Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/4en9va8jCZNwuV4bW7NKxVamz54.roa
File:                     4en9va8jCZNwuV4bW7NKxVamz54.roa (raw, json)
Hash identifier:          sNZVLTVL9KoD1p+QjvV2CcAfu43CsFx04jNm3+y7/uc=
Subject key identifier:   E1:E9:FD:BD:AF:23:09:93:70:B9:5E:1B:5B:B3:4A:C5:56:A6:CF:9E
Certificate issuer:       /CN=a2088e06d553cff293d277f4d76c3a710bd8b2f7
Certificate serial:       0195AEFC60666684D2365E35DF637AEFAA13
Authority key identifier: A2:08:8E:06:D5:53:CF:F2:93:D2:77:F4:D7:6C:3A:71:0B:D8:B2:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/4en9va8jCZNwuV4bW7NKxVamz54.roa
Signing time:             Wed 19 Mar 2025 15:18:50 +0000
ROA not before:           Wed 19 Mar 2025 15:18:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43260
IP address blocks:        86.104.199.0/24 maxlen: 24
                          89.35.14.0/24 maxlen: 24
                          93.117.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:ae:fc:60:66:66:84:d2:36:5e:35:df:63:7a:ef:aa:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2088e06d553cff293d277f4d76c3a710bd8b2f7
        Validity
            Not Before: Mar 19 15:18:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e1e9fdbdaf23099370b95e1b5bb34ac556a6cf9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:db:a2:9a:8c:f2:1a:c8:7b:56:d0:0b:bb:de:
                    ff:91:c5:25:23:2b:0f:21:cb:46:b9:aa:39:d2:18:
                    b2:99:04:ff:55:33:62:c0:d4:67:eb:85:94:c1:d3:
                    f8:6a:a4:e0:c8:19:63:df:c0:42:5d:6c:43:2b:55:
                    43:45:79:9e:58:96:7b:29:88:63:b7:62:47:02:c0:
                    3f:14:f2:df:46:a6:0c:9b:43:07:6e:e9:8f:0c:51:
                    3b:fe:9c:7c:17:3a:a9:7a:df:38:a4:89:34:11:8b:
                    21:77:05:76:0a:ca:c6:39:a3:6b:28:76:4d:f9:d1:
                    db:cd:ca:cd:0c:78:33:71:a6:41:ec:bd:6d:aa:45:
                    be:a6:1b:75:87:15:7d:bf:24:5e:33:d4:42:c7:4a:
                    a7:95:4a:0d:6b:3c:cb:52:0f:a9:9a:29:f9:c8:0e:
                    6e:7e:ac:d9:c4:5b:4b:b1:73:be:8b:26:84:9b:79:
                    0c:15:21:2c:34:13:99:fc:53:e9:69:61:4a:0f:a8:
                    61:a4:c4:7b:a0:fd:bc:6a:2b:63:4e:0a:e7:a6:83:
                    2b:9e:07:47:b2:a3:3a:79:cc:f7:4a:80:44:44:f7:
                    4f:ab:a3:3d:0b:7b:1c:17:33:98:80:b1:6a:44:7b:
                    f2:60:4d:26:e2:70:bd:74:38:9e:69:80:2c:c2:0c:
                    42:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:E9:FD:BD:AF:23:09:93:70:B9:5E:1B:5B:B3:4A:C5:56:A6:CF:9E
            X509v3 Authority Key Identifier:
                keyid:A2:08:8E:06:D5:53:CF:F2:93:D2:77:F4:D7:6C:3A:71:0B:D8:B2:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/4en9va8jCZNwuV4bW7NKxVamz54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.104.199.0/24
                  89.35.14.0/24
                  93.117.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:3f:86:3a:8f:3e:d3:02:52:da:9d:f6:14:28:c5:16:ef:03:
         fc:f6:46:95:55:e3:9b:d9:0e:2b:00:0c:ce:00:fd:2b:86:f0:
         8b:bb:33:f2:77:89:8d:d1:40:1f:5c:57:b5:4c:0c:78:88:38:
         f5:be:97:93:84:49:69:dd:25:90:b6:2b:42:fe:8f:6a:17:2c:
         27:b8:94:88:58:8e:55:c5:92:c0:3f:11:b8:78:c3:ba:c4:95:
         c4:8e:e6:b6:7f:15:b7:b8:1b:ec:a8:6a:2d:d8:3f:f1:47:46:
         9f:c3:20:03:b8:b0:d8:34:eb:25:32:d8:f5:97:87:ae:cd:c4:
         79:01:bc:93:89:0b:b1:58:26:ae:10:b5:70:46:86:bc:45:3d:
         2b:29:7a:8b:97:46:45:7d:f7:69:16:ca:19:11:71:8b:28:90:
         65:e5:3c:08:38:76:4b:68:55:af:cf:15:f3:d7:d4:03:d2:97:
         2e:ae:66:ff:36:b9:a7:f1:ae:c6:b2:74:ea:88:03:bc:b4:99:
         29:9e:ce:e4:c5:55:1d:79:69:bf:da:a0:30:88:0b:b8:98:c2:
         32:0c:09:5e:31:94:1a:22:95:16:9f:ed:be:30:b3:c6:a0:a5:
         a3:d1:86:7d:8b:97:80:5c:0b:18:66:79:db:93:fe:f9:75:64:
         64:2e:19:63
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZWu/GBmZoTSNl4132N676oTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyMDg4ZTA2ZDU1M2NmZjI5M2QyNzdmNGQ3NmMzYTcxMGJk
OGIyZjcwHhcNMjUwMzE5MTUxODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWU5ZmRiZGFmMjMwOTkzNzBiOTVlMWI1YmIzNGFjNTU2YTZjZjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0NuimozyGsh7VtALu97/kcUlIysP
IctGuao50hiymQT/VTNiwNRn64WUwdP4aqTgyBlj38BCXWxDK1VDRXmeWJZ7KYhj
t2JHAsA/FPLfRqYMm0MHbumPDFE7/px8Fzqpet84pIk0EYshdwV2CsrGOaNrKHZN
+dHbzcrNDHgzcaZB7L1tqkW+pht1hxV9vyReM9RCx0qnlUoNazzLUg+pmin5yA5u
fqzZxFtLsXO+iyaEm3kMFSEsNBOZ/FPpaWFKD6hhpMR7oP28aitjTgrnpoMrngdH
sqM6ecz3SoBERPdPq6M9C3scFzOYgLFqRHvyYE0m4nC9dDieaYAswgxCBwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOHp/b2vIwmTcLleG1uzSsVWps+eMB8GA1UdIwQY
MBaAFKIIjgbVU8/yk9J39NdsOnEL2LL3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2dpT0J0VlR6X0tUMG5mMDEydzZjUXZZc3ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9iNDVkNzktYTRkNy00NDYwLWJmZTct
YmJlYTI5MThlMTAyLzEvNGVuOXZhOGpDWk53dVY0Ylc3Tkt4VmFtejU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9iNDVkNzktYTRkNy00NDYwLWJmZTctYmJlYTI5MThlMTAy
LzEvb2dpT0J0VlR6X0tUMG5mMDEydzZjUXZZc3ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVmjHAwQA
WSMOAwQAXXWDMA0GCSqGSIb3DQEBCwUAA4IBAQCMP4Y6jz7TAlLanfYUKMUW7wP8
9kaVVeOb2Q4rAAzOAP0rhvCLuzPyd4mN0UAfXFe1TAx4iDj1vpeThElp3SWQtitC
/o9qFywnuJSIWI5VxZLAPxG4eMO6xJXEjua2fxW3uBvsqGot2D/xR0afwyADuLDY
NOslMtj1l4euzcR5AbyTiQuxWCauELVwRoa8RT0rKXqLl0ZFffdpFsoZEXGLKJBl
5TwIOHZLaFWvzxXz19QD0pcurmb/Nrmn8a7GsnTqiAO8tJkpns7kxVUdeWm/2qAw
iAu4mMIyDAleMZQaIpUWn+2+MLPGoKWj0YZ9i5eAXAsYZnnbk/75dWRkLhlj
-----END CERTIFICATE-----