Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/nI1TRtfAQPCn1lgkr462b3T_edc.roa
File:                     nI1TRtfAQPCn1lgkr462b3T_edc.roa (raw, json)
Hash identifier:          XCo0bPbm1J2DIp735svYGPkoyfY4WnDsfVIOBM0uci8=
Subject key identifier:   9C:8D:53:46:D7:C0:40:F0:A7:D6:58:24:AF:8E:B6:6F:74:FF:79:D7
Certificate issuer:       /CN=e30cc9429b63382e9b1714d21b3c96d2e5ebe257
Certificate serial:       019427B571573801CF73FED9B841179CABD1
Authority key identifier: E3:0C:C9:42:9B:63:38:2E:9B:17:14:D2:1B:3C:96:D2:E5:EB:E2:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4wzJQptjOC6bFxTSGzyW0uXr4lc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/nI1TRtfAQPCn1lgkr462b3T_edc.roa
Signing time:             Thu 02 Jan 2025 15:49:49 +0000
ROA not before:           Thu 02 Jan 2025 15:49:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8149
IP address blocks:        213.152.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/4wzJQptjOC6bFxTSGzyW0uXr4lc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/4wzJQptjOC6bFxTSGzyW0uXr4lc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4wzJQptjOC6bFxTSGzyW0uXr4lc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 05:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:71:57:38:01:cf:73:fe:d9:b8:41:17:9c:ab:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e30cc9429b63382e9b1714d21b3c96d2e5ebe257
        Validity
            Not Before: Jan  2 15:49:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c8d5346d7c040f0a7d65824af8eb66f74ff79d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:46:53:60:9d:da:25:95:ff:ed:57:64:98:96:
                    b8:b4:3e:29:c0:5a:47:b9:a6:af:81:6f:ea:0c:20:
                    28:28:59:e0:dd:3f:f9:b5:0c:7d:12:41:8f:43:18:
                    1c:ee:d4:02:54:70:02:36:0d:aa:ae:7a:f1:ff:db:
                    14:ec:4a:00:b5:1a:2b:9b:db:15:78:f6:7d:49:f6:
                    46:e6:8f:85:e8:aa:38:82:b6:91:7c:ed:78:71:8c:
                    55:74:96:f6:3b:a9:d9:ac:05:09:44:8a:1a:96:7a:
                    b5:59:eb:19:8c:bb:40:82:39:8b:7e:98:06:a7:20:
                    b6:05:18:b0:25:ff:08:72:94:8b:e5:3b:bf:8a:a0:
                    e7:4f:74:8a:8d:d6:1e:4e:5b:be:52:49:27:11:57:
                    02:cb:a6:6b:25:62:4b:f2:1b:a3:83:79:58:e1:4c:
                    f7:71:84:ed:72:07:46:fe:e8:ea:5d:69:b8:ce:f7:
                    15:05:26:14:82:5a:57:3e:ff:53:bd:55:c8:01:2d:
                    6e:4b:c7:1a:c5:2b:71:f1:1b:2c:88:0e:39:ed:74:
                    8f:93:34:63:89:10:a4:df:3a:63:50:7c:b4:dd:59:
                    69:46:1e:92:8e:74:c3:30:2c:47:22:a1:a0:6d:ec:
                    dc:68:c9:8d:79:0b:91:7e:32:49:40:1e:55:1c:e7:
                    73:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:8D:53:46:D7:C0:40:F0:A7:D6:58:24:AF:8E:B6:6F:74:FF:79:D7
            X509v3 Authority Key Identifier:
                keyid:E3:0C:C9:42:9B:63:38:2E:9B:17:14:D2:1B:3C:96:D2:E5:EB:E2:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4wzJQptjOC6bFxTSGzyW0uXr4lc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/nI1TRtfAQPCn1lgkr462b3T_edc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/4wzJQptjOC6bFxTSGzyW0uXr4lc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.152.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:4c:e0:df:74:83:0b:9f:d8:48:0b:c7:d2:b6:71:95:db:34:
         a3:e6:a0:3b:be:d0:d5:84:14:15:3d:ac:c5:fc:84:f8:1f:a0:
         80:78:d9:f6:8c:5a:d2:72:78:fd:f6:d6:6e:66:ae:39:4f:b7:
         22:40:57:44:9a:55:b4:56:c6:40:59:cd:86:88:4d:60:c1:f9:
         b6:eb:d8:d9:d1:c6:0f:52:0d:c6:b1:73:70:58:74:62:b6:63:
         90:1e:4f:e9:22:f7:4e:89:12:8e:9f:8d:d1:18:e9:34:49:e8:
         28:28:22:69:0e:bc:0e:e5:77:21:ea:b5:80:6c:46:23:db:96:
         b8:aa:31:6c:21:e9:40:13:c2:28:5f:2f:71:af:67:27:67:c6:
         b4:a4:e2:05:7d:01:da:1c:20:73:9b:35:84:6d:82:e1:ac:a7:
         82:88:a4:13:cb:3e:b2:cf:d2:b1:9b:ec:89:7a:dd:5e:f9:4e:
         2c:de:98:93:b1:f6:7d:ee:1f:9b:c5:56:e3:b5:b7:3c:72:0f:
         f7:61:0b:2e:45:e0:67:a6:3e:21:d3:f0:98:02:4f:ca:d3:09:
         ff:d4:47:a3:a3:d1:6a:8f:30:2f:51:7d:47:c7:01:e0:47:3c:
         ec:d8:ff:40:c6:22:5d:26:6a:4a:ec:9a:1f:53:c7:dd:39:66:
         6b:ab:a3:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntXFXOAHPc/7ZuEEXnKvRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzMGNjOTQyOWI2MzM4MmU5YjE3MTRkMjFiM2M5NmQyZTVl
YmUyNTcwHhcNMjUwMTAyMTU0OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzhkNTM0NmQ3YzA0MGYwYTdkNjU4MjRhZjhlYjY2Zjc0ZmY3OWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw0ZTYJ3aJZX/7VdkmJa4tD4pwFpH
uaavgW/qDCAoKFng3T/5tQx9EkGPQxgc7tQCVHACNg2qrnrx/9sU7EoAtRorm9sV
ePZ9SfZG5o+F6Ko4graRfO14cYxVdJb2O6nZrAUJRIoalnq1WesZjLtAgjmLfpgG
pyC2BRiwJf8IcpSL5Tu/iqDnT3SKjdYeTlu+UkknEVcCy6ZrJWJL8hujg3lY4Uz3
cYTtcgdG/ujqXWm4zvcVBSYUglpXPv9TvVXIAS1uS8caxStx8RssiA457XSPkzRj
iRCk3zpjUHy03VlpRh6SjnTDMCxHIqGgbezcaMmNeQuRfjJJQB5VHOdz8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJyNU0bXwEDwp9ZYJK+Otm90/3nXMB8GA1UdIwQY
MBaAFOMMyUKbYzgumxcU0hs8ltLl6+JXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHd6SlFwdGpPQzZiRnhUU0d6eVcwdVhyNGxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNzMyODctYjFiMS00YWNhLWJkMmUt
ZGI0ZjM1MmU5YWQzLzEvbkkxVFJ0ZkFRUENuMWxna3I0NjJiM1RfZWRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNzMyODctYjFiMS00YWNhLWJkMmUtZGI0ZjM1MmU5YWQz
LzEvNHd6SlFwdGpPQzZiRnhUU0d6eVcwdVhyNGxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1ZjzMA0G
CSqGSIb3DQEBCwUAA4IBAQB4TODfdIMLn9hIC8fStnGV2zSj5qA7vtDVhBQVPazF
/IT4H6CAeNn2jFrScnj99tZuZq45T7ciQFdEmlW0VsZAWc2GiE1gwfm269jZ0cYP
Ug3GsXNwWHRitmOQHk/pIvdOiRKOn43RGOk0SegoKCJpDrwO5Xch6rWAbEYj25a4
qjFsIelAE8IoXy9xr2cnZ8a0pOIFfQHaHCBzmzWEbYLhrKeCiKQTyz6yz9Kxm+yJ
et1e+U4s3piTsfZ97h+bxVbjtbc8cg/3YQsuReBnpj4h0/CYAk/K0wn/1Eejo9Fq
jzAvUX1HxwHgRzzs2P9AxiJdJmpK7JofU8fdOWZrq6NA
-----END CERTIFICATE-----