Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/914d39-3020-4b79-ad26-d87affb8bc61/1/EVFSBas9Aq_MdNVwUd8bGuaA3Ws.roa
File:                     EVFSBas9Aq_MdNVwUd8bGuaA3Ws.roa (raw, json)
Hash identifier:          BhtgRPsHAejHOiiDvH3HRPbC4SYTxdKvHTv4FGSpdUs=
Subject key identifier:   11:51:52:05:AB:3D:02:AF:CC:74:D5:70:51:DF:1B:1A:E6:80:DD:6B
Certificate issuer:       /CN=4b405caab34bbfde6b8ee66c600860c6ce96f32b
Certificate serial:       0194221FF77006EAB8C034037BBA1FE326B3
Authority key identifier: 4B:40:5C:AA:B3:4B:BF:DE:6B:8E:E6:6C:60:08:60:C6:CE:96:F3:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S0BcqrNLv95rjuZsYAhgxs6W8ys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/914d39-3020-4b79-ad26-d87affb8bc61/1/EVFSBas9Aq_MdNVwUd8bGuaA3Ws.roa
Signing time:             Wed 01 Jan 2025 13:48:27 +0000
ROA not before:           Wed 01 Jan 2025 13:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62031
IP address blocks:        195.82.176.0/24 maxlen: 24
                          195.82.178.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/914d39-3020-4b79-ad26-d87affb8bc61/1/S0BcqrNLv95rjuZsYAhgxs6W8ys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/914d39-3020-4b79-ad26-d87affb8bc61/1/S0BcqrNLv95rjuZsYAhgxs6W8ys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S0BcqrNLv95rjuZsYAhgxs6W8ys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Mar 2025 10:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:f7:70:06:ea:b8:c0:34:03:7b:ba:1f:e3:26:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b405caab34bbfde6b8ee66c600860c6ce96f32b
        Validity
            Not Before: Jan  1 13:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=11515205ab3d02afcc74d57051df1b1ae680dd6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:b0:c4:64:51:dd:3b:ff:4b:bc:56:0e:e0:67:
                    bb:f6:36:84:f2:06:e8:f5:eb:fe:3f:45:d7:12:14:
                    2e:d0:2a:11:28:65:8b:2a:42:2c:c7:a7:4e:ee:6a:
                    54:3c:57:16:79:60:8d:85:da:d9:e0:57:57:1c:e8:
                    e7:98:09:da:1b:c1:3c:18:0b:4d:a4:d6:a4:ea:36:
                    f7:c1:b2:08:09:3b:64:8d:56:b2:a1:34:08:56:79:
                    e5:c4:2b:7e:f1:09:7d:2d:fe:4d:99:a3:b5:fa:58:
                    a6:4d:0e:58:10:26:4c:40:77:73:51:37:f2:1e:a3:
                    0a:11:19:bb:20:39:25:a2:09:9e:c8:8d:f4:c8:4d:
                    6a:5d:98:97:08:bb:10:7a:e6:b0:3f:b3:ad:cb:3f:
                    f8:1b:aa:b8:90:fc:e8:a6:2d:d4:81:2b:c5:52:a2:
                    8d:90:1f:20:6d:ff:c8:ac:df:63:13:db:9c:0c:f4:
                    bb:fb:9d:cf:6a:33:f7:ef:5c:df:9c:f5:4d:08:bf:
                    3b:97:dc:9c:f5:ff:9f:06:06:08:83:14:84:6a:a9:
                    9d:aa:78:e8:d2:e0:d2:3f:68:a2:30:84:c7:2e:41:
                    5e:76:00:4f:ed:6a:a8:7a:bb:b6:ce:1c:82:3d:d6:
                    7a:ad:f0:96:75:45:de:3b:7d:d4:e7:52:d4:3e:97:
                    2f:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:51:52:05:AB:3D:02:AF:CC:74:D5:70:51:DF:1B:1A:E6:80:DD:6B
            X509v3 Authority Key Identifier:
                keyid:4B:40:5C:AA:B3:4B:BF:DE:6B:8E:E6:6C:60:08:60:C6:CE:96:F3:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S0BcqrNLv95rjuZsYAhgxs6W8ys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/914d39-3020-4b79-ad26-d87affb8bc61/1/EVFSBas9Aq_MdNVwUd8bGuaA3Ws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/914d39-3020-4b79-ad26-d87affb8bc61/1/S0BcqrNLv95rjuZsYAhgxs6W8ys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.82.176.0/24
                  195.82.178.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6e:e7:ba:10:d8:53:78:fc:23:39:32:95:68:44:87:90:bf:94:
         89:a0:a1:ae:be:a9:5d:af:29:77:08:ed:6a:4d:4e:d3:71:97:
         24:fc:ba:bf:9d:da:b6:6b:f3:56:84:29:af:50:24:f0:91:fd:
         9f:04:3b:de:ec:c2:92:8d:38:3b:7c:72:7c:07:2e:36:69:f5:
         82:fd:cb:c0:41:6a:d5:74:12:b6:a3:a2:57:1c:1e:93:c7:d7:
         0f:27:79:1c:65:e8:af:52:cf:b4:4d:10:bf:8b:f3:02:cf:2d:
         9c:5f:a0:56:41:2a:d4:87:39:73:e7:f9:b4:3e:e5:eb:fd:18:
         36:f1:f9:4d:17:9a:8f:72:cc:36:c7:f1:77:2f:b3:5f:07:84:
         5d:31:fb:4c:3c:0e:a7:d1:1c:23:82:a9:6d:a2:8e:ec:85:17:
         e8:26:59:b2:90:a3:71:15:d7:59:9e:e9:b1:db:6e:5d:2e:c8:
         80:48:42:be:a0:42:64:9f:66:61:5d:63:a0:b9:e4:b1:88:75:
         10:e5:63:6c:f8:c3:50:5f:cb:8f:fe:aa:16:29:2b:14:94:d5:
         38:80:82:bb:db:94:7d:91:11:f3:56:05:72:1d:fb:c0:ea:a7:
         21:3f:d0:b9:6e:b1:4e:35:59:55:d5:87:7d:21:f6:a5:99:41:
         c5:43:40:ae
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiH/dwBuq4wDQDe7of4yazMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNDA1Y2FhYjM0YmJmZGU2YjhlZTY2YzYwMDg2MGM2Y2U5
NmYzMmIwHhcNMjUwMTAxMTM0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTUxNTIwNWFiM2QwMmFmY2M3NGQ1NzA1MWRmMWIxYWU2ODBkZDZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAprDEZFHdO/9LvFYO4Ge79jaE8gbo
9ev+P0XXEhQu0CoRKGWLKkIsx6dO7mpUPFcWeWCNhdrZ4FdXHOjnmAnaG8E8GAtN
pNak6jb3wbIICTtkjVayoTQIVnnlxCt+8Ql9Lf5NmaO1+limTQ5YECZMQHdzUTfy
HqMKERm7IDklogmeyI30yE1qXZiXCLsQeuawP7Otyz/4G6q4kPzopi3UgSvFUqKN
kB8gbf/IrN9jE9ucDPS7+53PajP371zfnPVNCL87l9yc9f+fBgYIgxSEaqmdqnjo
0uDSP2iiMITHLkFedgBP7Wqoeru2zhyCPdZ6rfCWdUXeO33U51LUPpcvhQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBFRUgWrPQKvzHTVcFHfGxrmgN1rMB8GA1UdIwQY
MBaAFEtAXKqzS7/ea47mbGAIYMbOlvMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzBCY3FyTkx2OTVyanVac1lBaGd4czZXOHlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS85MTRkMzktMzAyMC00Yjc5LWFkMjYt
ZDg3YWZmYjhiYzYxLzEvRVZGU0JhczlBcV9NZE5Wd1VkOGJHdWFBM1dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS85MTRkMzktMzAyMC00Yjc5LWFkMjYtZDg3YWZmYjhiYzYx
LzEvUzBCY3FyTkx2OTVyanVac1lBaGd4czZXOHlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAw1KwAwQB
w1KyMA0GCSqGSIb3DQEBCwUAA4IBAQBu57oQ2FN4/CM5MpVoRIeQv5SJoKGuvqld
ryl3CO1qTU7TcZck/Lq/ndq2a/NWhCmvUCTwkf2fBDve7MKSjTg7fHJ8By42afWC
/cvAQWrVdBK2o6JXHB6Tx9cPJ3kcZeivUs+0TRC/i/MCzy2cX6BWQSrUhzlz5/m0
PuXr/Rg28flNF5qPcsw2x/F3L7NfB4RdMftMPA6n0Rwjgqltoo7shRfoJlmykKNx
FddZnumx225dLsiASEK+oEJkn2ZhXWOgueSxiHUQ5WNs+MNQX8uP/qoWKSsUlNU4
gIK725R9kRHzVgVyHfvA6qchP9C5brFONVlV1Yd9IfalmUHFQ0Cu
-----END CERTIFICATE-----