Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bfd9d-6afc-4bd7-bb43-badafca3944f/1/M4-beGRB9tOP3S3vejQEdcFQFUs.roa
File:                     M4-beGRB9tOP3S3vejQEdcFQFUs.roa (raw, json)
Hash identifier:          T0CA649c+RNTd9rAKy27jb+pgwbmOkXNyfnl9vaMPls=
Subject key identifier:   33:8F:9B:78:64:41:F6:D3:8F:DD:2D:EF:7A:34:04:75:C1:50:15:4B
Certificate issuer:       /CN=f2262faf4376420024aad72983ac3e87944ea7a5
Certificate serial:       0195C74DF56ED8AD83A9109D9335EB6DB601
Authority key identifier: F2:26:2F:AF:43:76:42:00:24:AA:D7:29:83:AC:3E:87:94:4E:A7:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8iYvr0N2QgAkqtcpg6w-h5ROp6U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bfd9d-6afc-4bd7-bb43-badafca3944f/1/M4-beGRB9tOP3S3vejQEdcFQFUs.roa
Signing time:             Mon 24 Mar 2025 08:38:49 +0000
ROA not before:           Mon 24 Mar 2025 08:38:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15614
IP address blocks:        193.35.44.0/24 maxlen: 24
                          2a04:2a40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4bfd9d-6afc-4bd7-bb43-badafca3944f/1/8iYvr0N2QgAkqtcpg6w-h5ROp6U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4bfd9d-6afc-4bd7-bb43-badafca3944f/1/8iYvr0N2QgAkqtcpg6w-h5ROp6U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8iYvr0N2QgAkqtcpg6w-h5ROp6U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 16:41:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:c7:4d:f5:6e:d8:ad:83:a9:10:9d:93:35:eb:6d:b6:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f2262faf4376420024aad72983ac3e87944ea7a5
        Validity
            Not Before: Mar 24 08:38:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=338f9b786441f6d38fdd2def7a340475c150154b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:14:f7:4e:d7:1f:39:8a:3b:c5:7d:9d:75:e8:
                    4b:84:09:4c:7f:77:bd:97:ef:bb:84:0c:ec:2d:12:
                    b9:23:e1:97:bd:d0:a6:78:24:86:14:81:bf:1f:58:
                    be:73:7a:76:e8:93:59:f3:12:ae:f0:9e:ce:22:7d:
                    cd:da:df:55:96:0d:34:25:9f:a4:d5:d7:79:d6:cd:
                    9d:a0:f9:f0:f6:e1:91:3c:27:07:53:e7:1c:70:77:
                    5f:6a:66:30:ba:d5:48:55:07:36:f6:52:07:ca:63:
                    6a:f3:8f:e0:d7:3e:76:66:96:37:9f:d7:20:2a:1d:
                    e8:f1:cf:2c:01:95:d5:f4:e4:cc:8b:f5:cd:f3:e4:
                    e5:be:ee:7c:c5:bd:63:10:25:51:d7:70:e8:af:8c:
                    ae:3e:3e:b0:e7:88:e2:35:d5:6b:7a:26:a1:3b:2d:
                    b9:09:fa:5a:23:d4:b0:d9:a3:3b:7b:3f:ff:2e:c0:
                    39:e7:9c:05:06:94:8d:e7:94:d1:06:0d:ea:4d:c4:
                    b6:75:52:10:f6:88:87:56:c1:2d:4a:37:7e:de:e6:
                    66:39:f1:da:c4:c4:6d:d8:ab:1b:bf:93:68:25:22:
                    13:21:f6:06:9b:96:32:ae:9b:93:db:00:f3:30:a2:
                    ae:72:d7:fe:c0:48:ca:42:6f:e7:69:40:00:3a:cd:
                    3f:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:8F:9B:78:64:41:F6:D3:8F:DD:2D:EF:7A:34:04:75:C1:50:15:4B
            X509v3 Authority Key Identifier:
                keyid:F2:26:2F:AF:43:76:42:00:24:AA:D7:29:83:AC:3E:87:94:4E:A7:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8iYvr0N2QgAkqtcpg6w-h5ROp6U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bfd9d-6afc-4bd7-bb43-badafca3944f/1/M4-beGRB9tOP3S3vejQEdcFQFUs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bfd9d-6afc-4bd7-bb43-badafca3944f/1/8iYvr0N2QgAkqtcpg6w-h5ROp6U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.35.44.0/24
                IPv6:
                  2a04:2a40::/29

    Signature Algorithm: sha256WithRSAEncryption
         75:8d:b7:b8:8e:90:ac:61:50:dc:87:e4:55:f8:e1:28:02:bc:
         31:b6:ce:95:0a:53:70:23:f9:87:c0:68:f2:d3:68:62:ea:c5:
         6e:91:1b:81:61:d9:4f:78:be:47:c8:21:95:69:21:e1:96:66:
         77:7c:4e:2d:07:f4:47:71:3e:56:89:60:cd:c0:a4:ad:66:23:
         38:e2:4a:1f:9c:72:c0:d5:ff:09:dc:75:c4:90:08:f6:b5:63:
         ba:8d:71:02:0d:7d:a9:1f:be:7d:c2:b9:a9:ae:f2:d2:51:09:
         35:89:c1:89:24:38:8e:66:72:a3:08:1b:26:a3:6d:5a:92:16:
         87:d7:68:21:34:e1:ad:27:aa:a7:00:89:cd:d1:18:14:00:cd:
         41:64:49:f8:f1:bc:b8:64:d6:f0:c8:aa:26:72:9f:66:0e:e2:
         13:9e:b9:04:23:57:ee:02:c6:31:1d:70:45:69:8d:10:df:0a:
         ff:09:01:95:86:ec:be:a8:fc:bc:3e:67:af:3e:6b:ad:a6:b5:
         3f:f0:3a:c3:a4:d9:37:34:7c:be:3d:df:2f:11:0d:93:d5:aa:
         c2:e9:f9:98:6e:6e:db:98:2a:c4:19:04:35:9b:e7:90:e9:ff:
         bc:88:12:fc:8e:d1:63:bc:05:f2:f4:ce:e0:d2:a8:6b:61:fa:
         86:23:e7:82
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZXHTfVu2K2DqRCdkzXrbbYBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyMjYyZmFmNDM3NjQyMDAyNGFhZDcyOTgzYWMzZTg3OTQ0
ZWE3YTUwHhcNMjUwMzI0MDgzODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzhmOWI3ODY0NDFmNmQzOGZkZDJkZWY3YTM0MDQ3NWMxNTAxNTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0xT3TtcfOYo7xX2ddehLhAlMf3e9
l++7hAzsLRK5I+GXvdCmeCSGFIG/H1i+c3p26JNZ8xKu8J7OIn3N2t9Vlg00JZ+k
1dd51s2doPnw9uGRPCcHU+cccHdfamYwutVIVQc29lIHymNq84/g1z52ZpY3n9cg
Kh3o8c8sAZXV9OTMi/XN8+Tlvu58xb1jECVR13Dor4yuPj6w54jiNdVreiahOy25
CfpaI9Sw2aM7ez//LsA555wFBpSN55TRBg3qTcS2dVIQ9oiHVsEtSjd+3uZmOfHa
xMRt2Ksbv5NoJSITIfYGm5YyrpuT2wDzMKKuctf+wEjKQm/naUAAOs0//QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDOPm3hkQfbTj90t73o0BHXBUBVLMB8GA1UdIwQY
MBaAFPImL69DdkIAJKrXKYOsPoeUTqelMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGlZdnIwTjJRZ0FrcXRjcGc2dy1oNVJPcDZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmZkOWQtNmFmYy00YmQ3LWJiNDMt
YmFkYWZjYTM5NDRmLzEvTTQtYmVHUkI5dE9QM1MzdmVqUUVkY0ZRRlVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmZkOWQtNmFmYy00YmQ3LWJiNDMtYmFkYWZjYTM5NDRm
LzEvOGlZdnIwTjJRZ0FrcXRjcGc2dy1oNVJPcDZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwSMsMA0E
AgACMAcDBQMqBCpAMA0GCSqGSIb3DQEBCwUAA4IBAQB1jbe4jpCsYVDch+RV+OEo
Arwxts6VClNwI/mHwGjy02hi6sVukRuBYdlPeL5HyCGVaSHhlmZ3fE4tB/RHcT5W
iWDNwKStZiM44kofnHLA1f8J3HXEkAj2tWO6jXECDX2pH759wrmprvLSUQk1icGJ
JDiOZnKjCBsmo21akhaH12ghNOGtJ6qnAInN0RgUAM1BZEn48by4ZNbwyKomcp9m
DuITnrkEI1fuAsYxHXBFaY0Q3wr/CQGVhuy+qPy8PmevPmutprU/8DrDpNk3NHy+
Pd8vEQ2T1arC6fmYbm7bmCrEGQQ1m+eQ6f+8iBL8jtFjvAXy9M7g0qhrYfqGI+eC
-----END CERTIFICATE-----