Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/1d2788-da40-431a-97d0-fbd46d9ca372/1/4f1jI7-qAw-Fm-OtnESqUBoebm0.roa
File:                     4f1jI7-qAw-Fm-OtnESqUBoebm0.roa (raw, json)
Hash identifier:          Yj15262IImuG/zvO4RGd+KynWz9BG4CJpl9H3lrssA0=
Subject key identifier:   E1:FD:63:23:BF:AA:03:0F:85:9B:E3:AD:9C:44:AA:50:1A:1E:6E:6D
Certificate issuer:       /CN=4dbe31b6bedc51f2aa2ec0a6453f2e435e808fb5
Certificate serial:       0194206816F5B1171DFB967CD52DDF8E0FE9
Authority key identifier: 4D:BE:31:B6:BE:DC:51:F2:AA:2E:C0:A6:45:3F:2E:43:5E:80:8F:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tb4xtr7cUfKqLsCmRT8uQ16Aj7U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/1d2788-da40-431a-97d0-fbd46d9ca372/1/4f1jI7-qAw-Fm-OtnESqUBoebm0.roa
Signing time:             Wed 01 Jan 2025 05:48:00 +0000
ROA not before:           Wed 01 Jan 2025 05:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3303
IP address blocks:        193.8.128.0/23 maxlen: 24
                          193.134.32.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/1d2788-da40-431a-97d0-fbd46d9ca372/1/Tb4xtr7cUfKqLsCmRT8uQ16Aj7U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/1d2788-da40-431a-97d0-fbd46d9ca372/1/Tb4xtr7cUfKqLsCmRT8uQ16Aj7U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tb4xtr7cUfKqLsCmRT8uQ16Aj7U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:16:f5:b1:17:1d:fb:96:7c:d5:2d:df:8e:0f:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dbe31b6bedc51f2aa2ec0a6453f2e435e808fb5
        Validity
            Not Before: Jan  1 05:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e1fd6323bfaa030f859be3ad9c44aa501a1e6e6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:de:13:b6:6d:e6:16:35:a5:33:af:1c:b0:71:
                    73:f2:94:15:04:98:29:1b:84:b0:f4:d6:69:48:a4:
                    a8:24:61:03:7c:35:af:7c:fe:13:bf:cb:98:a8:af:
                    d2:8a:1c:e5:72:2e:32:86:74:e4:76:c9:06:ac:e5:
                    b5:5e:6f:e1:92:ec:a4:6b:9b:3e:f7:0b:58:ff:be:
                    de:f0:73:ec:a7:dc:f5:e3:41:a7:b4:de:58:f6:c8:
                    1d:1c:5f:47:b2:90:3e:0c:f9:08:42:67:19:dd:62:
                    b0:ae:5f:4a:9f:4f:14:8f:80:51:7b:91:a7:52:88:
                    3f:b5:c0:4e:c8:27:52:30:0f:c0:37:be:d6:9b:77:
                    0e:00:3b:39:02:0b:c5:bd:6d:c7:84:6c:a0:08:89:
                    ec:13:db:45:c6:57:7e:19:63:1d:b7:54:6e:cb:b8:
                    37:58:4b:6f:8f:60:b9:df:e1:b2:eb:d8:1d:1a:21:
                    90:3e:cb:58:2f:0f:f4:83:9a:e1:6f:c9:1d:d4:66:
                    fa:6d:bd:9a:9e:cd:49:c9:aa:1f:17:b1:8b:b0:a0:
                    26:16:32:ce:93:b2:c3:8a:fc:9b:f2:72:29:1c:a6:
                    b5:67:c6:03:e5:a7:b7:1e:d1:74:b3:6e:52:68:0f:
                    5c:39:ef:e7:c9:12:47:aa:53:0d:12:3d:74:12:ee:
                    e1:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:FD:63:23:BF:AA:03:0F:85:9B:E3:AD:9C:44:AA:50:1A:1E:6E:6D
            X509v3 Authority Key Identifier:
                keyid:4D:BE:31:B6:BE:DC:51:F2:AA:2E:C0:A6:45:3F:2E:43:5E:80:8F:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tb4xtr7cUfKqLsCmRT8uQ16Aj7U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/1d2788-da40-431a-97d0-fbd46d9ca372/1/4f1jI7-qAw-Fm-OtnESqUBoebm0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/1d2788-da40-431a-97d0-fbd46d9ca372/1/Tb4xtr7cUfKqLsCmRT8uQ16Aj7U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.128.0/23
                  193.134.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         11:c6:2c:44:93:10:18:e0:26:4a:91:7c:c3:44:0e:07:c6:9b:
         a1:9d:6f:53:b4:6d:82:2c:73:e3:82:96:d2:65:bd:88:99:e7:
         f5:36:4a:df:8f:af:48:40:58:e7:d5:18:dc:97:ca:10:69:15:
         d8:64:46:f3:89:89:d0:30:9f:22:9a:7d:d9:45:b0:56:23:6b:
         9b:ea:79:76:82:b8:dc:c1:1b:32:2c:c7:d0:f8:1b:78:26:18:
         19:67:28:19:f3:28:a9:22:84:80:b1:b5:bc:a7:3b:e0:92:57:
         39:13:33:5b:cc:18:b9:43:a6:8b:b0:f9:1e:f9:58:2c:db:47:
         83:e6:7d:fd:8e:b0:0e:fa:ac:5e:ed:5d:6b:e6:c1:15:df:76:
         03:68:ce:26:84:41:18:e5:b4:6f:fd:5c:bb:ac:71:ad:e7:4e:
         02:4a:86:7f:61:15:4e:33:c0:81:7f:b1:ad:d4:67:c6:da:a5:
         dc:a7:03:11:63:61:37:ac:d1:f2:36:1c:10:23:f9:bf:fe:18:
         f7:b3:59:af:7b:83:6e:11:38:f0:0c:d2:4f:3a:c7:67:a0:9d:
         7d:46:a8:ec:2f:b5:d8:78:f6:f5:e5:8f:29:9f:dd:5b:18:88:
         2e:46:db:80:75:52:0f:e4:0a:cd:00:3f:25:d8:96:e3:42:fd:
         b8:b0:71:26
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQgaBb1sRcd+5Z81S3fjg/pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkYmUzMWI2YmVkYzUxZjJhYTJlYzBhNjQ1M2YyZTQzNWU4
MDhmYjUwHhcNMjUwMTAxMDU0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWZkNjMyM2JmYWEwMzBmODU5YmUzYWQ5YzQ0YWE1MDFhMWU2ZTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt94Ttm3mFjWlM68csHFz8pQVBJgp
G4Sw9NZpSKSoJGEDfDWvfP4Tv8uYqK/Sihzlci4yhnTkdskGrOW1Xm/hkuyka5s+
9wtY/77e8HPsp9z140GntN5Y9sgdHF9HspA+DPkIQmcZ3WKwrl9Kn08Uj4BRe5Gn
Uog/tcBOyCdSMA/AN77Wm3cOADs5AgvFvW3HhGygCInsE9tFxld+GWMdt1Ruy7g3
WEtvj2C53+Gy69gdGiGQPstYLw/0g5rhb8kd1Gb6bb2ans1JyaofF7GLsKAmFjLO
k7LDivyb8nIpHKa1Z8YD5ae3HtF0s25SaA9cOe/nyRJHqlMNEj10Eu7hRwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOH9YyO/qgMPhZvjrZxEqlAaHm5tMB8GA1UdIwQY
MBaAFE2+Mba+3FHyqi7ApkU/LkNegI+1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGI0eHRyN2NVZktxTHNDbVJUOHVRMTZBajdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8xZDI3ODgtZGE0MC00MzFhLTk3ZDAt
ZmJkNDZkOWNhMzcyLzEvNGYxakk3LXFBdy1GbS1PdG5FU3FVQm9lYm0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8xZDI3ODgtZGE0MC00MzFhLTk3ZDAtZmJkNDZkOWNhMzcy
LzEvVGI0eHRyN2NVZktxTHNDbVJUOHVRMTZBajdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwQiAAwQC
wYYgMA0GCSqGSIb3DQEBCwUAA4IBAQARxixEkxAY4CZKkXzDRA4HxpuhnW9TtG2C
LHPjgpbSZb2Imef1Nkrfj69IQFjn1Rjcl8oQaRXYZEbziYnQMJ8imn3ZRbBWI2ub
6nl2grjcwRsyLMfQ+Bt4JhgZZygZ8yipIoSAsbW8pzvgklc5EzNbzBi5Q6aLsPke
+Vgs20eD5n39jrAO+qxe7V1r5sEV33YDaM4mhEEY5bRv/Vy7rHGt504CSoZ/YRVO
M8CBf7Gt1GfG2qXcpwMRY2E3rNHyNhwQI/m//hj3s1mve4NuETjwDNJPOsdnoJ19
RqjsL7XYePb15Y8pn91bGIguRtuAdVIP5ArNAD8l2JbjQv24sHEm
-----END CERTIFICATE-----