Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/bb861d-330f-4a97-9f9c-66c53f2b1f02/1/ByhvC5UK-f2zjyXJoOZ55QYyoFY.roa
File:                     ByhvC5UK-f2zjyXJoOZ55QYyoFY.roa (raw, json)
Hash identifier:          7F3UrolhPGtbR/fySIsaZ7YzGq6FNxf2q9uu01GI6C0=
Subject key identifier:   07:28:6F:0B:95:0A:F9:FD:B3:8F:25:C9:A0:E6:79:E5:06:32:A0:56
Certificate issuer:       /CN=5d8a9fd7c51926e22ea8aa33b3b8838e93e8bedd
Certificate serial:       0194236A190197F1C21C08AD34499C248835
Authority key identifier: 5D:8A:9F:D7:C5:19:26:E2:2E:A8:AA:33:B3:B8:83:8E:93:E8:BE:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XYqf18UZJuIuqKozs7iDjpPovt0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/bb861d-330f-4a97-9f9c-66c53f2b1f02/1/ByhvC5UK-f2zjyXJoOZ55QYyoFY.roa
Signing time:             Wed 01 Jan 2025 19:49:03 +0000
ROA not before:           Wed 01 Jan 2025 19:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203780
IP address blocks:        213.140.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/bb861d-330f-4a97-9f9c-66c53f2b1f02/1/XYqf18UZJuIuqKozs7iDjpPovt0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/bb861d-330f-4a97-9f9c-66c53f2b1f02/1/XYqf18UZJuIuqKozs7iDjpPovt0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XYqf18UZJuIuqKozs7iDjpPovt0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:19:01:97:f1:c2:1c:08:ad:34:49:9c:24:88:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d8a9fd7c51926e22ea8aa33b3b8838e93e8bedd
        Validity
            Not Before: Jan  1 19:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=07286f0b950af9fdb38f25c9a0e679e50632a056
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:f3:13:3f:f4:56:0a:fe:94:c2:16:90:d6:a0:
                    97:cb:89:49:ee:a2:47:30:a3:b6:06:ed:a8:8b:8f:
                    7a:7d:69:21:d2:b2:33:06:08:c5:ce:12:d0:f5:8a:
                    3d:a4:d3:14:f4:0f:a6:e6:6b:cd:55:cf:53:2f:18:
                    1c:a0:ce:1c:98:de:a0:ef:a7:a5:38:47:87:f0:5e:
                    63:69:e5:92:63:75:09:fd:50:a6:d8:5f:6a:54:48:
                    9d:34:8b:e9:5e:fa:45:d5:78:73:31:cf:c3:02:fc:
                    02:ab:ed:4b:87:a4:d7:bc:04:4b:f0:61:8b:13:bc:
                    64:b3:aa:11:85:f1:92:f8:58:5c:20:e6:a8:2b:85:
                    db:ca:3a:19:c8:27:84:78:3a:83:e4:35:0a:46:60:
                    74:a4:f7:e2:50:9f:ab:a7:a7:02:13:c2:3b:23:da:
                    65:5f:45:8f:22:bf:09:fb:68:16:df:f5:80:7e:ed:
                    ae:d9:6a:ee:9f:99:03:0f:84:42:7b:c5:57:95:0f:
                    9c:d1:79:4b:4d:87:47:2a:bc:94:26:22:f0:2b:ba:
                    d2:ec:14:44:02:3e:f4:64:77:8d:03:fd:da:0c:fb:
                    5f:e8:42:30:49:c5:38:07:0a:1e:24:05:22:40:2b:
                    a2:5f:b2:9a:4c:7f:3d:10:8b:19:68:98:bc:19:48:
                    7a:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:28:6F:0B:95:0A:F9:FD:B3:8F:25:C9:A0:E6:79:E5:06:32:A0:56
            X509v3 Authority Key Identifier:
                keyid:5D:8A:9F:D7:C5:19:26:E2:2E:A8:AA:33:B3:B8:83:8E:93:E8:BE:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XYqf18UZJuIuqKozs7iDjpPovt0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/bb861d-330f-4a97-9f9c-66c53f2b1f02/1/ByhvC5UK-f2zjyXJoOZ55QYyoFY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/bb861d-330f-4a97-9f9c-66c53f2b1f02/1/XYqf18UZJuIuqKozs7iDjpPovt0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.140.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:f1:c2:02:eb:95:07:85:96:5d:82:00:f4:01:c3:58:02:f2:
         49:89:1e:c8:55:89:84:cc:6d:d6:72:d7:9a:4a:14:5d:50:7f:
         5c:a8:1c:83:18:93:51:67:d5:3b:c7:3b:25:f9:86:b4:fd:bb:
         a1:72:ea:67:60:4d:18:04:3f:f3:a5:47:13:ba:a4:e1:a3:50:
         9f:30:ec:81:74:a0:83:bf:92:95:3a:c0:0e:7b:a0:33:8e:31:
         5e:89:40:e1:3a:2a:44:9c:09:a5:5c:17:01:28:77:b9:76:7a:
         3c:dc:2d:2f:72:9c:0d:f0:dd:09:e6:42:97:db:6c:d9:5a:5e:
         06:88:75:99:3c:82:b1:fe:af:83:b4:16:b4:02:d2:ec:92:99:
         35:9a:85:e5:92:09:ec:fb:8c:17:57:e4:72:0b:0f:3e:23:ff:
         90:ba:75:66:14:ed:b1:5a:28:b3:80:d1:a9:95:c6:47:a2:a8:
         fb:c0:e4:09:36:96:e4:b9:dc:44:7c:a7:37:0f:c8:0f:16:6e:
         f0:e8:a8:ce:7f:99:65:68:37:8e:c6:9e:a6:7b:3b:9c:1c:8f:
         4e:d4:91:ad:d3:52:b9:95:4e:d9:97:f6:1a:e1:15:22:48:a1:
         f0:7c:1c:d5:42:e2:a3:af:e6:8d:ce:85:04:96:28:36:d3:dd:
         68:73:ee:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjahkBl/HCHAitNEmcJIg1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkOGE5ZmQ3YzUxOTI2ZTIyZWE4YWEzM2IzYjg4MzhlOTNl
OGJlZGQwHhcNMjUwMTAxMTk0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzI4NmYwYjk1MGFmOWZkYjM4ZjI1YzlhMGU2NzllNTA2MzJhMDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyvMTP/RWCv6UwhaQ1qCXy4lJ7qJH
MKO2Bu2oi496fWkh0rIzBgjFzhLQ9Yo9pNMU9A+m5mvNVc9TLxgcoM4cmN6g76el
OEeH8F5jaeWSY3UJ/VCm2F9qVEidNIvpXvpF1XhzMc/DAvwCq+1Lh6TXvARL8GGL
E7xks6oRhfGS+FhcIOaoK4XbyjoZyCeEeDqD5DUKRmB0pPfiUJ+rp6cCE8I7I9pl
X0WPIr8J+2gW3/WAfu2u2Wrun5kDD4RCe8VXlQ+c0XlLTYdHKryUJiLwK7rS7BRE
Aj70ZHeNA/3aDPtf6EIwScU4BwoeJAUiQCuiX7KaTH89EIsZaJi8GUh6JwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAcobwuVCvn9s48lyaDmeeUGMqBWMB8GA1UdIwQY
MBaAFF2Kn9fFGSbiLqiqM7O4g46T6L7dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFlxZjE4VVpKdUl1cUtvenM3aURqcFBvdnQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9iYjg2MWQtMzMwZi00YTk3LTlmOWMt
NjZjNTNmMmIxZjAyLzEvQnlodkM1VUstZjJ6anlYSm9PWjU1UVl5b0ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9iYjg2MWQtMzMwZi00YTk3LTlmOWMtNjZjNTNmMmIxZjAy
LzEvWFlxZjE4VVpKdUl1cUtvenM3aURqcFBvdnQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1YyQMA0G
CSqGSIb3DQEBCwUAA4IBAQBG8cIC65UHhZZdggD0AcNYAvJJiR7IVYmEzG3Wctea
ShRdUH9cqByDGJNRZ9U7xzsl+Ya0/buhcupnYE0YBD/zpUcTuqTho1CfMOyBdKCD
v5KVOsAOe6AzjjFeiUDhOipEnAmlXBcBKHe5dno83C0vcpwN8N0J5kKX22zZWl4G
iHWZPIKx/q+DtBa0AtLskpk1moXlkgns+4wXV+RyCw8+I/+QunVmFO2xWiizgNGp
lcZHoqj7wOQJNpbkudxEfKc3D8gPFm7w6KjOf5llaDeOxp6mezucHI9O1JGt01K5
lU7Zl/Ya4RUiSKHwfBzVQuKjr+aNzoUElig2091oc+5N
-----END CERTIFICATE-----