Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/bb861d-330f-4a97-9f9c-66c53f2b1f02/1/DyR2WdJX7ABSVFzMG--Y2Rw480o.roa
File:                     DyR2WdJX7ABSVFzMG--Y2Rw480o.roa (raw, json)
Hash identifier:          +lC9V9G29eZ0ubABsOu96g/K8AVuHJSib8VHpmomp9Q=
Subject key identifier:   0F:24:76:59:D2:57:EC:00:52:54:5C:CC:1B:EF:98:D9:1C:38:F3:4A
Certificate issuer:       /CN=5d8a9fd7c51926e22ea8aa33b3b8838e93e8bedd
Certificate serial:       0194236A19AB6C09E3477BA2DC99D1E78B86
Authority key identifier: 5D:8A:9F:D7:C5:19:26:E2:2E:A8:AA:33:B3:B8:83:8E:93:E8:BE:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XYqf18UZJuIuqKozs7iDjpPovt0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/bb861d-330f-4a97-9f9c-66c53f2b1f02/1/DyR2WdJX7ABSVFzMG--Y2Rw480o.roa
Signing time:             Wed 01 Jan 2025 19:49:03 +0000
ROA not before:           Wed 01 Jan 2025 19:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214791
IP address blocks:        213.140.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/bb861d-330f-4a97-9f9c-66c53f2b1f02/1/XYqf18UZJuIuqKozs7iDjpPovt0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/bb861d-330f-4a97-9f9c-66c53f2b1f02/1/XYqf18UZJuIuqKozs7iDjpPovt0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XYqf18UZJuIuqKozs7iDjpPovt0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 16:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:19:ab:6c:09:e3:47:7b:a2:dc:99:d1:e7:8b:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d8a9fd7c51926e22ea8aa33b3b8838e93e8bedd
        Validity
            Not Before: Jan  1 19:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f247659d257ec0052545ccc1bef98d91c38f34a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:47:c9:34:0e:24:87:8c:8f:45:94:84:25:8c:
                    9c:65:15:29:35:ec:b6:4c:7b:74:1e:a3:30:57:de:
                    0f:4a:46:6b:2c:5e:08:d3:fe:14:b7:15:26:73:78:
                    62:af:0d:f6:c4:2e:c9:25:25:42:8c:39:cb:c0:69:
                    e5:ab:90:49:c0:69:6b:16:c7:39:9f:9f:19:0b:94:
                    cf:0f:0b:aa:e0:92:19:58:e4:6c:14:12:7f:18:42:
                    36:65:d1:64:31:e6:f6:02:1b:4a:f5:2e:06:d7:e5:
                    70:84:02:a0:4b:0c:75:46:92:e9:21:84:2d:8f:c0:
                    b1:5d:fd:2a:51:a0:03:9c:d7:94:a1:36:28:ed:a9:
                    df:16:97:b6:84:7c:cf:39:a9:1e:25:d5:77:6c:06:
                    b4:c3:4d:23:0c:96:f0:c9:ca:6d:22:14:4c:7d:f5:
                    de:b8:18:d9:d6:04:6c:11:68:6a:4e:3b:11:18:f6:
                    1e:f0:2e:2d:e5:9c:b7:03:58:ff:35:61:d9:8f:3f:
                    39:b8:b4:ab:df:ab:25:ae:ac:18:68:e4:9f:e2:07:
                    fb:91:87:3c:80:86:ba:20:2f:36:de:6b:30:ee:49:
                    32:85:f3:6a:72:f3:4d:a3:03:ca:ad:dc:29:6a:7d:
                    73:97:ce:eb:42:d0:32:01:23:a7:1b:b1:99:6a:c0:
                    0d:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:24:76:59:D2:57:EC:00:52:54:5C:CC:1B:EF:98:D9:1C:38:F3:4A
            X509v3 Authority Key Identifier:
                keyid:5D:8A:9F:D7:C5:19:26:E2:2E:A8:AA:33:B3:B8:83:8E:93:E8:BE:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XYqf18UZJuIuqKozs7iDjpPovt0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/bb861d-330f-4a97-9f9c-66c53f2b1f02/1/DyR2WdJX7ABSVFzMG--Y2Rw480o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/bb861d-330f-4a97-9f9c-66c53f2b1f02/1/XYqf18UZJuIuqKozs7iDjpPovt0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.140.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:c3:04:ba:4e:3a:b4:21:b6:a1:9f:87:8b:88:0f:68:27:20:
         8f:ef:5a:ac:8d:d0:fe:96:49:6d:d5:88:ad:e4:4d:35:45:ae:
         42:78:53:63:5f:81:63:30:a8:69:55:b6:d6:d5:92:79:d0:d6:
         f0:07:9e:1c:a7:d6:a3:cb:0b:c2:78:a2:50:6f:b1:04:41:45:
         56:a1:0e:d9:a4:d6:68:05:a8:30:02:8c:2a:eb:e6:49:2e:c8:
         d8:d4:c8:86:f4:0e:3c:b0:6e:9b:23:3c:76:19:5b:df:ed:74:
         30:6a:4b:2c:78:1b:c0:8f:e8:59:61:88:5a:ca:82:0c:ec:0e:
         44:0f:ac:3a:b3:ae:2d:f8:78:39:fe:4b:20:9d:dd:0b:c5:76:
         16:bb:06:6a:e4:9e:be:c5:a9:a5:1f:e6:9d:8d:c4:5d:33:66:
         a2:2c:80:1b:38:92:b8:2e:12:6f:41:da:4b:77:91:96:5f:f6:
         0a:e3:34:e6:14:63:ef:31:fe:ac:50:33:6b:f6:c4:56:c9:32:
         c2:30:e7:b7:9e:58:a9:d3:e7:0f:db:13:15:db:c0:ae:60:79:
         cb:70:33:0b:e2:41:47:73:c4:20:26:e6:b3:5a:f4:17:a0:b7:
         9c:ce:2c:ea:18:b2:33:6b:e9:94:db:81:80:ec:5f:a8:87:2d:
         d1:ef:fa:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjahmrbAnjR3ui3JnR54uGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkOGE5ZmQ3YzUxOTI2ZTIyZWE4YWEzM2IzYjg4MzhlOTNl
OGJlZGQwHhcNMjUwMTAxMTk0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjI0NzY1OWQyNTdlYzAwNTI1NDVjY2MxYmVmOThkOTFjMzhmMzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAukfJNA4kh4yPRZSEJYycZRUpNey2
THt0HqMwV94PSkZrLF4I0/4UtxUmc3hirw32xC7JJSVCjDnLwGnlq5BJwGlrFsc5
n58ZC5TPDwuq4JIZWORsFBJ/GEI2ZdFkMeb2AhtK9S4G1+VwhAKgSwx1RpLpIYQt
j8CxXf0qUaADnNeUoTYo7anfFpe2hHzPOakeJdV3bAa0w00jDJbwycptIhRMffXe
uBjZ1gRsEWhqTjsRGPYe8C4t5Zy3A1j/NWHZjz85uLSr36slrqwYaOSf4gf7kYc8
gIa6IC823msw7kkyhfNqcvNNowPKrdwpan1zl87rQtAyASOnG7GZasANLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA8kdlnSV+wAUlRczBvvmNkcOPNKMB8GA1UdIwQY
MBaAFF2Kn9fFGSbiLqiqM7O4g46T6L7dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFlxZjE4VVpKdUl1cUtvenM3aURqcFBvdnQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9iYjg2MWQtMzMwZi00YTk3LTlmOWMt
NjZjNTNmMmIxZjAyLzEvRHlSMldkSlg3QUJTVkZ6TUctLVkyUnc0ODBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9iYjg2MWQtMzMwZi00YTk3LTlmOWMtNjZjNTNmMmIxZjAy
LzEvWFlxZjE4VVpKdUl1cUtvenM3aURqcFBvdnQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1YyTMA0G
CSqGSIb3DQEBCwUAA4IBAQAYwwS6Tjq0Ibahn4eLiA9oJyCP71qsjdD+lklt1Yit
5E01Ra5CeFNjX4FjMKhpVbbW1ZJ50NbwB54cp9ajywvCeKJQb7EEQUVWoQ7ZpNZo
BagwAowq6+ZJLsjY1MiG9A48sG6bIzx2GVvf7XQwaksseBvAj+hZYYhayoIM7A5E
D6w6s64t+Hg5/ksgnd0LxXYWuwZq5J6+xamlH+adjcRdM2aiLIAbOJK4LhJvQdpL
d5GWX/YK4zTmFGPvMf6sUDNr9sRWyTLCMOe3nlip0+cP2xMV28CuYHnLcDML4kFH
c8QgJuazWvQXoLeczizqGLIza+mU24GA7F+ohy3R7/oB
-----END CERTIFICATE-----