Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/35ead2-4aa4-4ff0-b5cb-7efaa4a74f97/1/4PFWXyGekCASGygCUNjm-DuErsE.roa
File:                     4PFWXyGekCASGygCUNjm-DuErsE.roa (raw, json)
Hash identifier:          /LabMzCo7/wW5IWe3DG8cgsNr0Fnya8crl5xVDTQMms=
Subject key identifier:   E0:F1:56:5F:21:9E:90:20:12:1B:28:02:50:D8:E6:F8:3B:84:AE:C1
Certificate issuer:       /CN=c20e65caddbecd48d2f87787993113842bdfce5d
Certificate serial:       018D7F2D5BE7FAC72E20E8DAC4E9731D4B39
Authority key identifier: C2:0E:65:CA:DD:BE:CD:48:D2:F8:77:87:99:31:13:84:2B:DF:CE:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wg5lyt2-zUjS-HeHmTEThCvfzl0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/35ead2-4aa4-4ff0-b5cb-7efaa4a74f97/1/4PFWXyGekCASGygCUNjm-DuErsE.roa
Signing time:             Tue 06 Feb 2024 16:08:15 +0000
ROA not before:           Tue 06 Feb 2024 16:08:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49227
IP address blocks:        195.88.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/35ead2-4aa4-4ff0-b5cb-7efaa4a74f97/1/wg5lyt2-zUjS-HeHmTEThCvfzl0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/35ead2-4aa4-4ff0-b5cb-7efaa4a74f97/1/wg5lyt2-zUjS-HeHmTEThCvfzl0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wg5lyt2-zUjS-HeHmTEThCvfzl0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7f:2d:5b:e7:fa:c7:2e:20:e8:da:c4:e9:73:1d:4b:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c20e65caddbecd48d2f87787993113842bdfce5d
        Validity
            Not Before: Feb  6 16:08:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0f1565f219e9020121b280250d8e6f83b84aec1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:80:bc:b4:d2:ed:75:8b:78:4d:5a:5f:2e:61:
                    a2:9c:51:eb:8d:2f:35:ac:c4:6f:de:4b:25:90:ed:
                    79:91:26:e1:8f:29:1b:ee:19:67:ae:f2:f3:7e:a8:
                    f1:a3:b1:a3:40:e0:f8:28:5d:e5:0a:57:cc:f7:22:
                    eb:38:02:6c:b4:72:18:52:ae:44:31:94:90:bd:48:
                    7a:6e:b9:cf:a6:b4:37:01:d9:22:bc:b7:39:60:ac:
                    06:9b:2e:94:35:88:81:7c:b1:a3:b1:ab:96:2f:96:
                    26:1d:37:71:5b:d0:b2:10:ca:ef:46:3f:f3:5e:40:
                    75:61:2b:65:a4:71:e8:19:8d:af:16:f1:85:27:40:
                    00:cd:4f:b9:0f:c5:ae:49:9a:da:6f:6a:b2:1a:11:
                    b7:3b:66:af:70:cf:a5:30:ae:30:8a:d3:1f:8b:d0:
                    cb:ea:cf:5d:cd:ad:7d:ac:84:ec:b0:c9:6e:98:3f:
                    4e:30:9f:7f:37:48:b9:f7:b6:82:7d:31:86:c1:9e:
                    bb:4e:3e:8b:16:95:b1:9e:98:b2:51:78:83:33:3b:
                    a4:fe:c5:51:8c:30:82:84:b6:54:d6:90:4a:64:4f:
                    2b:0b:19:a1:84:b9:a1:a8:90:4d:81:b3:be:ec:2e:
                    0b:56:6f:bf:ab:b7:17:e8:73:53:1c:d5:a1:5c:4a:
                    9a:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:F1:56:5F:21:9E:90:20:12:1B:28:02:50:D8:E6:F8:3B:84:AE:C1
            X509v3 Authority Key Identifier:
                keyid:C2:0E:65:CA:DD:BE:CD:48:D2:F8:77:87:99:31:13:84:2B:DF:CE:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wg5lyt2-zUjS-HeHmTEThCvfzl0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/35ead2-4aa4-4ff0-b5cb-7efaa4a74f97/1/4PFWXyGekCASGygCUNjm-DuErsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/35ead2-4aa4-4ff0-b5cb-7efaa4a74f97/1/wg5lyt2-zUjS-HeHmTEThCvfzl0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.88.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:0a:cd:87:0f:21:b0:a6:8d:37:e8:45:00:86:e9:c3:ce:01:
         38:73:21:86:8e:9a:f4:2f:c5:20:55:27:53:6b:f7:3f:4b:bf:
         af:88:be:99:53:6f:c3:4a:3c:72:08:9d:96:22:91:88:41:4f:
         4a:01:ff:e3:1c:03:1d:34:af:0c:b3:ae:1d:05:2d:e2:34:a4:
         f2:4f:ea:ce:e6:53:9b:ea:23:61:c6:c0:b4:d4:47:04:d3:97:
         75:5a:92:61:7d:b5:a9:cf:c4:4d:11:ca:f9:46:75:db:2a:26:
         e0:36:6d:b3:5c:74:7d:44:6f:4f:71:f8:b0:69:51:d9:99:05:
         3a:25:e7:7c:74:45:56:5a:f3:03:b5:68:42:f0:06:87:72:ac:
         e8:b6:c0:1c:60:ae:0b:44:2a:44:2b:8b:9c:b7:14:f3:cd:43:
         67:b0:bc:db:3f:7f:fd:1c:64:a7:60:69:fe:0d:ee:e3:c7:89:
         9b:60:dd:20:88:a5:4d:9b:f1:89:bf:e5:0f:83:11:e7:14:aa:
         87:7d:f6:4c:5c:de:2f:fe:50:c6:54:8c:f4:5f:22:f1:16:0b:
         47:4c:ca:8b:a0:a8:fc:3c:b4:3b:9b:90:5e:de:82:a9:17:00:
         13:27:c6:cb:e6:a7:c3:64:06:91:7a:91:d3:60:55:1e:a3:c0:
         3e:e1:ba:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1/LVvn+scuIOjaxOlzHUs5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMGU2NWNhZGRiZWNkNDhkMmY4Nzc4Nzk5MzExMzg0MmJk
ZmNlNWQwHhcNMjQwMjA2MTYwODE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGYxNTY1ZjIxOWU5MDIwMTIxYjI4MDI1MGQ4ZTZmODNiODRhZWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjIC8tNLtdYt4TVpfLmGinFHrjS81
rMRv3kslkO15kSbhjykb7hlnrvLzfqjxo7GjQOD4KF3lClfM9yLrOAJstHIYUq5E
MZSQvUh6brnPprQ3AdkivLc5YKwGmy6UNYiBfLGjsauWL5YmHTdxW9CyEMrvRj/z
XkB1YStlpHHoGY2vFvGFJ0AAzU+5D8WuSZrab2qyGhG3O2avcM+lMK4witMfi9DL
6s9dza19rITssMlumD9OMJ9/N0i597aCfTGGwZ67Tj6LFpWxnpiyUXiDMzuk/sVR
jDCChLZU1pBKZE8rCxmhhLmhqJBNgbO+7C4LVm+/q7cX6HNTHNWhXEqa0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFODxVl8hnpAgEhsoAlDY5vg7hK7BMB8GA1UdIwQY
MBaAFMIOZcrdvs1I0vh3h5kxE4Qr385dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2c1bHl0Mi16VWpTLUhlSG1URVRoQ3ZmemwwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC8zNWVhZDItNGFhNC00ZmYwLWI1Y2It
N2VmYWE0YTc0Zjk3LzEvNFBGV1h5R2VrQ0FTR3lnQ1VOam0tRHVFcnNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC8zNWVhZDItNGFhNC00ZmYwLWI1Y2ItN2VmYWE0YTc0Zjk3
LzEvd2c1bHl0Mi16VWpTLUhlSG1URVRoQ3ZmemwwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1jyMA0G
CSqGSIb3DQEBCwUAA4IBAQBlCs2HDyGwpo036EUAhunDzgE4cyGGjpr0L8UgVSdT
a/c/S7+viL6ZU2/DSjxyCJ2WIpGIQU9KAf/jHAMdNK8Ms64dBS3iNKTyT+rO5lOb
6iNhxsC01EcE05d1WpJhfbWpz8RNEcr5RnXbKibgNm2zXHR9RG9PcfiwaVHZmQU6
Jed8dEVWWvMDtWhC8AaHcqzotsAcYK4LRCpEK4uctxTzzUNnsLzbP3/9HGSnYGn+
De7jx4mbYN0giKVNm/GJv+UPgxHnFKqHffZMXN4v/lDGVIz0XyLxFgtHTMqLoKj8
PLQ7m5Be3oKpFwATJ8bL5qfDZAaRepHTYFUeo8A+4bpv
-----END CERTIFICATE-----