Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/4EZAXXjg-wdq7F5nmE22LQpMjC0.roa
File:                     4EZAXXjg-wdq7F5nmE22LQpMjC0.roa (raw, json)
Hash identifier:          kcJ5zcoJ0uYbLEoOLz0za2EfJtjkENsqcX3HW2ukm9E=
Subject key identifier:   E0:46:40:5D:78:E0:FB:07:6A:EC:5E:67:98:4D:B6:2D:0A:4C:8C:2D
Certificate issuer:       /CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
Certificate serial:       0195F1C5D854D48CA1DBEB72C09C83497CF1
Authority key identifier: 8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/4EZAXXjg-wdq7F5nmE22LQpMjC0.roa
Signing time:             Tue 01 Apr 2025 14:33:49 +0000
ROA not before:           Tue 01 Apr 2025 14:33:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48693
IP address blocks:        185.248.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:f1:c5:d8:54:d4:8c:a1:db:eb:72:c0:9c:83:49:7c:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
        Validity
            Not Before: Apr  1 14:33:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e046405d78e0fb076aec5e67984db62d0a4c8c2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:8c:9e:7d:8f:a8:fa:f1:4c:d8:7f:db:fa:a0:
                    35:28:0c:be:d4:7b:77:4f:78:3a:0d:63:6d:d5:e5:
                    8f:04:30:e6:47:56:f0:8e:df:bd:b9:ec:80:2c:fc:
                    06:ab:72:05:02:ca:fb:3b:3a:40:c0:7c:5c:81:5e:
                    fb:55:71:be:57:fe:45:a6:15:34:f9:b5:6f:72:d6:
                    6d:d8:fd:05:62:e7:ae:c1:91:b2:1e:43:a3:9a:d8:
                    00:5d:cb:dd:48:39:ea:10:63:1c:66:56:ee:d4:bb:
                    92:df:35:39:12:0e:eb:87:78:c6:c4:cd:b7:ce:15:
                    7e:3c:f4:1f:9a:86:d9:10:d1:18:5e:f0:b5:2e:bb:
                    b9:7d:89:8b:8d:4c:ce:b7:2c:17:68:fe:98:1c:69:
                    02:d3:95:29:f6:16:df:0b:86:d3:2d:65:21:a5:d8:
                    68:e7:73:46:3a:85:27:5b:ed:cc:86:6c:04:79:d0:
                    a4:25:fa:d3:4f:2e:b4:20:b4:bd:d0:f4:a4:48:85:
                    c7:1b:ec:d3:3b:df:9e:73:a6:be:23:53:6c:aa:df:
                    db:60:e2:18:42:c2:c4:77:ed:68:9d:be:c2:48:e7:
                    d3:b1:7a:86:2f:61:e0:ad:28:12:ba:a9:91:54:3d:
                    84:95:13:a0:7f:c5:2d:5a:a7:4d:e1:ae:97:a6:89:
                    97:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:46:40:5D:78:E0:FB:07:6A:EC:5E:67:98:4D:B6:2D:0A:4C:8C:2D
            X509v3 Authority Key Identifier:
                keyid:8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/4EZAXXjg-wdq7F5nmE22LQpMjC0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.248.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:8b:a2:e6:5b:15:d7:5e:78:0f:cc:97:3f:93:b3:84:94:58:
         ae:32:e9:1b:66:7f:81:c1:40:5a:29:3f:93:e3:06:00:2f:ac:
         dc:2b:1c:c5:fd:7b:13:c2:c3:8e:98:d3:4b:bb:ae:60:a6:40:
         f6:95:ec:21:bf:f4:73:a9:5c:5f:1f:9b:59:af:eb:48:c1:cf:
         ee:93:ba:ec:a9:00:24:ab:8c:ab:8b:b7:ce:e5:2a:fa:b2:bd:
         83:d0:c5:98:9d:b6:b0:36:42:87:99:34:b8:7f:85:a8:07:e4:
         e0:81:ec:e9:47:5b:17:64:c1:0a:9d:18:ae:7a:57:bc:e2:af:
         98:2b:d4:db:d0:d7:5d:05:8c:59:66:d4:06:13:c6:03:bd:ee:
         35:a2:89:ff:ce:5c:37:99:c7:6c:1d:11:57:c7:1a:da:c6:48:
         c3:7c:b0:fb:9a:ca:ce:14:68:a3:5c:82:f4:b3:65:bf:3a:7c:
         64:1c:53:74:90:ce:05:74:d8:c2:72:6c:0b:1c:88:a4:e5:fa:
         36:f4:f8:39:49:e4:39:01:f9:fc:32:b6:80:a8:54:5c:78:fc:
         20:b6:80:c7:51:9a:d0:fc:62:a9:71:57:a0:7d:34:79:f9:09:
         90:18:59:c7:fa:54:b6:5d:a3:36:e6:f8:83:1d:a8:b4:ad:d8:
         df:8a:98:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXxxdhU1Iyh2+tywJyDSXzxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYjQ0MWRhZGJiZWNiNjk2NWQ0ZWExZjA0NmNjNWM4ZTI4
ODE3ZmMwHhcNMjUwNDAxMTQzMzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDQ2NDA1ZDc4ZTBmYjA3NmFlYzVlNjc5ODRkYjYyZDBhNGM4YzJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIyefY+o+vFM2H/b+qA1KAy+1Ht3
T3g6DWNt1eWPBDDmR1bwjt+9ueyALPwGq3IFAsr7OzpAwHxcgV77VXG+V/5FphU0
+bVvctZt2P0FYueuwZGyHkOjmtgAXcvdSDnqEGMcZlbu1LuS3zU5Eg7rh3jGxM23
zhV+PPQfmobZENEYXvC1Lru5fYmLjUzOtywXaP6YHGkC05Up9hbfC4bTLWUhpdho
53NGOoUnW+3MhmwEedCkJfrTTy60ILS90PSkSIXHG+zTO9+ec6a+I1Nsqt/bYOIY
QsLEd+1onb7CSOfTsXqGL2HgrSgSuqmRVD2ElROgf8UtWqdN4a6XpomXGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOBGQF144PsHauxeZ5hNti0KTIwtMB8GA1UdIwQY
MBaAFI60QdrbvstpZdTqHwRsxcjiiBf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmIt
NDZiOTQ5MDkyY2JlLzEvNEVaQVhYamctd2RxN0Y1bm1FMjJMUXBNakMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmItNDZiOTQ5MDkyY2Jl
LzEvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufioMA0G
CSqGSIb3DQEBCwUAA4IBAQAoi6LmWxXXXngPzJc/k7OElFiuMukbZn+BwUBaKT+T
4wYAL6zcKxzF/XsTwsOOmNNLu65gpkD2lewhv/RzqVxfH5tZr+tIwc/uk7rsqQAk
q4yri7fO5Sr6sr2D0MWYnbawNkKHmTS4f4WoB+TggezpR1sXZMEKnRiuele84q+Y
K9Tb0NddBYxZZtQGE8YDve41oon/zlw3mcdsHRFXxxraxkjDfLD7msrOFGijXIL0
s2W/OnxkHFN0kM4FdNjCcmwLHIik5fo29Pg5SeQ5Afn8MraAqFRcePwgtoDHUZrQ
/GKpcVegfTR5+QmQGFnH+lS2XaM25viDHai0rdjfipij
-----END CERTIFICATE-----