Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/cc4d06-cb1c-43e1-ab68-046f68d72329/1/4Gofx77thE1H70ueVHLD9j47btM.roa
File:                     4Gofx77thE1H70ueVHLD9j47btM.roa (raw, json)
Hash identifier:          9EbLzC5Y1+8DffIsLyCHPxc8JLdUo3GxnL9ubC3vyyI=
Subject key identifier:   E0:6A:1F:C7:BE:ED:84:4D:47:EF:4B:9E:54:72:C3:F6:3E:3B:6E:D3
Certificate issuer:       /CN=e84bef96616b652dc36418470555fe8d59221888
Certificate serial:       0196B3ED38FBE4AFCC10162331E8E71E67B3
Authority key identifier: E8:4B:EF:96:61:6B:65:2D:C3:64:18:47:05:55:FE:8D:59:22:18:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6EvvlmFrZS3DZBhHBVX-jVkiGIg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/cc4d06-cb1c-43e1-ab68-046f68d72329/1/4Gofx77thE1H70ueVHLD9j47btM.roa
Signing time:             Fri 09 May 2025 07:23:10 +0000
ROA not before:           Fri 09 May 2025 07:23:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15576
IP address blocks:        185.63.148.0/24 maxlen: 24
                          2a02:ce40::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/cc4d06-cb1c-43e1-ab68-046f68d72329/1/6EvvlmFrZS3DZBhHBVX-jVkiGIg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/cc4d06-cb1c-43e1-ab68-046f68d72329/1/6EvvlmFrZS3DZBhHBVX-jVkiGIg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6EvvlmFrZS3DZBhHBVX-jVkiGIg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b3:ed:38:fb:e4:af:cc:10:16:23:31:e8:e7:1e:67:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e84bef96616b652dc36418470555fe8d59221888
        Validity
            Not Before: May  9 07:23:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e06a1fc7beed844d47ef4b9e5472c3f63e3b6ed3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:80:f6:87:85:a6:d7:15:5e:2b:5e:41:f3:c1:
                    6f:33:21:d3:b6:df:3b:05:e6:39:12:e7:10:af:23:
                    40:6c:29:97:c7:98:c2:2f:75:f7:71:23:8c:57:a9:
                    1c:ca:67:37:e2:19:8b:b3:40:26:24:20:8d:ed:23:
                    b0:98:34:a8:9f:0c:3b:75:df:00:79:0d:e7:25:2b:
                    1c:69:36:62:42:8b:bb:1f:9e:a5:32:11:9b:32:b3:
                    3e:63:4a:8b:69:a8:93:74:ec:b1:b8:aa:4e:e3:18:
                    fb:b4:31:9c:7b:20:ac:03:58:2a:98:6f:f8:f9:ed:
                    22:21:d6:94:a6:ba:f5:ce:04:ea:4a:e4:a8:0d:e5:
                    ea:11:5e:de:7d:62:73:08:07:a5:4a:73:18:e0:dc:
                    86:bc:e0:8d:c9:4d:60:75:9c:9e:9b:af:49:60:23:
                    5c:3a:45:8c:61:3d:0f:9e:e9:b5:a5:35:bd:36:d2:
                    29:1f:26:25:c4:97:37:0a:83:5d:67:d5:84:40:9b:
                    1c:f1:8f:4b:2c:2b:6f:e6:db:76:66:72:c8:6e:0a:
                    70:a0:58:f8:9e:88:fc:cf:25:99:9f:3a:95:d4:c0:
                    b5:8a:e9:68:a7:ae:fd:d9:e0:c1:06:8b:5f:e3:cf:
                    e2:09:e1:8f:22:9a:4e:28:68:84:f6:9a:a4:52:f0:
                    49:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:6A:1F:C7:BE:ED:84:4D:47:EF:4B:9E:54:72:C3:F6:3E:3B:6E:D3
            X509v3 Authority Key Identifier:
                keyid:E8:4B:EF:96:61:6B:65:2D:C3:64:18:47:05:55:FE:8D:59:22:18:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6EvvlmFrZS3DZBhHBVX-jVkiGIg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/cc4d06-cb1c-43e1-ab68-046f68d72329/1/4Gofx77thE1H70ueVHLD9j47btM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/cc4d06-cb1c-43e1-ab68-046f68d72329/1/6EvvlmFrZS3DZBhHBVX-jVkiGIg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.63.148.0/24
                IPv6:
                  2a02:ce40::/32

    Signature Algorithm: sha256WithRSAEncryption
         67:a5:f7:11:07:d2:bc:24:9a:26:c0:0a:3b:db:da:f3:0c:4d:
         3e:7d:04:f4:5e:1c:53:69:7b:d6:e1:82:d5:82:20:30:97:b4:
         6c:57:d0:20:d5:5c:9b:3c:dd:a8:28:1f:58:0b:90:eb:a3:48:
         4f:fe:1e:de:c2:2a:f1:54:5e:34:f4:9d:c4:47:5a:b7:fe:0b:
         22:b2:c4:32:04:5b:f1:45:70:dd:e1:16:0c:dd:7f:03:79:10:
         9a:15:aa:e3:b6:f1:d6:cd:e9:9e:fc:33:a8:51:37:0b:6d:a7:
         54:43:e5:2b:fc:a4:ec:aa:93:4e:56:a2:8d:b3:47:ec:69:fc:
         bc:de:31:41:04:25:4d:37:ef:49:f6:62:8f:39:7c:82:a9:c1:
         6e:66:df:92:8c:2e:27:b6:6f:9d:4d:9c:00:a5:b6:60:c4:8d:
         61:32:4e:95:18:c7:3b:b2:58:6a:93:e9:c9:9e:c1:94:a7:ef:
         70:34:53:48:2a:08:b7:f6:fa:3e:11:8e:fb:73:83:2b:d3:9f:
         62:0c:5e:95:61:38:f6:9c:84:a5:8f:0c:63:b3:c8:05:11:14:
         d1:c8:c2:74:0a:d7:3f:35:4d:4a:49:8d:4e:3d:da:b3:22:75:
         60:6c:da:60:43:6d:81:9f:a6:57:05:cb:9a:62:f4:fd:0f:96:
         ff:f6:bb:64
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZaz7Tj75K/MEBYjMejnHmezMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4NGJlZjk2NjE2YjY1MmRjMzY0MTg0NzA1NTVmZThkNTky
MjE4ODgwHhcNMjUwNTA5MDcyMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDZhMWZjN2JlZWQ4NDRkNDdlZjRiOWU1NDcyYzNmNjNlM2I2ZWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvID2h4Wm1xVeK15B88FvMyHTtt87
BeY5EucQryNAbCmXx5jCL3X3cSOMV6kcymc34hmLs0AmJCCN7SOwmDSonww7dd8A
eQ3nJSscaTZiQou7H56lMhGbMrM+Y0qLaaiTdOyxuKpO4xj7tDGceyCsA1gqmG/4
+e0iIdaUprr1zgTqSuSoDeXqEV7efWJzCAelSnMY4NyGvOCNyU1gdZyem69JYCNc
OkWMYT0Pnum1pTW9NtIpHyYlxJc3CoNdZ9WEQJsc8Y9LLCtv5tt2ZnLIbgpwoFj4
noj8zyWZnzqV1MC1iulop6792eDBBotf48/iCeGPIppOKGiE9pqkUvBJxwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOBqH8e+7YRNR+9LnlRyw/Y+O27TMB8GA1UdIwQY
MBaAFOhL75Zha2Utw2QYRwVV/o1ZIhiIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkV2dmxtRnJaUzNEWkJoSEJWWC1qVmtpR0lnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9jYzRkMDYtY2IxYy00M2UxLWFiNjgt
MDQ2ZjY4ZDcyMzI5LzEvNEdvZng3N3RoRTFINzB1ZVZITEQ5ajQ3YnRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9jYzRkMDYtY2IxYy00M2UxLWFiNjgtMDQ2ZjY4ZDcyMzI5
LzEvNkV2dmxtRnJaUzNEWkJoSEJWWC1qVmtpR0lnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuT+UMA0E
AgACMAcDBQAqAs5AMA0GCSqGSIb3DQEBCwUAA4IBAQBnpfcRB9K8JJomwAo729rz
DE0+fQT0XhxTaXvW4YLVgiAwl7RsV9Ag1VybPN2oKB9YC5Dro0hP/h7ewirxVF40
9J3ER1q3/gsissQyBFvxRXDd4RYM3X8DeRCaFarjtvHWzeme/DOoUTcLbadUQ+Ur
/KTsqpNOVqKNs0fsafy83jFBBCVNN+9J9mKPOXyCqcFuZt+SjC4ntm+dTZwApbZg
xI1hMk6VGMc7slhqk+nJnsGUp+9wNFNIKgi39vo+EY77c4Mr059iDF6VYTj2nISl
jwxjs8gFERTRyMJ0Ctc/NU1KSY1OPdqzInVgbNpgQ22Bn6ZXBcuaYvT9D5b/9rtk
-----END CERTIFICATE-----