Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/4LQRw4BgeKzT0XyTD5QBjNFL0kA.roa
File:                     4LQRw4BgeKzT0XyTD5QBjNFL0kA.roa (raw, json)
Hash identifier:          75c6Vy+oVZq0RHWQ07BkDH7k5DGceGU8HgDKkl2pGdc=
Subject key identifier:   E0:B4:11:C3:80:60:78:AC:D3:D1:7C:93:0F:94:01:8C:D1:4B:D2:40
Certificate issuer:       /CN=4dd954d3c77c9c4e37eebf753d86f3dcf091d4a9
Certificate serial:       018CC5DC7726523CB8BE342957CD891BFF9C
Authority key identifier: 4D:D9:54:D3:C7:7C:9C:4E:37:EE:BF:75:3D:86:F3:DC:F0:91:D4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/4LQRw4BgeKzT0XyTD5QBjNFL0kA.roa
Signing time:             Mon 01 Jan 2024 16:30:09 +0000
ROA not before:           Mon 01 Jan 2024 16:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6079
IP address blocks:        159.197.224.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:77:26:52:3c:b8:be:34:29:57:cd:89:1b:ff:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd954d3c77c9c4e37eebf753d86f3dcf091d4a9
        Validity
            Not Before: Jan  1 16:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0b411c3806078acd3d17c930f94018cd14bd240
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:fb:10:90:2f:94:ff:68:69:35:f2:fa:77:b4:
                    37:bc:94:c6:57:9f:48:59:97:d7:1d:84:2e:3f:4a:
                    8b:ac:9f:40:4f:74:e7:9f:c9:9c:28:f9:38:b9:ed:
                    a0:99:6d:0a:5d:21:dc:9d:37:c7:44:c8:3e:01:aa:
                    81:55:d6:c2:e0:4e:79:35:82:f8:fb:f0:ee:51:e6:
                    99:6e:f9:78:9f:1f:f3:88:ee:af:34:a2:5c:4d:19:
                    20:71:c1:d6:b6:da:c7:29:cd:54:d2:21:84:6b:00:
                    ec:49:b8:0d:f2:ef:17:2e:8d:df:11:9f:3d:da:67:
                    bb:c2:3f:a0:86:02:57:19:37:c2:0d:63:d6:e5:2b:
                    5b:ce:d0:af:32:d1:b4:a5:97:82:d1:5a:ff:f2:7f:
                    1a:de:c3:f9:81:bd:bb:25:64:aa:9d:b5:a8:d8:49:
                    98:96:29:3c:37:b7:46:06:ca:b0:58:75:2c:ba:8e:
                    d2:5c:d0:8b:5a:d7:9c:a6:10:2c:42:63:cb:b9:e1:
                    67:80:b9:d7:6a:35:93:9a:59:c3:a2:84:30:e1:d9:
                    9c:f1:70:d5:f2:69:ab:3f:13:ba:f6:f7:7c:db:b8:
                    44:93:0e:da:e5:ca:5c:96:9b:79:06:5e:b5:98:b8:
                    df:49:cb:71:2f:b0:39:c5:f7:67:b3:c5:15:b4:52:
                    d1:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:B4:11:C3:80:60:78:AC:D3:D1:7C:93:0F:94:01:8C:D1:4B:D2:40
            X509v3 Authority Key Identifier:
                keyid:4D:D9:54:D3:C7:7C:9C:4E:37:EE:BF:75:3D:86:F3:DC:F0:91:D4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/4LQRw4BgeKzT0XyTD5QBjNFL0kA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.197.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         88:e3:7f:35:cf:d5:24:b7:ca:ad:c4:7f:30:5a:93:91:c7:08:
         42:b1:15:7e:de:7f:b0:79:0e:67:ee:b5:e5:66:34:fd:fc:0b:
         11:55:09:11:21:9a:90:ff:d3:52:32:32:e8:b3:10:0b:26:3d:
         51:38:84:34:29:df:68:be:a6:ab:4f:37:76:b6:31:e5:1f:61:
         1e:8f:ba:30:05:55:89:9c:fa:43:ff:aa:8d:ad:34:1f:24:bb:
         9e:74:fc:05:c9:fc:cb:d9:f4:85:5c:a1:ae:26:d9:6c:2d:d9:
         6e:39:80:3e:56:7e:4c:f7:88:30:22:49:81:83:3b:7a:8b:8f:
         92:2b:e7:95:71:42:1b:a1:84:99:01:1c:b7:d1:a6:02:4e:5e:
         56:b3:8d:ae:66:41:a2:d1:59:b6:1a:50:d6:45:c7:44:01:c1:
         e9:02:67:41:8d:32:40:f9:bf:2a:1c:34:5a:58:aa:72:da:45:
         42:5e:e0:fd:e5:63:32:5a:a7:1d:13:2f:99:0e:c5:47:d4:3c:
         28:6e:f9:19:d0:3d:93:ed:c7:74:1c:7d:c5:d8:e8:88:0d:a9:
         89:91:68:0d:c5:46:e9:d3:bc:a0:72:a6:a4:90:1d:f9:9b:20:
         cb:7a:a9:ab:5a:54:5a:bb:8b:15:e4:44:74:1f:0b:57:9f:b9:
         05:4b:fb:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3HcmUjy4vjQpV82JG/+cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDk1NGQzYzc3YzljNGUzN2VlYmY3NTNkODZmM2RjZjA5
MWQ0YTkwHhcNMjQwMTAxMTYzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGI0MTFjMzgwNjA3OGFjZDNkMTdjOTMwZjk0MDE4Y2QxNGJkMjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApvsQkC+U/2hpNfL6d7Q3vJTGV59I
WZfXHYQuP0qLrJ9AT3Tnn8mcKPk4ue2gmW0KXSHcnTfHRMg+AaqBVdbC4E55NYL4
+/DuUeaZbvl4nx/ziO6vNKJcTRkgccHWttrHKc1U0iGEawDsSbgN8u8XLo3fEZ89
2me7wj+ghgJXGTfCDWPW5StbztCvMtG0pZeC0Vr/8n8a3sP5gb27JWSqnbWo2EmY
lik8N7dGBsqwWHUsuo7SXNCLWtecphAsQmPLueFngLnXajWTmlnDooQw4dmc8XDV
8mmrPxO69vd827hEkw7a5cpclpt5Bl61mLjfSctxL7A5xfdns8UVtFLRdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOC0EcOAYHis09F8kw+UAYzRS9JAMB8GA1UdIwQY
MBaAFE3ZVNPHfJxON+6/dT2G89zwkdSpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRsVTA4ZDhuRTQzN3I5MVBZYnozUENSMUtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC83YTJhOTktMTQ2Yy00NzgxLWEzMDIt
ZWI3YWFhNjgyOGJlLzEvNExRUnc0QmdlS3pUMFh5VEQ1UUJqTkZMMGtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC83YTJhOTktMTQ2Yy00NzgxLWEzMDItZWI3YWFhNjgyOGJl
LzEvVGRsVTA4ZDhuRTQzN3I5MVBZYnozUENSMUtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFn8XgMA0G
CSqGSIb3DQEBCwUAA4IBAQCI4381z9Ukt8qtxH8wWpORxwhCsRV+3n+weQ5n7rXl
ZjT9/AsRVQkRIZqQ/9NSMjLosxALJj1ROIQ0Kd9ovqarTzd2tjHlH2Eej7owBVWJ
nPpD/6qNrTQfJLuedPwFyfzL2fSFXKGuJtlsLdluOYA+Vn5M94gwIkmBgzt6i4+S
K+eVcUIboYSZARy30aYCTl5Ws42uZkGi0Vm2GlDWRcdEAcHpAmdBjTJA+b8qHDRa
WKpy2kVCXuD95WMyWqcdEy+ZDsVH1DwobvkZ0D2T7cd0HH3F2OiIDamJkWgNxUbp
07ygcqakkB35myDLeqmrWlRau4sV5ER0HwtXn7kFS/uG
-----END CERTIFICATE-----