Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/4h_vWcFjqy9H6XsG86F-QhDdC4A.roa
File:                     4h_vWcFjqy9H6XsG86F-QhDdC4A.roa (raw, json)
Hash identifier:          vOz+MAeHiwvxFiKPvoNFodNCcAoExZktJL5vdCZVmwk=
Subject key identifier:   E2:1F:EF:59:C1:63:AB:2F:47:E9:7B:06:F3:A1:7E:42:10:DD:0B:80
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       019427B59AA70F9F5281F10EF99B9B2BAA86
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/4h_vWcFjqy9H6XsG86F-QhDdC4A.roa
Signing time:             Thu 02 Jan 2025 15:50:00 +0000
ROA not before:           Thu 02 Jan 2025 15:50:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31133
IP address blocks:        91.243.88.0/24 maxlen: 24
                          91.243.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 09:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:9a:a7:0f:9f:52:81:f1:0e:f9:9b:9b:2b:aa:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  2 15:50:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e21fef59c163ab2f47e97b06f3a17e4210dd0b80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:31:ee:a0:23:a5:1c:b6:69:75:eb:b1:5c:8e:
                    d9:cf:95:ea:31:13:2f:27:ca:01:d2:62:74:b0:99:
                    21:44:ba:e8:71:81:c9:97:03:dc:c8:f9:13:74:25:
                    f6:9d:a5:6d:60:00:54:1b:f9:c2:99:41:20:f9:c0:
                    52:3c:80:ff:cb:ce:10:47:9d:da:63:0a:05:8a:5f:
                    a8:6e:6d:65:8f:ff:f2:38:6d:ec:80:11:3f:8d:f9:
                    25:f1:64:9d:c7:33:42:8f:02:53:c6:61:1f:0a:a2:
                    cf:07:8f:4c:e6:2c:4d:ad:6f:65:24:5e:e5:5b:83:
                    c4:dd:de:2f:a4:2c:eb:85:a7:1a:07:c7:4f:00:03:
                    e2:37:10:ce:f2:38:17:09:75:40:66:cf:7a:bb:c7:
                    e7:a6:67:17:29:a1:55:19:a5:8d:2b:32:c1:0c:7b:
                    c2:93:7e:a0:2c:5b:06:c6:bd:fe:fe:f5:0a:19:6c:
                    13:ce:3f:80:87:8e:c6:c0:f0:ff:e2:9f:ce:59:33:
                    89:03:8e:fb:72:8c:f1:b9:d7:75:8a:5d:43:79:b9:
                    8e:4a:ef:08:ed:f1:75:00:3c:31:b1:a4:74:bd:a1:
                    80:2a:e1:39:89:4f:08:88:e5:f9:c7:39:3f:d0:c4:
                    4e:a9:fa:9c:e9:21:44:e3:86:6b:5e:0d:6e:7f:cc:
                    04:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:1F:EF:59:C1:63:AB:2F:47:E9:7B:06:F3:A1:7E:42:10:DD:0B:80
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/4h_vWcFjqy9H6XsG86F-QhDdC4A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.243.88.0/24
                  91.243.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c3:e6:09:43:ee:73:2d:f8:7b:1a:88:f6:b6:cb:ee:6b:a1:9b:
         23:51:d0:8a:c9:cd:e7:e2:20:80:94:96:fa:c3:dc:c5:e9:65:
         f3:56:fc:33:58:80:36:b4:4a:b6:d9:c0:df:d8:6d:d4:c0:d6:
         52:78:a0:85:ce:dc:ec:b9:18:1b:7c:06:63:c3:60:ae:07:71:
         58:1c:0c:35:ca:6d:50:8c:f2:0a:7b:8d:42:c5:37:ef:c8:23:
         e7:0e:8c:7f:cf:34:e2:86:45:1b:42:11:d5:57:5b:4e:77:2c:
         71:f6:02:d8:24:d8:ac:09:52:97:24:57:02:51:a3:2f:fb:52:
         44:4d:24:75:a1:f4:18:f3:46:cf:98:f6:64:41:a8:df:2a:d3:
         42:e9:c0:2e:d7:e6:cd:67:52:5d:21:45:0d:9c:b4:69:2c:bd:
         8e:9d:e0:c1:bf:94:4b:e8:54:a3:98:6d:aa:b1:23:82:40:cc:
         7d:dd:d8:da:22:f0:51:e4:f2:7b:5d:78:87:77:e2:51:6f:d7:
         d6:89:8c:87:e8:6e:13:df:cb:e6:b7:80:8f:d4:28:2a:ba:fe:
         a5:64:29:99:df:36:bb:8b:8f:5d:63:b5:4c:53:48:03:c4:ee:
         bc:10:0e:4f:e2:35:b0:9c:b1:b8:bf:cf:db:a9:a2:f2:e1:da:
         4b:75:f7:6d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQntZqnD59SgfEO+ZubK6qGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjUwMTAyMTU1MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjFmZWY1OWMxNjNhYjJmNDdlOTdiMDZmM2ExN2U0MjEwZGQwYjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTHuoCOlHLZpdeuxXI7Zz5XqMRMv
J8oB0mJ0sJkhRLrocYHJlwPcyPkTdCX2naVtYABUG/nCmUEg+cBSPID/y84QR53a
YwoFil+obm1lj//yOG3sgBE/jfkl8WSdxzNCjwJTxmEfCqLPB49M5ixNrW9lJF7l
W4PE3d4vpCzrhacaB8dPAAPiNxDO8jgXCXVAZs96u8fnpmcXKaFVGaWNKzLBDHvC
k36gLFsGxr3+/vUKGWwTzj+Ah47GwPD/4p/OWTOJA477cozxudd1il1DebmOSu8I
7fF1ADwxsaR0vaGAKuE5iU8IiOX5xzk/0MROqfqc6SFE44ZrXg1uf8wETQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOIf71nBY6svR+l7BvOhfkIQ3QuAMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvNGhfdldjRmpxeTlINlhzRzg2Ri1RaERkQzRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW/NYAwQA
W/NfMA0GCSqGSIb3DQEBCwUAA4IBAQDD5glD7nMt+HsaiPa2y+5roZsjUdCKyc3n
4iCAlJb6w9zF6WXzVvwzWIA2tEq22cDf2G3UwNZSeKCFztzsuRgbfAZjw2CuB3FY
HAw1ym1QjPIKe41CxTfvyCPnDox/zzTihkUbQhHVV1tOdyxx9gLYJNisCVKXJFcC
UaMv+1JETSR1ofQY80bPmPZkQajfKtNC6cAu1+bNZ1JdIUUNnLRpLL2OneDBv5RL
6FSjmG2qsSOCQMx93djaIvBR5PJ7XXiHd+JRb9fWiYyH6G4T38vmt4CP1Cgquv6l
ZCmZ3za7i49dY7VMU0gDxO68EA5P4jWwnLG4v8/bqaLy4dpLdfdt
-----END CERTIFICATE-----