzjJOpGb6KWd4MRzFc.roa
Signing time:             Tue 02 Jan 2024 10:31:26 +0000
ROA not before:           Tue 02 Jan 2024 10:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48325
IP address blocks:        185.126.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/9eaf1e-c9ec-466d-8371-aabadd0719ba/1/B0ejbXdop7MKTuy7aWTIwjfXRAE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/9eaf1e-c9ec-466d-8371-aabadd0719ba/1/B0ejbXdop7MKTuy7aWTIwjfXRAE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B0ejbXdop7MKTuy7aWTIwjfXRAE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:ba:69:64:7c:7a:ee:ab:f1:e6:a7:d3:ce:a0:fc:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0747a36d7768a7b30a4eecbb6964c8c237d74401
        Validity
            Not Before: Jan  2 10:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e00c8ed44b166a3ce324ea466fa296778311cc57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:65:62:22:df:a7:74:e9:8c:a7:e7:8f:6f:ed:
                    97:8a:bd:5e:fa:82:1f:93:79:cb:ce:74:f8:62:19:
                    ae:90:ac:c0:73:87:c7:87:d6:5e:b1:08:00:42:98:
                    88:eb:1d:f7:83:a5:5e:74:a2:40:1b:7e:86:d0:bb:
                    a0:92:cb:1a:d9:fb:ce:01:36:a6:40:12:56:1d:2c:
                    59:73:7e:df:bb:6f:89:ec:77:d8:8b:92:f4:77:69:
                    de:7f:9f:f7:fa:44:b0:d5:95:33:62:69:e3:00:2c:
                    27:f6:b6:37:af:4c:fe:1c:0e:03:bb:10:47:fb:72:
                    47:68:db:85:20:f5:49:b5:21:c0:94:d4:45:f6:4f:
                    6a:15:d2:9e:55:2d:63:e7:d0:b2:80:af:20:8d:f8:
                    b2:12:dc:ff:e8:de:63:38:3b:b8:ce:10:76:f5:39:
                    f7:49:ca:f8:2f:5d:87:e2:c1:9f:d3:db:cc:45:ef:
                    cd:ef:7f:ff:12:0b:63:b4:1e:61:b4:f5:8b:6a:b0:
                    a0:ee:a6:c0:9b:73:22:2d:ee:a7:87:81:4e:97:f8:
                    70:1e:e4:7d:3f:9c:a1:ff:97:c6:11:7d:fd:7b:77:
                    0f:7d:5c:06:d6:03:ca:ef:fa:a1:19:a2:fa:e8:6b:
                    95:ae:de:8e:56:38:89:ff:67:ce:4e:f2:e3:3d:59:
                    31:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:0C:8E:D4:4B:16:6A:3C:E3:24:EA:46:6F:A2:96:77:83:11:CC:57
            X509v3 Authority Key Identifier:
                keyid:07:47:A3:6D:77:68:A7:B3:0A:4E:EC:BB:69:64:C8:C2:37:D7:44:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B0ejbXdop7MKTuy7aWTIwjfXRAE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/9eaf1e-c9ec-466d-8371-aabadd0719ba/1/4AyO1EsWajzjJOpGb6KWd4MRzFc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/9eaf1e-c9ec-466d-8371-aabadd0719ba/1/B0ejbXdop7MKTuy7aWTIwjfXRAE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.126.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:02:31:f0:24:1c:b8:38:96:d5:73:41:6a:95:98:af:a6:bf:
         16:1c:ad:a3:d9:32:bb:d1:65:21:d9:0c:01:7b:18:a2:31:9f:
         f2:bc:b4:30:ba:9f:51:f1:a3:f4:2e:35:5d:8b:ba:e0:bf:f9:
         a7:95:9b:7c:ad:43:b6:59:b5:a2:8d:55:49:45:47:75:8b:3d:
         71:f5:27:1e:09:60:d6:c6:83:cf:16:cc:43:93:45:28:1b:11:
         9f:04:d9:54:39:54:c0:d8:57:e0:09:cd:d3:22:f4:e2:18:e6:
         0b:20:39:30:53:a5:8f:4a:dc:a8:d9:72:aa:84:c5:22:2b:eb:
         5f:a9:40:29:3b:4e:af:e4:2e:02:e0:2d:7b:5c:ea:a1:9b:cf:
         1d:47:9b:d8:40:bc:c4:ec:8e:8c:d5:a8:da:28:51:61:d1:41:
         66:70:5f:1e:03:ea:57:d1:59:c6:0f:cd:05:0b:b4:3d:cc:d0:
         a0:fa:90:ae:89:7c:74:02:a7:2a:d9:01:09:32:0d:e7:b7:76:
         12:0a:33:05:4d:86:eb:33:9f:70:e1:03:fe:d1:44:5c:e8:ff:
         83:bd:94:12:fb:89:cb:4b:89:63:62:58:67:88:33:c8:a9:84:
         1f:85:24:53:41:38:d7:dd:20:95:32:79:18:88:74:63:b5:b3:
         c0:e8:32:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJumlkfHruq/Hmp9POoPw/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3NDdhMzZkNzc2OGE3YjMwYTRlZWNiYjY5NjRjOGMyMzdk
NzQ0MDEwHhcNMjQwMTAyMTAzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDBjOGVkNDRiMTY2YTNjZTMyNGVhNDY2ZmEyOTY3NzgzMTFjYzU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWViIt+ndOmMp+ePb+2Xir1e+oIf
k3nLznT4YhmukKzAc4fHh9ZesQgAQpiI6x33g6VedKJAG36G0Lugkssa2fvOATam
QBJWHSxZc37fu2+J7HfYi5L0d2nef5/3+kSw1ZUzYmnjACwn9rY3r0z+HA4DuxBH
+3JHaNuFIPVJtSHAlNRF9k9qFdKeVS1j59CygK8gjfiyEtz/6N5jODu4zhB29Tn3
Scr4L12H4sGf09vMRe/N73//EgtjtB5htPWLarCg7qbAm3MiLe6nh4FOl/hwHuR9
P5yh/5fGEX39e3cPfVwG1gPK7/qhGaL66GuVrt6OVjiJ/2fOTvLjPVkxpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOAMjtRLFmo84yTqRm+ilneDEcxXMB8GA1UdIwQY
MBaAFAdHo213aKezCk7su2lkyMI310QBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjBlamJYZG9wN01LVHV5N2FXVEl3amZYUkFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi85ZWFmMWUtYzllYy00NjZkLTgzNzEt
YWFiYWRkMDcxOWJhLzEvNEF5TzFFc1dhanpqSk9wR2I2S1dkNE1SekZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi85ZWFmMWUtYzllYy00NjZkLTgzNzEtYWFiYWRkMDcxOWJh
LzEvQjBlamJYZG9wN01LVHV5N2FXVEl3amZYUkFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuX6tMA0G
CSqGSIb3DQEBCwUAA4IBAQAYAjHwJBy4OJbVc0FqlZivpr8WHK2j2TK70WUh2QwB
exiiMZ/yvLQwup9R8aP0LjVdi7rgv/mnlZt8rUO2WbWijVVJRUd1iz1x9SceCWDW
xoPPFsxDk0UoGxGfBNlUOVTA2FfgCc3TIvTiGOYLIDkwU6WPStyo2XKqhMUiK+tf
qUApO06v5C4C4C17XOqhm88dR5vYQLzE7I6M1ajaKFFh0UFmcF8eA+pX0VnGD80F
C7Q9zNCg+pCuiXx0Aqcq2QEJMg3nt3YSCjMFTYbrM59w4QP+0URc6P+DvZQS+4nL
S4ljYlhniDPIqYQfhSRTQTjX3SCVMnkYiHRjtbPA6DKq
-----END CERTIFICATE-----