Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/4UNuayKJ9SKFMuYEY-BWSB61PDo.roa
File:                     4UNuayKJ9SKFMuYEY-BWSB61PDo.roa (raw, json)
Hash identifier:          VdmvXseDtE+yEFHvon3CqWBkcnp2a6Fyr5Xk6vQjKrA=
Subject key identifier:   E1:43:6E:6B:22:89:F5:22:85:32:E6:04:63:E0:56:48:1E:B5:3C:3A
Certificate issuer:       /CN=c398060f1bf22f0999cb071b1b42696dbc43e10c
Certificate serial:       01942823906DCF1270D82FE158BD7F57CFAA
Authority key identifier: C3:98:06:0F:1B:F2:2F:09:99:CB:07:1B:1B:42:69:6D:BC:43:E1:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w5gGDxvyLwmZywcbG0JpbbxD4Qw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/4UNuayKJ9SKFMuYEY-BWSB61PDo.roa
Signing time:             Thu 02 Jan 2025 17:50:06 +0000
ROA not before:           Thu 02 Jan 2025 17:50:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12414
IP address blocks:        185.91.248.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/w5gGDxvyLwmZywcbG0JpbbxD4Qw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/w5gGDxvyLwmZywcbG0JpbbxD4Qw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w5gGDxvyLwmZywcbG0JpbbxD4Qw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:90:6d:cf:12:70:d8:2f:e1:58:bd:7f:57:cf:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c398060f1bf22f0999cb071b1b42696dbc43e10c
        Validity
            Not Before: Jan  2 17:50:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e1436e6b2289f5228532e60463e056481eb53c3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:d7:89:e7:83:4c:3a:9d:e9:be:8a:81:8b:ce:
                    5b:3b:14:a0:bc:01:2b:4a:57:8b:c8:6d:2c:e1:25:
                    f3:8b:b5:10:c0:23:45:d1:e6:4d:94:4e:f7:fc:99:
                    1a:05:2d:6f:0f:eb:37:e2:c4:7d:2b:db:be:a8:6a:
                    7b:b9:16:ae:30:ac:63:ba:66:58:60:51:d3:91:08:
                    19:84:79:76:88:36:5b:65:c4:f4:c9:8f:f2:84:3c:
                    25:0e:ee:72:d9:76:df:3f:f6:59:8c:61:cf:3a:37:
                    db:f9:65:f6:e6:7a:33:52:29:cf:04:3f:a6:0f:cd:
                    e3:d3:85:57:b0:9e:86:d5:fd:5d:f6:f9:cc:e6:d4:
                    3b:d6:1a:b7:22:bc:bd:4d:d6:75:9b:82:73:7c:f9:
                    d5:40:af:b6:d9:6c:12:ba:c5:74:1c:5d:77:c9:d3:
                    8b:b0:ba:61:c0:2d:3a:3c:6a:37:dc:8b:89:05:d0:
                    49:9c:47:a8:54:fe:78:a7:7b:10:c2:af:2c:69:21:
                    61:5f:20:b6:93:56:8b:48:6e:2b:93:d2:02:54:74:
                    5c:2b:41:e5:40:4d:1f:75:a1:de:e0:43:21:8f:ae:
                    39:47:f4:39:ab:36:e3:65:63:4a:ac:94:3b:bb:87:
                    c7:c4:8e:2f:98:ec:34:35:3e:0c:ee:75:db:9f:0e:
                    c5:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:43:6E:6B:22:89:F5:22:85:32:E6:04:63:E0:56:48:1E:B5:3C:3A
            X509v3 Authority Key Identifier:
                keyid:C3:98:06:0F:1B:F2:2F:09:99:CB:07:1B:1B:42:69:6D:BC:43:E1:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w5gGDxvyLwmZywcbG0JpbbxD4Qw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/4UNuayKJ9SKFMuYEY-BWSB61PDo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/3bfc31-dc32-4541-8460-c927b8c2c7c4/1/w5gGDxvyLwmZywcbG0JpbbxD4Qw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.91.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         64:36:32:ae:fc:23:6a:34:49:cb:7a:78:fc:73:9b:5e:16:aa:
         7b:ab:94:d4:62:0a:58:57:b5:fb:91:21:49:c5:89:67:39:59:
         33:4f:5f:b0:3a:78:5c:c8:94:6b:01:cf:94:0f:d1:7a:73:f8:
         fe:bf:37:a1:16:27:82:18:0a:b0:66:29:76:45:2a:5d:16:c6:
         19:3c:da:34:8e:13:c2:71:27:35:1c:07:71:e8:2b:c7:16:aa:
         3c:7d:a9:3b:1f:38:d4:a1:4e:16:08:54:b8:06:36:73:f7:70:
         96:95:60:6e:fb:4e:e6:9d:df:48:40:a8:5f:46:84:ea:1b:f9:
         bc:68:23:c7:e8:ba:32:3a:e6:49:12:1b:7d:e7:d1:10:d2:88:
         b3:04:44:18:80:6d:27:98:ff:27:6a:65:a3:37:ea:56:13:80:
         e1:6e:7c:92:15:48:53:e5:25:9a:aa:bc:f6:e0:27:05:b0:d0:
         ff:e2:ba:fa:6a:f7:2a:71:2a:b4:ba:7f:ef:85:ec:71:d3:39:
         b6:f8:20:03:59:da:c3:7e:d1:76:4c:60:16:2d:3d:c3:74:10:
         2c:f5:12:2f:c9:0a:45:74:10:ac:b4:96:34:70:33:f8:68:3f:
         68:20:f5:79:de:44:ec:ee:19:3e:b6:8e:1b:42:b4:05:a2:f8:
         59:ad:7c:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI5BtzxJw2C/hWL1/V8+qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzOTgwNjBmMWJmMjJmMDk5OWNiMDcxYjFiNDI2OTZkYmM0
M2UxMGMwHhcNMjUwMTAyMTc1MDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTQzNmU2YjIyODlmNTIyODUzMmU2MDQ2M2UwNTY0ODFlYjUzYzNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApNeJ54NMOp3pvoqBi85bOxSgvAEr
SleLyG0s4SXzi7UQwCNF0eZNlE73/JkaBS1vD+s34sR9K9u+qGp7uRauMKxjumZY
YFHTkQgZhHl2iDZbZcT0yY/yhDwlDu5y2XbfP/ZZjGHPOjfb+WX25nozUinPBD+m
D83j04VXsJ6G1f1d9vnM5tQ71hq3Iry9TdZ1m4JzfPnVQK+22WwSusV0HF13ydOL
sLphwC06PGo33IuJBdBJnEeoVP54p3sQwq8saSFhXyC2k1aLSG4rk9ICVHRcK0Hl
QE0fdaHe4EMhj645R/Q5qzbjZWNKrJQ7u4fHxI4vmOw0NT4M7nXbnw7FaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOFDbmsiifUihTLmBGPgVkgetTw6MB8GA1UdIwQY
MBaAFMOYBg8b8i8JmcsHGxtCaW28Q+EMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzVnR0R4dnlMd21aeXdjYkcwSnBiYnhENFF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8zYmZjMzEtZGMzMi00NTQxLTg0NjAt
YzkyN2I4YzJjN2M0LzEvNFVOdWF5S0o5U0tGTXVZRVktQldTQjYxUERvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8zYmZjMzEtZGMzMi00NTQxLTg0NjAtYzkyN2I4YzJjN2M0
LzEvdzVnR0R4dnlMd21aeXdjYkcwSnBiYnhENFF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVv4MA0G
CSqGSIb3DQEBCwUAA4IBAQBkNjKu/CNqNEnLenj8c5teFqp7q5TUYgpYV7X7kSFJ
xYlnOVkzT1+wOnhcyJRrAc+UD9F6c/j+vzehFieCGAqwZil2RSpdFsYZPNo0jhPC
cSc1HAdx6CvHFqo8fak7HzjUoU4WCFS4BjZz93CWlWBu+07mnd9IQKhfRoTqG/m8
aCPH6LoyOuZJEht959EQ0oizBEQYgG0nmP8namWjN+pWE4DhbnySFUhT5SWaqrz2
4CcFsND/4rr6avcqcSq0un/vhexx0zm2+CADWdrDftF2TGAWLT3DdBAs9RIvyQpF
dBCstJY0cDP4aD9oIPV53kTs7hk+to4bQrQFovhZrXyN
-----END CERTIFICATE-----