Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/xAuy4WKwAiWwyWz_74f0hDIYmYU.roa
File:                     xAuy4WKwAiWwyWz_74f0hDIYmYU.roa (raw, json)
Hash identifier:          cySMwsU48nXQT4v9lmbqhzw+DBOqWz9D22FydLNc6Sk=
Subject key identifier:   C4:0B:B2:E1:62:B0:02:25:B0:C9:6C:FF:EF:87:F4:84:32:18:99:85
Certificate issuer:       /CN=e909ee3d618974da0cbd805a2da80410a4989881
Certificate serial:       01942521C573BF358A31236861BA77B7FEB2
Authority key identifier: E9:09:EE:3D:61:89:74:DA:0C:BD:80:5A:2D:A8:04:10:A4:98:98:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6QnuPWGJdNoMvYBaLagEEKSYmIE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/xAuy4WKwAiWwyWz_74f0hDIYmYU.roa
Signing time:             Thu 02 Jan 2025 03:49:17 +0000
ROA not before:           Thu 02 Jan 2025 03:49:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199485
IP address blocks:        82.196.27.0/24 maxlen: 24
                          88.212.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/6QnuPWGJdNoMvYBaLagEEKSYmIE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/6QnuPWGJdNoMvYBaLagEEKSYmIE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6QnuPWGJdNoMvYBaLagEEKSYmIE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 15:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:c5:73:bf:35:8a:31:23:68:61:ba:77:b7:fe:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e909ee3d618974da0cbd805a2da80410a4989881
        Validity
            Not Before: Jan  2 03:49:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c40bb2e162b00225b0c96cffef87f48432189985
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:39:83:e7:30:2f:35:40:c2:5e:d1:25:2a:2e:
                    d5:bf:6a:b4:f7:27:61:f3:c2:b3:1e:92:f1:94:d7:
                    2f:3f:e7:f3:ce:7e:46:ab:bc:19:8d:ed:d5:75:62:
                    a1:37:ce:a6:4a:1f:08:5a:7e:04:aa:e1:fc:27:8c:
                    70:94:ad:fd:73:d8:b3:8e:c3:b5:33:29:3b:13:cd:
                    68:d1:8c:b8:4d:bd:d3:0e:02:e3:c3:5e:9a:a5:f9:
                    4b:12:19:66:6c:40:b7:e1:18:33:49:5d:bd:ce:f6:
                    f7:90:f3:50:10:0e:44:af:69:ff:2c:64:73:3d:c6:
                    0a:41:3c:d5:ae:a4:a6:63:97:91:e5:85:01:ac:58:
                    30:83:87:07:92:fc:03:8b:20:df:7b:4b:81:c8:8d:
                    de:72:86:c8:5f:1f:86:0b:ab:a1:0c:83:57:7c:c1:
                    a3:54:ea:39:39:4e:67:87:5a:0f:22:4e:e2:3a:97:
                    2d:06:a1:ef:bc:36:9f:cd:50:33:fd:c6:b7:3c:35:
                    d6:67:81:16:74:31:a4:23:52:6b:18:9f:83:50:8b:
                    28:43:4d:03:89:0b:0e:20:59:b7:7c:51:68:8f:87:
                    7a:0f:2b:dd:57:54:a6:f2:80:f5:da:5c:c8:e5:c4:
                    98:23:cc:d4:f8:4c:9b:3c:62:59:2a:70:4b:31:a6:
                    d1:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:0B:B2:E1:62:B0:02:25:B0:C9:6C:FF:EF:87:F4:84:32:18:99:85
            X509v3 Authority Key Identifier:
                keyid:E9:09:EE:3D:61:89:74:DA:0C:BD:80:5A:2D:A8:04:10:A4:98:98:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6QnuPWGJdNoMvYBaLagEEKSYmIE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/xAuy4WKwAiWwyWz_74f0hDIYmYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/6QnuPWGJdNoMvYBaLagEEKSYmIE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.196.27.0/24
                  88.212.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:fc:db:64:4d:7f:7b:f3:dd:19:9f:69:e0:6f:0a:4b:cd:c8:
         0d:39:4a:d0:9c:de:31:c3:e6:e2:0b:e7:0b:bf:2b:73:9b:49:
         63:3b:d9:ca:46:02:78:67:ca:d7:31:6b:f7:14:84:4e:51:8d:
         32:60:bf:93:b5:34:fa:df:f0:ab:16:81:20:67:8e:0b:7c:c1:
         83:f1:b7:79:cd:18:b5:1c:0b:4c:95:3e:9c:81:9a:ff:95:03:
         25:d5:2f:8c:ac:84:31:13:a2:dd:38:59:5e:f5:a9:ff:5a:0d:
         da:d8:fe:7c:07:66:3c:b4:38:5d:e8:0d:75:ab:d8:b6:f6:c6:
         31:de:a2:1f:8e:58:da:0d:ec:3e:8f:8b:8e:f3:8c:bd:18:54:
         e5:4a:d3:60:74:27:5e:5c:96:44:a2:35:a2:9f:79:3f:2b:99:
         4e:96:f2:bc:8c:38:29:7d:16:d5:e6:72:88:c4:cc:14:c4:46:
         47:f7:b1:48:d5:31:54:e7:b4:7b:bc:1a:b6:14:e1:bb:c3:32:
         3f:21:c3:25:f3:8b:3d:6d:94:5a:b9:37:b8:6e:3d:eb:21:f6:
         2b:08:4c:b2:bf:93:85:99:c3:03:2a:cc:f4:0e:f8:6d:74:05:
         25:1d:b8:15:f2:60:e4:f7:5e:02:e5:bd:d7:85:2d:91:aa:a1:
         18:f2:1e:a9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQlIcVzvzWKMSNoYbp3t/6yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MDllZTNkNjE4OTc0ZGEwY2JkODA1YTJkYTgwNDEwYTQ5
ODk4ODEwHhcNMjUwMTAyMDM0OTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDBiYjJlMTYyYjAwMjI1YjBjOTZjZmZlZjg3ZjQ4NDMyMTg5OTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzmD5zAvNUDCXtElKi7Vv2q09ydh
88KzHpLxlNcvP+fzzn5Gq7wZje3VdWKhN86mSh8IWn4EquH8J4xwlK39c9izjsO1
Myk7E81o0Yy4Tb3TDgLjw16apflLEhlmbEC34RgzSV29zvb3kPNQEA5Er2n/LGRz
PcYKQTzVrqSmY5eR5YUBrFgwg4cHkvwDiyDfe0uByI3ecobIXx+GC6uhDINXfMGj
VOo5OU5nh1oPIk7iOpctBqHvvDafzVAz/ca3PDXWZ4EWdDGkI1JrGJ+DUIsoQ00D
iQsOIFm3fFFoj4d6DyvdV1Sm8oD12lzI5cSYI8zU+EybPGJZKnBLMabRgQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMQLsuFisAIlsMls/++H9IQyGJmFMB8GA1UdIwQY
MBaAFOkJ7j1hiXTaDL2AWi2oBBCkmJiBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlFudVBXR0pkTm9NdllCYUxhZ0VFS1NZbUlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8yYjVmNWYtYmI5Ni00YjMxLThhNmEt
ZGQxMTVmOWUzMzAxLzEveEF1eTRXS3dBaVd3eVd6Xzc0ZjBoRElZbVlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8yYjVmNWYtYmI5Ni00YjMxLThhNmEtZGQxMTVmOWUzMzAx
LzEvNlFudVBXR0pkTm9NdllCYUxhZ0VFS1NZbUlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUsQbAwQA
WNSQMA0GCSqGSIb3DQEBCwUAA4IBAQCW/NtkTX97890Zn2ngbwpLzcgNOUrQnN4x
w+biC+cLvytzm0ljO9nKRgJ4Z8rXMWv3FIROUY0yYL+TtTT63/CrFoEgZ44LfMGD
8bd5zRi1HAtMlT6cgZr/lQMl1S+MrIQxE6LdOFle9an/Wg3a2P58B2Y8tDhd6A11
q9i29sYx3qIfjljaDew+j4uO84y9GFTlStNgdCdeXJZEojWin3k/K5lOlvK8jDgp
fRbV5nKIxMwUxEZH97FI1TFU57R7vBq2FOG7wzI/IcMl84s9bZRauTe4bj3rIfYr
CEyyv5OFmcMDKsz0DvhtdAUlHbgV8mDk914C5b3XhS2RqqEY8h6p
-----END CERTIFICATE-----