Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/c60b1b-9b42-45eb-a582-92ddec6bd0a2/1/gYsK4ML_6T4lTL8KqVINkeM3qV0.roa
File:                     gYsK4ML_6T4lTL8KqVINkeM3qV0.roa (raw, json)
Hash identifier:          xl5BdDVqG/v2ukl/4Sw4B/SK+kIR1kbvWOcgybOBOUM=
Subject key identifier:   81:8B:0A:E0:C2:FF:E9:3E:25:4C:BF:0A:A9:52:0D:91:E3:37:A9:5D
Certificate issuer:       /CN=4b4fbfcf5fdc48ab0bfb52854f7a04fc1cff1dbd
Certificate serial:       019329D64AF108D112A6058D9A2F3E9B0270
Authority key identifier: 4B:4F:BF:CF:5F:DC:48:AB:0B:FB:52:85:4F:7A:04:FC:1C:FF:1D:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S0-_z1_cSKsL-1KFT3oE_Bz_Hb0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/c60b1b-9b42-45eb-a582-92ddec6bd0a2/1/gYsK4ML_6T4lTL8KqVINkeM3qV0.roa
Signing time:             Thu 14 Nov 2024 08:42:09 +0000
ROA not before:           Thu 14 Nov 2024 08:42:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3269
IP address blocks:        163.162.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/c60b1b-9b42-45eb-a582-92ddec6bd0a2/1/S0-_z1_cSKsL-1KFT3oE_Bz_Hb0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/c60b1b-9b42-45eb-a582-92ddec6bd0a2/1/S0-_z1_cSKsL-1KFT3oE_Bz_Hb0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S0-_z1_cSKsL-1KFT3oE_Bz_Hb0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:29:d6:4a:f1:08:d1:12:a6:05:8d:9a:2f:3e:9b:02:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b4fbfcf5fdc48ab0bfb52854f7a04fc1cff1dbd
        Validity
            Not Before: Nov 14 08:42:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=818b0ae0c2ffe93e254cbf0aa9520d91e337a95d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:6e:6d:c5:f7:e9:15:f9:62:0b:5e:a6:66:45:
                    31:29:63:e7:e9:39:83:d5:67:67:0b:05:dd:b2:f3:
                    9a:da:64:ee:be:33:a4:88:df:b1:98:77:d7:0d:88:
                    03:22:49:f3:cf:f7:03:05:df:48:49:ab:70:ce:4d:
                    b6:10:e5:80:28:9e:41:fa:f0:e8:31:7f:bc:aa:54:
                    a1:33:11:c3:35:37:f6:75:86:34:6a:29:c1:81:bc:
                    3d:3c:b0:56:12:75:d4:a9:a8:18:08:9f:78:0f:b9:
                    c3:6a:05:f1:fb:81:80:93:6b:48:9d:b9:d4:94:d9:
                    28:dc:18:d4:73:6d:d7:2c:a5:e9:b7:31:1e:ca:83:
                    f0:6f:0e:8e:9d:76:31:bf:4a:db:55:c9:e9:16:af:
                    c4:bb:ac:b6:1e:fc:6a:93:d3:4d:8f:58:50:ba:46:
                    10:bc:11:1c:80:55:5a:5a:8f:c5:53:53:68:4d:d2:
                    b7:c4:ec:9e:46:3c:0a:ff:63:2e:d0:9a:34:96:47:
                    19:a5:1c:c6:26:69:04:2f:5d:c9:e4:b8:06:3f:14:
                    5e:90:98:80:68:76:ac:f5:99:be:92:26:58:d3:10:
                    bb:5f:44:e3:1b:45:7a:ae:e2:df:0b:b3:03:0c:00:
                    e1:2b:c7:f9:37:95:f1:0d:ca:b5:65:1c:08:2a:54:
                    e1:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:8B:0A:E0:C2:FF:E9:3E:25:4C:BF:0A:A9:52:0D:91:E3:37:A9:5D
            X509v3 Authority Key Identifier:
                keyid:4B:4F:BF:CF:5F:DC:48:AB:0B:FB:52:85:4F:7A:04:FC:1C:FF:1D:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S0-_z1_cSKsL-1KFT3oE_Bz_Hb0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/c60b1b-9b42-45eb-a582-92ddec6bd0a2/1/gYsK4ML_6T4lTL8KqVINkeM3qV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/c60b1b-9b42-45eb-a582-92ddec6bd0a2/1/S0-_z1_cSKsL-1KFT3oE_Bz_Hb0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.162.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:3d:34:8e:96:45:b7:08:d1:f4:f1:66:b9:49:c4:80:da:92:
         11:19:e5:d9:ba:6f:66:5c:36:62:10:de:37:45:24:4e:6c:f6:
         41:a5:8e:29:ba:cf:9d:0b:45:95:f5:3e:94:0e:44:98:b4:6b:
         f3:77:bc:94:05:46:0b:52:9a:aa:b3:55:ff:4c:1c:e0:d2:27:
         29:98:78:d1:fc:85:d6:dd:9a:b6:ee:0e:69:26:ae:2b:27:c3:
         12:e1:d4:eb:ab:5e:65:c0:59:f2:bf:80:71:e8:42:38:c3:41:
         57:7d:b2:b8:80:d1:63:54:77:f3:2f:b5:c1:8f:e9:f4:c8:df:
         9c:59:d2:ad:b5:e1:cb:3c:52:ec:e3:31:6c:fe:c1:49:e7:ef:
         90:2f:68:24:f0:2a:1c:46:4f:a3:da:4c:7f:28:fa:39:67:61:
         e5:84:60:34:95:66:82:1a:77:f9:c0:93:2e:f2:89:08:2d:67:
         e6:ab:c0:55:87:a0:ce:f6:5d:65:8a:4e:a7:f9:6e:91:1c:34:
         7e:1e:d3:bc:c0:6e:76:bf:54:2d:e5:be:5a:87:ad:8a:8d:43:
         9a:02:c1:59:3c:35:46:70:05:0a:00:3c:84:13:dd:43:83:2a:
         ae:c7:12:e7:89:8c:fa:c3:9d:22:ea:3b:dd:77:aa:0a:0c:d6:
         dd:82:65:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMp1krxCNESpgWNmi8+mwJwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNGZiZmNmNWZkYzQ4YWIwYmZiNTI4NTRmN2EwNGZjMWNm
ZjFkYmQwHhcNMjQxMTE0MDg0MjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MThiMGFlMGMyZmZlOTNlMjU0Y2JmMGFhOTUyMGQ5MWUzMzdhOTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsG5txffpFfliC16mZkUxKWPn6TmD
1WdnCwXdsvOa2mTuvjOkiN+xmHfXDYgDIknzz/cDBd9ISatwzk22EOWAKJ5B+vDo
MX+8qlShMxHDNTf2dYY0ainBgbw9PLBWEnXUqagYCJ94D7nDagXx+4GAk2tInbnU
lNko3BjUc23XLKXptzEeyoPwbw6OnXYxv0rbVcnpFq/Eu6y2Hvxqk9NNj1hQukYQ
vBEcgFVaWo/FU1NoTdK3xOyeRjwK/2Mu0Jo0lkcZpRzGJmkEL13J5LgGPxRekJiA
aHas9Zm+kiZY0xC7X0TjG0V6ruLfC7MDDADhK8f5N5XxDcq1ZRwIKlThhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIGLCuDC/+k+JUy/CqlSDZHjN6ldMB8GA1UdIwQY
MBaAFEtPv89f3EirC/tShU96BPwc/x29MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzAtX3oxX2NTS3NMLTFLRlQzb0VfQnpfSGIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy9jNjBiMWItOWI0Mi00NWViLWE1ODIt
OTJkZGVjNmJkMGEyLzEvZ1lzSzRNTF82VDRsVEw4S3FWSU5rZU0zcVYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy9jNjBiMWItOWI0Mi00NWViLWE1ODItOTJkZGVjNmJkMGEy
LzEvUzAtX3oxX2NTS3NMLTFLRlQzb0VfQnpfSGIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAo6JYMA0G
CSqGSIb3DQEBCwUAA4IBAQAzPTSOlkW3CNH08Wa5ScSA2pIRGeXZum9mXDZiEN43
RSRObPZBpY4pus+dC0WV9T6UDkSYtGvzd7yUBUYLUpqqs1X/TBzg0icpmHjR/IXW
3Zq27g5pJq4rJ8MS4dTrq15lwFnyv4Bx6EI4w0FXfbK4gNFjVHfzL7XBj+n0yN+c
WdKtteHLPFLs4zFs/sFJ5++QL2gk8CocRk+j2kx/KPo5Z2HlhGA0lWaCGnf5wJMu
8okILWfmq8BVh6DO9l1lik6n+W6RHDR+HtO8wG52v1Qt5b5ah62KjUOaAsFZPDVG
cAUKADyEE91DgyquxxLniYz6w50i6jvdd6oKDNbdgmW7
-----END CERTIFICATE-----