Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/1fd6bc-57e2-4f50-98b7-cc7635de6e7a/1/4pppDVsEzxWcpvOQRzSfsEfJ_j4.roa
File:                     4pppDVsEzxWcpvOQRzSfsEfJ_j4.roa (raw, json)
Hash identifier:          QqOmQPrrioYAbFdEx9jvAv4IzYIgXNG6tw4Mnvbd0vE=
Subject key identifier:   E2:9A:69:0D:5B:04:CF:15:9C:A6:F3:90:47:34:9F:B0:47:C9:FE:3E
Certificate issuer:       /CN=e8cbbff218a437df8f80a98cd2faeb9c2418fd00
Certificate serial:       01942669D097E92694393A33C7BC40654F5D
Authority key identifier: E8:CB:BF:F2:18:A4:37:DF:8F:80:A9:8C:D2:FA:EB:9C:24:18:FD:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6Mu_8hikN9-PgKmM0vrrnCQY_QA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/1fd6bc-57e2-4f50-98b7-cc7635de6e7a/1/4pppDVsEzxWcpvOQRzSfsEfJ_j4.roa
Signing time:             Thu 02 Jan 2025 09:47:36 +0000
ROA not before:           Thu 02 Jan 2025 09:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34953
IP address blocks:        193.32.64.0/24 maxlen: 24
                          2001:67c:2054::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/1fd6bc-57e2-4f50-98b7-cc7635de6e7a/1/6Mu_8hikN9-PgKmM0vrrnCQY_QA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/1fd6bc-57e2-4f50-98b7-cc7635de6e7a/1/6Mu_8hikN9-PgKmM0vrrnCQY_QA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6Mu_8hikN9-PgKmM0vrrnCQY_QA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:69:d0:97:e9:26:94:39:3a:33:c7:bc:40:65:4f:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8cbbff218a437df8f80a98cd2faeb9c2418fd00
        Validity
            Not Before: Jan  2 09:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e29a690d5b04cf159ca6f39047349fb047c9fe3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:e2:ec:b1:86:b5:eb:1c:fe:31:44:0a:84:76:
                    f0:42:ac:c2:a4:51:11:6b:8e:01:ab:d3:a4:f9:d0:
                    f8:70:81:5a:ef:c9:b2:b8:22:6d:d3:02:8b:ae:d2:
                    e3:3f:b2:e1:69:66:9e:45:2a:0e:5d:cb:a2:c7:78:
                    9f:e6:1c:a4:ad:d7:1e:45:4b:2c:c5:15:cb:82:25:
                    72:b6:56:fa:37:73:14:96:5a:26:f3:02:9a:44:58:
                    d6:b3:3d:cc:75:a6:82:87:78:b5:eb:9f:c2:28:f5:
                    fd:2f:08:75:d3:cd:ec:e2:e7:bb:bd:29:0e:e1:41:
                    1e:06:43:39:5c:12:71:ee:00:33:87:b7:e4:45:54:
                    c1:10:54:92:2e:e4:18:b4:01:ae:21:6f:2e:10:47:
                    4d:c5:ae:f1:46:2e:b3:88:ea:72:7e:bf:23:77:62:
                    58:8e:27:1f:fa:a8:89:13:e7:c7:f0:4b:64:23:d3:
                    ea:3c:93:e6:11:7e:30:88:1c:2c:6f:6a:a2:72:9c:
                    88:b2:25:4e:2b:2c:53:eb:72:86:86:ef:28:00:98:
                    0f:fc:14:f6:d5:6a:14:4e:9f:33:94:20:c9:a9:2c:
                    97:f4:21:55:65:ea:70:9a:30:58:dc:cc:2d:7d:f5:
                    41:28:03:29:6a:ee:10:35:90:de:d4:88:c3:b1:15:
                    19:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:9A:69:0D:5B:04:CF:15:9C:A6:F3:90:47:34:9F:B0:47:C9:FE:3E
            X509v3 Authority Key Identifier:
                keyid:E8:CB:BF:F2:18:A4:37:DF:8F:80:A9:8C:D2:FA:EB:9C:24:18:FD:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6Mu_8hikN9-PgKmM0vrrnCQY_QA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/1fd6bc-57e2-4f50-98b7-cc7635de6e7a/1/4pppDVsEzxWcpvOQRzSfsEfJ_j4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/1fd6bc-57e2-4f50-98b7-cc7635de6e7a/1/6Mu_8hikN9-PgKmM0vrrnCQY_QA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.64.0/24
                IPv6:
                  2001:67c:2054::/48

    Signature Algorithm: sha256WithRSAEncryption
         1a:00:42:39:dd:b2:75:79:c6:4f:da:22:50:77:b4:34:f8:88:
         2f:d2:6d:2d:15:6f:be:c3:5e:30:1d:cb:89:e2:7c:3e:7b:1a:
         06:10:99:c0:3d:37:c9:d8:a0:4d:94:e2:06:98:44:51:30:b2:
         20:7f:bc:a6:64:8d:df:0a:15:6b:28:99:b4:f7:03:b0:1f:c4:
         62:49:8a:68:9d:22:48:62:8e:5f:01:a5:f8:9a:4a:2e:aa:07:
         8b:d5:9b:2b:3e:5d:41:c7:6d:9f:ac:63:31:12:a5:8a:54:cc:
         b3:57:99:75:cb:39:27:2b:56:0f:68:b1:9f:68:bf:1b:b5:b5:
         f4:69:2c:30:e6:01:3a:be:41:42:61:09:6a:b4:d3:48:bb:bb:
         9c:74:db:16:4b:3c:91:cd:cb:1f:df:10:9d:68:df:2f:b9:df:
         22:72:7b:8d:cf:9a:f5:0d:b7:d3:d7:6f:29:bf:20:6b:fe:f7:
         57:c1:b3:08:ed:c0:04:c2:02:93:db:e0:d9:cb:86:7d:5f:ad:
         bb:27:ca:e9:55:6e:2f:2a:44:70:12:24:83:fe:a4:27:8b:22:
         f4:83:17:17:73:79:d7:4e:d5:3c:9a:c8:71:1d:27:08:7c:81:
         75:9c:4a:b3:82:ed:ad:c4:1d:6d:ac:f5:6c:48:69:e4:79:b6:
         59:7b:62:1b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQmadCX6SaUOTozx7xAZU9dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4Y2JiZmYyMThhNDM3ZGY4ZjgwYTk4Y2QyZmFlYjljMjQx
OGZkMDAwHhcNMjUwMTAyMDk0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjlhNjkwZDViMDRjZjE1OWNhNmYzOTA0NzM0OWZiMDQ3YzlmZTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu+LssYa16xz+MUQKhHbwQqzCpFER
a44Bq9Ok+dD4cIFa78myuCJt0wKLrtLjP7LhaWaeRSoOXcuix3if5hykrdceRUss
xRXLgiVytlb6N3MUllom8wKaRFjWsz3MdaaCh3i165/CKPX9Lwh1083s4ue7vSkO
4UEeBkM5XBJx7gAzh7fkRVTBEFSSLuQYtAGuIW8uEEdNxa7xRi6ziOpyfr8jd2JY
jicf+qiJE+fH8EtkI9PqPJPmEX4wiBwsb2qicpyIsiVOKyxT63KGhu8oAJgP/BT2
1WoUTp8zlCDJqSyX9CFVZepwmjBY3MwtffVBKAMpau4QNZDe1IjDsRUZOQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOKaaQ1bBM8VnKbzkEc0n7BHyf4+MB8GA1UdIwQY
MBaAFOjLv/IYpDffj4CpjNL665wkGP0AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNk11XzhoaWtOOS1QZ0ttTTB2cnJuQ1FZX1FBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8xZmQ2YmMtNTdlMi00ZjUwLTk4Yjct
Y2M3NjM1ZGU2ZTdhLzEvNHBwcERWc0V6eFdjcHZPUVJ6U2ZzRWZKX2o0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8xZmQ2YmMtNTdlMi00ZjUwLTk4YjctY2M3NjM1ZGU2ZTdh
LzEvNk11XzhoaWtOOS1QZ0ttTTB2cnJuQ1FZX1FBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwSBAMA8E
AgACMAkDBwAgAQZ8IFQwDQYJKoZIhvcNAQELBQADggEBABoAQjndsnV5xk/aIlB3
tDT4iC/SbS0Vb77DXjAdy4nifD57GgYQmcA9N8nYoE2U4gaYRFEwsiB/vKZkjd8K
FWsombT3A7AfxGJJimidIkhijl8BpfiaSi6qB4vVmys+XUHHbZ+sYzESpYpUzLNX
mXXLOScrVg9osZ9ovxu1tfRpLDDmATq+QUJhCWq000i7u5x02xZLPJHNyx/fEJ1o
3y+53yJye43PmvUNt9PXbym/IGv+91fBswjtwATCApPb4NnLhn1frbsnyulVbi8q
RHASJIP+pCeLIvSDFxdzeddO1TyayHEdJwh8gXWcSrOC7a3EHW2s9WxIaeR5tll7
Yhs=
-----END CERTIFICATE-----