Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/e4oAR-PtFLFvLGVK1M5U3IlL_mI.roa
File:                     e4oAR-PtFLFvLGVK1M5U3IlL_mI.roa (raw, json)
Hash identifier:          ANcg1f8SMyG1hFTSDhwpk4pnz3UDRFkP3FN2jTIR5tc=
Subject key identifier:   7B:8A:00:47:E3:ED:14:B1:6F:2C:65:4A:D4:CE:54:DC:89:4B:FE:62
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       0194228DB0C4914E4DA6E8F548F4F96B2DD1
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/e4oAR-PtFLFvLGVK1M5U3IlL_mI.roa
Signing time:             Wed 01 Jan 2025 15:48:18 +0000
ROA not before:           Wed 01 Jan 2025 15:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209490
IP address blocks:        176.235.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 02:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:b0:c4:91:4e:4d:a6:e8:f5:48:f4:f9:6b:2d:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Jan  1 15:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7b8a0047e3ed14b16f2c654ad4ce54dc894bfe62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:08:c0:db:90:30:de:eb:c8:09:8b:05:b4:31:
                    e9:d8:67:70:2d:4f:03:58:82:3e:55:27:22:8d:ca:
                    58:1e:d1:fe:b6:ea:e5:ce:fc:37:96:a7:2a:91:ad:
                    f3:8c:90:9f:51:5e:36:3c:1a:d2:ad:58:71:ad:99:
                    aa:46:94:5f:93:d4:b8:2d:e4:0c:bf:66:6f:6f:91:
                    a4:2a:43:c7:5c:d2:c1:ea:4b:43:ea:d1:2d:ac:3c:
                    e4:d2:c5:de:51:90:99:76:e3:f4:9f:3b:95:89:b0:
                    98:12:f4:64:d2:f6:d4:65:4b:87:4a:96:be:85:10:
                    66:04:73:30:ab:12:16:52:ac:5f:91:0f:c8:5c:b2:
                    a9:1e:c8:6d:1f:63:9b:33:73:52:5c:86:75:fe:ae:
                    6c:86:71:92:b8:8c:c9:80:5b:23:9a:0e:ec:5f:f7:
                    b4:5f:68:11:13:04:dc:79:a4:18:d8:aa:cf:e4:e4:
                    4e:63:c2:72:b4:f1:98:68:53:09:5f:c3:b0:2b:5b:
                    92:9a:78:6c:66:44:dc:27:43:72:c5:48:ae:5d:ec:
                    df:ed:7d:01:be:1f:03:40:4b:66:38:74:8d:42:15:
                    9a:4b:63:63:cc:98:87:8f:9b:e5:22:e9:ab:3c:db:
                    2f:df:c9:0a:c9:02:72:6d:97:69:f7:99:c5:bd:6b:
                    ea:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:8A:00:47:E3:ED:14:B1:6F:2C:65:4A:D4:CE:54:DC:89:4B:FE:62
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/e4oAR-PtFLFvLGVK1M5U3IlL_mI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.235.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:ef:0b:b9:22:b5:65:64:a6:16:9b:9c:2f:dd:71:e8:1a:16:
         7d:81:72:9b:30:5f:45:22:77:98:71:55:ff:b0:ff:94:8b:53:
         5b:f0:b0:eb:5e:0e:b0:09:50:6c:ec:cd:fe:5d:25:06:0d:eb:
         b1:24:a4:c7:d9:da:17:17:d0:07:4a:b0:76:12:5f:8d:40:9a:
         55:f7:31:8a:1e:e7:95:cf:28:17:85:eb:11:4e:d8:b4:f4:3e:
         4a:25:b3:4d:be:62:d6:5e:e1:73:83:a5:94:4a:db:76:19:11:
         a1:23:06:a2:f1:39:26:f6:89:13:e2:23:10:2c:b8:d8:e8:90:
         c7:2d:a4:cf:62:b9:26:56:52:71:02:87:aa:6c:8e:60:75:61:
         9b:6f:d0:19:f4:cd:c4:e7:67:29:b0:2c:10:19:cc:7c:d6:e1:
         b1:7f:52:73:19:8e:ff:d7:37:83:29:3f:55:1f:f4:ea:ce:7e:
         6b:17:e1:65:67:ae:f7:ca:c3:cc:27:f5:15:06:62:72:f4:f8:
         7e:85:1e:51:b7:d9:17:7b:06:2d:9e:07:12:a0:87:7d:e2:90:
         9a:b2:01:f8:d4:de:95:92:5a:20:8b:96:eb:cd:b1:9c:f9:70:
         4f:3a:72:0c:11:74:22:c1:12:8a:c4:19:61:a9:c0:4f:65:13:
         f4:d1:00:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijbDEkU5Npuj1SPT5ay3RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjUwMTAxMTU0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjhhMDA0N2UzZWQxNGIxNmYyYzY1NGFkNGNlNTRkYzg5NGJmZTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlQjA25Aw3uvICYsFtDHp2GdwLU8D
WII+VScijcpYHtH+turlzvw3lqcqka3zjJCfUV42PBrSrVhxrZmqRpRfk9S4LeQM
v2Zvb5GkKkPHXNLB6ktD6tEtrDzk0sXeUZCZduP0nzuVibCYEvRk0vbUZUuHSpa+
hRBmBHMwqxIWUqxfkQ/IXLKpHshtH2ObM3NSXIZ1/q5shnGSuIzJgFsjmg7sX/e0
X2gREwTceaQY2KrP5OROY8JytPGYaFMJX8OwK1uSmnhsZkTcJ0NyxUiuXezf7X0B
vh8DQEtmOHSNQhWaS2NjzJiHj5vlIumrPNsv38kKyQJybZdp95nFvWvq/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHuKAEfj7RSxbyxlStTOVNyJS/5iMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvZTRvQVItUHRGTEZ2TEdWSzFNNVUzSWxMX21JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsOt3MA0G
CSqGSIb3DQEBCwUAA4IBAQBu7wu5IrVlZKYWm5wv3XHoGhZ9gXKbMF9FIneYcVX/
sP+Ui1Nb8LDrXg6wCVBs7M3+XSUGDeuxJKTH2doXF9AHSrB2El+NQJpV9zGKHueV
zygXhesRTti09D5KJbNNvmLWXuFzg6WUStt2GRGhIwai8Tkm9okT4iMQLLjY6JDH
LaTPYrkmVlJxAoeqbI5gdWGbb9AZ9M3E52cpsCwQGcx81uGxf1JzGY7/1zeDKT9V
H/Tqzn5rF+FlZ673ysPMJ/UVBmJy9Ph+hR5Rt9kXewYtngcSoId94pCasgH41N6V
klogi5brzbGc+XBPOnIMEXQiwRKKxBlhqcBPZRP00QCu
-----END CERTIFICATE-----