Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/cb9493-e834-4f0e-8abb-1a92fb0dc1c7/1/4Oz2bzKcj7ryJx-Yi4XIbgTA_p4.roa
File:                     4Oz2bzKcj7ryJx-Yi4XIbgTA_p4.roa (raw, json)
Hash identifier:          LPk0Z2clPAQSP3iw+RzHo229JXs0OZzzD9noiBRedv4=
Subject key identifier:   E0:EC:F6:6F:32:9C:8F:BA:F2:27:1F:98:8B:85:C8:6E:04:C0:FE:9E
Certificate issuer:       /CN=9ea78277480cf2dad6c9eb0a52be48df7ab6675a
Certificate serial:       018CC3B6BA8F3312B20553BF0AFA0CBBD455
Authority key identifier: 9E:A7:82:77:48:0C:F2:DA:D6:C9:EB:0A:52:BE:48:DF:7A:B6:67:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nqeCd0gM8trWyesKUr5I33q2Z1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/cb9493-e834-4f0e-8abb-1a92fb0dc1c7/1/4Oz2bzKcj7ryJx-Yi4XIbgTA_p4.roa
Signing time:             Mon 01 Jan 2024 06:29:41 +0000
ROA not before:           Mon 01 Jan 2024 06:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15703
IP address blocks:        194.110.211.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/cb9493-e834-4f0e-8abb-1a92fb0dc1c7/1/nqeCd0gM8trWyesKUr5I33q2Z1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/cb9493-e834-4f0e-8abb-1a92fb0dc1c7/1/nqeCd0gM8trWyesKUr5I33q2Z1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nqeCd0gM8trWyesKUr5I33q2Z1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 18:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:ba:8f:33:12:b2:05:53:bf:0a:fa:0c:bb:d4:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ea78277480cf2dad6c9eb0a52be48df7ab6675a
        Validity
            Not Before: Jan  1 06:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0ecf66f329c8fbaf2271f988b85c86e04c0fe9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:33:f8:65:d3:58:b5:37:c1:73:85:6d:1b:1f:
                    a3:aa:93:83:b1:86:a5:f6:46:d4:c9:ac:19:be:2b:
                    d4:ae:e3:c6:a5:ca:b8:6d:58:34:24:6c:ca:bc:f6:
                    97:98:68:84:3c:8b:f4:1d:fb:24:1e:62:ad:87:5f:
                    ae:a8:7b:5e:74:e8:ad:fc:85:02:29:ba:91:a9:ec:
                    a0:14:bb:66:e1:47:77:df:21:da:88:85:8a:30:68:
                    a3:9a:e5:e3:a7:64:21:80:bc:13:2a:81:06:95:87:
                    88:a8:1c:4a:c2:71:78:cd:9e:ce:92:3b:8c:c7:ea:
                    76:15:c2:49:6d:44:ba:9f:f7:48:33:e2:cb:48:ad:
                    ca:57:88:78:68:0a:16:96:01:5f:66:c2:db:5c:bb:
                    76:16:fc:d8:d8:09:82:07:f0:25:e5:1c:39:66:83:
                    14:b0:22:e3:36:df:07:67:1d:38:4b:3f:16:01:85:
                    0c:af:12:09:62:68:bd:3a:72:83:32:5c:0e:c8:34:
                    10:5b:33:3b:d5:49:e7:b0:85:3d:ed:ce:25:12:77:
                    7b:95:14:da:25:e7:9f:d4:57:ba:c7:7c:f0:42:d3:
                    58:e0:1c:0b:f7:88:f7:9b:ac:f6:d5:16:f9:92:bd:
                    df:e2:a2:48:a0:12:37:9d:63:43:e6:dd:b5:3b:92:
                    70:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:EC:F6:6F:32:9C:8F:BA:F2:27:1F:98:8B:85:C8:6E:04:C0:FE:9E
            X509v3 Authority Key Identifier:
                keyid:9E:A7:82:77:48:0C:F2:DA:D6:C9:EB:0A:52:BE:48:DF:7A:B6:67:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nqeCd0gM8trWyesKUr5I33q2Z1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/cb9493-e834-4f0e-8abb-1a92fb0dc1c7/1/4Oz2bzKcj7ryJx-Yi4XIbgTA_p4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/cb9493-e834-4f0e-8abb-1a92fb0dc1c7/1/nqeCd0gM8trWyesKUr5I33q2Z1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.110.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:a8:c6:d6:7e:25:40:ed:44:dd:1c:0f:fe:31:99:fc:ac:17:
         29:5a:20:3f:f0:e0:4c:97:41:ba:47:b2:47:0d:28:24:39:89:
         50:e6:f1:ce:16:1f:c5:44:f3:6a:b5:28:92:b7:72:42:59:7b:
         b4:a9:74:03:2a:39:62:6d:9a:17:48:b4:cb:d5:fa:bf:5d:b4:
         2a:23:55:99:78:93:96:b3:d2:50:e2:ff:dc:ef:b6:e2:83:b1:
         b5:e5:5c:f8:f8:2b:29:6f:5b:4b:17:31:ac:4c:07:9e:03:c5:
         00:7f:cd:77:85:9c:8d:1b:f2:96:91:30:bf:27:39:f0:28:24:
         ba:7b:19:cf:77:65:69:54:fa:ba:1f:84:72:c6:74:33:db:22:
         8b:a5:ce:9c:10:a4:12:e3:2c:60:cd:2c:03:1f:7b:22:83:62:
         36:4d:20:a0:0f:54:0b:c8:dd:99:f5:f1:aa:0a:cb:f2:b9:6c:
         34:24:2a:0a:80:df:c2:a3:af:e6:76:29:94:77:db:76:56:b1:
         fd:e2:ee:cd:ae:b1:77:a4:b4:59:f7:ec:5d:95:ba:bc:26:40:
         72:02:dd:64:ee:45:cf:2d:50:eb:57:d9:50:79:27:0e:fa:90:
         4d:ce:49:44:47:c8:2e:5e:d8:5a:4d:7b:af:d7:64:44:27:49:
         c6:4b:26:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtrqPMxKyBVO/CvoMu9RVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllYTc4Mjc3NDgwY2YyZGFkNmM5ZWIwYTUyYmU0OGRmN2Fi
NjY3NWEwHhcNMjQwMTAxMDYyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGVjZjY2ZjMyOWM4ZmJhZjIyNzFmOTg4Yjg1Yzg2ZTA0YzBmZTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgjP4ZdNYtTfBc4VtGx+jqpODsYal
9kbUyawZvivUruPGpcq4bVg0JGzKvPaXmGiEPIv0HfskHmKth1+uqHtedOit/IUC
KbqRqeygFLtm4Ud33yHaiIWKMGijmuXjp2QhgLwTKoEGlYeIqBxKwnF4zZ7OkjuM
x+p2FcJJbUS6n/dIM+LLSK3KV4h4aAoWlgFfZsLbXLt2FvzY2AmCB/Al5Rw5ZoMU
sCLjNt8HZx04Sz8WAYUMrxIJYmi9OnKDMlwOyDQQWzM71UnnsIU97c4lEnd7lRTa
Jeef1Fe6x3zwQtNY4BwL94j3m6z21Rb5kr3f4qJIoBI3nWND5t21O5JwDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFODs9m8ynI+68icfmIuFyG4EwP6eMB8GA1UdIwQY
MBaAFJ6ngndIDPLa1snrClK+SN96tmdaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnFlQ2QwZ004dHJXeWVzS1VyNUkzM3EyWjFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9jYjk0OTMtZTgzNC00ZjBlLThhYmIt
MWE5MmZiMGRjMWM3LzEvNE96MmJ6S2NqN3J5SngtWWk0WEliZ1RBX3A0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9jYjk0OTMtZTgzNC00ZjBlLThhYmItMWE5MmZiMGRjMWM3
LzEvbnFlQ2QwZ004dHJXeWVzS1VyNUkzM3EyWjFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwm7TMA0G
CSqGSIb3DQEBCwUAA4IBAQBEqMbWfiVA7UTdHA/+MZn8rBcpWiA/8OBMl0G6R7JH
DSgkOYlQ5vHOFh/FRPNqtSiSt3JCWXu0qXQDKjlibZoXSLTL1fq/XbQqI1WZeJOW
s9JQ4v/c77big7G15Vz4+Cspb1tLFzGsTAeeA8UAf813hZyNG/KWkTC/JznwKCS6
exnPd2VpVPq6H4RyxnQz2yKLpc6cEKQS4yxgzSwDH3sig2I2TSCgD1QLyN2Z9fGq
CsvyuWw0JCoKgN/Co6/mdimUd9t2VrH94u7NrrF3pLRZ9+xdlbq8JkByAt1k7kXP
LVDrV9lQeScO+pBNzklER8guXthaTXuv12REJ0nGSyai
-----END CERTIFICATE-----