Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/7f066c-94a9-478d-807e-a89759d7071c/1/I-kFpoqyTRW457pDaSm8d1efpI4.roa
File:                     I-kFpoqyTRW457pDaSm8d1efpI4.roa (raw, json)
Hash identifier:          kl/MemwjhzLvig9zm+2bDw2e8HG1sMcZ5V+KPClYcBg=
Subject key identifier:   23:E9:05:A6:8A:B2:4D:15:B8:E7:BA:43:69:29:BC:77:57:9F:A4:8E
Certificate issuer:       /CN=4b3320e0bb5dbe2ba972691b75d68f48f6e57f88
Certificate serial:       0194AD04E4B2AD347CA426C507FF488AE12A
Authority key identifier: 4B:33:20:E0:BB:5D:BE:2B:A9:72:69:1B:75:D6:8F:48:F6:E5:7F:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SzMg4LtdviupcmkbddaPSPblf4g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/7f066c-94a9-478d-807e-a89759d7071c/1/I-kFpoqyTRW457pDaSm8d1efpI4.roa
Signing time:             Tue 28 Jan 2025 13:06:06 +0000
ROA not before:           Tue 28 Jan 2025 13:06:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13335
IP address blocks:        212.104.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/7f066c-94a9-478d-807e-a89759d7071c/1/SzMg4LtdviupcmkbddaPSPblf4g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/7f066c-94a9-478d-807e-a89759d7071c/1/SzMg4LtdviupcmkbddaPSPblf4g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SzMg4LtdviupcmkbddaPSPblf4g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ad:04:e4:b2:ad:34:7c:a4:26:c5:07:ff:48:8a:e1:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b3320e0bb5dbe2ba972691b75d68f48f6e57f88
        Validity
            Not Before: Jan 28 13:06:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=23e905a68ab24d15b8e7ba436929bc77579fa48e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:3c:a6:8b:a8:ff:95:b0:da:d9:3e:b3:b8:81:
                    53:b8:4d:81:06:2c:95:18:2f:2b:11:92:d0:b8:35:
                    bf:5c:fe:65:52:9a:ed:98:05:c5:fa:46:e0:55:fc:
                    2c:95:33:1b:f8:33:65:ba:8f:06:1e:5a:67:ab:da:
                    bc:79:a7:64:b4:61:ff:26:0b:dc:82:a5:5d:df:9c:
                    76:2a:57:58:7a:86:e2:b4:c7:ed:d0:f5:89:c2:61:
                    ac:df:0b:af:b4:64:6e:31:6c:3a:9c:bb:7b:29:0b:
                    5e:d5:4b:02:2f:22:84:c6:a3:e9:77:0a:38:18:73:
                    a3:91:84:ef:02:78:7b:ef:c7:c7:9e:46:36:c0:f8:
                    81:8c:53:81:e0:8e:c8:18:f7:5d:9a:2e:dd:6f:11:
                    83:37:71:62:c0:87:bb:44:f4:45:a5:1d:28:03:dc:
                    3a:5e:15:f1:39:4a:1c:cc:ec:fe:d4:83:63:13:bc:
                    61:91:87:d6:53:b5:fe:ea:06:47:6d:ac:d9:22:f8:
                    20:16:77:43:92:7e:6b:bf:9c:8a:96:e2:2a:49:32:
                    84:2f:dc:28:ea:38:dc:e8:ea:ce:aa:59:91:9a:a3:
                    7a:c0:82:15:2e:38:26:69:dc:20:97:08:0c:d2:3d:
                    ad:33:b2:9b:b1:0b:82:91:30:70:6c:c4:f8:3f:6a:
                    89:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:E9:05:A6:8A:B2:4D:15:B8:E7:BA:43:69:29:BC:77:57:9F:A4:8E
            X509v3 Authority Key Identifier:
                keyid:4B:33:20:E0:BB:5D:BE:2B:A9:72:69:1B:75:D6:8F:48:F6:E5:7F:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SzMg4LtdviupcmkbddaPSPblf4g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/7f066c-94a9-478d-807e-a89759d7071c/1/I-kFpoqyTRW457pDaSm8d1efpI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/7f066c-94a9-478d-807e-a89759d7071c/1/SzMg4LtdviupcmkbddaPSPblf4g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.104.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:bb:f5:57:29:2f:61:85:91:00:00:e2:c7:db:a0:ad:b8:f8:
         87:7e:b2:03:39:71:00:b4:18:46:40:c4:00:bf:37:ed:a5:7b:
         9f:91:31:31:1a:b2:45:00:3a:00:61:6b:0e:a9:c9:ee:59:ac:
         1e:64:ca:fa:38:70:05:bb:75:cf:38:35:e8:c9:c6:14:43:18:
         eb:03:ac:36:6d:be:ee:79:49:e9:62:79:c2:8c:44:9b:86:b1:
         ce:32:c4:f8:01:d4:dc:e9:9a:08:cb:65:33:c3:b0:0a:34:cf:
         c4:00:76:7f:de:e2:32:38:bb:a6:d7:ab:a8:ae:bd:29:79:0b:
         ff:19:d9:3c:7e:40:78:c1:1f:6e:59:d8:44:f9:14:0a:19:13:
         2c:ab:95:4e:48:1f:52:53:bd:90:60:7c:7a:24:1c:bd:61:2c:
         3d:ab:c3:ee:a5:36:de:31:ca:de:78:57:0a:f2:36:3c:64:0b:
         5b:1c:4a:7e:1e:fe:70:cc:d4:cb:05:33:84:0f:36:b4:a7:78:
         b2:49:27:b1:09:57:2b:d1:e2:96:64:70:61:b1:fb:da:41:c2:
         27:87:ed:61:bc:64:2c:9a:61:1e:f2:f4:b3:85:8e:62:32:39:
         fb:4a:df:fc:8e:be:f4:33:07:9b:23:75:10:21:f4:4f:16:af:
         ad:ba:19:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZStBOSyrTR8pCbFB/9IiuEqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiMzMyMGUwYmI1ZGJlMmJhOTcyNjkxYjc1ZDY4ZjQ4ZjZl
NTdmODgwHhcNMjUwMTI4MTMwNjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2U5MDVhNjhhYjI0ZDE1YjhlN2JhNDM2OTI5YmM3NzU3OWZhNDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzymi6j/lbDa2T6zuIFTuE2BBiyV
GC8rEZLQuDW/XP5lUprtmAXF+kbgVfwslTMb+DNluo8GHlpnq9q8eadktGH/Jgvc
gqVd35x2KldYeobitMft0PWJwmGs3wuvtGRuMWw6nLt7KQte1UsCLyKExqPpdwo4
GHOjkYTvAnh778fHnkY2wPiBjFOB4I7IGPddmi7dbxGDN3FiwIe7RPRFpR0oA9w6
XhXxOUoczOz+1INjE7xhkYfWU7X+6gZHbazZIvggFndDkn5rv5yKluIqSTKEL9wo
6jjc6OrOqlmRmqN6wIIVLjgmadwglwgM0j2tM7KbsQuCkTBwbMT4P2qJRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCPpBaaKsk0VuOe6Q2kpvHdXn6SOMB8GA1UdIwQY
MBaAFEszIOC7Xb4rqXJpG3XWj0j25X+IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3pNZzRMdGR2aXVwY21rYmRkYVBTUGJsZjRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC83ZjA2NmMtOTRhOS00NzhkLTgwN2Ut
YTg5NzU5ZDcwNzFjLzEvSS1rRnBvcXlUUlc0NTdwRGFTbThkMWVmcEk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC83ZjA2NmMtOTRhOS00NzhkLTgwN2UtYTg5NzU5ZDcwNzFj
LzEvU3pNZzRMdGR2aXVwY21rYmRkYVBTUGJsZjRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GiAMA0G
CSqGSIb3DQEBCwUAA4IBAQClu/VXKS9hhZEAAOLH26CtuPiHfrIDOXEAtBhGQMQA
vzftpXufkTExGrJFADoAYWsOqcnuWaweZMr6OHAFu3XPODXoycYUQxjrA6w2bb7u
eUnpYnnCjESbhrHOMsT4AdTc6ZoIy2Uzw7AKNM/EAHZ/3uIyOLum16uorr0peQv/
Gdk8fkB4wR9uWdhE+RQKGRMsq5VOSB9SU72QYHx6JBy9YSw9q8PupTbeMcreeFcK
8jY8ZAtbHEp+Hv5wzNTLBTOEDza0p3iySSexCVcr0eKWZHBhsfvaQcInh+1hvGQs
mmEe8vSzhY5iMjn7St/8jr70MwebI3UQIfRPFq+tuhko
-----END CERTIFICATE-----