Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/e6580b-bff7-41e8-b314-14045b64ae29/1/04IK808ti0G_mrePZiLfyMd8LPg.roa
File:                     04IK808ti0G_mrePZiLfyMd8LPg.roa (raw, json)
Hash identifier:          KEsbMkessHVdMEPjooQbuvxux4M4IDtjKN92Pi/27Vo=
Subject key identifier:   D3:82:0A:F3:4F:2D:8B:41:BF:9A:B7:8F:66:22:DF:C8:C7:7C:2C:F8
Certificate issuer:       /CN=e6e1af37a60a99868efbbaa0817b4980f19a54fb
Certificate serial:       019426D98E178CD01A21C4F72EE462EF792D
Authority key identifier: E6:E1:AF:37:A6:0A:99:86:8E:FB:BA:A0:81:7B:49:80:F1:9A:54:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5uGvN6YKmYaO-7qggXtJgPGaVPs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/e6580b-bff7-41e8-b314-14045b64ae29/1/04IK808ti0G_mrePZiLfyMd8LPg.roa
Signing time:             Thu 02 Jan 2025 11:49:39 +0000
ROA not before:           Thu 02 Jan 2025 11:49:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6730
IP address blocks:        193.8.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/e6580b-bff7-41e8-b314-14045b64ae29/1/5uGvN6YKmYaO-7qggXtJgPGaVPs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/e6580b-bff7-41e8-b314-14045b64ae29/1/5uGvN6YKmYaO-7qggXtJgPGaVPs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5uGvN6YKmYaO-7qggXtJgPGaVPs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:8e:17:8c:d0:1a:21:c4:f7:2e:e4:62:ef:79:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e6e1af37a60a99868efbbaa0817b4980f19a54fb
        Validity
            Not Before: Jan  2 11:49:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d3820af34f2d8b41bf9ab78f6622dfc8c77c2cf8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:57:8c:21:cd:49:e5:b6:45:a9:c3:e3:67:dc:
                    85:17:16:f6:74:a3:26:bf:7f:9e:72:02:d8:11:4b:
                    96:65:c1:e2:45:4f:f4:b9:26:3e:c6:c7:91:6e:85:
                    94:ed:18:43:99:cb:1e:34:40:bb:5e:ac:a4:52:70:
                    76:9f:6d:2b:6c:3f:e2:6f:45:5a:1d:31:a3:e8:61:
                    ec:fc:86:d9:d3:6a:dd:39:a9:ba:03:a5:70:fa:75:
                    46:32:83:e3:8a:34:d8:61:8b:fa:ac:b1:c3:f3:83:
                    8a:29:09:d5:72:8d:01:29:f6:24:04:10:18:d4:32:
                    53:1b:db:27:61:bc:82:0f:5c:a3:64:06:71:4a:a5:
                    27:5f:6f:6d:90:35:39:7b:f7:e9:1c:13:00:cc:fe:
                    a1:3b:cd:1f:6a:67:bf:e8:b9:f0:b9:38:21:e2:fb:
                    b2:f0:8e:64:f2:23:f6:05:4a:1e:97:eb:1c:25:0e:
                    7e:df:43:f1:bf:a9:5c:70:0d:eb:a2:f2:23:ad:11:
                    76:7c:34:3f:a1:02:1a:32:cf:c1:d5:27:94:b3:3f:
                    ee:81:24:ee:2b:74:46:0b:de:a8:f9:bf:16:89:b9:
                    c5:f2:25:b2:a2:ee:08:4e:9e:7b:54:85:23:cf:b5:
                    ee:46:ad:66:13:d2:9b:e8:4a:98:f8:18:f9:09:76:
                    9a:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:82:0A:F3:4F:2D:8B:41:BF:9A:B7:8F:66:22:DF:C8:C7:7C:2C:F8
            X509v3 Authority Key Identifier:
                keyid:E6:E1:AF:37:A6:0A:99:86:8E:FB:BA:A0:81:7B:49:80:F1:9A:54:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5uGvN6YKmYaO-7qggXtJgPGaVPs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/e6580b-bff7-41e8-b314-14045b64ae29/1/04IK808ti0G_mrePZiLfyMd8LPg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/e6580b-bff7-41e8-b314-14045b64ae29/1/5uGvN6YKmYaO-7qggXtJgPGaVPs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:95:90:10:bc:17:7e:d6:5a:56:3b:66:f6:ee:a0:d3:5f:da:
         d4:4a:78:6f:44:cc:e5:0b:6c:94:01:48:84:5d:f6:32:c9:61:
         4c:e2:96:78:f3:7b:9f:16:7f:32:4e:a7:ac:a4:d9:3b:cc:55:
         30:47:68:1e:17:0e:b8:bd:e9:cf:c6:27:82:ed:d5:24:c6:03:
         23:eb:97:28:8f:98:f0:0f:6b:f6:55:0e:47:06:25:50:70:4f:
         03:66:ac:3a:4c:cb:e0:d6:0a:36:a2:37:bb:f3:16:90:19:a9:
         85:5e:64:4a:d0:87:4f:7d:f8:7d:7d:93:ca:bb:20:ff:5c:08:
         88:b7:da:5d:76:04:9c:f1:d2:54:8e:44:8f:b7:5b:1a:76:d0:
         c7:58:6d:6d:34:7f:8e:09:6f:a3:8c:30:7d:87:2e:09:04:ae:
         27:91:97:0f:d4:53:e8:ea:eb:7b:63:06:f6:52:7c:68:76:c2:
         65:04:72:5e:40:7e:58:f9:55:2c:93:46:d7:99:f8:bd:27:82:
         7f:cf:7a:a3:7d:ea:a7:b2:9a:2d:e4:3a:5c:32:d8:06:2b:7e:
         7a:82:66:c2:30:6a:32:0b:e5:b1:e3:99:23:72:a8:9a:bc:ea:
         64:31:3d:57:bf:0d:0d:82:82:3b:19:5f:f2:5c:9e:c9:c1:0d:
         7e:af:a8:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2Y4XjNAaIcT3LuRi73ktMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2ZTFhZjM3YTYwYTk5ODY4ZWZiYmFhMDgxN2I0OTgwZjE5
YTU0ZmIwHhcNMjUwMTAyMTE0OTM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzgyMGFmMzRmMmQ4YjQxYmY5YWI3OGY2NjIyZGZjOGM3N2MyY2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9VeMIc1J5bZFqcPjZ9yFFxb2dKMm
v3+ecgLYEUuWZcHiRU/0uSY+xseRboWU7RhDmcseNEC7XqykUnB2n20rbD/ib0Va
HTGj6GHs/IbZ02rdOam6A6Vw+nVGMoPjijTYYYv6rLHD84OKKQnVco0BKfYkBBAY
1DJTG9snYbyCD1yjZAZxSqUnX29tkDU5e/fpHBMAzP6hO80fame/6LnwuTgh4vuy
8I5k8iP2BUoel+scJQ5+30Pxv6lccA3rovIjrRF2fDQ/oQIaMs/B1SeUsz/ugSTu
K3RGC96o+b8WibnF8iWyou4ITp57VIUjz7XuRq1mE9Kb6EqY+Bj5CXaaHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNOCCvNPLYtBv5q3j2Yi38jHfCz4MB8GA1UdIwQY
MBaAFObhrzemCpmGjvu6oIF7SYDxmlT7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXVHdk42WUttWWFPLTdxZ2dYdEpnUEdhVlBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi9lNjU4MGItYmZmNy00MWU4LWIzMTQt
MTQwNDViNjRhZTI5LzEvMDRJSzgwOHRpMEdfbXJlUFppTGZ5TWQ4TFBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi9lNjU4MGItYmZmNy00MWU4LWIzMTQtMTQwNDViNjRhZTI5
LzEvNXVHdk42WUttWWFPLTdxZ2dYdEpnUEdhVlBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQiqMA0G
CSqGSIb3DQEBCwUAA4IBAQCBlZAQvBd+1lpWO2b27qDTX9rUSnhvRMzlC2yUAUiE
XfYyyWFM4pZ483ufFn8yTqespNk7zFUwR2geFw64venPxieC7dUkxgMj65coj5jw
D2v2VQ5HBiVQcE8DZqw6TMvg1go2oje78xaQGamFXmRK0IdPffh9fZPKuyD/XAiI
t9pddgSc8dJUjkSPt1sadtDHWG1tNH+OCW+jjDB9hy4JBK4nkZcP1FPo6ut7Ywb2
UnxodsJlBHJeQH5Y+VUsk0bXmfi9J4J/z3qjfeqnspot5DpcMtgGK356gmbCMGoy
C+Wx45kjcqiavOpkMT1Xvw0NgoI7GV/yXJ7JwQ1+r6gA
-----END CERTIFICATE-----