Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/bd8a16-000a-4917-9061-b5821e33de0d/1/4iizaOWv92HAURMQhMzwpM2GEpo.roa
File:                     4iizaOWv92HAURMQhMzwpM2GEpo.roa (raw, json)
Hash identifier:          rW6XLFbBeUapd8kmjyoQ2PnXovsPjc0B/QhXcyyX2cs=
Subject key identifier:   E2:28:B3:68:E5:AF:F7:61:C0:51:13:10:84:CC:F0:A4:CD:86:12:9A
Certificate issuer:       /CN=74e4c3e00fc3eeee936abb527e352e4af03de89b
Certificate serial:       01941F8CA9F26ADB2FF0FB32B4C533807A5F
Authority key identifier: 74:E4:C3:E0:0F:C3:EE:EE:93:6A:BB:52:7E:35:2E:4A:F0:3D:E8:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dOTD4A_D7u6TartSfjUuSvA96Js.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/bd8a16-000a-4917-9061-b5821e33de0d/1/4iizaOWv92HAURMQhMzwpM2GEpo.roa
Signing time:             Wed 01 Jan 2025 01:48:19 +0000
ROA not before:           Wed 01 Jan 2025 01:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31673
IP address blocks:        193.105.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/bd8a16-000a-4917-9061-b5821e33de0d/1/dOTD4A_D7u6TartSfjUuSvA96Js.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/bd8a16-000a-4917-9061-b5821e33de0d/1/dOTD4A_D7u6TartSfjUuSvA96Js.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dOTD4A_D7u6TartSfjUuSvA96Js.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 22:01:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:a9:f2:6a:db:2f:f0:fb:32:b4:c5:33:80:7a:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74e4c3e00fc3eeee936abb527e352e4af03de89b
        Validity
            Not Before: Jan  1 01:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e228b368e5aff761c051131084ccf0a4cd86129a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:74:55:94:26:14:4f:ee:74:f6:a8:1b:56:4f:
                    fc:4b:0e:cc:84:f1:a7:16:5b:28:79:43:29:7c:84:
                    53:82:52:3e:7a:1c:b9:1d:3c:b1:08:9d:20:e4:4a:
                    63:b9:72:72:fe:18:53:8c:0a:ce:5a:0f:89:a6:15:
                    9b:dd:48:1d:93:67:7f:2f:6f:6d:cb:24:a7:20:99:
                    80:9d:b7:32:de:b8:4c:60:50:1a:34:69:49:bd:3c:
                    52:29:e6:b6:db:5e:03:f4:4f:6f:e6:bd:d3:86:37:
                    5c:6b:07:1a:02:67:ae:7d:63:ec:72:03:64:2f:9e:
                    49:09:71:11:68:b2:05:0e:96:2f:5d:c4:56:d1:53:
                    bc:20:c1:be:45:cc:de:92:4a:6c:c7:04:0f:ec:10:
                    b4:43:65:33:86:8c:fa:d1:67:92:a4:54:dc:86:dd:
                    28:cb:f0:3b:a0:ea:46:ee:e5:a3:9b:c3:82:4c:4c:
                    f1:a8:03:f2:47:79:fd:bf:81:ed:7b:cc:62:8b:32:
                    21:d3:d6:52:88:86:9d:49:1c:82:06:e1:7d:81:bb:
                    33:23:e9:58:87:db:06:26:a5:e9:fb:dc:a9:d5:cd:
                    b9:39:01:dd:d2:24:9f:20:b8:f7:99:96:94:b8:f4:
                    03:b4:ca:29:8e:b4:c2:31:b7:29:da:d1:8a:2c:5e:
                    b7:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:28:B3:68:E5:AF:F7:61:C0:51:13:10:84:CC:F0:A4:CD:86:12:9A
            X509v3 Authority Key Identifier:
                keyid:74:E4:C3:E0:0F:C3:EE:EE:93:6A:BB:52:7E:35:2E:4A:F0:3D:E8:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dOTD4A_D7u6TartSfjUuSvA96Js.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/bd8a16-000a-4917-9061-b5821e33de0d/1/4iizaOWv92HAURMQhMzwpM2GEpo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/bd8a16-000a-4917-9061-b5821e33de0d/1/dOTD4A_D7u6TartSfjUuSvA96Js.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:cd:13:7e:48:b0:8a:be:8f:21:ed:8d:db:b4:1b:af:af:dd:
         5f:be:57:b6:50:5e:8a:22:04:39:64:f8:45:2e:56:6f:3a:40:
         49:2b:2a:78:0b:06:64:2f:53:6a:2d:fa:b1:6f:4a:83:c7:7d:
         c9:b3:d3:af:29:e8:78:66:49:39:c9:b6:e1:0f:cd:30:3c:1f:
         0c:0e:ba:22:ce:5f:c0:dc:b3:d2:38:7b:ee:eb:d7:03:ba:95:
         2b:50:69:fc:95:0b:a2:c9:69:aa:a3:b3:d4:7f:c3:0d:34:f4:
         4e:a1:6b:ea:9e:59:f4:1c:87:80:61:c7:d5:56:73:c9:a0:04:
         cf:9f:c9:06:fe:01:f4:a6:8d:05:a3:45:05:70:1b:13:47:c9:
         eb:c5:39:ff:40:03:d2:54:88:0f:18:16:f1:43:72:2d:e4:13:
         6d:35:fb:d3:b5:b7:38:60:67:af:86:0e:76:5d:e5:fc:ff:20:
         3b:5c:55:b0:9b:48:01:f1:ef:4c:60:be:52:5c:1b:cf:05:41:
         fa:2f:af:90:ef:e9:0d:c9:61:c0:09:54:1b:80:55:b6:9e:b0:
         b1:05:5a:c2:3e:42:99:3b:39:a7:35:69:b8:e8:c8:5d:3a:56:
         49:36:8d:43:d4:7c:07:98:c9:5a:5c:60:59:91:e5:41:a1:a0:
         96:d8:6c:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjKnyatsv8PsytMUzgHpfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0ZTRjM2UwMGZjM2VlZWU5MzZhYmI1MjdlMzUyZTRhZjAz
ZGU4OWIwHhcNMjUwMTAxMDE0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjI4YjM2OGU1YWZmNzYxYzA1MTEzMTA4NGNjZjBhNGNkODYxMjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3RVlCYUT+509qgbVk/8Sw7MhPGn
FlsoeUMpfIRTglI+ehy5HTyxCJ0g5EpjuXJy/hhTjArOWg+JphWb3Ugdk2d/L29t
yySnIJmAnbcy3rhMYFAaNGlJvTxSKea2214D9E9v5r3ThjdcawcaAmeufWPscgNk
L55JCXERaLIFDpYvXcRW0VO8IMG+RczekkpsxwQP7BC0Q2Uzhoz60WeSpFTcht0o
y/A7oOpG7uWjm8OCTEzxqAPyR3n9v4Hte8xiizIh09ZSiIadSRyCBuF9gbszI+lY
h9sGJqXp+9yp1c25OQHd0iSfILj3mZaUuPQDtMopjrTCMbcp2tGKLF63tQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOIos2jlr/dhwFETEITM8KTNhhKaMB8GA1UdIwQY
MBaAFHTkw+APw+7uk2q7Un41LkrwPeibMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZE9URDRBX0Q3dTZUYXJ0U2ZqVXVTdkE5NkpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni9iZDhhMTYtMDAwYS00OTE3LTkwNjEt
YjU4MjFlMzNkZTBkLzEvNGlpemFPV3Y5MkhBVVJNUWhNendwTTJHRXBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni9iZDhhMTYtMDAwYS00OTE3LTkwNjEtYjU4MjFlMzNkZTBk
LzEvZE9URDRBX0Q3dTZUYXJ0U2ZqVXVTdkE5NkpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWnXMA0G
CSqGSIb3DQEBCwUAA4IBAQC2zRN+SLCKvo8h7Y3btBuvr91fvle2UF6KIgQ5ZPhF
LlZvOkBJKyp4CwZkL1NqLfqxb0qDx33Js9OvKeh4Zkk5ybbhD80wPB8MDroizl/A
3LPSOHvu69cDupUrUGn8lQuiyWmqo7PUf8MNNPROoWvqnln0HIeAYcfVVnPJoATP
n8kG/gH0po0Fo0UFcBsTR8nrxTn/QAPSVIgPGBbxQ3It5BNtNfvTtbc4YGevhg52
XeX8/yA7XFWwm0gB8e9MYL5SXBvPBUH6L6+Q7+kNyWHACVQbgFW2nrCxBVrCPkKZ
OzmnNWm46MhdOlZJNo1D1HwHmMlaXGBZkeVBoaCW2Gwl
-----END CERTIFICATE-----