Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/4D_Nel15Fg8XjM4wd3LKA6f3yEI.roa
File:                     4D_Nel15Fg8XjM4wd3LKA6f3yEI.roa (raw, json)
Hash identifier:          Zx+xhnPiitFpj/IAP19hBIJF0EC8cC5bPCOTQJPDfp8=
Subject key identifier:   E0:3F:CD:7A:5D:79:16:0F:17:8C:CE:30:77:72:CA:03:A7:F7:C8:42
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       018CC424F53E44C7EF60FFE2EDC32A88924C
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/4D_Nel15Fg8XjM4wd3LKA6f3yEI.roa
Signing time:             Mon 01 Jan 2024 08:30:05 +0000
ROA not before:           Mon 01 Jan 2024 08:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201064
IP address blocks:        185.87.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 22:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:f5:3e:44:c7:ef:60:ff:e2:ed:c3:2a:88:92:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Jan  1 08:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e03fcd7a5d79160f178cce307772ca03a7f7c842
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:e2:ed:f0:50:18:e3:dd:82:8c:a9:f4:af:b1:
                    fc:4c:ec:3b:c1:8f:32:cf:56:81:6a:2a:65:81:52:
                    7c:90:55:1e:38:30:41:fb:c4:da:34:d7:b1:c7:f0:
                    4a:0a:99:68:5c:00:da:d2:7e:1a:76:9f:15:f4:3e:
                    ac:18:49:9d:e6:d1:46:cf:83:e7:60:11:5a:df:44:
                    06:ca:41:fe:15:44:22:33:bb:34:a0:d5:e9:53:c0:
                    a9:2e:61:e3:1b:1d:3c:5e:3f:00:0c:57:34:fc:fd:
                    86:4c:56:7f:54:1a:90:b3:38:ea:d9:19:e8:0e:8a:
                    0f:d4:13:0c:57:8c:4c:a2:0d:b5:68:ac:cc:19:4d:
                    24:a6:4f:50:9c:dc:2e:15:1d:9f:4d:12:bf:b6:9a:
                    3c:58:73:a3:0e:7d:8a:a4:13:02:c9:1f:d4:73:87:
                    c5:dd:94:94:9c:b0:b9:b2:6b:2b:b5:91:f3:45:7c:
                    21:b6:81:37:15:b9:14:2a:9b:87:b8:7c:ed:10:07:
                    ff:48:2d:80:77:82:1f:12:07:07:94:64:be:b9:91:
                    47:df:b6:ae:93:17:ee:99:02:6b:17:06:3a:d4:aa:
                    98:95:c5:0f:5c:92:9f:db:cb:05:d8:ad:25:53:62:
                    12:ef:87:35:91:04:40:8e:5e:db:67:81:40:fb:c4:
                    3e:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:3F:CD:7A:5D:79:16:0F:17:8C:CE:30:77:72:CA:03:A7:F7:C8:42
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/4D_Nel15Fg8XjM4wd3LKA6f3yEI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.87.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:83:ce:e7:8b:30:43:5b:e2:3b:b9:ed:6b:1e:a7:d2:fc:13:
         25:15:1b:c8:0b:20:fe:fd:fd:78:ab:c2:e2:1e:39:4c:77:4e:
         4d:ff:c3:23:06:b7:d1:9e:95:71:3a:1f:b5:b6:f4:c1:4d:98:
         55:05:1c:b4:3f:b3:d1:07:86:92:2b:02:7e:ba:44:a1:e6:fd:
         35:80:79:d2:ce:16:18:97:d4:74:57:e3:94:87:18:ff:d5:1a:
         96:75:cc:9d:37:70:0b:84:aa:25:e3:56:c9:11:46:6a:8b:05:
         69:d5:83:92:f8:cd:2b:e4:3d:fb:44:d7:89:6d:9d:c2:ae:0e:
         3b:6c:ec:e7:83:3b:de:2b:26:7c:4b:77:61:5d:9d:7f:ca:cc:
         0c:77:d0:dd:49:b8:6c:f9:38:7a:4c:59:13:e7:17:a3:6f:bc:
         11:3a:56:41:59:2a:96:74:cb:08:a3:4e:f9:98:97:10:6c:2f:
         f4:2a:e5:03:95:c2:b3:dc:a6:8b:ca:04:4e:54:7b:a8:d3:8b:
         6c:cd:73:e1:83:fe:87:6d:48:14:91:e1:42:5a:2c:18:0b:f4:
         f5:d1:03:1d:79:26:3c:bc:ca:1b:a0:f5:df:b0:0d:e4:72:5e:
         97:8d:86:c3:a0:da:15:39:dc:45:2e:b0:31:2f:cc:9f:f1:33:
         d2:17:a6:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJPU+RMfvYP/i7cMqiJJMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjQwMTAxMDgzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDNmY2Q3YTVkNzkxNjBmMTc4Y2NlMzA3NzcyY2EwM2E3ZjdjODQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAquLt8FAY492CjKn0r7H8TOw7wY8y
z1aBaiplgVJ8kFUeODBB+8TaNNexx/BKCploXADa0n4adp8V9D6sGEmd5tFGz4Pn
YBFa30QGykH+FUQiM7s0oNXpU8CpLmHjGx08Xj8ADFc0/P2GTFZ/VBqQszjq2Rno
DooP1BMMV4xMog21aKzMGU0kpk9QnNwuFR2fTRK/tpo8WHOjDn2KpBMCyR/Uc4fF
3ZSUnLC5smsrtZHzRXwhtoE3FbkUKpuHuHztEAf/SC2Ad4IfEgcHlGS+uZFH37au
kxfumQJrFwY61KqYlcUPXJKf28sF2K0lU2IS74c1kQRAjl7bZ4FA+8Q+RQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOA/zXpdeRYPF4zOMHdyygOn98hCMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvNERfTmVsMTVGZzhYak00d2QzTEtBNmYzeUVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVcZMA0G
CSqGSIb3DQEBCwUAA4IBAQAJg87nizBDW+I7ue1rHqfS/BMlFRvICyD+/f14q8Li
HjlMd05N/8MjBrfRnpVxOh+1tvTBTZhVBRy0P7PRB4aSKwJ+ukSh5v01gHnSzhYY
l9R0V+OUhxj/1RqWdcydN3ALhKol41bJEUZqiwVp1YOS+M0r5D37RNeJbZ3Crg47
bOzngzveKyZ8S3dhXZ1/yswMd9DdSbhs+Th6TFkT5xejb7wROlZBWSqWdMsIo075
mJcQbC/0KuUDlcKz3KaLygROVHuo04tszXPhg/6HbUgUkeFCWiwYC/T10QMdeSY8
vMoboPXfsA3kcl6XjYbDoNoVOdxFLrAxL8yf8TPSF6bF
-----END CERTIFICATE-----