Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/4RmFgeaXAJd1X-dTdRXJMfgftbk.roa
File:                     4RmFgeaXAJd1X-dTdRXJMfgftbk.roa (raw, json)
Hash identifier:          5GHERoQVDw2egYTst2P9R07I8OQ9JpqvcXWDT0oem1w=
Subject key identifier:   E1:19:85:81:E6:97:00:97:75:5F:E7:53:75:15:C9:31:F8:1F:B5:B9
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       01902FEA7B037E9F26E4C7B89A5C82FAF7FD
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/4RmFgeaXAJd1X-dTdRXJMfgftbk.roa
Signing time:             Wed 19 Jun 2024 09:53:34 +0000
ROA not before:           Wed 19 Jun 2024 09:53:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400536
IP address blocks:        185.24.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:2f:ea:7b:03:7e:9f:26:e4:c7:b8:9a:5c:82:fa:f7:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Jun 19 09:53:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1198581e6970097755fe7537515c931f81fb5b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:ae:af:65:a2:c3:64:d4:9d:5c:3f:3a:40:b6:
                    0f:b8:a5:24:09:de:7e:3c:7d:e4:45:d5:23:94:77:
                    23:98:f3:21:85:74:3f:2c:89:79:31:60:b0:e6:70:
                    ac:3c:09:03:4b:09:6a:d7:80:10:ee:58:07:b8:c8:
                    6c:4e:b7:00:a6:75:7b:ba:56:f8:56:42:db:96:bf:
                    62:fd:14:19:04:31:c7:c6:bf:4e:aa:73:04:45:f3:
                    3e:5c:63:dc:5d:99:c9:43:e8:87:45:26:9c:f6:7c:
                    fc:e7:42:c9:0a:ac:9f:05:9a:61:a3:fd:95:49:dd:
                    b3:71:84:6e:af:c1:54:9d:26:88:ec:6a:14:d8:db:
                    92:a8:88:d0:9d:75:01:df:3d:1d:d0:24:7c:c8:9b:
                    fc:3c:01:fe:4f:8b:c8:83:d1:8f:f8:47:98:2b:40:
                    6e:7c:34:96:f8:23:cd:5b:8d:59:22:e0:93:e3:67:
                    e4:57:f1:fc:ee:77:0a:26:21:ae:bd:36:e8:03:2f:
                    e2:e0:69:69:ff:02:f6:6c:c1:57:c2:28:ef:84:f4:
                    1e:87:17:84:ea:69:85:de:90:09:0c:0f:26:d6:24:
                    d0:81:1c:ff:63:e5:6a:6a:eb:2e:1f:b6:56:4f:7c:
                    02:1c:ee:13:94:94:73:fe:93:08:3d:4f:05:ab:d4:
                    a7:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:19:85:81:E6:97:00:97:75:5F:E7:53:75:15:C9:31:F8:1F:B5:B9
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/4RmFgeaXAJd1X-dTdRXJMfgftbk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.24.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:9f:de:3d:e2:2c:91:cf:8f:4e:ab:13:06:22:30:a9:06:38:
         28:e4:e7:14:fb:10:fa:44:9f:8c:62:20:b2:c4:a5:b7:14:80:
         c4:9f:93:a4:36:04:f2:86:43:53:b0:7d:a5:19:bc:20:cf:89:
         ed:20:a9:4f:c2:6a:c6:e3:1f:e5:a8:a6:49:18:0e:08:2b:4d:
         fc:12:b3:b2:4f:ea:f4:39:69:b0:82:49:ff:76:23:e1:2b:8a:
         76:13:f0:d6:06:83:87:4a:60:a0:dd:ec:7f:c8:5a:55:30:ef:
         99:ed:ab:f2:39:03:b8:25:f2:1d:94:55:93:9e:1b:19:83:f0:
         e1:53:e2:c5:61:04:e1:69:a2:a9:47:eb:0c:74:bb:cd:66:77:
         f8:f2:32:2e:0a:74:ec:c1:8e:63:da:2f:3d:08:f2:90:c6:8a:
         60:2c:32:aa:36:62:51:99:a9:0e:ba:b2:07:36:8a:1b:01:ab:
         a1:f2:0a:10:db:c1:c7:7d:9b:b1:12:e9:c4:6b:d9:33:62:33:
         81:12:3d:31:5c:8f:a2:59:94:b5:1f:0f:cc:88:c4:48:e0:d0:
         64:22:c6:0c:a7:e3:fd:7c:8c:ce:d3:c9:ff:03:1b:c7:46:7b:
         64:b8:49:08:98:e5:8d:99:33:aa:a0:68:40:8c:c5:f5:94:51:
         8f:db:bc:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAv6nsDfp8m5Me4mlyC+vf9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjQwNjE5MDk1MzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTE5ODU4MWU2OTcwMDk3NzU1ZmU3NTM3NTE1YzkzMWY4MWZiNWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAla6vZaLDZNSdXD86QLYPuKUkCd5+
PH3kRdUjlHcjmPMhhXQ/LIl5MWCw5nCsPAkDSwlq14AQ7lgHuMhsTrcApnV7ulb4
VkLblr9i/RQZBDHHxr9OqnMERfM+XGPcXZnJQ+iHRSac9nz850LJCqyfBZpho/2V
Sd2zcYRur8FUnSaI7GoU2NuSqIjQnXUB3z0d0CR8yJv8PAH+T4vIg9GP+EeYK0Bu
fDSW+CPNW41ZIuCT42fkV/H87ncKJiGuvTboAy/i4Glp/wL2bMFXwijvhPQehxeE
6mmF3pAJDA8m1iTQgRz/Y+VqausuH7ZWT3wCHO4TlJRz/pMIPU8Fq9SnjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOEZhYHmlwCXdV/nU3UVyTH4H7W5MB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvNFJtRmdlYVhBSmQxWC1kVGRSWEpNZmdmdGJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRiUMA0G
CSqGSIb3DQEBCwUAA4IBAQCnn9494iyRz49OqxMGIjCpBjgo5OcU+xD6RJ+MYiCy
xKW3FIDEn5OkNgTyhkNTsH2lGbwgz4ntIKlPwmrG4x/lqKZJGA4IK038ErOyT+r0
OWmwgkn/diPhK4p2E/DWBoOHSmCg3ex/yFpVMO+Z7avyOQO4JfIdlFWTnhsZg/Dh
U+LFYQThaaKpR+sMdLvNZnf48jIuCnTswY5j2i89CPKQxopgLDKqNmJRmakOurIH
NoobAauh8goQ28HHfZuxEunEa9kzYjOBEj0xXI+iWZS1Hw/MiMRI4NBkIsYMp+P9
fIzO08n/AxvHRntkuEkImOWNmTOqoGhAjMX1lFGP27wu
-----END CERTIFICATE-----