Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/4hbMBM1nzDwcq0Z5poawjitTY60.roa
File:                     4hbMBM1nzDwcq0Z5poawjitTY60.roa (raw, json)
Hash identifier:          XP1CU+CY23GAE6mFffgmeePRICbliFurLSIMPRQ5f40=
Subject key identifier:   E2:16:CC:04:CD:67:CC:3C:1C:AB:46:79:A6:86:B0:8E:2B:53:63:AD
Certificate issuer:       /CN=583d76051017d0afa915fcfb790a00f4667b0a88
Certificate serial:       0194274856FBBE31A64630C3EEE26E2AB460
Authority key identifier: 58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/4hbMBM1nzDwcq0Z5poawjitTY60.roa
Signing time:             Thu 02 Jan 2025 13:50:39 +0000
ROA not before:           Thu 02 Jan 2025 13:50:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41620
IP address blocks:        194.225.224.0/20 maxlen: 24
                          2001:14e8:4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:56:fb:be:31:a6:46:30:c3:ee:e2:6e:2a:b4:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=583d76051017d0afa915fcfb790a00f4667b0a88
        Validity
            Not Before: Jan  2 13:50:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e216cc04cd67cc3c1cab4679a686b08e2b5363ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:63:13:b6:26:55:af:95:3f:98:ec:95:69:f9:
                    70:a3:66:5f:85:e9:af:a3:25:99:2a:22:92:50:c7:
                    ea:d1:df:a8:6f:cd:df:2d:d9:60:79:6e:46:ee:50:
                    4e:1a:e7:b8:6c:30:c4:a9:51:b6:42:85:dc:55:16:
                    39:68:a7:9d:24:d5:e0:be:ca:db:ef:f0:02:8e:59:
                    db:b9:a4:f0:27:1b:6d:e1:a1:f3:e1:c1:aa:d8:99:
                    e2:cf:5d:70:f3:22:1e:31:1f:6e:07:a9:69:bd:2a:
                    a2:cb:97:fe:f0:98:cb:a6:f8:cc:54:e7:70:d5:fb:
                    62:aa:c5:7c:48:dc:f6:52:4d:77:aa:aa:f4:66:86:
                    c1:fe:db:71:6a:b6:dc:e3:de:e8:c8:5e:57:5b:30:
                    43:ab:e5:c5:a7:9b:02:b8:d2:d3:6d:0e:93:2f:94:
                    75:41:11:36:81:06:66:2c:08:6a:0a:a9:8d:7d:8d:
                    fd:6c:da:a2:34:a6:22:b3:f1:26:6b:d0:c9:6f:a6:
                    fc:f3:10:6e:45:59:71:8b:f1:be:86:6f:61:5c:b9:
                    1b:90:75:5f:c6:e8:06:28:32:99:f0:bb:02:0e:ee:
                    f8:52:8e:d8:1a:94:ca:a8:b8:0b:bc:5b:79:90:fc:
                    37:49:09:24:b4:c6:d8:5f:3a:f0:83:11:df:0d:d4:
                    b5:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:16:CC:04:CD:67:CC:3C:1C:AB:46:79:A6:86:B0:8E:2B:53:63:AD
            X509v3 Authority Key Identifier:
                keyid:58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/4hbMBM1nzDwcq0Z5poawjitTY60.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.225.224.0/20
                IPv6:
                  2001:14e8:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         0d:40:d5:d6:60:e3:7f:80:65:85:2c:9c:31:95:d3:34:3d:94:
         19:81:53:7b:7d:d7:19:5b:7e:73:76:2c:ab:be:9f:f9:40:54:
         09:4e:16:75:a2:4b:15:48:85:57:38:c5:78:ab:59:ce:b3:4e:
         bc:f8:be:49:15:7a:56:21:f8:cc:5d:40:4e:c4:6d:89:43:db:
         1a:ed:cd:5a:cf:4d:bd:ea:c3:58:35:19:79:ea:69:6e:cc:93:
         9e:e6:5d:46:b5:6b:e7:0f:56:a1:20:a8:13:d7:d1:94:07:a3:
         77:3e:00:e4:ae:7c:36:52:d8:4a:70:5e:08:96:60:50:f7:40:
         78:3b:df:02:48:9b:d6:43:cd:1e:ef:1c:7e:f0:2b:9d:55:4b:
         e8:d1:a6:8d:87:31:6c:1f:74:a9:ef:e1:97:2c:db:ec:21:e4:
         bf:3a:c3:2c:93:ee:65:2c:03:be:3a:8f:5b:3b:4f:57:74:23:
         51:14:45:37:f6:58:d2:f2:57:e3:76:37:f3:29:07:11:06:94:
         57:99:51:16:f9:6e:ec:2a:9c:99:e4:99:68:02:16:0b:f6:f0:
         2d:05:2d:f8:e9:b9:92:fe:27:48:17:08:53:f9:51:70:37:07:
         98:6f:ba:f6:77:58:8e:75:4c:68:04:47:b5:31:9f:62:70:8d:
         98:e5:52:27
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQnSFb7vjGmRjDD7uJuKrRgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4M2Q3NjA1MTAxN2QwYWZhOTE1ZmNmYjc5MGEwMGY0NjY3
YjBhODgwHhcNMjUwMTAyMTM1MDM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjE2Y2MwNGNkNjdjYzNjMWNhYjQ2NzlhNjg2YjA4ZTJiNTM2M2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmmMTtiZVr5U/mOyVaflwo2Zfhemv
oyWZKiKSUMfq0d+ob83fLdlgeW5G7lBOGue4bDDEqVG2QoXcVRY5aKedJNXgvsrb
7/ACjlnbuaTwJxtt4aHz4cGq2Jniz11w8yIeMR9uB6lpvSqiy5f+8JjLpvjMVOdw
1ftiqsV8SNz2Uk13qqr0ZobB/ttxarbc497oyF5XWzBDq+XFp5sCuNLTbQ6TL5R1
QRE2gQZmLAhqCqmNfY39bNqiNKYis/Ema9DJb6b88xBuRVlxi/G+hm9hXLkbkHVf
xugGKDKZ8LsCDu74Uo7YGpTKqLgLvFt5kPw3SQkktMbYXzrwgxHfDdS1EQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOIWzATNZ8w8HKtGeaaGsI4rU2OtMB8GA1UdIwQY
MBaAFFg9dgUQF9CvqRX8+3kKAPRmewqIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0QxMkJSQVgwSy1wRmZ6N2VRb0E5R1o3Q29nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC80ZjFiMjctMzI2YS00Njc5LWE2NGIt
ZGE2MTUzODg1ZjNiLzEvNGhiTUJNMW56RHdjcTBaNXBvYXdqaXRUWTYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC80ZjFiMjctMzI2YS00Njc5LWE2NGItZGE2MTUzODg1ZjNi
LzEvV0QxMkJSQVgwSy1wRmZ6N2VRb0E5R1o3Q29nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQEwuHgMA8E
AgACMAkDBwAgARToAAQwDQYJKoZIhvcNAQELBQADggEBAA1A1dZg43+AZYUsnDGV
0zQ9lBmBU3t91xlbfnN2LKu+n/lAVAlOFnWiSxVIhVc4xXirWc6zTrz4vkkVelYh
+MxdQE7EbYlD2xrtzVrPTb3qw1g1GXnqaW7Mk57mXUa1a+cPVqEgqBPX0ZQHo3c+
AOSufDZS2EpwXgiWYFD3QHg73wJIm9ZDzR7vHH7wK51VS+jRpo2HMWwfdKnv4Zcs
2+wh5L86wyyT7mUsA746j1s7T1d0I1EURTf2WNLyV+N2N/MpBxEGlFeZURb5buwq
nJnkmWgCFgv28C0FLfjpuZL+J0gXCFP5UXA3B5hvuvZ3WI51TGgER7Uxn2JwjZjl
Uic=
-----END CERTIFICATE-----