Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/4aLKf3M4ItIPeyFphfSQboR-L9I.roa
File:                     4aLKf3M4ItIPeyFphfSQboR-L9I.roa (raw, json)
Hash identifier:          Op+X3FqkTMuYprY3w6pQa3fUaMNGhT8z+g0c/alJ38A=
Subject key identifier:   E1:A2:CA:7F:73:38:22:D2:0F:7B:21:69:85:F4:90:6E:84:7E:2F:D2
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       0194228DA1DD87781C3BF3CA14F710477576
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/4aLKf3M4ItIPeyFphfSQboR-L9I.roa
Signing time:             Wed 01 Jan 2025 15:48:14 +0000
ROA not before:           Wed 01 Jan 2025 15:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50875
IP address blocks:        213.14.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 02:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:a1:dd:87:78:1c:3b:f3:ca:14:f7:10:47:75:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Jan  1 15:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e1a2ca7f733822d20f7b216985f4906e847e2fd2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:87:df:fa:61:e1:eb:f3:58:a6:9d:19:db:a3:
                    e5:e1:a8:b4:b8:c1:4f:84:1a:4c:af:3a:68:5c:4b:
                    a1:55:e8:f9:56:73:b7:bb:f5:67:48:5e:b9:98:35:
                    12:1e:c7:5b:e1:ab:eb:6d:3c:25:a1:5b:c0:73:45:
                    2d:75:cc:39:c9:89:7f:34:79:6b:a5:35:95:e9:62:
                    d1:84:55:e2:64:83:10:97:8f:17:cf:c1:2a:99:f2:
                    80:44:2e:0d:a8:53:ed:0f:55:a9:25:4f:30:b8:3c:
                    34:7a:3e:8a:bb:5c:f3:9f:b1:21:2d:11:a3:48:79:
                    f4:78:0c:70:19:30:2d:ed:1a:f0:88:cd:f7:11:5a:
                    13:92:48:70:03:08:32:e6:e5:bb:7c:a4:e0:7a:c9:
                    cc:74:9b:4a:83:6c:ef:23:0a:ee:18:5a:27:ed:61:
                    6f:f5:3b:13:f8:49:32:3a:85:3d:03:df:e6:aa:d2:
                    d8:96:64:16:10:21:ee:fa:a7:d6:39:1d:23:ce:6c:
                    c2:78:f6:a1:97:3e:43:bb:cb:54:98:50:e9:d1:ef:
                    73:db:95:a7:7f:8f:9a:d2:68:6c:2d:64:b7:e4:23:
                    e7:ac:7c:64:ed:2f:23:c7:b1:0f:d7:70:77:3d:a1:
                    3d:08:0a:fe:fe:a0:ea:49:f9:44:8f:53:77:60:b1:
                    b1:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:A2:CA:7F:73:38:22:D2:0F:7B:21:69:85:F4:90:6E:84:7E:2F:D2
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/4aLKf3M4ItIPeyFphfSQboR-L9I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.14.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:84:b2:21:5e:db:d6:c6:da:f3:53:9a:50:81:05:0b:af:5e:
         d4:eb:e8:5f:41:7c:7e:c9:e1:18:1a:1e:2d:09:50:f7:9d:4e:
         83:a4:7a:cd:1f:cc:65:9c:93:5f:6e:aa:ad:83:3b:7d:01:d8:
         72:ed:d1:bc:ed:48:f8:c0:74:5c:e7:39:e9:64:95:de:6a:00:
         72:a1:1c:d7:b6:63:c6:e9:bd:74:4b:9f:6a:f4:98:b2:a5:d8:
         29:d8:e9:8b:cc:26:e0:72:28:10:81:af:cd:cf:04:14:69:b0:
         6f:d1:b8:47:d6:06:09:2b:6c:3b:d8:ca:86:b7:e7:20:85:b7:
         a0:c3:d7:0a:5c:1c:a7:7c:43:a7:c1:c7:00:35:65:8b:fa:40:
         aa:bf:ba:6a:25:ee:65:ea:53:0a:24:8f:e0:33:5b:08:80:c7:
         42:dc:6a:53:6f:0d:6c:7f:5a:dc:fe:da:74:25:e6:e5:11:18:
         36:e8:63:47:5e:4c:a6:ec:3d:0f:eb:fb:1d:86:d0:45:b2:38:
         af:15:fc:2f:ce:af:33:b4:99:a9:1c:f6:46:f6:f9:91:81:a4:
         ad:18:fe:45:76:b5:ca:d4:34:c8:30:74:f0:a6:04:ef:ca:3d:
         08:e6:d5:69:52:96:cc:f9:47:08:c0:a4:07:b3:26:64:61:54:
         a3:56:7d:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijaHdh3gcO/PKFPcQR3V2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjUwMTAxMTU0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWEyY2E3ZjczMzgyMmQyMGY3YjIxNjk4NWY0OTA2ZTg0N2UyZmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqIff+mHh6/NYpp0Z26Pl4ai0uMFP
hBpMrzpoXEuhVej5VnO3u/VnSF65mDUSHsdb4avrbTwloVvAc0Utdcw5yYl/NHlr
pTWV6WLRhFXiZIMQl48Xz8EqmfKARC4NqFPtD1WpJU8wuDw0ej6Ku1zzn7EhLRGj
SHn0eAxwGTAt7RrwiM33EVoTkkhwAwgy5uW7fKTgesnMdJtKg2zvIwruGFon7WFv
9TsT+EkyOoU9A9/mqtLYlmQWECHu+qfWOR0jzmzCePahlz5Du8tUmFDp0e9z25Wn
f4+a0mhsLWS35CPnrHxk7S8jx7EP13B3PaE9CAr+/qDqSflEj1N3YLGxEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOGiyn9zOCLSD3shaYX0kG6Efi/SMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvNGFMS2YzTTRJdElQZXlGcGhmU1Fib1ItTDlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Q7uMA0G
CSqGSIb3DQEBCwUAA4IBAQBqhLIhXtvWxtrzU5pQgQULr17U6+hfQXx+yeEYGh4t
CVD3nU6DpHrNH8xlnJNfbqqtgzt9Adhy7dG87Uj4wHRc5znpZJXeagByoRzXtmPG
6b10S59q9Jiypdgp2OmLzCbgcigQga/NzwQUabBv0bhH1gYJK2w72MqGt+cghbeg
w9cKXBynfEOnwccANWWL+kCqv7pqJe5l6lMKJI/gM1sIgMdC3GpTbw1sf1rc/tp0
JeblERg26GNHXkym7D0P6/sdhtBFsjivFfwvzq8ztJmpHPZG9vmRgaStGP5FdrXK
1DTIMHTwpgTvyj0I5tVpUpbM+UcIwKQHsyZkYVSjVn36
-----END CERTIFICATE-----