Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/f449b3-d8a8-493e-9bd7-e88465c46186/1/4bzbblWU0EwkH_-RxEAS-a5BqDU.roa
File:                     4bzbblWU0EwkH_-RxEAS-a5BqDU.roa (raw, json)
Hash identifier:          dk4aeWRs7fjc1JRbUnCAmCNS9ybmvXOxkCg6p2mvhJc=
Subject key identifier:   E1:BC:DB:6E:55:94:D0:4C:24:1F:FF:91:C4:40:12:F9:AE:41:A8:35
Certificate issuer:       /CN=c27358682df3df8bdc7024507f92ecfc5ae097bb
Certificate serial:       018CC94E35F17507623DADACCF2E8C76C9F9
Authority key identifier: C2:73:58:68:2D:F3:DF:8B:DC:70:24:50:7F:92:EC:FC:5A:E0:97:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wnNYaC3z34vccCRQf5Ls_Frgl7s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/f449b3-d8a8-493e-9bd7-e88465c46186/1/4bzbblWU0EwkH_-RxEAS-a5BqDU.roa
Signing time:             Tue 02 Jan 2024 08:33:15 +0000
ROA not before:           Tue 02 Jan 2024 08:33:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48729
IP address blocks:        213.193.232.0/24 maxlen: 24
                          213.193.212.0/24 maxlen: 24
                          213.193.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/f449b3-d8a8-493e-9bd7-e88465c46186/1/wnNYaC3z34vccCRQf5Ls_Frgl7s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/f449b3-d8a8-493e-9bd7-e88465c46186/1/wnNYaC3z34vccCRQf5Ls_Frgl7s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wnNYaC3z34vccCRQf5Ls_Frgl7s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:35:f1:75:07:62:3d:ad:ac:cf:2e:8c:76:c9:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c27358682df3df8bdc7024507f92ecfc5ae097bb
        Validity
            Not Before: Jan  2 08:33:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1bcdb6e5594d04c241fff91c44012f9ae41a835
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:f5:ed:67:80:8b:ca:06:32:bc:e9:d9:88:36:
                    fa:82:e1:bd:15:3f:fe:eb:c1:1b:b6:3e:b4:4f:12:
                    9d:d2:13:f4:c3:a4:06:b7:74:ac:03:02:0e:e6:30:
                    e9:4f:7b:c4:36:ae:ac:f1:90:19:5e:f2:e2:8e:e3:
                    bc:8c:5f:4b:10:6b:7e:84:09:a9:7a:e7:c2:77:c0:
                    82:69:af:ee:07:87:e7:12:b8:a0:d1:bf:19:5f:9e:
                    e0:61:d7:17:59:02:7f:d6:c1:be:7b:9c:df:71:10:
                    46:27:d5:90:9b:41:c3:15:43:d1:77:df:f6:f2:7a:
                    57:a0:5a:cb:38:18:50:14:ba:f6:76:31:16:f1:f1:
                    3f:d5:94:04:2a:8c:af:a6:2b:d4:7d:3e:87:36:21:
                    8c:a8:d3:0a:a0:cc:de:92:21:98:98:3e:13:b7:fa:
                    ad:b4:8e:cd:d1:67:89:27:9f:2a:32:e5:61:9b:5f:
                    8a:3b:8e:ad:e0:40:63:27:23:4a:44:ab:18:36:42:
                    ec:cc:78:2b:d2:13:35:bd:d2:9c:b3:f0:c1:32:4b:
                    f1:e3:86:bd:e2:36:cc:40:ee:43:cf:c5:d0:34:94:
                    a4:36:71:47:24:e9:ee:c0:d0:c3:7e:80:b1:61:21:
                    b2:1b:e5:94:15:64:79:f0:85:d3:fb:0b:f2:97:58:
                    dc:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:BC:DB:6E:55:94:D0:4C:24:1F:FF:91:C4:40:12:F9:AE:41:A8:35
            X509v3 Authority Key Identifier:
                keyid:C2:73:58:68:2D:F3:DF:8B:DC:70:24:50:7F:92:EC:FC:5A:E0:97:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wnNYaC3z34vccCRQf5Ls_Frgl7s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/f449b3-d8a8-493e-9bd7-e88465c46186/1/4bzbblWU0EwkH_-RxEAS-a5BqDU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/f449b3-d8a8-493e-9bd7-e88465c46186/1/wnNYaC3z34vccCRQf5Ls_Frgl7s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.193.209.0/24
                  213.193.212.0/24
                  213.193.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:02:f3:73:32:80:fb:df:a9:99:c0:37:f3:65:36:db:9e:a2:
         f7:0d:d3:f7:6c:75:0a:84:72:f3:26:6c:c5:4f:e3:82:ef:08:
         fd:7f:01:73:0b:60:95:49:f4:5d:58:26:45:87:dc:b7:9b:13:
         c3:72:08:1c:0c:00:d0:40:a9:4f:49:7b:4f:cf:76:35:c3:a9:
         43:48:b4:42:10:22:84:eb:a1:39:3d:79:30:f1:41:33:fb:89:
         d0:2d:1b:03:96:c8:dc:84:e3:2f:ac:22:b1:39:c1:bd:5b:a0:
         27:8d:76:a1:a6:5c:46:1e:6e:a6:78:88:af:c4:9e:69:45:04:
         07:6e:30:1c:0a:eb:ef:26:b4:51:5a:44:f0:e6:70:8a:a7:7e:
         55:b4:78:9e:f1:03:7c:af:3b:e3:bd:4a:d6:de:6f:d9:29:67:
         87:26:a8:54:56:8a:fd:a9:b9:2d:0c:28:16:20:8e:bd:22:75:
         68:63:8c:23:64:97:b7:2f:3a:eb:92:8c:46:f4:9c:71:9c:8a:
         64:7a:bf:bd:6b:63:6d:02:33:8b:7a:23:31:31:a1:52:b8:7c:
         4e:1b:fe:4f:70:8e:2b:40:bf:bc:6e:e9:91:b0:58:bf:b0:32:
         15:5f:8b:7e:8d:36:67:35:0c:0f:93:65:be:77:ef:fc:b6:04:
         5d:ea:3e:25
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJTjXxdQdiPa2szy6Mdsn5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzM1ODY4MmRmM2RmOGJkYzcwMjQ1MDdmOTJlY2ZjNWFl
MDk3YmIwHhcNMjQwMTAyMDgzMzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWJjZGI2ZTU1OTRkMDRjMjQxZmZmOTFjNDQwMTJmOWFlNDFhODM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0fXtZ4CLygYyvOnZiDb6guG9FT/+
68Ebtj60TxKd0hP0w6QGt3SsAwIO5jDpT3vENq6s8ZAZXvLijuO8jF9LEGt+hAmp
eufCd8CCaa/uB4fnErig0b8ZX57gYdcXWQJ/1sG+e5zfcRBGJ9WQm0HDFUPRd9/2
8npXoFrLOBhQFLr2djEW8fE/1ZQEKoyvpivUfT6HNiGMqNMKoMzekiGYmD4Tt/qt
tI7N0WeJJ58qMuVhm1+KO46t4EBjJyNKRKsYNkLszHgr0hM1vdKcs/DBMkvx44a9
4jbMQO5Dz8XQNJSkNnFHJOnuwNDDfoCxYSGyG+WUFWR58IXT+wvyl1jccQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOG8225VlNBMJB//kcRAEvmuQag1MB8GA1UdIwQY
MBaAFMJzWGgt89+L3HAkUH+S7Pxa4Je7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25OWWFDM3ozNHZjY0NSUWY1THNfRnJnbDdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9mNDQ5YjMtZDhhOC00OTNlLTliZDct
ZTg4NDY1YzQ2MTg2LzEvNGJ6YmJsV1UwRXdrSF8tUnhFQVMtYTVCcURVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9mNDQ5YjMtZDhhOC00OTNlLTliZDctZTg4NDY1YzQ2MTg2
LzEvd25OWWFDM3ozNHZjY0NSUWY1THNfRnJnbDdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQA1cHRAwQA
1cHUAwQA1cHoMA0GCSqGSIb3DQEBCwUAA4IBAQCRAvNzMoD736mZwDfzZTbbnqL3
DdP3bHUKhHLzJmzFT+OC7wj9fwFzC2CVSfRdWCZFh9y3mxPDcggcDADQQKlPSXtP
z3Y1w6lDSLRCECKE66E5PXkw8UEz+4nQLRsDlsjchOMvrCKxOcG9W6AnjXahplxG
Hm6meIivxJ5pRQQHbjAcCuvvJrRRWkTw5nCKp35VtHie8QN8rzvjvUrW3m/ZKWeH
JqhUVor9qbktDCgWII69InVoY4wjZJe3LzrrkoxG9JxxnIpker+9a2NtAjOLeiMx
MaFSuHxOG/5PcI4rQL+8bumRsFi/sDIVX4t+jTZnNQwPk2W+d+/8tgRd6j4l
-----END CERTIFICATE-----