Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/afe9b8-e881-4462-a1ee-8e81d1350736/1/4Z6xjw98hxZ8bvYUhmvQisZFvOM.roa
File:                     4Z6xjw98hxZ8bvYUhmvQisZFvOM.roa (raw, json)
Hash identifier:          j5d+sT1h6lzMh+Fw7CHOI9NqQUP8la0OU484/Ch6a44=
Subject key identifier:   E1:9E:B1:8F:0F:7C:87:16:7C:6E:F6:14:86:6B:D0:8A:C6:45:BC:E3
Certificate issuer:       /CN=ae1ef3d626a754e43d07c700d0513c114b660ef5
Certificate serial:       01941F8C7D27FEF83EAEE2AB1529016277D2
Authority key identifier: AE:1E:F3:D6:26:A7:54:E4:3D:07:C7:00:D0:51:3C:11:4B:66:0E:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rh7z1ianVOQ9B8cA0FE8EUtmDvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/afe9b8-e881-4462-a1ee-8e81d1350736/1/4Z6xjw98hxZ8bvYUhmvQisZFvOM.roa
Signing time:             Wed 01 Jan 2025 01:48:08 +0000
ROA not before:           Wed 01 Jan 2025 01:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56647
IP address blocks:        2.56.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/afe9b8-e881-4462-a1ee-8e81d1350736/1/rh7z1ianVOQ9B8cA0FE8EUtmDvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/afe9b8-e881-4462-a1ee-8e81d1350736/1/rh7z1ianVOQ9B8cA0FE8EUtmDvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rh7z1ianVOQ9B8cA0FE8EUtmDvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 04:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:7d:27:fe:f8:3e:ae:e2:ab:15:29:01:62:77:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae1ef3d626a754e43d07c700d0513c114b660ef5
        Validity
            Not Before: Jan  1 01:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e19eb18f0f7c87167c6ef614866bd08ac645bce3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:b3:9e:dc:b0:13:60:4f:97:d4:d2:4a:d5:60:
                    f2:44:3e:75:6a:60:a0:18:99:89:0b:92:75:c9:3d:
                    2e:c5:a3:9d:92:86:8e:7f:d9:9a:b4:57:28:c0:4d:
                    14:12:8f:6b:85:8b:53:46:8a:02:57:2a:5a:9c:e8:
                    87:02:6d:38:bf:ad:4a:9f:e5:2e:40:5e:d8:22:d2:
                    b6:f9:18:68:54:e2:db:60:37:33:00:ef:68:6a:64:
                    70:33:ce:6e:92:ac:f8:a3:27:3e:95:35:78:7d:c6:
                    40:be:ba:12:47:45:6e:25:e8:f6:d2:66:7f:ab:d4:
                    de:db:b9:c8:d5:7f:08:95:21:85:b7:83:c1:df:3b:
                    17:90:fd:0c:b6:19:5c:b7:a1:42:30:a9:a1:04:20:
                    1a:0e:33:9d:c3:fa:17:67:af:3b:51:13:0e:4f:e5:
                    cf:e3:48:4e:0e:7d:f0:a9:90:e4:03:54:cb:eb:a0:
                    db:00:4a:b0:70:87:fc:53:54:0e:35:e4:c3:00:ab:
                    63:f3:8d:ff:3f:d4:47:56:d4:92:dc:19:d7:c8:a9:
                    5d:c8:5d:87:77:e7:d3:bb:be:3f:60:8a:37:a9:aa:
                    60:c3:98:62:5b:93:d2:3a:52:d5:82:49:d5:ea:51:
                    18:be:eb:4a:e2:12:ed:73:c5:c2:49:20:57:ae:6b:
                    2a:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:9E:B1:8F:0F:7C:87:16:7C:6E:F6:14:86:6B:D0:8A:C6:45:BC:E3
            X509v3 Authority Key Identifier:
                keyid:AE:1E:F3:D6:26:A7:54:E4:3D:07:C7:00:D0:51:3C:11:4B:66:0E:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rh7z1ianVOQ9B8cA0FE8EUtmDvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/afe9b8-e881-4462-a1ee-8e81d1350736/1/4Z6xjw98hxZ8bvYUhmvQisZFvOM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/afe9b8-e881-4462-a1ee-8e81d1350736/1/rh7z1ianVOQ9B8cA0FE8EUtmDvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:9f:a2:71:d2:91:e3:03:80:d0:38:f8:7c:30:c9:c7:ff:62:
         f0:3f:9c:38:0f:72:b1:97:3b:8f:11:00:d2:7b:1f:39:97:f2:
         07:60:89:1a:d1:49:dc:c9:29:7e:58:59:04:36:82:fa:ba:44:
         7c:8d:8a:b6:14:08:62:48:e4:9b:ed:77:9c:b5:3e:a3:e8:a3:
         00:13:31:19:d1:e0:1e:d1:74:7a:8a:58:c9:51:05:33:ee:cf:
         d4:e9:72:ee:69:c3:22:f9:55:a4:2b:68:b2:b0:35:d8:ce:e3:
         92:5b:3d:29:ef:4c:72:60:ee:a7:0f:7d:32:0d:cb:79:ac:0e:
         eb:9d:98:cd:d9:07:fe:cb:7e:50:42:a1:68:6f:4c:f1:6f:68:
         c2:49:d1:81:54:43:aa:41:6e:3b:64:6d:97:39:c5:21:8e:70:
         e0:70:d8:b7:f9:50:ff:0c:b4:e3:c2:ed:bc:db:f9:0a:46:25:
         aa:37:a1:62:cf:39:94:78:26:b3:4d:bc:c1:39:3d:20:32:11:
         87:29:b9:90:96:5a:39:f4:81:13:38:05:b3:22:57:32:3c:98:
         fb:2b:73:cb:5f:81:32:4e:b4:23:66:2e:70:9d:de:31:8d:5b:
         4b:6e:af:0a:2c:b4:83:fe:55:f3:49:67:75:fd:28:5b:39:87:
         b3:fc:26:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjH0n/vg+ruKrFSkBYnfSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlMWVmM2Q2MjZhNzU0ZTQzZDA3YzcwMGQwNTEzYzExNGI2
NjBlZjUwHhcNMjUwMTAxMDE0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTllYjE4ZjBmN2M4NzE2N2M2ZWY2MTQ4NjZiZDA4YWM2NDViY2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3LOe3LATYE+X1NJK1WDyRD51amCg
GJmJC5J1yT0uxaOdkoaOf9matFcowE0UEo9rhYtTRooCVypanOiHAm04v61Kn+Uu
QF7YItK2+RhoVOLbYDczAO9oamRwM85ukqz4oyc+lTV4fcZAvroSR0VuJej20mZ/
q9Te27nI1X8IlSGFt4PB3zsXkP0Mthlct6FCMKmhBCAaDjOdw/oXZ687URMOT+XP
40hODn3wqZDkA1TL66DbAEqwcIf8U1QONeTDAKtj843/P9RHVtSS3BnXyKldyF2H
d+fTu74/YIo3qapgw5hiW5PSOlLVgknV6lEYvutK4hLtc8XCSSBXrmsqzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOGesY8PfIcWfG72FIZr0IrGRbzjMB8GA1UdIwQY
MBaAFK4e89Ymp1TkPQfHANBRPBFLZg71MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmg3ejFpYW5WT1E5QjhjQTBGRThFVXRtRHZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9hZmU5YjgtZTg4MS00NDYyLWExZWUt
OGU4MWQxMzUwNzM2LzEvNFo2eGp3OThoeFo4YnZZVWhtdlFpc1pGdk9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9hZmU5YjgtZTg4MS00NDYyLWExZWUtOGU4MWQxMzUwNzM2
LzEvcmg3ejFpYW5WT1E5QjhjQTBGRThFVXRtRHZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjiTMA0G
CSqGSIb3DQEBCwUAA4IBAQCan6Jx0pHjA4DQOPh8MMnH/2LwP5w4D3KxlzuPEQDS
ex85l/IHYIka0UncySl+WFkENoL6ukR8jYq2FAhiSOSb7XectT6j6KMAEzEZ0eAe
0XR6iljJUQUz7s/U6XLuacMi+VWkK2iysDXYzuOSWz0p70xyYO6nD30yDct5rA7r
nZjN2Qf+y35QQqFob0zxb2jCSdGBVEOqQW47ZG2XOcUhjnDgcNi3+VD/DLTjwu28
2/kKRiWqN6FizzmUeCazTbzBOT0gMhGHKbmQllo59IETOAWzIlcyPJj7K3PLX4Ey
TrQjZi5wnd4xjVtLbq8KLLSD/lXzSWd1/ShbOYez/CaR
-----END CERTIFICATE-----