Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/4gCEikXNaw3tlBiFhADLrugPDD8.roa
File:                     4gCEikXNaw3tlBiFhADLrugPDD8.roa (raw, json)
Hash identifier:          3sN07QzDvwsm5ZCp3b0Gy5lbh056THPX25v/FSgpeaw=
Subject key identifier:   E2:00:84:8A:45:CD:6B:0D:ED:94:18:85:84:00:CB:AE:E8:0F:0C:3F
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       019422FC1720FCD1E761AB3F78946F98F069
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/4gCEikXNaw3tlBiFhADLrugPDD8.roa
Signing time:             Wed 01 Jan 2025 17:48:53 +0000
ROA not before:           Wed 01 Jan 2025 17:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204300
IP address blocks:        194.35.52.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:17:20:fc:d1:e7:61:ab:3f:78:94:6f:98:f0:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 17:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e200848a45cd6b0ded9418858400cbaee80f0c3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:89:9e:85:1d:24:b4:f1:2e:9d:5f:5a:e0:ad:
                    69:cb:f6:1f:85:26:23:46:11:66:4c:b2:ed:e4:8a:
                    5d:4d:10:8a:37:e2:fe:d7:d8:a0:41:f2:11:36:c4:
                    45:81:81:40:3b:26:72:a6:19:08:2f:9b:f9:d3:0a:
                    4f:bf:a4:c8:51:9f:06:21:64:80:74:68:3c:60:84:
                    be:47:b8:da:a1:09:24:ce:8f:11:a0:f5:a5:f7:cb:
                    d8:f9:7d:32:d4:01:b0:40:71:4f:be:1f:76:44:bf:
                    30:d1:02:20:0d:91:f8:ec:26:7b:84:67:9a:a3:81:
                    8d:a4:38:0d:e1:78:1e:73:d4:59:90:e8:9a:81:6e:
                    da:15:70:f7:c2:02:8e:a0:d6:96:5c:68:6a:5d:80:
                    8f:fb:fc:8b:c0:fe:a8:9e:f6:2a:8f:ae:c9:84:a9:
                    01:c4:16:0c:78:3e:bb:29:ef:88:65:9e:40:7d:1a:
                    f4:ed:30:87:54:2d:6b:f3:48:0e:46:f1:b0:1a:9b:
                    96:78:c9:fd:c8:79:eb:43:c4:9d:58:fd:73:f7:86:
                    55:b0:f2:86:8c:ca:67:b0:d0:86:8f:30:01:e4:1d:
                    3d:25:c6:e4:63:f1:95:54:43:c4:ac:73:b1:08:10:
                    61:d5:b5:b9:3b:e9:c6:bb:b9:1d:23:2e:58:46:be:
                    4d:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:00:84:8A:45:CD:6B:0D:ED:94:18:85:84:00:CB:AE:E8:0F:0C:3F
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/4gCEikXNaw3tlBiFhADLrugPDD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.35.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         18:d1:cf:0a:b9:c2:59:02:2b:25:0e:91:26:56:fb:e7:bc:00:
         d3:b6:77:05:07:b6:1a:93:31:e3:dc:66:ae:07:a0:25:95:14:
         07:38:0c:1f:2a:0c:62:fe:08:5d:bd:1e:28:df:c6:a4:27:91:
         0e:19:c5:60:f0:78:be:4e:59:7a:9a:12:f8:6e:5c:a8:04:3b:
         43:03:00:e9:08:6c:f4:1a:67:a1:bc:32:c9:9b:5d:12:4a:50:
         b7:61:aa:5a:2f:9e:c0:a9:d6:db:a4:ee:9c:4f:35:1f:1d:5d:
         59:a5:7d:d3:0c:55:9d:ba:3c:38:fa:b3:9d:81:22:22:df:b4:
         44:61:76:f4:be:fd:68:51:e4:0a:ea:b5:e6:06:2d:1b:95:67:
         e9:ca:b8:3f:b9:f6:c6:e3:03:fb:41:34:01:64:b8:b8:e4:40:
         9e:41:1f:f1:1a:50:e7:3d:66:31:80:52:e8:7e:ed:6a:45:af:
         36:3e:0e:56:08:14:14:a9:08:b8:17:36:8f:3d:41:ac:8a:3e:
         1e:66:76:07:6b:49:f8:63:81:2b:54:95:07:0f:68:09:a1:39:
         9f:41:45:71:84:f9:89:83:d1:5e:7b:da:e0:3f:04:a4:49:d0:
         10:f3:9e:68:e4:bb:ce:54:40:b9:db:8b:0c:3e:06:7f:45:f6:
         c3:95:ad:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/Bcg/NHnYas/eJRvmPBpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjUwMTAxMTc0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjAwODQ4YTQ1Y2Q2YjBkZWQ5NDE4ODU4NDAwY2JhZWU4MGYwYzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYmehR0ktPEunV9a4K1py/YfhSYj
RhFmTLLt5IpdTRCKN+L+19igQfIRNsRFgYFAOyZyphkIL5v50wpPv6TIUZ8GIWSA
dGg8YIS+R7jaoQkkzo8RoPWl98vY+X0y1AGwQHFPvh92RL8w0QIgDZH47CZ7hGea
o4GNpDgN4Xgec9RZkOiagW7aFXD3wgKOoNaWXGhqXYCP+/yLwP6onvYqj67JhKkB
xBYMeD67Ke+IZZ5AfRr07TCHVC1r80gORvGwGpuWeMn9yHnrQ8SdWP1z94ZVsPKG
jMpnsNCGjzAB5B09JcbkY/GVVEPErHOxCBBh1bW5O+nGu7kdIy5YRr5NHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOIAhIpFzWsN7ZQYhYQAy67oDww/MB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvNGdDRWlrWE5hdzN0bEJpRmhBRExydWdQREQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwiM0MA0G
CSqGSIb3DQEBCwUAA4IBAQAY0c8KucJZAislDpEmVvvnvADTtncFB7YakzHj3Gau
B6AllRQHOAwfKgxi/ghdvR4o38akJ5EOGcVg8Hi+Tll6mhL4blyoBDtDAwDpCGz0
GmehvDLJm10SSlC3YapaL57AqdbbpO6cTzUfHV1ZpX3TDFWdujw4+rOdgSIi37RE
YXb0vv1oUeQK6rXmBi0blWfpyrg/ufbG4wP7QTQBZLi45ECeQR/xGlDnPWYxgFLo
fu1qRa82Pg5WCBQUqQi4FzaPPUGsij4eZnYHa0n4Y4ErVJUHD2gJoTmfQUVxhPmJ
g9Fee9rgPwSkSdAQ855o5LvOVEC524sMPgZ/RfbDla33
-----END CERTIFICATE-----