Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/4fJd3OUxKotrDopMoPp8x_J3KXs.roa
File:                     4fJd3OUxKotrDopMoPp8x_J3KXs.roa (raw, json)
Hash identifier:          jo1NuUMOgj2DOUbbjYgsD3WHmHnI2e64VwgOioKGjxc=
Subject key identifier:   E1:F2:5D:DC:E5:31:2A:8B:6B:0E:8A:4C:A0:FA:7C:C7:F2:77:29:7B
Certificate issuer:       /CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Certificate serial:       019421B1D3F820E59D62B261EC01499FE258
Authority key identifier: 83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/4fJd3OUxKotrDopMoPp8x_J3KXs.roa
Signing time:             Wed 01 Jan 2025 11:48:09 +0000
ROA not before:           Wed 01 Jan 2025 11:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199258
IP address blocks:        91.196.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:d3:f8:20:e5:9d:62:b2:61:ec:01:49:9f:e2:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
        Validity
            Not Before: Jan  1 11:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e1f25ddce5312a8b6b0e8a4ca0fa7cc7f277297b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:44:23:4b:6e:9e:a0:d4:9c:5d:1e:eb:92:be:
                    11:e4:8d:87:b6:53:01:4b:ea:7c:ad:e0:b0:43:b1:
                    93:77:d5:e1:9e:bb:86:7a:04:d9:ae:c4:0b:40:af:
                    aa:27:9e:76:0f:51:cf:27:1e:06:a7:5f:b4:d5:9c:
                    8d:b1:93:26:fc:e4:bc:20:22:c2:35:28:f9:dd:84:
                    21:c2:aa:27:a9:2c:55:88:ac:17:9b:3f:83:21:ef:
                    69:ba:91:cc:aa:50:5a:0c:2b:92:01:42:11:7d:95:
                    6c:b3:f3:0b:63:64:54:4a:be:eb:5c:18:8d:0e:4d:
                    e3:02:77:85:5f:7e:91:52:f2:67:38:c5:f8:a2:ed:
                    88:89:ea:51:b7:97:39:13:49:b3:76:4c:4f:45:4d:
                    ac:63:a4:10:38:05:f4:14:26:f3:21:d4:94:78:f0:
                    f5:b0:d5:4f:d3:ae:29:83:d3:5e:54:d8:6e:17:ab:
                    e3:25:18:26:c1:9c:88:92:6f:a6:89:4e:2b:59:b2:
                    eb:05:55:e6:88:2e:14:0a:f4:ba:2e:0b:99:e1:4b:
                    94:8b:5f:7a:bd:c4:e7:aa:13:76:37:9d:06:34:91:
                    92:82:d8:bf:c0:dd:e8:51:04:59:85:d0:96:02:55:
                    02:eb:21:cc:be:a1:66:e2:1d:44:5d:b8:35:a1:0b:
                    8f:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:F2:5D:DC:E5:31:2A:8B:6B:0E:8A:4C:A0:FA:7C:C7:F2:77:29:7B
            X509v3 Authority Key Identifier:
                keyid:83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/4fJd3OUxKotrDopMoPp8x_J3KXs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.196.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:a3:4b:b3:48:fc:2e:c1:45:c3:06:57:1b:cb:93:dc:90:e6:
         f4:22:ab:24:83:82:7b:7b:7b:05:fc:d9:f2:da:0a:55:42:53:
         0b:7d:87:57:e2:75:16:7d:a9:6f:86:65:28:b9:e8:52:db:74:
         ac:00:f0:4b:be:37:da:4e:bd:40:13:55:08:2d:1d:89:e8:57:
         6f:ff:14:e2:74:91:80:64:5a:8c:6d:26:40:35:3a:31:62:e2:
         5d:98:32:1e:0f:d8:3e:40:13:e3:2d:b0:d4:c3:d8:6e:2f:e6:
         3c:d9:e4:20:9d:63:c7:90:30:d3:5c:8c:b4:9b:82:73:35:6a:
         c5:aa:ca:1f:b2:e8:04:69:9a:80:d0:4d:ec:27:19:28:36:b7:
         be:e6:05:7a:63:10:e4:c3:13:2b:49:39:79:62:67:e4:1c:31:
         f1:85:13:2e:e5:9e:b6:35:1c:2e:09:aa:a1:6e:61:71:42:e5:
         10:88:a8:f8:c2:8b:e5:1e:94:91:18:27:ca:5a:f9:d4:e1:12:
         07:eb:0a:89:67:af:3f:15:31:27:0b:70:79:11:4d:86:52:41:
         b9:f1:84:bb:e3:1b:21:ca:da:45:ec:1c:32:26:30:33:f4:d2:
         45:7f:fb:9f:8c:a2:6e:1f:af:0c:75:ed:58:c6:1c:40:cf:50:
         c4:97:f3:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsdP4IOWdYrJh7AFJn+JYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzhlZjQxYjJjMDEwNWE5MWNjYmI5Yzg5MzM3ZmFlYjEy
OWZmODQwHhcNMjUwMTAxMTE0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWYyNWRkY2U1MzEyYThiNmIwZThhNGNhMGZhN2NjN2YyNzcyOTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzkQjS26eoNScXR7rkr4R5I2HtlMB
S+p8reCwQ7GTd9XhnruGegTZrsQLQK+qJ552D1HPJx4Gp1+01ZyNsZMm/OS8ICLC
NSj53YQhwqonqSxViKwXmz+DIe9pupHMqlBaDCuSAUIRfZVss/MLY2RUSr7rXBiN
Dk3jAneFX36RUvJnOMX4ou2IiepRt5c5E0mzdkxPRU2sY6QQOAX0FCbzIdSUePD1
sNVP064pg9NeVNhuF6vjJRgmwZyIkm+miU4rWbLrBVXmiC4UCvS6LguZ4UuUi196
vcTnqhN2N50GNJGSgti/wN3oUQRZhdCWAlUC6yHMvqFm4h1EXbg1oQuP0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOHyXdzlMSqLaw6KTKD6fMfydyl7MB8GA1UdIwQY
MBaAFIM470GywBBakcy7nIkzf66xKf+EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3Mzgt
MjhmYzc3OTY3NzYzLzEvNGZKZDNPVXhLb3RyRG9wTW9QcDh4X0ozS1hzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3MzgtMjhmYzc3OTY3NzYz
LzEvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8SJMA0G
CSqGSIb3DQEBCwUAA4IBAQCno0uzSPwuwUXDBlcby5PckOb0Iqskg4J7e3sF/Nny
2gpVQlMLfYdX4nUWfalvhmUouehS23SsAPBLvjfaTr1AE1UILR2J6Fdv/xTidJGA
ZFqMbSZANToxYuJdmDIeD9g+QBPjLbDUw9huL+Y82eQgnWPHkDDTXIy0m4JzNWrF
qsofsugEaZqA0E3sJxkoNre+5gV6YxDkwxMrSTl5YmfkHDHxhRMu5Z62NRwuCaqh
bmFxQuUQiKj4wovlHpSRGCfKWvnU4RIH6wqJZ68/FTEnC3B5EU2GUkG58YS74xsh
ytpF7BwyJjAz9NJFf/ufjKJuH68Mde1YxhxAz1DEl/MD
-----END CERTIFICATE-----