Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/081a4c-d631-4311-9bd5-a6254df526c1/1/4Fu6FN-8k4OplfwUDllrEVsayHs.roa
File:                     4Fu6FN-8k4OplfwUDllrEVsayHs.roa (raw, json)
Hash identifier:          qUKP8ZgE6fag+umLTQiKLSLQSA6JYp73xHBNizQefag=
Subject key identifier:   E0:5B:BA:14:DF:BC:93:83:A9:95:FC:14:0E:59:6B:11:5B:1A:C8:7B
Certificate issuer:       /CN=78dedb8988bc8bb1a5f9e55f41726b65446c25ec
Certificate serial:       01942444D9F4A58EE12AB578D6DAA0A2C881
Authority key identifier: 78:DE:DB:89:88:BC:8B:B1:A5:F9:E5:5F:41:72:6B:65:44:6C:25:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eN7biYi8i7Gl-eVfQXJrZURsJew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/081a4c-d631-4311-9bd5-a6254df526c1/1/4Fu6FN-8k4OplfwUDllrEVsayHs.roa
Signing time:             Wed 01 Jan 2025 23:47:59 +0000
ROA not before:           Wed 01 Jan 2025 23:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208161
IP address blocks:        193.242.208.0/24 maxlen: 24
                          193.242.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/081a4c-d631-4311-9bd5-a6254df526c1/1/eN7biYi8i7Gl-eVfQXJrZURsJew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/081a4c-d631-4311-9bd5-a6254df526c1/1/eN7biYi8i7Gl-eVfQXJrZURsJew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eN7biYi8i7Gl-eVfQXJrZURsJew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:d9:f4:a5:8e:e1:2a:b5:78:d6:da:a0:a2:c8:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78dedb8988bc8bb1a5f9e55f41726b65446c25ec
        Validity
            Not Before: Jan  1 23:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e05bba14dfbc9383a995fc140e596b115b1ac87b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:fd:76:32:2b:7e:c7:52:2e:1f:48:c8:2b:6f:
                    91:c3:cd:f7:40:95:ff:d1:88:43:35:3b:05:e6:6a:
                    66:38:ad:00:60:52:70:1b:2f:d8:9d:66:dc:58:32:
                    d3:1b:57:dc:9e:d5:19:b4:65:5b:f9:be:b9:e1:c8:
                    5c:9d:24:4d:94:6a:4d:e0:2e:19:41:e8:9c:e4:52:
                    5a:fd:03:2b:5c:fe:5c:4f:bf:ae:ef:0b:fd:b3:ee:
                    c8:ca:90:59:37:10:2c:45:c0:a0:30:41:f5:4d:df:
                    2e:3a:d4:75:11:8f:5a:b2:0b:b2:ad:6e:f7:cb:21:
                    92:cb:e3:4b:97:4e:e2:01:ff:66:2a:f1:86:f3:2a:
                    35:b0:cd:de:e8:b0:74:22:15:6c:35:f1:bb:28:25:
                    22:62:a9:c5:51:ee:2b:fc:c3:c2:0e:ee:81:7a:fa:
                    54:b7:8a:5c:72:98:0d:ef:07:b1:6d:c8:4f:44:ba:
                    ca:0e:21:b6:3e:fd:05:16:a8:bf:e8:1d:4c:8a:44:
                    5c:b1:26:b9:ff:0e:ea:e6:33:ee:49:57:95:f0:4f:
                    5f:be:6a:25:a5:e5:ff:d0:66:a3:eb:71:24:02:36:
                    08:95:89:a0:c3:2a:29:6b:e4:a4:49:5b:6c:fb:ae:
                    72:fc:ac:2c:d0:97:db:b2:03:fb:17:e7:cf:63:90:
                    32:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:5B:BA:14:DF:BC:93:83:A9:95:FC:14:0E:59:6B:11:5B:1A:C8:7B
            X509v3 Authority Key Identifier:
                keyid:78:DE:DB:89:88:BC:8B:B1:A5:F9:E5:5F:41:72:6B:65:44:6C:25:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eN7biYi8i7Gl-eVfQXJrZURsJew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/081a4c-d631-4311-9bd5-a6254df526c1/1/4Fu6FN-8k4OplfwUDllrEVsayHs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/081a4c-d631-4311-9bd5-a6254df526c1/1/eN7biYi8i7Gl-eVfQXJrZURsJew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.242.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         aa:5b:a8:9f:89:1a:30:43:93:20:e6:bf:20:dd:a6:20:98:a4:
         2f:0f:b5:dd:6d:ef:0a:5d:ed:df:73:03:59:f2:c0:5c:d3:fb:
         9e:7a:a9:fb:b9:de:cb:27:01:1e:66:db:d5:24:77:9b:99:63:
         48:e3:63:17:f3:a4:1a:56:38:d8:43:bc:b1:c7:6f:06:e9:14:
         1a:d0:20:50:d2:c8:57:8d:16:bb:09:8e:f4:65:1a:5a:6d:17:
         3e:56:67:df:bf:5b:99:42:f3:f8:2e:bb:6c:fa:46:20:3e:c0:
         23:1a:89:54:50:cb:b4:9d:9d:03:1b:83:60:b0:2d:42:6e:01:
         51:9f:5e:11:2e:9b:ff:8d:fe:91:38:9b:ca:7b:c0:81:c3:af:
         42:dc:d7:1b:e0:af:18:c7:c7:53:bd:22:84:46:cc:08:57:84:
         cf:ba:5f:12:b5:f1:9f:e2:19:6b:99:97:db:ae:e9:67:98:04:
         e2:f1:e4:55:04:1c:f7:26:bb:6e:22:f7:4b:34:5f:ab:8a:47:
         25:f4:a8:2f:06:88:d4:cf:d4:54:93:91:3c:95:59:b5:85:fe:
         e1:0d:ea:fa:d4:ba:13:9f:25:1f:ea:99:16:d8:be:d8:0e:83:
         52:3c:01:86:df:1d:31:e8:72:b6:09:83:78:6b:ec:63:b4:20:
         73:57:31:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRNn0pY7hKrV41tqgosiBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4ZGVkYjg5ODhiYzhiYjFhNWY5ZTU1ZjQxNzI2YjY1NDQ2
YzI1ZWMwHhcNMjUwMTAxMjM0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDViYmExNGRmYmM5MzgzYTk5NWZjMTQwZTU5NmIxMTViMWFjODdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuv12Mit+x1IuH0jIK2+Rw833QJX/
0YhDNTsF5mpmOK0AYFJwGy/YnWbcWDLTG1fcntUZtGVb+b654chcnSRNlGpN4C4Z
Qeic5FJa/QMrXP5cT7+u7wv9s+7IypBZNxAsRcCgMEH1Td8uOtR1EY9asguyrW73
yyGSy+NLl07iAf9mKvGG8yo1sM3e6LB0IhVsNfG7KCUiYqnFUe4r/MPCDu6BevpU
t4pccpgN7wexbchPRLrKDiG2Pv0FFqi/6B1MikRcsSa5/w7q5jPuSVeV8E9fvmol
peX/0Gaj63EkAjYIlYmgwyopa+SkSVts+65y/Kws0JfbsgP7F+fPY5Ay8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOBbuhTfvJODqZX8FA5ZaxFbGsh7MB8GA1UdIwQY
MBaAFHje24mIvIuxpfnlX0Fya2VEbCXsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZU43YmlZaThpN0dsLWVWZlFYSnJaVVJzSmV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny8wODFhNGMtZDYzMS00MzExLTliZDUt
YTYyNTRkZjUyNmMxLzEvNEZ1NkZOLThrNE9wbGZ3VURsbHJFVnNheUhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny8wODFhNGMtZDYzMS00MzExLTliZDUtYTYyNTRkZjUyNmMx
LzEvZU43YmlZaThpN0dsLWVWZlFYSnJaVVJzSmV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwfLQMA0G
CSqGSIb3DQEBCwUAA4IBAQCqW6ifiRowQ5Mg5r8g3aYgmKQvD7Xdbe8KXe3fcwNZ
8sBc0/ueeqn7ud7LJwEeZtvVJHebmWNI42MX86QaVjjYQ7yxx28G6RQa0CBQ0shX
jRa7CY70ZRpabRc+Vmffv1uZQvP4Lrts+kYgPsAjGolUUMu0nZ0DG4NgsC1CbgFR
n14RLpv/jf6ROJvKe8CBw69C3Ncb4K8Yx8dTvSKERswIV4TPul8StfGf4hlrmZfb
rulnmATi8eRVBBz3JrtuIvdLNF+rikcl9KgvBojUz9RUk5E8lVm1hf7hDer61LoT
nyUf6pkW2L7YDoNSPAGG3x0x6HK2CYN4a+xjtCBzVzGe
-----END CERTIFICATE-----