Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/99d2f5-1800-4c08-bcad-8a751b0e0170/1/4yqYrh48Xsur3r-zOleCNdlpUQo.roa
File:                     4yqYrh48Xsur3r-zOleCNdlpUQo.roa (raw, json)
Hash identifier:          V+Gu82Ao8dCkVu3u4vF94PywPzmhXWVNlmjYrf4AsVk=
Subject key identifier:   E3:2A:98:AE:1E:3C:5E:CB:AB:DE:BF:B3:3A:57:82:35:D9:69:51:0A
Certificate issuer:       /CN=c173bbe5f7237845aca8d3263b8d51ef378fc120
Certificate serial:       01929AE1D214EF11FFBC12460F96E9F2A3AA
Authority key identifier: C1:73:BB:E5:F7:23:78:45:AC:A8:D3:26:3B:8D:51:EF:37:8F:C1:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wXO75fcjeEWsqNMmO41R7zePwSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/99d2f5-1800-4c08-bcad-8a751b0e0170/1/4yqYrh48Xsur3r-zOleCNdlpUQo.roa
Signing time:             Thu 17 Oct 2024 14:29:03 +0000
ROA not before:           Thu 17 Oct 2024 14:29:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59586
IP address blocks:        94.136.75.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/99d2f5-1800-4c08-bcad-8a751b0e0170/1/wXO75fcjeEWsqNMmO41R7zePwSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/99d2f5-1800-4c08-bcad-8a751b0e0170/1/wXO75fcjeEWsqNMmO41R7zePwSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wXO75fcjeEWsqNMmO41R7zePwSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:9a:e1:d2:14:ef:11:ff:bc:12:46:0f:96:e9:f2:a3:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c173bbe5f7237845aca8d3263b8d51ef378fc120
        Validity
            Not Before: Oct 17 14:29:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e32a98ae1e3c5ecbabdebfb33a578235d969510a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:c2:19:62:67:5b:41:52:9f:bf:6e:3f:89:1d:
                    e2:db:33:f9:97:7f:7e:66:d8:63:0e:3d:3f:dd:5b:
                    26:53:1f:94:03:71:72:6a:53:f4:ea:36:39:b2:36:
                    f3:51:a2:2d:35:30:ab:a2:41:4f:8e:d3:70:27:40:
                    05:40:36:68:ae:8a:b0:46:b5:0e:4b:11:a7:64:09:
                    67:de:ba:09:5d:f1:5c:d9:4f:54:91:33:e6:db:a0:
                    ad:8a:35:89:cb:b1:46:26:59:6d:10:1e:cb:ab:35:
                    74:f2:ab:67:14:30:a9:a4:c3:0f:7a:d9:86:a2:94:
                    dc:a4:db:26:30:7c:4f:ec:61:f7:72:9b:b4:3b:e6:
                    f2:09:ec:0a:b7:20:e3:fa:f7:eb:f7:fa:b9:0a:8d:
                    af:e3:7b:d8:43:fd:aa:1c:61:67:10:34:56:47:4c:
                    0a:6b:5b:fb:b6:77:b2:c9:fc:88:ab:3c:14:42:bf:
                    22:ce:2b:25:d5:d5:92:f4:6f:9e:81:f3:0c:e4:33:
                    0f:52:eb:78:1b:0d:d6:39:55:16:7a:83:1f:4c:3e:
                    f2:aa:1f:51:af:be:2a:28:c7:c0:25:5c:49:41:75:
                    1f:c1:9e:30:3d:2a:c9:84:b1:1a:b6:33:a9:62:8e:
                    f2:af:70:c4:2a:b2:a1:80:43:d2:28:7e:e6:ef:bc:
                    4d:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:2A:98:AE:1E:3C:5E:CB:AB:DE:BF:B3:3A:57:82:35:D9:69:51:0A
            X509v3 Authority Key Identifier:
                keyid:C1:73:BB:E5:F7:23:78:45:AC:A8:D3:26:3B:8D:51:EF:37:8F:C1:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wXO75fcjeEWsqNMmO41R7zePwSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/99d2f5-1800-4c08-bcad-8a751b0e0170/1/4yqYrh48Xsur3r-zOleCNdlpUQo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/99d2f5-1800-4c08-bcad-8a751b0e0170/1/wXO75fcjeEWsqNMmO41R7zePwSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.136.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:a5:1c:f3:fc:e9:f2:b3:63:ef:6b:49:0e:25:65:67:d9:16:
         bc:53:15:4a:18:b9:f7:4d:79:65:76:3d:07:c5:e1:f0:36:4d:
         1d:f3:f2:87:ff:e6:db:71:58:b9:76:94:97:ed:3a:81:58:1c:
         bd:f3:d9:89:12:49:9a:51:9d:f8:60:c6:99:09:43:de:83:d1:
         97:8d:f5:12:27:78:7f:b1:b7:ef:50:ca:b2:9f:f9:39:ec:95:
         92:4d:8c:16:69:4b:0e:7d:a0:01:3e:06:e7:f0:e5:86:c6:80:
         97:b9:92:9d:a1:21:3e:32:a5:e4:60:9a:cc:3f:1a:17:11:98:
         0d:e3:c9:52:1e:d4:83:1f:79:af:d0:da:e0:02:17:f6:6b:bd:
         73:b7:8b:03:e4:1b:91:3d:0f:43:7f:d3:cd:ca:40:c4:a0:cc:
         7e:78:32:e3:ec:48:ef:31:25:93:8b:29:f1:46:99:d5:2b:0c:
         f0:4a:52:1d:d0:5c:c6:b1:81:a6:0b:a5:18:5b:fa:0c:77:ba:
         b7:42:a8:76:da:06:68:39:d3:14:66:83:e3:9f:33:c4:c8:63:
         c8:2f:db:64:b2:5b:89:d2:29:53:44:0c:2d:9b:1c:ec:a2:98:
         ac:b1:61:27:a2:ce:b0:9f:1e:d5:c8:78:7d:3a:ba:f7:22:da:
         11:1d:e3:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKa4dIU7xH/vBJGD5bp8qOqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxNzNiYmU1ZjcyMzc4NDVhY2E4ZDMyNjNiOGQ1MWVmMzc4
ZmMxMjAwHhcNMjQxMDE3MTQyOTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzJhOThhZTFlM2M1ZWNiYWJkZWJmYjMzYTU3ODIzNWQ5Njk1MTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxMIZYmdbQVKfv24/iR3i2zP5l39+
ZthjDj0/3VsmUx+UA3FyalP06jY5sjbzUaItNTCrokFPjtNwJ0AFQDZoroqwRrUO
SxGnZAln3roJXfFc2U9UkTPm26CtijWJy7FGJlltEB7LqzV08qtnFDCppMMPetmG
opTcpNsmMHxP7GH3cpu0O+byCewKtyDj+vfr9/q5Co2v43vYQ/2qHGFnEDRWR0wK
a1v7tneyyfyIqzwUQr8izisl1dWS9G+egfMM5DMPUut4Gw3WOVUWeoMfTD7yqh9R
r74qKMfAJVxJQXUfwZ4wPSrJhLEatjOpYo7yr3DEKrKhgEPSKH7m77xNNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOMqmK4ePF7Lq96/szpXgjXZaVEKMB8GA1UdIwQY
MBaAFMFzu+X3I3hFrKjTJjuNUe83j8EgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1hPNzVmY2plRVdzcU5NbU80MVI3emVQd1NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy85OWQyZjUtMTgwMC00YzA4LWJjYWQt
OGE3NTFiMGUwMTcwLzEvNHlxWXJoNDhYc3VyM3Itek9sZUNOZGxwVVFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy85OWQyZjUtMTgwMC00YzA4LWJjYWQtOGE3NTFiMGUwMTcw
LzEvd1hPNzVmY2plRVdzcU5NbU80MVI3emVQd1NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXohLMA0G
CSqGSIb3DQEBCwUAA4IBAQBppRzz/Onys2Pva0kOJWVn2Ra8UxVKGLn3TXlldj0H
xeHwNk0d8/KH/+bbcVi5dpSX7TqBWBy989mJEkmaUZ34YMaZCUPeg9GXjfUSJ3h/
sbfvUMqyn/k57JWSTYwWaUsOfaABPgbn8OWGxoCXuZKdoSE+MqXkYJrMPxoXEZgN
48lSHtSDH3mv0NrgAhf2a71zt4sD5BuRPQ9Df9PNykDEoMx+eDLj7EjvMSWTiynx
RpnVKwzwSlId0FzGsYGmC6UYW/oMd7q3Qqh22gZoOdMUZoPjnzPEyGPIL9tksluJ
0ilTRAwtmxzsopissWEnos6wnx7VyHh9Orr3ItoRHeOv
-----END CERTIFICATE-----