Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/L4NUW0fD1fouom_s0JvPLwOdhKA.roa
File:                     L4NUW0fD1fouom_s0JvPLwOdhKA.roa (raw, json)
Hash identifier:          1QOsAiAO9NanX+ESsp6JiEauNz2AtY78OF9Q05/RwMU=
Subject key identifier:   2F:83:54:5B:47:C3:D5:FA:2E:A2:6F:EC:D0:9B:CF:2F:03:9D:84:A0
Certificate issuer:       /CN=b914961f67f22c61e84a66c8ad9c1a8ce51d099b
Certificate serial:       019465D9F9DF98F56B7F97B362390CAE1338
Authority key identifier: B9:14:96:1F:67:F2:2C:61:E8:4A:66:C8:AD:9C:1A:8C:E5:1D:09:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uRSWH2fyLGHoSmbIrZwajOUdCZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/L4NUW0fD1fouom_s0JvPLwOdhKA.roa
Signing time:             Tue 14 Jan 2025 17:26:11 +0000
ROA not before:           Tue 14 Jan 2025 17:26:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15704
IP address blocks:        185.187.183.0/24 maxlen: 24
                          185.224.78.0/24 maxlen: 24
                          193.34.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/uRSWH2fyLGHoSmbIrZwajOUdCZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/uRSWH2fyLGHoSmbIrZwajOUdCZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uRSWH2fyLGHoSmbIrZwajOUdCZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:65:d9:f9:df:98:f5:6b:7f:97:b3:62:39:0c:ae:13:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b914961f67f22c61e84a66c8ad9c1a8ce51d099b
        Validity
            Not Before: Jan 14 17:26:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2f83545b47c3d5fa2ea26fecd09bcf2f039d84a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:41:52:c2:17:60:a0:37:f1:76:84:69:ce:38:
                    d3:bd:56:4d:87:47:b3:00:70:e5:31:a0:ea:38:8f:
                    10:b5:f7:6c:2f:95:48:53:57:8d:9b:54:a2:4b:65:
                    04:43:83:8a:96:aa:9d:bd:72:6c:a0:b0:f6:f4:49:
                    33:6e:56:f2:d0:24:2a:c1:a9:32:85:13:76:7f:9b:
                    fe:83:26:89:b7:b4:ba:e2:61:da:79:ef:de:d3:75:
                    be:d9:36:37:04:47:e6:5b:63:5a:26:27:80:9a:da:
                    01:c8:9d:47:5d:cf:1d:03:19:fe:61:22:11:cc:f4:
                    19:d7:ef:a0:ae:56:e6:8f:da:b0:db:ef:42:88:34:
                    66:58:5d:85:43:3d:91:bf:df:0f:3e:5e:3b:12:f0:
                    aa:c5:19:a2:78:dc:db:e4:fe:6f:7a:5c:ca:5a:71:
                    34:95:06:38:72:dc:32:dd:b6:a6:78:1d:af:80:50:
                    fe:c4:40:a5:93:b7:80:c0:96:eb:17:ef:08:88:73:
                    29:5a:2e:a0:d2:f7:5b:5d:d4:0a:e0:85:95:3a:33:
                    4d:a3:14:b8:9c:62:df:6b:a1:da:71:79:ce:88:53:
                    42:ca:80:a0:00:95:75:aa:e8:92:92:0d:07:df:31:
                    4a:51:36:73:86:dd:de:2e:8b:c8:70:06:f4:08:17:
                    c3:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:83:54:5B:47:C3:D5:FA:2E:A2:6F:EC:D0:9B:CF:2F:03:9D:84:A0
            X509v3 Authority Key Identifier:
                keyid:B9:14:96:1F:67:F2:2C:61:E8:4A:66:C8:AD:9C:1A:8C:E5:1D:09:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uRSWH2fyLGHoSmbIrZwajOUdCZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/L4NUW0fD1fouom_s0JvPLwOdhKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/uRSWH2fyLGHoSmbIrZwajOUdCZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.187.183.0/24
                  185.224.78.0/24
                  193.34.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:70:0f:0d:ed:06:c4:ad:a9:3a:cf:b9:04:e0:89:ce:b7:c3:
         43:c7:de:32:9e:f7:eb:78:50:81:8f:aa:44:79:33:2b:6b:2e:
         76:a6:1c:c8:98:6d:27:d0:4f:40:cf:84:f3:17:4d:09:54:1f:
         a8:58:77:c7:32:52:2e:44:97:f4:28:2b:a7:0e:ed:f8:f9:1e:
         f0:a5:96:91:ee:b5:71:d5:20:74:08:b6:a7:2a:a6:67:c8:63:
         b9:c7:cd:ff:92:cd:04:99:7c:f8:2a:b6:01:07:13:f8:2f:50:
         39:64:68:2a:8c:15:07:1b:19:e0:3c:85:ff:02:de:46:77:56:
         e3:e5:07:1b:c3:8b:9e:93:3a:48:ce:a0:36:6a:ab:31:93:6f:
         d3:6b:28:cd:02:11:e3:ba:90:de:9a:f4:a4:65:71:93:8d:ce:
         79:1d:46:c0:2a:43:69:66:44:57:90:a2:e2:81:fb:b1:3c:58:
         f9:89:92:eb:f6:c8:c5:d3:52:25:26:fc:6b:6c:30:02:f6:d1:
         bd:83:39:a9:37:d0:2d:4e:bc:98:5e:b3:2e:24:ff:41:1e:fb:
         fc:77:cc:c0:a1:b1:c7:bc:42:5e:c4:85:3c:6e:93:50:b3:d8:
         e7:43:fe:40:18:4d:dc:0d:d0:d7:ea:42:00:bf:56:42:96:da:
         6a:1d:1a:8c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZRl2fnfmPVrf5ezYjkMrhM4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5MTQ5NjFmNjdmMjJjNjFlODRhNjZjOGFkOWMxYThjZTUx
ZDA5OWIwHhcNMjUwMTE0MTcyNjExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjgzNTQ1YjQ3YzNkNWZhMmVhMjZmZWNkMDliY2YyZjAzOWQ4NGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoUFSwhdgoDfxdoRpzjjTvVZNh0ez
AHDlMaDqOI8QtfdsL5VIU1eNm1SiS2UEQ4OKlqqdvXJsoLD29Ekzblby0CQqwaky
hRN2f5v+gyaJt7S64mHaee/e03W+2TY3BEfmW2NaJieAmtoByJ1HXc8dAxn+YSIR
zPQZ1++grlbmj9qw2+9CiDRmWF2FQz2Rv98PPl47EvCqxRmieNzb5P5velzKWnE0
lQY4ctwy3bameB2vgFD+xEClk7eAwJbrF+8IiHMpWi6g0vdbXdQK4IWVOjNNoxS4
nGLfa6HacXnOiFNCyoCgAJV1quiSkg0H3zFKUTZzht3eLovIcAb0CBfD5QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFC+DVFtHw9X6LqJv7NCbzy8DnYSgMB8GA1UdIwQY
MBaAFLkUlh9n8ixh6EpmyK2cGozlHQmbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVJTV0gyZnlMR0hvU21iSXJad2FqT1VkQ1pzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8wOTE3YTctOWViZC00NWI5LTlkZTIt
Mjc0NzNjYTYxMmRlLzEvTDROVVcwZkQxZm91b21fczBKdlBMd09kaEtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8wOTE3YTctOWViZC00NWI5LTlkZTItMjc0NzNjYTYxMmRl
LzEvdVJTV0gyZnlMR0hvU21iSXJad2FqT1VkQ1pzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAubu3AwQA
ueBOAwQAwSLyMA0GCSqGSIb3DQEBCwUAA4IBAQBDcA8N7QbErak6z7kE4InOt8ND
x94ynvfreFCBj6pEeTMray52phzImG0n0E9Az4TzF00JVB+oWHfHMlIuRJf0KCun
Du34+R7wpZaR7rVx1SB0CLanKqZnyGO5x83/ks0EmXz4KrYBBxP4L1A5ZGgqjBUH
GxngPIX/At5Gd1bj5Qcbw4uekzpIzqA2aqsxk2/TayjNAhHjupDemvSkZXGTjc55
HUbAKkNpZkRXkKLigfuxPFj5iZLr9sjF01IlJvxrbDAC9tG9gzmpN9AtTryYXrMu
JP9BHvv8d8zAobHHvEJexIU8bpNQs9jnQ/5AGE3cDdDX6kIAv1ZCltpqHRqM
-----END CERTIFICATE-----