Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/cbd060-ad68-4f5f-ad5e-c0404437e85b/1/4h6gd-8--_DbMb2PIrFary1u45w.roa
File:                     4h6gd-8--_DbMb2PIrFary1u45w.roa (raw, json)
Hash identifier:          omFQCpjJiNTW/cNLim2vTaoqpmXOjD5FAaL5ZDoz4f8=
Subject key identifier:   E2:1E:A0:77:EF:3E:FB:F0:DB:31:BD:8F:22:B1:5A:AF:2D:6E:E3:9C
Certificate issuer:       /CN=32f6de30a9b8f76484344d0cd3b6c0273eadd36f
Certificate serial:       01941F8C0C85988111EB6DCB90A9FD3DB394
Authority key identifier: 32:F6:DE:30:A9:B8:F7:64:84:34:4D:0C:D3:B6:C0:27:3E:AD:D3:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MvbeMKm492SENE0M07bAJz6t028.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/cbd060-ad68-4f5f-ad5e-c0404437e85b/1/4h6gd-8--_DbMb2PIrFary1u45w.roa
Signing time:             Wed 01 Jan 2025 01:47:39 +0000
ROA not before:           Wed 01 Jan 2025 01:47:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396982
IP address blocks:        87.251.20.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/cbd060-ad68-4f5f-ad5e-c0404437e85b/1/MvbeMKm492SENE0M07bAJz6t028.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/cbd060-ad68-4f5f-ad5e-c0404437e85b/1/MvbeMKm492SENE0M07bAJz6t028.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MvbeMKm492SENE0M07bAJz6t028.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 16:04:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:0c:85:98:81:11:eb:6d:cb:90:a9:fd:3d:b3:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32f6de30a9b8f76484344d0cd3b6c0273eadd36f
        Validity
            Not Before: Jan  1 01:47:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e21ea077ef3efbf0db31bd8f22b15aaf2d6ee39c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:c4:e4:d7:48:c5:8c:f1:94:23:55:4d:09:df:
                    6f:13:2f:df:15:2e:e7:b6:57:bb:16:40:f3:14:2a:
                    04:c3:43:45:d3:f5:9f:c5:68:2f:6b:0e:bc:72:dd:
                    6d:f1:a6:f1:6b:88:a2:bc:13:e0:3e:42:55:ab:55:
                    10:fe:41:24:5a:01:af:b4:44:14:b2:15:a5:28:e4:
                    ac:9f:eb:04:60:72:75:f5:fa:e9:24:2c:52:2f:3c:
                    ca:80:a8:97:6f:c2:e7:26:a5:e4:5f:0c:b0:a7:49:
                    9a:75:17:17:8b:07:87:1b:e3:4c:b8:4f:49:68:38:
                    a1:e5:ea:cb:da:4c:29:2e:f1:f4:1d:6d:e2:2c:1a:
                    93:29:93:e6:4c:37:78:41:06:48:c0:d5:cd:e9:13:
                    d3:e5:7f:2f:5f:bd:fa:25:a1:56:7b:74:c8:db:68:
                    be:08:3a:21:06:9b:30:21:5b:af:22:0e:8c:30:48:
                    4e:ed:4c:11:c2:ed:83:ba:58:cb:3d:ed:ec:6e:08:
                    7a:67:20:1b:3b:48:7f:aa:6e:67:94:04:f8:f5:f8:
                    79:8e:a8:69:0d:e2:21:8d:38:0d:cf:69:6e:d0:2f:
                    6a:97:48:fc:b2:5e:1a:13:35:23:5c:fb:f1:38:a6:
                    c4:e3:39:f7:88:aa:74:7e:02:d2:66:ee:ec:0b:dd:
                    27:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:1E:A0:77:EF:3E:FB:F0:DB:31:BD:8F:22:B1:5A:AF:2D:6E:E3:9C
            X509v3 Authority Key Identifier:
                keyid:32:F6:DE:30:A9:B8:F7:64:84:34:4D:0C:D3:B6:C0:27:3E:AD:D3:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MvbeMKm492SENE0M07bAJz6t028.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/cbd060-ad68-4f5f-ad5e-c0404437e85b/1/4h6gd-8--_DbMb2PIrFary1u45w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/cbd060-ad68-4f5f-ad5e-c0404437e85b/1/MvbeMKm492SENE0M07bAJz6t028.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.251.20.0/23

    Signature Algorithm: sha256WithRSAEncryption
         02:fd:6c:f7:8e:f0:85:91:21:84:6e:66:96:7b:f8:4e:49:76:
         bd:a3:7b:01:cd:57:6d:22:7d:6d:96:b1:aa:b7:69:b2:7e:d9:
         cc:f8:77:31:33:d2:19:cc:ce:0e:0c:12:3a:87:a9:9b:aa:7d:
         02:ae:c7:fe:ed:4c:83:3c:70:66:18:43:6c:0b:eb:52:6b:71:
         50:cf:e0:d5:08:2c:9e:88:fd:b3:c1:f2:54:97:78:9f:12:33:
         72:0c:a3:d7:2b:ea:41:3a:83:41:01:9b:b5:33:65:bc:c8:ca:
         97:b5:8f:d4:8a:4e:74:7d:62:91:b7:5f:de:1d:c4:22:00:64:
         2b:31:32:ab:c8:c4:f6:45:3d:ec:78:81:6e:4a:0f:2f:c1:4a:
         94:1e:a2:eb:e3:fc:6b:90:d2:9f:ad:c1:ce:ba:c3:36:98:9b:
         5c:ff:fc:68:b9:99:62:99:da:ed:8a:f9:60:16:76:06:64:cb:
         2d:0a:44:e0:3f:37:d3:7d:b4:79:c0:66:fa:54:68:b1:f3:e1:
         2e:4a:4b:fb:6f:55:db:e9:f9:6f:6b:1d:c2:d7:1d:7a:cb:5b:
         46:b4:22:12:99:1c:27:07:7c:ea:74:1e:da:df:56:c7:ed:6c:
         5e:9f:fe:12:d6:b1:ca:94:62:e4:8b:95:60:54:75:c4:d8:a1:
         76:95:4c:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjAyFmIER623LkKn9PbOUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyZjZkZTMwYTliOGY3NjQ4NDM0NGQwY2QzYjZjMDI3M2Vh
ZGQzNmYwHhcNMjUwMTAxMDE0NzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjFlYTA3N2VmM2VmYmYwZGIzMWJkOGYyMmIxNWFhZjJkNmVlMzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMTk10jFjPGUI1VNCd9vEy/fFS7n
tle7FkDzFCoEw0NF0/WfxWgvaw68ct1t8abxa4iivBPgPkJVq1UQ/kEkWgGvtEQU
shWlKOSsn+sEYHJ19frpJCxSLzzKgKiXb8LnJqXkXwywp0madRcXiweHG+NMuE9J
aDih5erL2kwpLvH0HW3iLBqTKZPmTDd4QQZIwNXN6RPT5X8vX736JaFWe3TI22i+
CDohBpswIVuvIg6MMEhO7UwRwu2DuljLPe3sbgh6ZyAbO0h/qm5nlAT49fh5jqhp
DeIhjTgNz2lu0C9ql0j8sl4aEzUjXPvxOKbE4zn3iKp0fgLSZu7sC90nzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOIeoHfvPvvw2zG9jyKxWq8tbuOcMB8GA1UdIwQY
MBaAFDL23jCpuPdkhDRNDNO2wCc+rdNvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXZiZU1LbTQ5MlNFTkUwTTA3YkFKejZ0MDI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9jYmQwNjAtYWQ2OC00ZjVmLWFkNWUt
YzA0MDQ0MzdlODViLzEvNGg2Z2QtOC0tX0RiTWIyUElyRmFyeTF1NDV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9jYmQwNjAtYWQ2OC00ZjVmLWFkNWUtYzA0MDQ0MzdlODVi
LzEvTXZiZU1LbTQ5MlNFTkUwTTA3YkFKejZ0MDI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBV/sUMA0G
CSqGSIb3DQEBCwUAA4IBAQAC/Wz3jvCFkSGEbmaWe/hOSXa9o3sBzVdtIn1tlrGq
t2myftnM+HcxM9IZzM4ODBI6h6mbqn0Crsf+7UyDPHBmGENsC+tSa3FQz+DVCCye
iP2zwfJUl3ifEjNyDKPXK+pBOoNBAZu1M2W8yMqXtY/Uik50fWKRt1/eHcQiAGQr
MTKryMT2RT3seIFuSg8vwUqUHqLr4/xrkNKfrcHOusM2mJtc//xouZlimdrtivlg
FnYGZMstCkTgPzfTfbR5wGb6VGix8+EuSkv7b1Xb6flvax3C1x16y1tGtCISmRwn
B3zqdB7a31bH7Wxen/4S1rHKlGLki5VgVHXE2KF2lUxy
-----END CERTIFICATE-----