Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/4Wfz_EQvo6SYko68k4TSfAN47sU.roa
File:                     4Wfz_EQvo6SYko68k4TSfAN47sU.roa (raw, json)
Hash identifier:          ox9v/ftMGhy9fG8TSa40dOcstxMI1IJ6bYGEOLCjJzU=
Subject key identifier:   E1:67:F3:FC:44:2F:A3:A4:98:92:8E:BC:93:84:D2:7C:03:78:EE:C5
Certificate issuer:       /CN=ba9d30e6035be8b8386061f271481c707e04ce2b
Certificate serial:       0194228E09F87E423CEDE814E1A29CB7EADD
Authority key identifier: BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/4Wfz_EQvo6SYko68k4TSfAN47sU.roa
Signing time:             Wed 01 Jan 2025 15:48:41 +0000
ROA not before:           Wed 01 Jan 2025 15:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51174
IP address blocks:        82.222.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 03:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:09:f8:7e:42:3c:ed:e8:14:e1:a2:9c:b7:ea:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba9d30e6035be8b8386061f271481c707e04ce2b
        Validity
            Not Before: Jan  1 15:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e167f3fc442fa3a498928ebc9384d27c0378eec5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f6:f1:9c:ca:56:bf:9b:2c:93:b0:9b:0e:dd:
                    90:eb:66:ea:c0:d8:c5:39:d3:96:08:88:45:6f:af:
                    c9:a5:1c:42:d5:ab:ad:be:1f:b4:44:46:63:73:b3:
                    8a:e1:8a:db:63:cd:2e:72:70:39:e6:9a:b8:ae:88:
                    18:a5:ca:2d:df:af:4e:a5:42:93:fd:37:ad:fc:16:
                    1a:5a:2f:4f:db:d3:70:b4:9c:fb:e6:f7:66:d0:af:
                    0c:5b:41:8e:69:16:b9:c7:1b:51:f6:bd:f9:2e:63:
                    2d:0f:d0:52:54:e1:d8:c8:45:ea:81:36:bb:33:9c:
                    24:50:56:8e:1f:72:81:0f:97:18:6a:38:03:4b:60:
                    0c:f5:e7:07:86:05:b6:d8:dd:4e:58:89:58:07:98:
                    d9:c0:3d:69:15:ec:3a:09:12:ac:a2:11:07:39:c3:
                    c8:8b:39:cd:21:11:7a:0d:16:83:83:52:30:c0:06:
                    96:94:d9:26:fa:d4:5c:e7:a7:2c:dd:d1:a1:27:7c:
                    e2:ba:b6:50:98:40:c1:c1:81:5c:ed:28:39:51:cd:
                    1d:67:68:0f:38:c5:30:ef:d2:48:8c:f4:11:5d:e4:
                    5e:88:83:06:b5:08:1e:e4:ba:9d:a5:4f:82:30:da:
                    6a:f6:22:8f:b0:43:0a:e3:b4:4d:e6:a9:25:ca:e0:
                    29:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:67:F3:FC:44:2F:A3:A4:98:92:8E:BC:93:84:D2:7C:03:78:EE:C5
            X509v3 Authority Key Identifier:
                keyid:BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/4Wfz_EQvo6SYko68k4TSfAN47sU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.222.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:71:2a:55:60:4d:64:6b:7b:13:4c:35:ea:e6:76:c2:e5:de:
         fe:09:f0:1f:c1:11:8f:56:16:15:95:f3:5f:20:f7:74:60:b4:
         71:09:3c:d9:7e:b7:e1:f2:e8:96:29:11:e2:19:bc:60:3f:b2:
         11:de:9c:e8:28:17:18:02:d1:4b:e7:b1:a6:a3:60:8d:9c:14:
         34:14:ff:b0:81:f9:ac:6c:55:0e:d1:02:d9:04:84:3c:38:1e:
         21:36:1b:3e:1e:7d:e7:64:2d:df:83:6d:8e:21:45:82:83:91:
         56:44:de:f5:24:08:ff:91:5a:40:43:4e:bf:9f:fb:50:2d:d1:
         be:a2:2d:0a:fa:20:cc:34:d6:2d:3d:4a:e1:74:58:a7:ad:3f:
         10:07:50:58:2e:4a:36:e2:c3:40:46:e7:d0:8f:49:92:87:bd:
         77:6a:28:24:21:db:1d:83:4d:73:b2:fa:9f:1c:e9:1d:1b:54:
         79:78:a9:05:f0:2b:f7:a7:81:a3:52:87:71:9a:2b:05:35:61:
         bf:33:ae:d2:65:c1:69:ba:65:40:85:b6:6f:45:ed:8e:1f:b8:
         c6:02:53:9a:27:c7:6f:d2:db:35:83:72:99:d0:06:d9:c1:b3:
         23:17:74:2b:76:b8:6f:8b:43:5d:5d:92:b8:08:40:b0:96:fe:
         d7:70:2b:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijgn4fkI87egU4aKct+rdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhOWQzMGU2MDM1YmU4YjgzODYwNjFmMjcxNDgxYzcwN2Uw
NGNlMmIwHhcNMjUwMTAxMTU0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTY3ZjNmYzQ0MmZhM2E0OTg5MjhlYmM5Mzg0ZDI3YzAzNzhlZWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfbxnMpWv5ssk7CbDt2Q62bqwNjF
OdOWCIhFb6/JpRxC1autvh+0REZjc7OK4YrbY80ucnA55pq4rogYpcot369OpUKT
/Tet/BYaWi9P29NwtJz75vdm0K8MW0GOaRa5xxtR9r35LmMtD9BSVOHYyEXqgTa7
M5wkUFaOH3KBD5cYajgDS2AM9ecHhgW22N1OWIlYB5jZwD1pFew6CRKsohEHOcPI
iznNIRF6DRaDg1IwwAaWlNkm+tRc56cs3dGhJ3ziurZQmEDBwYFc7Sg5Uc0dZ2gP
OMUw79JIjPQRXeReiIMGtQge5LqdpU+CMNpq9iKPsEMK47RN5qklyuAppQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOFn8/xEL6OkmJKOvJOE0nwDeO7FMB8GA1UdIwQY
MBaAFLqdMOYDW+i4OGBh8nFIHHB+BM4rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgt
NWQ1ODRmYmM1ZDI3LzEvNFdmel9FUXZvNlNZa282OGs0VFNmQU40N3NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgtNWQ1ODRmYmM1ZDI3
LzEvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUt6AMA0G
CSqGSIb3DQEBCwUAA4IBAQCfcSpVYE1ka3sTTDXq5nbC5d7+CfAfwRGPVhYVlfNf
IPd0YLRxCTzZfrfh8uiWKRHiGbxgP7IR3pzoKBcYAtFL57Gmo2CNnBQ0FP+wgfms
bFUO0QLZBIQ8OB4hNhs+Hn3nZC3fg22OIUWCg5FWRN71JAj/kVpAQ06/n/tQLdG+
oi0K+iDMNNYtPUrhdFinrT8QB1BYLko24sNARufQj0mSh713aigkIdsdg01zsvqf
HOkdG1R5eKkF8Cv3p4GjUodxmisFNWG/M67SZcFpumVAhbZvRe2OH7jGAlOaJ8dv
0ts1g3KZ0AbZwbMjF3Qrdrhvi0NdXZK4CECwlv7XcCvQ
-----END CERTIFICATE-----