Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/1YMSAZcA6qN5nfA4IfvoJQskI0M.roa
File:                     1YMSAZcA6qN5nfA4IfvoJQskI0M.roa (raw, json)
Hash identifier:          lxM/owWv+GlILHAGX273OSe2hOt+rd24BJaj3VgpBUI=
Subject key identifier:   D5:83:12:01:97:00:EA:A3:79:9D:F0:38:21:FB:E8:25:0B:24:23:43
Certificate issuer:       /CN=e30cc9429b63382e9b1714d21b3c96d2e5ebe257
Certificate serial:       018CC727484633F5A3E3B5FF69B1278CFCA6
Authority key identifier: E3:0C:C9:42:9B:63:38:2E:9B:17:14:D2:1B:3C:96:D2:E5:EB:E2:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4wzJQptjOC6bFxTSGzyW0uXr4lc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/1YMSAZcA6qN5nfA4IfvoJQskI0M.roa
Signing time:             Mon 01 Jan 2024 22:31:29 +0000
ROA not before:           Mon 01 Jan 2024 22:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201542
IP address blocks:        94.31.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/4wzJQptjOC6bFxTSGzyW0uXr4lc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/4wzJQptjOC6bFxTSGzyW0uXr4lc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4wzJQptjOC6bFxTSGzyW0uXr4lc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:48:46:33:f5:a3:e3:b5:ff:69:b1:27:8c:fc:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e30cc9429b63382e9b1714d21b3c96d2e5ebe257
        Validity
            Not Before: Jan  1 22:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d58312019700eaa3799df03821fbe8250b242343
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:4e:d0:df:4a:76:28:19:5b:87:0c:37:34:48:
                    31:be:1a:05:13:f4:f4:04:f2:6f:96:fd:db:4b:56:
                    86:c0:8b:78:f4:2d:22:ad:a8:54:25:0d:74:2b:0c:
                    3f:6d:20:84:58:01:16:7a:86:09:57:58:9c:1b:70:
                    a5:1a:29:44:be:37:1f:ec:90:24:f3:fd:f9:cf:0b:
                    a4:99:9b:c0:df:b4:f8:3d:1c:90:3b:21:d1:be:9e:
                    d9:5c:7c:7d:37:aa:eb:0f:99:37:9e:2a:51:af:c6:
                    e3:41:9a:50:7e:9d:bf:b5:3b:7f:10:4a:4b:37:ae:
                    44:cd:dc:c3:0b:72:e4:06:3c:7c:0b:c2:3c:ec:8d:
                    2d:89:60:18:a2:96:17:39:2c:10:aa:c7:2e:9d:dc:
                    43:ee:d9:98:c4:d4:91:67:7a:4f:03:41:93:34:69:
                    d0:f7:86:d1:d6:70:d0:3c:fc:24:8d:63:3d:fd:fb:
                    e3:8e:99:3d:87:58:fc:8e:8e:d5:ad:5e:8a:84:bf:
                    10:44:db:c9:82:12:47:cd:c6:ab:7a:9e:2b:90:f6:
                    e3:0d:00:7b:c6:57:b0:31:63:4d:e3:32:8a:18:6c:
                    f9:16:89:46:8f:21:38:ce:d1:02:cf:53:1b:98:00:
                    91:5f:c7:76:d4:e4:ba:ff:ab:ce:65:f7:a9:59:8e:
                    b6:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:83:12:01:97:00:EA:A3:79:9D:F0:38:21:FB:E8:25:0B:24:23:43
            X509v3 Authority Key Identifier:
                keyid:E3:0C:C9:42:9B:63:38:2E:9B:17:14:D2:1B:3C:96:D2:E5:EB:E2:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4wzJQptjOC6bFxTSGzyW0uXr4lc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/1YMSAZcA6qN5nfA4IfvoJQskI0M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/4wzJQptjOC6bFxTSGzyW0uXr4lc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.31.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:f0:7f:0e:bb:8a:52:0c:53:d5:3c:fa:f5:df:27:9d:77:01:
         d0:82:5a:bc:ea:bb:65:0f:db:fa:6d:9c:99:0b:e0:60:51:95:
         2f:a6:63:4e:f5:96:e9:f3:a4:75:0b:f9:f8:4b:af:a6:2e:ca:
         4f:1d:3c:c8:60:3d:53:7f:42:40:2a:87:97:d0:aa:e8:11:2a:
         df:ad:83:b9:ee:8d:c6:1a:78:f2:03:a2:3a:49:e1:99:02:9e:
         1f:f5:52:87:5f:96:d1:7a:19:ad:bb:24:97:8f:77:b1:d9:32:
         f5:f4:9f:32:00:47:f9:f2:cd:4a:12:cb:b3:61:c9:12:28:8e:
         9e:18:ab:b4:90:56:92:0d:05:7a:00:18:79:18:01:71:90:c1:
         4a:69:e0:a9:ed:03:2a:e6:f1:d7:24:91:0f:b8:09:9b:9a:75:
         27:f5:e6:dc:f9:a7:0c:cb:db:dd:dd:02:3d:d0:dd:ec:69:3d:
         52:21:bc:48:96:25:71:30:51:b8:f8:f9:5c:31:b9:c6:02:b1:
         b7:d0:25:bd:cc:00:16:c9:73:57:4d:60:c4:f6:73:61:6d:56:
         e5:1d:75:ab:88:9c:fe:47:0a:db:08:35:74:78:f5:59:81:8c:
         84:07:65:39:2d:4b:10:26:62:28:da:14:2b:81:a9:69:26:ec:
         fd:87:58:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ0hGM/Wj47X/abEnjPymMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzMGNjOTQyOWI2MzM4MmU5YjE3MTRkMjFiM2M5NmQyZTVl
YmUyNTcwHhcNMjQwMTAxMjIzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTgzMTIwMTk3MDBlYWEzNzk5ZGYwMzgyMWZiZTgyNTBiMjQyMzQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu07Q30p2KBlbhww3NEgxvhoFE/T0
BPJvlv3bS1aGwIt49C0irahUJQ10Kww/bSCEWAEWeoYJV1icG3ClGilEvjcf7JAk
8/35zwukmZvA37T4PRyQOyHRvp7ZXHx9N6rrD5k3nipRr8bjQZpQfp2/tTt/EEpL
N65EzdzDC3LkBjx8C8I87I0tiWAYopYXOSwQqscundxD7tmYxNSRZ3pPA0GTNGnQ
94bR1nDQPPwkjWM9/fvjjpk9h1j8jo7VrV6KhL8QRNvJghJHzcarep4rkPbjDQB7
xlewMWNN4zKKGGz5FolGjyE4ztECz1MbmACRX8d21OS6/6vOZfepWY62mwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNWDEgGXAOqjeZ3wOCH76CULJCNDMB8GA1UdIwQY
MBaAFOMMyUKbYzgumxcU0hs8ltLl6+JXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHd6SlFwdGpPQzZiRnhUU0d6eVcwdVhyNGxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNzMyODctYjFiMS00YWNhLWJkMmUt
ZGI0ZjM1MmU5YWQzLzEvMVlNU0FaY0E2cU41bmZBNElmdm9KUXNrSTBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNzMyODctYjFiMS00YWNhLWJkMmUtZGI0ZjM1MmU5YWQz
LzEvNHd6SlFwdGpPQzZiRnhUU0d6eVcwdVhyNGxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXh8zMA0G
CSqGSIb3DQEBCwUAA4IBAQAz8H8Ou4pSDFPVPPr13yeddwHQglq86rtlD9v6bZyZ
C+BgUZUvpmNO9Zbp86R1C/n4S6+mLspPHTzIYD1Tf0JAKoeX0KroESrfrYO57o3G
GnjyA6I6SeGZAp4f9VKHX5bRehmtuySXj3ex2TL19J8yAEf58s1KEsuzYckSKI6e
GKu0kFaSDQV6ABh5GAFxkMFKaeCp7QMq5vHXJJEPuAmbmnUn9ebc+acMy9vd3QI9
0N3saT1SIbxIliVxMFG4+PlcMbnGArG30CW9zAAWyXNXTWDE9nNhbVblHXWriJz+
RwrbCDV0ePVZgYyEB2U5LUsQJmIo2hQrgalpJuz9h1ge
-----END CERTIFICATE-----