Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/i4v6AZ8AjCY-DaijxXBLxpCWr-o.roa
File:                     i4v6AZ8AjCY-DaijxXBLxpCWr-o.roa (raw, json)
Hash identifier:          IzqUiUJUiq+h6Lhm9373nMFr5yy8oOrsxUoRI4smlK0=
Subject key identifier:   8B:8B:FA:01:9F:00:8C:26:3E:0D:A8:A3:C5:70:4B:C6:90:96:AF:EA
Certificate issuer:       /CN=490b21f79b9ea2f3d042374714867d12401995db
Certificate serial:       0194214438C15DABA79ADA88F72ADC8B1EB7
Authority key identifier: 49:0B:21:F7:9B:9E:A2:F3:D0:42:37:47:14:86:7D:12:40:19:95:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SQsh95ueovPQQjdHFIZ9EkAZlds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/i4v6AZ8AjCY-DaijxXBLxpCWr-o.roa
Signing time:             Wed 01 Jan 2025 09:48:26 +0000
ROA not before:           Wed 01 Jan 2025 09:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215742
IP address blocks:        195.184.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/SQsh95ueovPQQjdHFIZ9EkAZlds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/SQsh95ueovPQQjdHFIZ9EkAZlds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SQsh95ueovPQQjdHFIZ9EkAZlds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:38:c1:5d:ab:a7:9a:da:88:f7:2a:dc:8b:1e:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=490b21f79b9ea2f3d042374714867d12401995db
        Validity
            Not Before: Jan  1 09:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8b8bfa019f008c263e0da8a3c5704bc69096afea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:f2:ca:8a:f3:dc:50:dd:4e:88:5e:03:b0:56:
                    49:e8:9c:1c:05:53:db:9b:f3:c2:2d:64:f7:f1:f1:
                    e3:be:7c:09:a6:b2:08:31:16:f0:d6:a9:2d:b2:a4:
                    0c:f6:b7:7b:c6:3d:86:33:26:01:99:4c:0a:d1:e2:
                    df:23:ca:8b:14:a8:76:3d:bc:fe:73:2f:c7:94:45:
                    58:bd:e8:d8:2c:c5:7b:9c:75:32:a6:a7:22:43:19:
                    c0:f4:16:e6:e4:4a:72:0d:1b:9a:97:fa:61:9c:55:
                    be:1d:0e:19:8e:ca:45:41:24:ef:a3:bc:65:26:08:
                    05:e7:4a:af:c2:c2:08:32:80:bb:4a:f0:b1:ce:18:
                    77:7d:aa:06:61:cd:4f:f8:09:6b:e2:4c:cd:2f:1a:
                    38:84:b4:fa:b7:6f:3e:91:4f:24:0c:7c:46:f6:d4:
                    c0:ce:74:50:8c:73:75:e9:e0:06:18:a0:d5:8a:81:
                    0d:2f:2b:d4:38:aa:77:61:6c:b1:a1:3a:66:59:4c:
                    f6:05:0b:00:c3:f7:38:a0:71:8e:03:23:0b:cc:8c:
                    ed:6c:ad:f9:22:a2:dd:e2:20:3d:fb:23:cd:0b:86:
                    74:05:3d:65:ad:dc:16:8c:56:cf:67:28:af:35:91:
                    bb:6a:76:74:07:85:4b:8a:7b:e3:35:03:61:89:8d:
                    3a:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:8B:FA:01:9F:00:8C:26:3E:0D:A8:A3:C5:70:4B:C6:90:96:AF:EA
            X509v3 Authority Key Identifier:
                keyid:49:0B:21:F7:9B:9E:A2:F3:D0:42:37:47:14:86:7D:12:40:19:95:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SQsh95ueovPQQjdHFIZ9EkAZlds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/i4v6AZ8AjCY-DaijxXBLxpCWr-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/e10165-b4cd-4321-bf3c-480c32f400e1/1/SQsh95ueovPQQjdHFIZ9EkAZlds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.184.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:c5:e7:d0:b8:56:db:36:19:82:cc:65:03:91:6d:7c:a4:42:
         f2:37:c6:e0:ca:cc:82:e3:3e:14:f9:75:42:ff:39:14:4f:75:
         e3:f0:89:a5:17:11:3d:1b:15:bc:e4:c6:f1:2a:fb:91:25:8e:
         48:74:70:34:62:ab:a8:ef:8b:78:93:c8:64:4a:73:6f:4c:4a:
         2a:7d:14:a7:39:cc:f0:4e:00:aa:a1:a7:10:fe:b3:7c:8c:71:
         7a:67:33:ac:b7:b8:9f:ba:ca:df:81:b6:b6:e0:3e:35:7c:18:
         d2:6b:27:14:f3:6d:99:8d:54:a1:22:05:ee:7b:30:ec:b9:f5:
         17:20:48:ce:d2:e7:2a:9c:c1:59:c3:8e:54:f6:0b:18:b5:97:
         b5:c7:ed:c6:73:ba:4d:4d:86:9b:ad:2a:4b:51:6d:ee:df:a4:
         2a:d7:9f:43:57:32:47:6b:21:86:5c:3a:75:0b:ce:1a:32:52:
         8d:0f:6c:34:91:d5:73:69:0b:cc:a8:93:61:01:a5:88:3b:e7:
         46:e7:f1:80:08:39:37:2e:12:14:17:cc:8a:95:b3:c1:86:01:
         6e:58:f8:9a:b6:c6:bc:85:7d:5e:2f:fc:07:91:08:c1:aa:ef:
         f4:42:2b:8d:c2:78:3a:93:e0:ff:fd:c1:50:1c:eb:55:96:07:
         55:fe:df:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRDjBXaunmtqI9yrcix63MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5MGIyMWY3OWI5ZWEyZjNkMDQyMzc0NzE0ODY3ZDEyNDAx
OTk1ZGIwHhcNMjUwMTAxMDk0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjhiZmEwMTlmMDA4YzI2M2UwZGE4YTNjNTcwNGJjNjkwOTZhZmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg/LKivPcUN1OiF4DsFZJ6JwcBVPb
m/PCLWT38fHjvnwJprIIMRbw1qktsqQM9rd7xj2GMyYBmUwK0eLfI8qLFKh2Pbz+
cy/HlEVYvejYLMV7nHUypqciQxnA9Bbm5EpyDRual/phnFW+HQ4ZjspFQSTvo7xl
JggF50qvwsIIMoC7SvCxzhh3faoGYc1P+Alr4kzNLxo4hLT6t28+kU8kDHxG9tTA
znRQjHN16eAGGKDVioENLyvUOKp3YWyxoTpmWUz2BQsAw/c4oHGOAyMLzIztbK35
IqLd4iA9+yPNC4Z0BT1lrdwWjFbPZyivNZG7anZ0B4VLinvjNQNhiY06gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIuL+gGfAIwmPg2oo8VwS8aQlq/qMB8GA1UdIwQY
MBaAFEkLIfebnqLz0EI3RxSGfRJAGZXbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1FzaDk1dWVvdlBRUWpkSEZJWjlFa0FabGRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9lMTAxNjUtYjRjZC00MzIxLWJmM2Mt
NDgwYzMyZjQwMGUxLzEvaTR2NkFaOEFqQ1ktRGFpanhYQkx4cENXci1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9lMTAxNjUtYjRjZC00MzIxLWJmM2MtNDgwYzMyZjQwMGUx
LzEvU1FzaDk1dWVvdlBRUWpkSEZJWjlFa0FabGRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7juMA0G
CSqGSIb3DQEBCwUAA4IBAQCaxefQuFbbNhmCzGUDkW18pELyN8bgysyC4z4U+XVC
/zkUT3Xj8ImlFxE9GxW85MbxKvuRJY5IdHA0Yquo74t4k8hkSnNvTEoqfRSnOczw
TgCqoacQ/rN8jHF6ZzOst7ifusrfgba24D41fBjSaycU822ZjVShIgXuezDsufUX
IEjO0ucqnMFZw45U9gsYtZe1x+3Gc7pNTYabrSpLUW3u36Qq159DVzJHayGGXDp1
C84aMlKND2w0kdVzaQvMqJNhAaWIO+dG5/GACDk3LhIUF8yKlbPBhgFuWPiatsa8
hX1eL/wHkQjBqu/0QiuNwng6k+D//cFQHOtVlgdV/t+z
-----END CERTIFICATE-----