Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/a27620-d32d-4e98-aec4-bf6a97a56f10/1/4WhaxzqjOWgHeud8E6-UL9ZN_hY.roa
File:                     4WhaxzqjOWgHeud8E6-UL9ZN_hY.roa (raw, json)
Hash identifier:          TZDAudwyFjbRw0tzJmebPVsMRYwl0zqHqWQ1Gp1GXPU=
Subject key identifier:   E1:68:5A:C7:3A:A3:39:68:07:7A:E7:7C:13:AF:94:2F:D6:4D:FE:16
Certificate issuer:       /CN=fa0896cf1823c74bfcb7d623e2c438787b9f167b
Certificate serial:       0194236A13FDC83BC94FCB4D3C6EC84BF696
Authority key identifier: FA:08:96:CF:18:23:C7:4B:FC:B7:D6:23:E2:C4:38:78:7B:9F:16:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-giWzxgjx0v8t9Yj4sQ4eHufFns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/a27620-d32d-4e98-aec4-bf6a97a56f10/1/4WhaxzqjOWgHeud8E6-UL9ZN_hY.roa
Signing time:             Wed 01 Jan 2025 19:49:01 +0000
ROA not before:           Wed 01 Jan 2025 19:49:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31350
IP address blocks:        193.151.56.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/a27620-d32d-4e98-aec4-bf6a97a56f10/1/1-giWzxgjx0v8t9Yj4sQ4eHufFns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/a27620-d32d-4e98-aec4-bf6a97a56f10/1/1-giWzxgjx0v8t9Yj4sQ4eHufFns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-giWzxgjx0v8t9Yj4sQ4eHufFns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:13:fd:c8:3b:c9:4f:cb:4d:3c:6e:c8:4b:f6:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa0896cf1823c74bfcb7d623e2c438787b9f167b
        Validity
            Not Before: Jan  1 19:49:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e1685ac73aa33968077ae77c13af942fd64dfe16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:2a:f9:3f:5f:f0:e8:18:6b:82:99:33:63:c7:
                    1d:e9:04:8a:20:36:37:25:57:ed:99:8b:23:64:35:
                    37:c0:c7:07:25:81:ac:09:97:35:17:e7:7f:cd:04:
                    e3:e9:e0:1f:d2:3c:43:32:ed:cc:f3:8a:f1:bd:2e:
                    d4:d6:09:00:41:56:24:72:a1:e0:28:c5:18:9f:45:
                    ec:a8:b7:75:0b:21:80:83:eb:be:1b:b7:ca:70:94:
                    9c:dd:94:db:74:52:cc:79:9b:10:6f:81:9e:0b:8e:
                    14:42:75:76:60:db:5f:94:4b:aa:3f:8e:d8:9d:9c:
                    74:96:6e:92:d2:11:a5:96:b8:04:60:2f:4d:24:2e:
                    6f:47:7f:f1:b1:05:b8:32:61:58:64:92:0d:47:37:
                    b6:fe:10:7b:a9:c3:2a:0b:fa:1c:4b:a2:53:97:8e:
                    cd:9b:b8:27:48:2a:68:4d:75:55:67:f7:38:13:a7:
                    d0:12:68:e2:c1:09:2d:ed:d0:c5:b8:bf:b4:a1:28:
                    df:fb:13:00:41:7d:7c:9a:f4:7e:f5:02:1d:6f:49:
                    4f:a6:f8:43:5e:56:42:d9:7c:61:af:f2:65:f7:b8:
                    2f:47:d7:1f:f2:41:5f:a8:19:78:65:a7:0a:9b:92:
                    6e:2a:7f:c3:a2:61:3a:7c:72:0b:7f:43:e4:c1:e0:
                    96:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:68:5A:C7:3A:A3:39:68:07:7A:E7:7C:13:AF:94:2F:D6:4D:FE:16
            X509v3 Authority Key Identifier:
                keyid:FA:08:96:CF:18:23:C7:4B:FC:B7:D6:23:E2:C4:38:78:7B:9F:16:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-giWzxgjx0v8t9Yj4sQ4eHufFns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/a27620-d32d-4e98-aec4-bf6a97a56f10/1/4WhaxzqjOWgHeud8E6-UL9ZN_hY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/a27620-d32d-4e98-aec4-bf6a97a56f10/1/1-giWzxgjx0v8t9Yj4sQ4eHufFns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.151.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0d:b1:c5:3a:4e:5f:ef:22:e0:72:84:dc:82:95:00:0a:23:ee:
         4c:5a:a2:ac:78:55:16:1b:b9:d1:61:f5:d7:fe:c8:91:5d:91:
         c4:50:df:92:e7:9e:b4:66:d3:7a:63:22:53:de:ca:2c:a1:91:
         ff:e4:62:2e:b6:9c:cd:78:92:71:f9:2c:82:36:3f:c5:f3:38:
         d2:ad:29:d5:d0:6d:0e:f1:b5:61:f8:ca:25:fd:af:65:1b:5e:
         b1:48:94:56:c2:f2:8e:3b:a8:67:8c:62:3e:ce:28:35:11:8c:
         1d:1c:1d:9f:1a:ee:b6:1a:f8:48:f2:8a:75:b0:69:0a:16:dc:
         a5:90:72:f4:3a:91:e8:5d:a4:3b:a4:63:b8:e3:63:69:1a:95:
         8a:38:99:3b:7f:64:19:ed:7a:69:70:5b:4d:fb:2f:1f:6e:65:
         96:2d:66:72:6a:8c:67:a3:97:9d:d9:e2:8a:8c:a7:14:be:fa:
         8b:e4:2d:48:9f:17:5c:aa:28:6a:61:d1:c6:9c:b9:61:00:b6:
         55:b5:ba:78:68:0f:87:8b:cd:13:4e:09:68:a1:91:07:43:f0:
         29:0a:e1:a7:e2:5d:e9:39:c7:5a:a9:f0:89:23:39:97:39:8e:
         0b:db:33:57:a4:02:aa:ca:03:67:19:05:23:dc:d3:c7:de:28:
         2e:58:6e:60
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQjahP9yDvJT8tNPG7IS/aWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhMDg5NmNmMTgyM2M3NGJmY2I3ZDYyM2UyYzQzODc4N2I5
ZjE2N2IwHhcNMjUwMTAxMTk0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTY4NWFjNzNhYTMzOTY4MDc3YWU3N2MxM2FmOTQyZmQ2NGRmZTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvCr5P1/w6BhrgpkzY8cd6QSKIDY3
JVftmYsjZDU3wMcHJYGsCZc1F+d/zQTj6eAf0jxDMu3M84rxvS7U1gkAQVYkcqHg
KMUYn0XsqLd1CyGAg+u+G7fKcJSc3ZTbdFLMeZsQb4GeC44UQnV2YNtflEuqP47Y
nZx0lm6S0hGllrgEYC9NJC5vR3/xsQW4MmFYZJINRze2/hB7qcMqC/ocS6JTl47N
m7gnSCpoTXVVZ/c4E6fQEmjiwQkt7dDFuL+0oSjf+xMAQX18mvR+9QIdb0lPpvhD
XlZC2Xxhr/Jl97gvR9cf8kFfqBl4ZacKm5JuKn/DomE6fHILf0PkweCWYwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFOFoWsc6ozloB3rnfBOvlC/WTf4WMB8GA1UdIwQY
MBaAFPoIls8YI8dL/LfWI+LEOHh7nxZ7MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1naVd6eGdqeDB2OHQ5WWo0c1E0ZUh1ZkZucy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzkvYTI3NjIwLWQzMmQtNGU5OC1hZWM0
LWJmNmE5N2E1NmYxMC8xLzRXaGF4enFqT1dnSGV1ZDhFNi1VTDlaTl9oWS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzkvYTI3NjIwLWQzMmQtNGU5OC1hZWM0LWJmNmE5N2E1NmYx
MC8xLzEtZ2lXenhnangwdjh0OVlqNHNRNGVIdWZGbnMuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBALBlzgw
DQYJKoZIhvcNAQELBQADggEBAA2xxTpOX+8i4HKE3IKVAAoj7kxaoqx4VRYbudFh
9df+yJFdkcRQ35LnnrRm03pjIlPeyiyhkf/kYi62nM14knH5LII2P8XzONKtKdXQ
bQ7xtWH4yiX9r2UbXrFIlFbC8o47qGeMYj7OKDURjB0cHZ8a7rYa+EjyinWwaQoW
3KWQcvQ6kehdpDukY7jjY2kalYo4mTt/ZBntemlwW037Lx9uZZYtZnJqjGejl53Z
4oqMpxS++ovkLUifF1yqKGph0cacuWEAtlW1unhoD4eLzRNOCWihkQdD8CkK4afi
Xek5x1qp8IkjOZc5jgvbM1ekAqrKA2cZBSPc08feKC5YbmA=
-----END CERTIFICATE-----