Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/deaad8-3113-4512-a9ce-358243c551a2/1/4d-M2xoibAEms_RDQ9mCEYeUNpg.roa
File:                     4d-M2xoibAEms_RDQ9mCEYeUNpg.roa (raw, json)
Hash identifier:          wVeVUALjyzMUssmf4Hte549aQq7kwv7Or9f/6VG17Vc=
Subject key identifier:   E1:DF:8C:DB:1A:22:6C:01:26:B3:F4:43:43:D9:82:11:87:94:36:98
Certificate issuer:       /CN=d2cdd5f162a267800003cf30c18e9cebce274ec5
Certificate serial:       019423D6C4C80AB9C6F13896C08C3FF5C96D
Authority key identifier: D2:CD:D5:F1:62:A2:67:80:00:03:CF:30:C1:8E:9C:EB:CE:27:4E:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0s3V8WKiZ4AAA88wwY6c684nTsU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/deaad8-3113-4512-a9ce-358243c551a2/1/4d-M2xoibAEms_RDQ9mCEYeUNpg.roa
Signing time:             Wed 01 Jan 2025 21:47:45 +0000
ROA not before:           Wed 01 Jan 2025 21:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60631
IP address blocks:        185.252.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/deaad8-3113-4512-a9ce-358243c551a2/1/0s3V8WKiZ4AAA88wwY6c684nTsU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/deaad8-3113-4512-a9ce-358243c551a2/1/0s3V8WKiZ4AAA88wwY6c684nTsU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0s3V8WKiZ4AAA88wwY6c684nTsU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:c4:c8:0a:b9:c6:f1:38:96:c0:8c:3f:f5:c9:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2cdd5f162a267800003cf30c18e9cebce274ec5
        Validity
            Not Before: Jan  1 21:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e1df8cdb1a226c0126b3f44343d9821187943698
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:be:15:64:d2:3f:fd:b7:f3:c5:90:d4:e5:4e:
                    5f:25:56:00:a4:b6:14:de:ab:8d:f0:ba:a3:06:1e:
                    64:14:91:1e:7c:35:92:a7:a1:1d:ea:87:62:e7:bb:
                    18:f7:c6:b8:1b:e2:68:e4:79:9f:79:94:e9:10:04:
                    4b:73:96:dc:6a:2a:29:b5:a6:32:1d:f5:62:65:57:
                    63:29:2f:53:3e:dd:24:4b:06:4f:25:f4:9f:01:0b:
                    b6:6b:25:7a:88:ee:36:48:f6:86:97:4a:eb:9f:be:
                    17:5f:3b:47:72:43:03:0c:74:bf:71:5a:0c:96:2d:
                    52:66:a6:78:bf:30:8b:c9:74:d7:2d:4b:8a:d2:07:
                    cb:eb:ec:f6:b1:bd:a4:74:5c:76:d6:a9:37:14:46:
                    c6:2c:c0:89:54:f7:3e:cb:af:66:3a:e2:7e:0f:3e:
                    b7:da:63:24:09:0d:db:b3:c7:b2:db:81:2f:cb:84:
                    7f:5d:3e:b4:c9:2d:d6:32:8c:49:45:a8:8b:8d:85:
                    38:1d:1e:86:58:e1:24:7e:0d:35:86:5f:37:fd:ba:
                    4b:1c:bb:9b:17:13:97:31:9e:fe:92:b0:36:6d:45:
                    26:d2:22:c9:b7:eb:b7:5c:7c:b5:c7:18:0c:a7:aa:
                    80:db:5a:72:52:55:21:8e:c6:7b:31:dd:bd:6b:26:
                    b8:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:DF:8C:DB:1A:22:6C:01:26:B3:F4:43:43:D9:82:11:87:94:36:98
            X509v3 Authority Key Identifier:
                keyid:D2:CD:D5:F1:62:A2:67:80:00:03:CF:30:C1:8E:9C:EB:CE:27:4E:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0s3V8WKiZ4AAA88wwY6c684nTsU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/deaad8-3113-4512-a9ce-358243c551a2/1/4d-M2xoibAEms_RDQ9mCEYeUNpg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/deaad8-3113-4512-a9ce-358243c551a2/1/0s3V8WKiZ4AAA88wwY6c684nTsU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.252.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:74:52:07:29:91:f8:ba:a2:21:0d:4b:3c:47:2a:df:5f:cb:
         dd:3b:c7:fb:f3:2e:dc:cd:f7:34:a3:73:c2:38:2d:ae:a1:3f:
         3b:91:d2:9b:73:14:54:18:5c:96:6c:aa:b4:08:d6:5f:3c:be:
         5d:b9:0e:ab:2a:80:4d:df:20:26:01:b7:72:3b:50:19:0e:0a:
         94:a5:6b:66:2c:4f:57:10:21:24:e3:d5:ab:a7:b0:9d:90:7b:
         d2:ca:37:93:c8:68:aa:c7:63:3c:48:1a:92:1c:54:6d:8f:74:
         ea:58:69:91:de:06:71:1c:6c:33:54:22:91:0d:d9:48:4a:3e:
         a8:a0:0d:93:04:b3:ce:37:bd:ec:cf:13:d9:8e:e0:77:57:f4:
         16:6f:b4:4a:c5:a6:ce:d9:76:c8:fc:49:e4:13:7c:49:0d:1a:
         d4:91:06:55:3e:71:dc:13:6b:53:27:00:c0:7f:3b:6f:75:fa:
         8a:30:00:f2:a8:8e:d0:9c:a0:c0:ff:8a:ce:06:d9:f6:9f:c8:
         34:25:29:1e:0b:f8:75:67:8e:60:1b:9a:22:fb:de:98:bc:a0:
         8c:57:1d:b2:16:bc:86:bd:d1:62:8f:10:09:b4:11:1b:70:6b:
         41:bd:c3:27:39:9c:dc:2a:86:85:25:79:5d:d7:3e:92:56:28:
         06:5d:68:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1sTICrnG8TiWwIw/9cltMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyY2RkNWYxNjJhMjY3ODAwMDAzY2YzMGMxOGU5Y2ViY2Uy
NzRlYzUwHhcNMjUwMTAxMjE0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWRmOGNkYjFhMjI2YzAxMjZiM2Y0NDM0M2Q5ODIxMTg3OTQzNjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4b4VZNI//bfzxZDU5U5fJVYApLYU
3quN8LqjBh5kFJEefDWSp6Ed6odi57sY98a4G+Jo5HmfeZTpEARLc5bcaioptaYy
HfViZVdjKS9TPt0kSwZPJfSfAQu2ayV6iO42SPaGl0rrn74XXztHckMDDHS/cVoM
li1SZqZ4vzCLyXTXLUuK0gfL6+z2sb2kdFx21qk3FEbGLMCJVPc+y69mOuJ+Dz63
2mMkCQ3bs8ey24Evy4R/XT60yS3WMoxJRaiLjYU4HR6GWOEkfg01hl83/bpLHLub
FxOXMZ7+krA2bUUm0iLJt+u3XHy1xxgMp6qA21pyUlUhjsZ7Md29aya40wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOHfjNsaImwBJrP0Q0PZghGHlDaYMB8GA1UdIwQY
MBaAFNLN1fFiomeAAAPPMMGOnOvOJ07FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHMzVjhXS2laNEFBQTg4d3dZNmM2ODRuVHNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9kZWFhZDgtMzExMy00NTEyLWE5Y2Ut
MzU4MjQzYzU1MWEyLzEvNGQtTTJ4b2liQUVtc19SRFE5bUNFWWVVTnBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9kZWFhZDgtMzExMy00NTEyLWE5Y2UtMzU4MjQzYzU1MWEy
LzEvMHMzVjhXS2laNEFBQTg4d3dZNmM2ODRuVHNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufxWMA0G
CSqGSIb3DQEBCwUAA4IBAQA1dFIHKZH4uqIhDUs8RyrfX8vdO8f78y7czfc0o3PC
OC2uoT87kdKbcxRUGFyWbKq0CNZfPL5duQ6rKoBN3yAmAbdyO1AZDgqUpWtmLE9X
ECEk49Wrp7CdkHvSyjeTyGiqx2M8SBqSHFRtj3TqWGmR3gZxHGwzVCKRDdlISj6o
oA2TBLPON73szxPZjuB3V/QWb7RKxabO2XbI/EnkE3xJDRrUkQZVPnHcE2tTJwDA
fztvdfqKMADyqI7QnKDA/4rOBtn2n8g0JSkeC/h1Z45gG5oi+96YvKCMVx2yFryG
vdFijxAJtBEbcGtBvcMnOZzcKoaFJXld1z6SVigGXWgE
-----END CERTIFICATE-----