Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/4SxEa8qHfL0SdS-yvynVjEWywI0.roa
File:                     4SxEa8qHfL0SdS-yvynVjEWywI0.roa (raw, json)
Hash identifier:          ed273NQ5dggxiwmHaUzsS7LYiMx/0KEG21fx026Qijc=
Subject key identifier:   E1:2C:44:6B:CA:87:7C:BD:12:75:2F:B2:BF:29:D5:8C:45:B2:C0:8D
Certificate issuer:       /CN=5dde4b3b82f209b701ae340cf53b974078f16a9f
Certificate serial:       019427B3F85570E79E3AB59069B6F99AB913
Authority key identifier: 5D:DE:4B:3B:82:F2:09:B7:01:AE:34:0C:F5:3B:97:40:78:F1:6A:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xd5LO4LyCbcBrjQM9TuXQHjxap8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/4SxEa8qHfL0SdS-yvynVjEWywI0.roa
Signing time:             Thu 02 Jan 2025 15:48:13 +0000
ROA not before:           Thu 02 Jan 2025 15:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     53340
IP address blocks:        185.143.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/Xd5LO4LyCbcBrjQM9TuXQHjxap8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/Xd5LO4LyCbcBrjQM9TuXQHjxap8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xd5LO4LyCbcBrjQM9TuXQHjxap8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 03:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b3:f8:55:70:e7:9e:3a:b5:90:69:b6:f9:9a:b9:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dde4b3b82f209b701ae340cf53b974078f16a9f
        Validity
            Not Before: Jan  2 15:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e12c446bca877cbd12752fb2bf29d58c45b2c08d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:4e:75:9e:99:bd:12:ad:81:35:1c:51:de:6a:
                    00:1a:89:e2:9d:d6:b9:7d:87:d2:f9:0b:0a:df:9e:
                    83:6b:e4:8a:80:0f:a5:12:69:77:26:39:46:1e:74:
                    aa:15:f0:e2:c6:63:0e:18:7c:6a:67:51:3c:9a:8e:
                    b4:2c:69:1f:75:3b:67:8e:2b:ca:72:5e:60:ba:93:
                    06:9c:bf:88:df:9a:91:65:3d:d1:d9:84:23:a8:17:
                    2e:e1:a8:75:a5:4f:b1:8d:77:ad:3a:05:be:a9:b5:
                    17:71:e5:91:8e:b5:bb:ed:e1:7a:36:6f:a6:5d:f8:
                    6d:76:71:76:59:6a:ff:8e:24:a5:3f:80:4e:47:49:
                    15:5a:a1:44:78:73:02:be:ab:1c:6c:53:88:0f:ca:
                    a4:44:17:ec:19:40:12:59:63:11:6a:03:19:7d:1e:
                    d7:23:10:14:9c:93:38:43:a3:08:a5:2b:5c:5a:cd:
                    51:3f:9d:29:b4:2e:a0:ba:9d:55:5c:58:d7:13:a2:
                    12:6f:c5:dd:9b:f8:e4:09:a1:4c:23:63:dc:f5:00:
                    74:22:32:b7:ef:11:b1:39:7f:ff:82:5c:b1:63:d8:
                    96:26:5f:fe:85:1f:da:4f:e7:3c:0f:30:5b:4c:ac:
                    a6:10:05:f8:ab:d9:79:bd:7d:74:c5:98:af:13:0d:
                    55:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:2C:44:6B:CA:87:7C:BD:12:75:2F:B2:BF:29:D5:8C:45:B2:C0:8D
            X509v3 Authority Key Identifier:
                keyid:5D:DE:4B:3B:82:F2:09:B7:01:AE:34:0C:F5:3B:97:40:78:F1:6A:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xd5LO4LyCbcBrjQM9TuXQHjxap8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/4SxEa8qHfL0SdS-yvynVjEWywI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/Xd5LO4LyCbcBrjQM9TuXQHjxap8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.143.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:f4:0d:80:e9:e8:f1:77:9c:1f:9f:03:77:a2:18:b2:d4:d6:
         c4:fc:ea:8b:3c:e2:44:a2:37:95:81:d9:0d:ea:73:ed:c0:60:
         88:15:6b:ac:53:b6:14:9b:21:a0:96:b8:0d:16:0d:51:f1:05:
         c1:1b:fa:65:71:f5:4c:90:77:70:c2:9c:05:7d:e4:56:12:8d:
         c3:35:ec:b8:6e:64:ea:4b:0c:23:e2:7e:7c:4e:82:1f:a7:15:
         0a:f3:1c:05:af:76:6a:15:27:f9:bf:f2:28:b2:45:f5:fa:c3:
         5e:10:d5:18:98:23:e4:18:c7:95:0b:47:17:54:36:53:31:a5:
         05:85:b3:d9:cb:04:08:32:e4:66:ab:b2:8b:0c:a4:07:06:5e:
         1f:35:c7:85:20:b7:6b:81:14:9c:55:e7:73:5a:1c:81:f0:c9:
         21:09:60:7a:99:ae:b0:d5:79:d3:b9:b4:ff:a1:fd:ed:0c:40:
         3a:d2:19:26:31:64:92:81:26:61:b1:fe:3b:69:b8:b1:0e:7e:
         e9:7b:34:71:10:3b:0f:21:43:75:b0:90:00:de:ee:29:93:ed:
         c8:d2:11:c0:ca:85:08:2b:b6:91:8c:eb:9e:8b:33:03:0f:5f:
         76:96:fe:69:21:c5:cf:47:51:72:cd:2d:5c:c4:59:aa:cf:73:
         2a:56:ae:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQns/hVcOeeOrWQabb5mrkTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZGU0YjNiODJmMjA5YjcwMWFlMzQwY2Y1M2I5NzQwNzhm
MTZhOWYwHhcNMjUwMTAyMTU0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTJjNDQ2YmNhODc3Y2JkMTI3NTJmYjJiZjI5ZDU4YzQ1YjJjMDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuE51npm9Eq2BNRxR3moAGoninda5
fYfS+QsK356Da+SKgA+lEml3JjlGHnSqFfDixmMOGHxqZ1E8mo60LGkfdTtnjivK
cl5gupMGnL+I35qRZT3R2YQjqBcu4ah1pU+xjXetOgW+qbUXceWRjrW77eF6Nm+m
XfhtdnF2WWr/jiSlP4BOR0kVWqFEeHMCvqscbFOID8qkRBfsGUASWWMRagMZfR7X
IxAUnJM4Q6MIpStcWs1RP50ptC6gup1VXFjXE6ISb8Xdm/jkCaFMI2Pc9QB0IjK3
7xGxOX//glyxY9iWJl/+hR/aT+c8DzBbTKymEAX4q9l5vX10xZivEw1VMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOEsRGvKh3y9EnUvsr8p1YxFssCNMB8GA1UdIwQY
MBaAFF3eSzuC8gm3Aa40DPU7l0B48WqfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGQ1TE80THlDYmNCcmpRTTlUdVhRSGp4YXA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi8wMmJkZjAtYmYyOS00ZGFlLWIxOWIt
ODZhNTUxOGUyZDUyLzEvNFN4RWE4cUhmTDBTZFMteXZ5blZqRVd5d0kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi8wMmJkZjAtYmYyOS00ZGFlLWIxOWItODZhNTUxOGUyZDUy
LzEvWGQ1TE80THlDYmNCcmpRTTlUdVhRSGp4YXA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY/wMA0G
CSqGSIb3DQEBCwUAA4IBAQAo9A2A6ejxd5wfnwN3ohiy1NbE/OqLPOJEojeVgdkN
6nPtwGCIFWusU7YUmyGglrgNFg1R8QXBG/plcfVMkHdwwpwFfeRWEo3DNey4bmTq
Swwj4n58ToIfpxUK8xwFr3ZqFSf5v/IoskX1+sNeENUYmCPkGMeVC0cXVDZTMaUF
hbPZywQIMuRmq7KLDKQHBl4fNceFILdrgRScVedzWhyB8MkhCWB6ma6w1XnTubT/
of3tDEA60hkmMWSSgSZhsf47abixDn7pezRxEDsPIUN1sJAA3u4pk+3I0hHAyoUI
K7aRjOueizMDD192lv5pIcXPR1FyzS1cxFmqz3MqVq5F
-----END CERTIFICATE-----