Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/6e4e68-87aa-478c-8e5f-e06176ab24fb/1/4BOoh9ZvRlX2US_OZJ_A9kCTrtI.roa
File:                     4BOoh9ZvRlX2US_OZJ_A9kCTrtI.roa (raw, json)
Hash identifier:          +tR3y1xSs3M/3+ZhTBHMrJWVz7B8nzvm5Sr9MdXyV2U=
Subject key identifier:   E0:13:A8:87:D6:6F:46:55:F6:51:2F:CE:64:9F:C0:F6:40:93:AE:D2
Certificate issuer:       /CN=b6380000fb7e45f8976261a698d418f08e8d67c7
Certificate serial:       0194274786DAA68B6DCC0A51144FA7C83E80
Authority key identifier: B6:38:00:00:FB:7E:45:F8:97:62:61:A6:98:D4:18:F0:8E:8D:67:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tjgAAPt-RfiXYmGmmNQY8I6NZ8c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/6e4e68-87aa-478c-8e5f-e06176ab24fb/1/4BOoh9ZvRlX2US_OZJ_A9kCTrtI.roa
Signing time:             Thu 02 Jan 2025 13:49:46 +0000
ROA not before:           Thu 02 Jan 2025 13:49:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3356
IP address blocks:        212.57.192.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/6e4e68-87aa-478c-8e5f-e06176ab24fb/1/tjgAAPt-RfiXYmGmmNQY8I6NZ8c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/6e4e68-87aa-478c-8e5f-e06176ab24fb/1/tjgAAPt-RfiXYmGmmNQY8I6NZ8c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tjgAAPt-RfiXYmGmmNQY8I6NZ8c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 14:35:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:86:da:a6:8b:6d:cc:0a:51:14:4f:a7:c8:3e:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6380000fb7e45f8976261a698d418f08e8d67c7
        Validity
            Not Before: Jan  2 13:49:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e013a887d66f4655f6512fce649fc0f64093aed2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:ff:82:45:55:2d:20:36:6f:86:d6:b5:2a:dc:
                    82:60:e9:35:74:d1:13:f5:4f:d2:1f:92:35:55:24:
                    4e:25:aa:fe:1a:4f:96:2c:ff:ac:86:45:04:95:f3:
                    83:e9:fc:8e:df:b6:f5:2e:b8:b7:02:0d:20:f5:a9:
                    ae:48:d2:8e:43:1e:ed:f3:53:35:fe:f4:76:05:a5:
                    f6:b4:3a:61:88:0e:9d:04:3e:18:2b:7b:c2:df:56:
                    1e:bf:e0:47:eb:42:d4:1c:ad:2c:2f:5f:c4:5f:f3:
                    80:b8:69:1b:6a:c3:b8:07:4d:bc:3f:da:3d:af:e4:
                    d0:4d:98:8b:13:cc:22:1b:cb:a7:3b:c6:45:af:4c:
                    8e:3d:4c:ae:04:74:da:ae:c7:2b:a8:10:99:74:b7:
                    f6:ed:19:bf:8b:a2:d6:39:1b:9e:70:ab:1d:6b:fe:
                    96:23:ad:4c:21:c9:60:d5:29:ee:24:18:bb:3e:8c:
                    b7:18:69:63:8e:08:79:d6:f3:0a:53:ea:7f:1a:64:
                    75:cf:f8:32:f1:70:98:ed:3b:f5:4a:79:f0:ee:05:
                    ba:49:78:fc:c0:cd:d7:53:0b:e6:6b:39:5d:ef:fd:
                    b0:1a:3e:f4:75:3e:f7:3f:06:01:33:a5:e3:33:db:
                    5f:9f:d3:3d:1e:e3:49:92:7b:83:5e:24:95:7f:0a:
                    9e:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:13:A8:87:D6:6F:46:55:F6:51:2F:CE:64:9F:C0:F6:40:93:AE:D2
            X509v3 Authority Key Identifier:
                keyid:B6:38:00:00:FB:7E:45:F8:97:62:61:A6:98:D4:18:F0:8E:8D:67:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tjgAAPt-RfiXYmGmmNQY8I6NZ8c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/6e4e68-87aa-478c-8e5f-e06176ab24fb/1/4BOoh9ZvRlX2US_OZJ_A9kCTrtI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/6e4e68-87aa-478c-8e5f-e06176ab24fb/1/tjgAAPt-RfiXYmGmmNQY8I6NZ8c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.57.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         82:54:db:a7:05:b5:1a:01:dc:17:ee:3b:e4:0c:49:54:72:70:
         49:73:63:3b:38:fd:f5:6b:28:e7:0d:79:66:ac:7a:d8:e8:50:
         1b:a0:1a:c1:ea:d6:41:35:ab:78:73:a5:b0:f4:c1:8f:e7:82:
         46:5d:85:0c:62:37:62:e3:f3:7f:3f:71:57:be:d9:a0:6d:da:
         db:c5:54:51:13:b4:22:d6:58:b1:5a:2c:be:02:7c:a7:45:18:
         a2:3b:72:0d:17:06:6f:23:47:07:c1:c6:c2:05:a8:c5:8f:a4:
         ba:7e:12:81:fc:08:5d:95:a8:fa:42:f8:61:20:33:38:a4:9d:
         12:1f:ff:f8:5b:ae:1c:2d:c8:41:9f:37:0e:5e:ca:d9:e7:e9:
         d0:28:a4:e5:38:0d:fb:ea:32:fe:6d:f2:68:eb:b6:1a:64:54:
         51:0f:f0:f6:63:b5:57:d5:7d:e3:85:ac:c0:37:64:dc:bb:2b:
         90:33:31:68:c9:64:07:26:6a:d1:06:06:a1:ac:7d:aa:ff:df:
         9d:d4:89:aa:54:8c:07:c2:91:cf:69:61:06:c1:6d:a2:09:3d:
         6d:0b:d4:4a:bc:69:2b:37:c0:88:3d:b3:ec:2a:31:2d:1a:c0:
         5e:4f:e3:d7:a1:d6:12:e5:1a:cf:95:0a:d1:0a:86:d3:e6:40:
         4c:7b:b5:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR4bapottzApRFE+nyD6AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2MzgwMDAwZmI3ZTQ1Zjg5NzYyNjFhNjk4ZDQxOGYwOGU4
ZDY3YzcwHhcNMjUwMTAyMTM0OTQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDEzYTg4N2Q2NmY0NjU1ZjY1MTJmY2U2NDlmYzBmNjQwOTNhZWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApf+CRVUtIDZvhta1KtyCYOk1dNET
9U/SH5I1VSROJar+Gk+WLP+shkUElfOD6fyO37b1Lri3Ag0g9amuSNKOQx7t81M1
/vR2BaX2tDphiA6dBD4YK3vC31Yev+BH60LUHK0sL1/EX/OAuGkbasO4B028P9o9
r+TQTZiLE8wiG8unO8ZFr0yOPUyuBHTarscrqBCZdLf27Rm/i6LWORuecKsda/6W
I61MIclg1SnuJBi7Poy3GGljjgh51vMKU+p/GmR1z/gy8XCY7Tv1Snnw7gW6SXj8
wM3XUwvmazld7/2wGj70dT73PwYBM6XjM9tfn9M9HuNJknuDXiSVfwqeGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOATqIfWb0ZV9lEvzmSfwPZAk67SMB8GA1UdIwQY
MBaAFLY4AAD7fkX4l2JhppjUGPCOjWfHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGpnQUFQdC1SZmlYWW1HbW1OUVk4STZOWjhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi82ZTRlNjgtODdhYS00NzhjLThlNWYt
ZTA2MTc2YWIyNGZiLzEvNEJPb2g5WnZSbFgyVVNfT1pKX0E5a0NUcnRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi82ZTRlNjgtODdhYS00NzhjLThlNWYtZTA2MTc2YWIyNGZi
LzEvdGpnQUFQdC1SZmlYWW1HbW1OUVk4STZOWjhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF1DnAMA0G
CSqGSIb3DQEBCwUAA4IBAQCCVNunBbUaAdwX7jvkDElUcnBJc2M7OP31ayjnDXlm
rHrY6FAboBrB6tZBNat4c6Ww9MGP54JGXYUMYjdi4/N/P3FXvtmgbdrbxVRRE7Qi
1lixWiy+AnynRRiiO3INFwZvI0cHwcbCBajFj6S6fhKB/Ahdlaj6QvhhIDM4pJ0S
H//4W64cLchBnzcOXsrZ5+nQKKTlOA376jL+bfJo67YaZFRRD/D2Y7VX1X3jhazA
N2TcuyuQMzFoyWQHJmrRBgahrH2q/9+d1ImqVIwHwpHPaWEGwW2iCT1tC9RKvGkr
N8CIPbPsKjEtGsBeT+PXodYS5RrPlQrRCobT5kBMe7UN
-----END CERTIFICATE-----