Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/4SyAKG9FRt1gAFJy5VgH5PwxTRA.roa
File:                     4SyAKG9FRt1gAFJy5VgH5PwxTRA.roa (raw, json)
Hash identifier:          jTSIiH7dSb5EybAsEY+n22bAiKvGllq/AuPJ12+ncpM=
Subject key identifier:   E1:2C:80:28:6F:45:46:DD:60:00:52:72:E5:58:07:E4:FC:31:4D:10
Certificate issuer:       /CN=3fedd85c1eccb5ff4ba930117a7329099c0ff2eb
Certificate serial:       019426D9CA8F43B2E059BE1327E89072A076
Authority key identifier: 3F:ED:D8:5C:1E:CC:B5:FF:4B:A9:30:11:7A:73:29:09:9C:0F:F2:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-3YXB7Mtf9LqTARenMpCZwP8us.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/4SyAKG9FRt1gAFJy5VgH5PwxTRA.roa
Signing time:             Thu 02 Jan 2025 11:49:54 +0000
ROA not before:           Thu 02 Jan 2025 11:49:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207360
IP address blocks:        217.22.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/P-3YXB7Mtf9LqTARenMpCZwP8us.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/P-3YXB7Mtf9LqTARenMpCZwP8us.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-3YXB7Mtf9LqTARenMpCZwP8us.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:ca:8f:43:b2:e0:59:be:13:27:e8:90:72:a0:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fedd85c1eccb5ff4ba930117a7329099c0ff2eb
        Validity
            Not Before: Jan  2 11:49:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e12c80286f4546dd60005272e55807e4fc314d10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:69:69:db:30:6b:3a:5c:e5:46:07:f5:49:ff:
                    bd:da:79:dd:39:3f:2e:db:4c:ce:54:f5:a3:b9:61:
                    b2:9b:66:f4:dd:01:17:eb:cf:7d:0c:56:41:b6:7c:
                    55:42:75:8e:ac:b5:5a:64:ef:38:5d:d1:dd:29:63:
                    c0:30:92:ce:f9:de:84:07:85:00:41:62:e8:07:54:
                    c3:76:f8:0b:66:2f:49:40:8f:00:7b:b2:54:c0:25:
                    72:2a:51:e3:39:2a:fb:ab:2c:db:d1:f6:d7:fb:64:
                    30:83:66:09:1d:8c:62:34:79:44:3f:a4:f5:c9:27:
                    e7:af:97:d7:d1:f2:e3:dc:2f:42:fb:97:8d:d8:a0:
                    7b:da:6e:1e:dc:89:2d:7d:73:4f:41:b2:5e:20:d4:
                    fe:f9:71:7f:38:16:df:77:cd:5d:ad:06:3e:81:a6:
                    c6:c4:b4:4b:b2:a8:06:9b:a9:80:39:2b:50:61:93:
                    6e:82:28:cb:1a:37:dd:51:e2:58:ab:c4:fe:71:50:
                    af:a7:09:cf:d7:28:09:96:c2:1c:b9:33:42:a3:f1:
                    3c:bd:21:73:25:58:29:b2:29:77:fc:cc:5b:55:d8:
                    3c:64:d4:46:38:3c:d4:26:a6:20:41:c7:27:8c:54:
                    0a:c3:d2:65:c6:23:8d:bb:c0:cb:bc:30:6f:d2:3e:
                    65:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:2C:80:28:6F:45:46:DD:60:00:52:72:E5:58:07:E4:FC:31:4D:10
            X509v3 Authority Key Identifier:
                keyid:3F:ED:D8:5C:1E:CC:B5:FF:4B:A9:30:11:7A:73:29:09:9C:0F:F2:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-3YXB7Mtf9LqTARenMpCZwP8us.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/4SyAKG9FRt1gAFJy5VgH5PwxTRA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/P-3YXB7Mtf9LqTARenMpCZwP8us.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.22.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:e4:ab:66:e4:45:ee:22:c5:5e:a9:5f:17:37:49:ec:62:d5:
         f4:8c:cc:11:31:03:0f:77:8a:d4:1a:41:d2:74:70:a0:2c:3a:
         6c:b3:1b:08:e7:e1:84:84:5e:3f:25:ac:00:0e:1c:47:51:28:
         8f:c5:ac:99:b5:5c:ef:00:54:b9:d4:8b:c2:2d:e9:d7:92:27:
         62:da:b1:72:74:81:cf:07:75:a8:e6:05:78:3e:c3:f1:f1:75:
         a8:ef:1f:c0:7a:2f:f5:ce:8d:0d:0a:8d:9a:7e:02:e4:93:6f:
         d9:e5:02:62:0b:54:c4:5a:34:1b:d6:05:34:82:6c:fb:a6:0c:
         9d:75:cc:8c:15:8b:9a:69:02:91:b8:08:50:03:ef:0d:72:60:
         c8:5f:a7:6c:41:9b:ec:6e:4f:12:c0:f5:3c:81:c3:20:26:c3:
         99:9a:fb:4a:4c:f5:af:11:a6:be:16:99:f5:c5:de:10:32:08:
         04:ce:ef:44:5c:c4:e6:29:3d:2c:c2:75:3f:bb:6f:c9:5d:46:
         99:95:33:fb:82:e0:91:e2:9e:3a:df:54:97:1e:b8:f1:cb:59:
         79:53:36:07:d6:d9:0c:29:83:3b:69:65:f2:a4:67:52:6d:d7:
         b2:7f:26:48:3e:03:3f:9a:53:84:24:98:77:fa:63:a9:01:b9:
         3f:e3:d4:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2cqPQ7LgWb4TJ+iQcqB2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZWRkODVjMWVjY2I1ZmY0YmE5MzAxMTdhNzMyOTA5OWMw
ZmYyZWIwHhcNMjUwMTAyMTE0OTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTJjODAyODZmNDU0NmRkNjAwMDUyNzJlNTU4MDdlNGZjMzE0ZDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtGlp2zBrOlzlRgf1Sf+92nndOT8u
20zOVPWjuWGym2b03QEX6899DFZBtnxVQnWOrLVaZO84XdHdKWPAMJLO+d6EB4UA
QWLoB1TDdvgLZi9JQI8Ae7JUwCVyKlHjOSr7qyzb0fbX+2Qwg2YJHYxiNHlEP6T1
ySfnr5fX0fLj3C9C+5eN2KB72m4e3IktfXNPQbJeINT++XF/OBbfd81drQY+gabG
xLRLsqgGm6mAOStQYZNugijLGjfdUeJYq8T+cVCvpwnP1ygJlsIcuTNCo/E8vSFz
JVgpsil3/MxbVdg8ZNRGODzUJqYgQccnjFQKw9JlxiONu8DLvDBv0j5liQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOEsgChvRUbdYABScuVYB+T8MU0QMB8GA1UdIwQY
MBaAFD/t2FwezLX/S6kwEXpzKQmcD/LrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUC0zWVhCN010ZjlMcVRBUmVuTXBDWndQOHVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC80MWMzMjEtMzQ3ZS00YzNlLWFmZmQt
ZTJiNTI3NzI4ZTk2LzEvNFN5QUtHOUZSdDFnQUZKeTVWZ0g1UHd4VFJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC80MWMzMjEtMzQ3ZS00YzNlLWFmZmQtZTJiNTI3NzI4ZTk2
LzEvUC0zWVhCN010ZjlMcVRBUmVuTXBDWndQOHVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RZzMA0G
CSqGSIb3DQEBCwUAA4IBAQAe5Ktm5EXuIsVeqV8XN0nsYtX0jMwRMQMPd4rUGkHS
dHCgLDpssxsI5+GEhF4/JawADhxHUSiPxayZtVzvAFS51IvCLenXkidi2rFydIHP
B3Wo5gV4PsPx8XWo7x/Aei/1zo0NCo2afgLkk2/Z5QJiC1TEWjQb1gU0gmz7pgyd
dcyMFYuaaQKRuAhQA+8NcmDIX6dsQZvsbk8SwPU8gcMgJsOZmvtKTPWvEaa+Fpn1
xd4QMggEzu9EXMTmKT0swnU/u2/JXUaZlTP7guCR4p4631SXHrjxy1l5UzYH1tkM
KYM7aWXypGdSbdeyfyZIPgM/mlOEJJh3+mOpAbk/49TW
-----END CERTIFICATE-----