Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/4FG-Gt6SFKp7TB02Iik15wO8HHM.roa
File:                     4FG-Gt6SFKp7TB02Iik15wO8HHM.roa (raw, json)
Hash identifier:          0KH91iI0UpfCpG/Oln+nsLgsxkahV1EGeNoVsjG7z28=
Subject key identifier:   E0:51:BE:1A:DE:92:14:AA:7B:4C:1D:36:22:29:35:E7:03:BC:1C:73
Certificate issuer:       /CN=ebec9030c70a3d4192d59c28dcc8d547694340b3
Certificate serial:       018CC492533710EFC7516530966A9A01FDA8
Authority key identifier: EB:EC:90:30:C7:0A:3D:41:92:D5:9C:28:DC:C8:D5:47:69:43:40:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/4FG-Gt6SFKp7TB02Iik15wO8HHM.roa
Signing time:             Mon 01 Jan 2024 10:29:33 +0000
ROA not before:           Mon 01 Jan 2024 10:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210058
IP address blocks:        93.175.247.0/24 maxlen: 24
                          212.21.131.0/24 maxlen: 24
                          212.21.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 07:02:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:53:37:10:ef:c7:51:65:30:96:6a:9a:01:fd:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebec9030c70a3d4192d59c28dcc8d547694340b3
        Validity
            Not Before: Jan  1 10:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e051be1ade9214aa7b4c1d36222935e703bc1c73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:19:10:a3:cd:77:c1:00:ca:4e:84:ec:0e:21:
                    f2:77:78:6e:51:cc:90:bd:e0:45:e2:30:bf:b7:93:
                    ec:48:fa:81:ed:1b:cb:50:40:91:fe:5d:97:53:9d:
                    1b:e7:78:93:df:ac:b0:ed:13:17:a1:0d:7d:f7:c1:
                    c5:5f:71:98:bb:48:39:65:d5:36:4b:84:de:9b:f2:
                    74:f8:50:af:f4:88:ed:6b:7b:79:5a:27:3a:81:d1:
                    6a:dc:0f:4f:ed:78:f9:b5:8c:1f:7b:2b:cb:5d:92:
                    3c:53:2c:d7:67:38:97:f2:9d:f5:da:3e:7e:47:20:
                    93:a1:4a:74:8a:f0:26:d8:33:9d:d7:8a:47:ca:16:
                    73:57:d3:a0:58:4d:38:8c:54:67:4f:e7:e9:b3:40:
                    08:c6:3f:36:e2:eb:0f:af:de:56:c8:50:19:1b:da:
                    a4:05:4c:07:92:89:a1:cd:18:e5:45:a1:68:da:34:
                    ca:6d:61:bb:38:68:42:5e:92:9a:43:ea:3c:2c:a3:
                    a9:c9:c2:1d:5f:40:81:96:39:13:ef:be:f1:37:9c:
                    24:3c:5f:ed:c5:35:a2:f1:cc:44:d2:89:5c:01:3f:
                    9d:12:26:ef:71:5f:01:3f:c1:62:a1:f9:1e:50:56:
                    52:c4:8b:c6:45:e4:af:76:52:91:55:8f:8c:1a:2b:
                    be:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:51:BE:1A:DE:92:14:AA:7B:4C:1D:36:22:29:35:E7:03:BC:1C:73
            X509v3 Authority Key Identifier:
                keyid:EB:EC:90:30:C7:0A:3D:41:92:D5:9C:28:DC:C8:D5:47:69:43:40:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/4FG-Gt6SFKp7TB02Iik15wO8HHM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.175.247.0/24
                  212.21.131.0/24
                  212.21.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:1d:85:fc:36:19:4c:60:7c:18:84:e2:ee:b1:20:ee:61:39:
         5c:73:2b:ba:07:c3:06:73:0b:9b:b9:42:3a:43:4e:ae:ff:11:
         b7:43:a5:20:f0:a5:3c:4e:b9:1c:a0:0b:07:ce:32:55:0c:ec:
         dc:6a:d3:73:fa:81:36:de:a5:b0:3b:c0:c0:da:d6:64:ef:bf:
         c7:31:c5:e5:e5:3c:f1:ef:a8:72:be:6a:9e:6d:ca:a5:cc:07:
         b4:2a:71:19:ec:3c:bc:16:65:31:09:d7:82:a3:09:eb:a4:c9:
         2a:ac:36:ff:94:4f:9e:53:65:ac:e4:da:e0:88:5f:da:70:cb:
         18:fc:9e:48:e1:e3:93:71:5e:0c:0f:7a:be:f9:fa:22:2f:fc:
         e7:e0:94:88:18:4a:4d:f7:12:fa:6f:34:ef:e7:94:a3:e0:13:
         45:14:41:92:ab:b1:ff:35:c5:91:bd:32:a6:3d:5c:98:93:12:
         20:61:33:ab:8b:77:ad:bd:7b:d1:93:82:f3:65:d6:d5:ca:53:
         09:ab:d3:60:e6:84:0e:7f:3a:ac:a1:88:85:a3:20:93:8e:0d:
         b7:f8:70:b0:c2:53:96:1f:cd:d1:23:f2:84:08:53:90:c4:49:
         6f:58:87:52:6f:52:9d:09:d3:8a:ed:69:8d:08:b0:ea:9f:45:
         5d:08:55:3d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzEklM3EO/HUWUwlmqaAf2oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZWM5MDMwYzcwYTNkNDE5MmQ1OWMyOGRjYzhkNTQ3Njk0
MzQwYjMwHhcNMjQwMTAxMTAyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDUxYmUxYWRlOTIxNGFhN2I0YzFkMzYyMjI5MzVlNzAzYmMxYzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRkQo813wQDKToTsDiHyd3huUcyQ
veBF4jC/t5PsSPqB7RvLUECR/l2XU50b53iT36yw7RMXoQ1998HFX3GYu0g5ZdU2
S4Tem/J0+FCv9Ijta3t5Wic6gdFq3A9P7Xj5tYwfeyvLXZI8UyzXZziX8p312j5+
RyCToUp0ivAm2DOd14pHyhZzV9OgWE04jFRnT+fps0AIxj824usPr95WyFAZG9qk
BUwHkomhzRjlRaFo2jTKbWG7OGhCXpKaQ+o8LKOpycIdX0CBljkT777xN5wkPF/t
xTWi8cxE0olcAT+dEibvcV8BP8FiofkeUFZSxIvGReSvdlKRVY+MGiu+gwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOBRvhrekhSqe0wdNiIpNecDvBxzMB8GA1UdIwQY
MBaAFOvskDDHCj1BktWcKNzI1UdpQ0CzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNi15UU1NY0tQVUdTMVp3bzNNalZSMmxEUUxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8zNzJiODctOTVmNC00Yzk4LWE2ZjQt
NGE2Zjg2ODMyNjVjLzEvNEZHLUd0NlNGS3A3VEIwMklpazE1d084SEhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8zNzJiODctOTVmNC00Yzk4LWE2ZjQtNGE2Zjg2ODMyNjVj
LzEvNi15UU1NY0tQVUdTMVp3bzNNalZSMmxEUUxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAXa/3AwQA
1BWDAwQA1BWHMA0GCSqGSIb3DQEBCwUAA4IBAQBmHYX8NhlMYHwYhOLusSDuYTlc
cyu6B8MGcwubuUI6Q06u/xG3Q6Ug8KU8TrkcoAsHzjJVDOzcatNz+oE23qWwO8DA
2tZk77/HMcXl5Tzx76hyvmqebcqlzAe0KnEZ7Dy8FmUxCdeCownrpMkqrDb/lE+e
U2Ws5NrgiF/acMsY/J5I4eOTcV4MD3q++foiL/zn4JSIGEpN9xL6bzTv55Sj4BNF
FEGSq7H/NcWRvTKmPVyYkxIgYTOri3etvXvRk4LzZdbVylMJq9Ng5oQOfzqsoYiF
oyCTjg23+HCwwlOWH83RI/KECFOQxElvWIdSb1KdCdOK7WmNCLDqn0VdCFU9
-----END CERTIFICATE-----