Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/7dda1c-87e0-4b49-bd9b-3deba1666e9b/1/S4GEAGQpLNuwxd69ASEGW9Vms4c.roa
File:                     S4GEAGQpLNuwxd69ASEGW9Vms4c.roa (raw, json)
Hash identifier:          FsqX6X9yKqotnT07LkiZuZ69e3G5OYb0RnxsqAXswi8=
Subject key identifier:   4B:81:84:00:64:29:2C:DB:B0:C5:DE:BD:01:21:06:5B:D5:66:B3:87
Certificate issuer:       /CN=c62f0803c4298e156d563bd4f207cb5b8361026e
Certificate serial:       019420684443E00BF15E6772360A5005ABF2
Authority key identifier: C6:2F:08:03:C4:29:8E:15:6D:56:3B:D4:F2:07:CB:5B:83:61:02:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xi8IA8QpjhVtVjvU8gfLW4NhAm4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/7dda1c-87e0-4b49-bd9b-3deba1666e9b/1/S4GEAGQpLNuwxd69ASEGW9Vms4c.roa
Signing time:             Wed 01 Jan 2025 05:48:11 +0000
ROA not before:           Wed 01 Jan 2025 05:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198701
IP address blocks:        185.236.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/7dda1c-87e0-4b49-bd9b-3deba1666e9b/1/xi8IA8QpjhVtVjvU8gfLW4NhAm4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/7dda1c-87e0-4b49-bd9b-3deba1666e9b/1/xi8IA8QpjhVtVjvU8gfLW4NhAm4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xi8IA8QpjhVtVjvU8gfLW4NhAm4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:44:43:e0:0b:f1:5e:67:72:36:0a:50:05:ab:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c62f0803c4298e156d563bd4f207cb5b8361026e
        Validity
            Not Before: Jan  1 05:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4b81840064292cdbb0c5debd0121065bd566b387
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:3e:52:db:b9:da:8b:fe:ed:88:33:8a:e7:45:
                    20:24:90:80:4a:1b:55:80:4f:02:da:7e:2b:4b:71:
                    87:72:b8:92:4e:2e:cb:59:f8:06:1b:22:04:65:b3:
                    2d:58:34:e9:fc:63:92:da:9e:06:aa:6b:f4:0b:61:
                    9a:73:84:05:d4:ed:e2:50:8c:87:31:b8:fa:8d:df:
                    1c:3e:3a:78:2d:30:54:d4:4a:27:19:9a:f0:b6:7c:
                    ff:c3:cc:88:fd:66:e1:4d:8c:19:35:92:3b:52:80:
                    2f:e6:da:19:a8:b1:49:c0:07:79:a6:c4:19:0d:79:
                    85:a7:0f:ca:96:e3:47:e2:3e:65:55:0e:a1:77:77:
                    7c:c5:06:23:b7:6e:2f:55:a7:0a:1d:9c:f8:d8:fa:
                    7c:1d:89:e8:36:be:85:eb:2d:7f:d8:20:78:8c:4a:
                    93:94:8c:8b:76:3d:c0:06:df:74:60:c3:79:b3:67:
                    92:a4:bf:6c:1d:33:cf:12:da:21:31:f2:20:48:e2:
                    5a:77:fb:a7:f3:e6:0e:c6:95:45:2b:6e:07:9f:fd:
                    f2:a9:16:fd:46:5f:cf:cd:fc:d3:43:33:68:99:17:
                    b4:05:0d:a2:38:c1:49:f7:51:74:f5:ed:d5:42:2c:
                    d5:39:f1:4a:d7:6a:60:f9:0f:0e:87:6b:91:54:7f:
                    e9:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:81:84:00:64:29:2C:DB:B0:C5:DE:BD:01:21:06:5B:D5:66:B3:87
            X509v3 Authority Key Identifier:
                keyid:C6:2F:08:03:C4:29:8E:15:6D:56:3B:D4:F2:07:CB:5B:83:61:02:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xi8IA8QpjhVtVjvU8gfLW4NhAm4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/7dda1c-87e0-4b49-bd9b-3deba1666e9b/1/S4GEAGQpLNuwxd69ASEGW9Vms4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/7dda1c-87e0-4b49-bd9b-3deba1666e9b/1/xi8IA8QpjhVtVjvU8gfLW4NhAm4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.236.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:62:e5:4b:bd:30:03:e6:60:76:85:a0:4a:48:48:08:a6:bd:
         f1:85:ae:c1:a8:86:be:a5:4c:68:5d:3f:6b:35:96:91:fe:83:
         e1:2f:62:d5:14:9e:8b:18:11:6a:27:e3:85:ce:0f:cf:ab:2f:
         2e:fa:9e:61:a4:03:a6:11:1b:e8:bf:ad:3a:7c:9e:9c:72:79:
         c1:89:25:91:d4:7d:14:c0:aa:2a:ed:04:26:da:3f:ec:d8:ef:
         e3:c4:43:d9:4e:7d:4c:9c:de:db:13:fa:0d:11:81:44:51:d2:
         00:03:6f:f4:2d:2a:63:43:02:11:a8:39:fd:5a:50:bd:4a:25:
         e5:71:9d:d9:73:92:af:87:45:da:92:85:7e:fc:79:df:3b:30:
         df:61:87:b2:d2:f7:d4:55:ff:75:23:c3:65:e3:02:db:3b:0d:
         ca:79:cb:4e:9c:11:59:92:a8:fd:2a:02:50:79:98:d6:e0:67:
         c7:3d:e1:6e:cc:d7:6a:94:db:08:39:b6:6c:20:57:57:0b:4a:
         eb:5e:05:e0:31:b2:1b:a6:9a:5e:34:58:4c:b1:ee:01:86:2e:
         dc:f7:18:d4:c1:8a:e7:db:16:e8:82:e0:e4:bb:23:f9:ff:08:
         46:36:89:84:3f:a5:fb:5f:18:86:ee:b2:2f:88:11:38:f2:b6:
         a2:83:36:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaERD4AvxXmdyNgpQBavyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MmYwODAzYzQyOThlMTU2ZDU2M2JkNGYyMDdjYjViODM2
MTAyNmUwHhcNMjUwMTAxMDU0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjgxODQwMDY0MjkyY2RiYjBjNWRlYmQwMTIxMDY1YmQ1NjZiMzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhj5S27nai/7tiDOK50UgJJCAShtV
gE8C2n4rS3GHcriSTi7LWfgGGyIEZbMtWDTp/GOS2p4Gqmv0C2Gac4QF1O3iUIyH
Mbj6jd8cPjp4LTBU1EonGZrwtnz/w8yI/WbhTYwZNZI7UoAv5toZqLFJwAd5psQZ
DXmFpw/KluNH4j5lVQ6hd3d8xQYjt24vVacKHZz42Pp8HYnoNr6F6y1/2CB4jEqT
lIyLdj3ABt90YMN5s2eSpL9sHTPPEtohMfIgSOJad/un8+YOxpVFK24Hn/3yqRb9
Rl/PzfzTQzNomRe0BQ2iOMFJ91F09e3VQizVOfFK12pg+Q8Oh2uRVH/pZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEuBhABkKSzbsMXevQEhBlvVZrOHMB8GA1UdIwQY
MBaAFMYvCAPEKY4VbVY71PIHy1uDYQJuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGk4SUE4UXBqaFZ0Vmp2VThnZkxXNE5oQW00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi83ZGRhMWMtODdlMC00YjQ5LWJkOWIt
M2RlYmExNjY2ZTliLzEvUzRHRUFHUXBMTnV3eGQ2OUFTRUdXOVZtczRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi83ZGRhMWMtODdlMC00YjQ5LWJkOWItM2RlYmExNjY2ZTli
LzEveGk4SUE4UXBqaFZ0Vmp2VThnZkxXNE5oQW00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuewsMA0G
CSqGSIb3DQEBCwUAA4IBAQCPYuVLvTAD5mB2haBKSEgIpr3xha7BqIa+pUxoXT9r
NZaR/oPhL2LVFJ6LGBFqJ+OFzg/Pqy8u+p5hpAOmERvov606fJ6ccnnBiSWR1H0U
wKoq7QQm2j/s2O/jxEPZTn1MnN7bE/oNEYFEUdIAA2/0LSpjQwIRqDn9WlC9SiXl
cZ3Zc5Kvh0XakoV+/HnfOzDfYYey0vfUVf91I8Nl4wLbOw3KectOnBFZkqj9KgJQ
eZjW4GfHPeFuzNdqlNsIObZsIFdXC0rrXgXgMbIbpppeNFhMse4Bhi7c9xjUwYrn
2xboguDkuyP5/whGNomEP6X7XxiG7rIviBE48raigzZ/
-----END CERTIFICATE-----