Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/4dvDMR-4qiVENzLUOUnZrA5uHF0.roa
File:                     4dvDMR-4qiVENzLUOUnZrA5uHF0.roa (raw, json)
Hash identifier:          J/oojav1Ht6n22D2MTxDGWLoDijBFVvSv3KdOjTq1UM=
Subject key identifier:   E1:DB:C3:31:1F:B8:AA:25:44:37:32:D4:39:49:D9:AC:0E:6E:1C:5D
Certificate issuer:       /CN=c98b825f36e9cc330315c940de800cbabce3397b
Certificate serial:       018CC794B3E8D641578C0953C856EDF6A272
Authority key identifier: C9:8B:82:5F:36:E9:CC:33:03:15:C9:40:DE:80:0C:BA:BC:E3:39:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yYuCXzbpzDMDFclA3oAMurzjOXs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/4dvDMR-4qiVENzLUOUnZrA5uHF0.roa
Signing time:             Tue 02 Jan 2024 00:31:00 +0000
ROA not before:           Tue 02 Jan 2024 00:31:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15404
IP address blocks:        194.11.129.0/24 maxlen: 24
                          194.11.130.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/yYuCXzbpzDMDFclA3oAMurzjOXs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/yYuCXzbpzDMDFclA3oAMurzjOXs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yYuCXzbpzDMDFclA3oAMurzjOXs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:b3:e8:d6:41:57:8c:09:53:c8:56:ed:f6:a2:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c98b825f36e9cc330315c940de800cbabce3397b
        Validity
            Not Before: Jan  2 00:31:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1dbc3311fb8aa25443732d43949d9ac0e6e1c5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:7f:81:ca:1a:5c:83:7a:69:67:94:2c:84:d4:
                    90:5f:96:25:4d:58:47:a3:63:f0:83:08:00:77:44:
                    9e:1d:da:28:9b:55:27:51:f6:aa:04:7a:63:a8:f5:
                    7a:89:63:ee:2e:e2:a3:68:f5:f8:8a:3e:33:cc:70:
                    22:7e:59:ea:fd:d3:57:f1:be:5e:47:fd:87:8e:a8:
                    20:48:a0:c4:d0:e7:99:9c:6e:d8:94:f7:77:00:f8:
                    39:29:7e:43:97:b8:ad:74:e9:20:35:8b:7f:9f:49:
                    9e:a6:01:38:10:ae:8c:f4:05:78:d2:42:6b:0a:b3:
                    a3:8d:10:a9:10:75:b1:84:9f:db:69:e8:73:13:e9:
                    8f:2b:d8:a1:79:f1:1a:2f:44:d0:fc:c9:ad:ad:84:
                    84:99:13:46:0a:24:12:c3:87:5b:e7:23:a5:46:ed:
                    eb:5c:96:b8:43:e0:92:ab:4f:f0:d7:c0:66:fa:74:
                    77:ae:7b:3e:46:20:9a:c5:f6:51:bb:4c:14:24:0c:
                    9d:9b:e7:da:f2:db:e9:3b:9c:16:f9:14:6e:84:68:
                    f2:b3:7e:40:49:64:24:0f:8f:3c:b9:83:5e:c6:f2:
                    6e:e8:e2:e8:8f:d2:5b:59:51:20:da:e7:32:50:93:
                    38:c9:fc:bb:21:f7:fc:90:3a:c9:89:d9:61:af:74:
                    20:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:DB:C3:31:1F:B8:AA:25:44:37:32:D4:39:49:D9:AC:0E:6E:1C:5D
            X509v3 Authority Key Identifier:
                keyid:C9:8B:82:5F:36:E9:CC:33:03:15:C9:40:DE:80:0C:BA:BC:E3:39:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yYuCXzbpzDMDFclA3oAMurzjOXs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/4dvDMR-4qiVENzLUOUnZrA5uHF0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/yYuCXzbpzDMDFclA3oAMurzjOXs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.11.129.0-194.11.130.255

    Signature Algorithm: sha256WithRSAEncryption
         b2:74:4a:b7:4a:54:32:17:82:b8:6a:65:de:1b:da:39:95:80:
         7f:68:34:84:cb:0e:00:d8:fb:98:b4:00:72:35:92:a6:39:5a:
         84:e3:ae:af:b5:37:3c:a2:1a:1f:76:e1:5b:6c:c1:72:8a:1c:
         fc:a3:50:94:33:2f:12:d2:ab:b9:8e:67:4d:c6:ae:bd:96:a4:
         bd:67:9b:5e:29:88:da:6b:04:cf:25:96:c8:08:dd:2b:1b:69:
         a9:fe:43:d9:0c:74:c5:1a:f8:5c:db:8e:a1:c6:2f:0c:d0:b3:
         60:7c:c7:d3:a6:59:4e:df:47:ec:02:7d:5a:da:17:47:45:e4:
         9d:31:d1:39:46:00:fa:1f:f1:23:75:59:73:60:be:50:36:13:
         d5:c1:65:2b:18:25:bd:44:97:5b:59:7a:2d:4b:dc:f5:55:2a:
         ce:d5:a4:88:f1:fe:e8:1e:f7:38:f1:b6:f2:1f:f0:81:bb:bc:
         53:82:4a:48:0a:78:d0:18:db:84:6c:59:27:fc:41:d8:b1:a5:
         97:bc:4f:28:9f:4a:22:35:b3:fe:07:6e:30:93:3f:cf:31:3d:
         5d:2e:f1:51:1c:89:3d:f0:83:d6:3b:06:11:d7:23:72:71:c3:
         2f:66:13:f4:78:98:14:93:17:65:65:d2:30:24:6f:88:9e:b1:
         9d:8a:49:cc
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzHlLPo1kFXjAlTyFbt9qJyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5OGI4MjVmMzZlOWNjMzMwMzE1Yzk0MGRlODAwY2JhYmNl
MzM5N2IwHhcNMjQwMTAyMDAzMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWRiYzMzMTFmYjhhYTI1NDQzNzMyZDQzOTQ5ZDlhYzBlNmUxYzVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi3+Byhpcg3ppZ5QshNSQX5YlTVhH
o2PwgwgAd0SeHdoom1UnUfaqBHpjqPV6iWPuLuKjaPX4ij4zzHAiflnq/dNX8b5e
R/2HjqggSKDE0OeZnG7YlPd3APg5KX5Dl7itdOkgNYt/n0mepgE4EK6M9AV40kJr
CrOjjRCpEHWxhJ/baehzE+mPK9ihefEaL0TQ/MmtrYSEmRNGCiQSw4db5yOlRu3r
XJa4Q+CSq0/w18Bm+nR3rns+RiCaxfZRu0wUJAydm+fa8tvpO5wW+RRuhGjys35A
SWQkD488uYNexvJu6OLoj9JbWVEg2ucyUJM4yfy7Iff8kDrJidlhr3QgEQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFOHbwzEfuKolRDcy1DlJ2awObhxdMB8GA1UdIwQY
MBaAFMmLgl826cwzAxXJQN6ADLq84zl7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVl1Q1h6YnB6RE1ERmNsQTNvQU11cnpqT1hzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9lYTM2MTQtZjA5MC00YTJiLTkzNTUt
Yjg5YTUxMWMzYmJkLzEvNGR2RE1SLTRxaVZFTnpMVU9VblpyQTV1SEYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9lYTM2MTQtZjA5MC00YTJiLTkzNTUtYjg5YTUxMWMzYmJk
LzEveVl1Q1h6YnB6RE1ERmNsQTNvQU11cnpqT1hzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADCC4ED
BADCC4IwDQYJKoZIhvcNAQELBQADggEBALJ0SrdKVDIXgrhqZd4b2jmVgH9oNITL
DgDY+5i0AHI1kqY5WoTjrq+1NzyiGh924VtswXKKHPyjUJQzLxLSq7mOZ03Grr2W
pL1nm14piNprBM8llsgI3Ssbaan+Q9kMdMUa+FzbjqHGLwzQs2B8x9OmWU7fR+wC
fVraF0dF5J0x0TlGAPof8SN1WXNgvlA2E9XBZSsYJb1El1tZei1L3PVVKs7VpIjx
/uge9zjxtvIf8IG7vFOCSkgKeNAY24RsWSf8QdixpZe8TyifSiI1s/4HbjCTP88x
PV0u8VEciT3wg9Y7BhHXI3Jxwy9mE/R4mBSTF2Vl0jAkb4iesZ2KScw=
-----END CERTIFICATE-----