Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/422a4c-8394-46b4-aa18-d1fbe5a91d70/1/4ZJ0Y_DHNbZxArnyQP43lbLppwk.roa
File:                     4ZJ0Y_DHNbZxArnyQP43lbLppwk.roa (raw, json)
Hash identifier:          wU9vZJ1ydjqqcXLU41+WWV1M07tTHoXD8WA3tWITuu0=
Subject key identifier:   E1:92:74:63:F0:C7:35:B6:71:02:B9:F2:40:FE:37:95:B2:E9:A7:09
Certificate issuer:       /CN=c0ba50fca33b180d68436e7ef0cbf6904baf45d4
Certificate serial:       01906507A6C1A898A8F00123FA9E47BC1F73
Authority key identifier: C0:BA:50:FC:A3:3B:18:0D:68:43:6E:7E:F0:CB:F6:90:4B:AF:45:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wLpQ_KM7GA1oQ25-8Mv2kEuvRdQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/422a4c-8394-46b4-aa18-d1fbe5a91d70/1/4ZJ0Y_DHNbZxArnyQP43lbLppwk.roa
Signing time:             Sat 29 Jun 2024 17:25:18 +0000
ROA not before:           Sat 29 Jun 2024 17:25:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198154
IP address blocks:        194.33.28.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/422a4c-8394-46b4-aa18-d1fbe5a91d70/1/wLpQ_KM7GA1oQ25-8Mv2kEuvRdQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/422a4c-8394-46b4-aa18-d1fbe5a91d70/1/wLpQ_KM7GA1oQ25-8Mv2kEuvRdQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wLpQ_KM7GA1oQ25-8Mv2kEuvRdQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:65:07:a6:c1:a8:98:a8:f0:01:23:fa:9e:47:bc:1f:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c0ba50fca33b180d68436e7ef0cbf6904baf45d4
        Validity
            Not Before: Jun 29 17:25:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1927463f0c735b67102b9f240fe3795b2e9a709
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:5b:2a:92:45:de:18:e8:e3:27:77:d1:1f:79:
                    a0:22:44:f5:8d:34:c4:ce:4f:db:e2:74:fa:3c:cc:
                    93:dd:b3:4a:2e:a4:8c:89:6b:bb:7b:ca:e3:75:12:
                    ec:8e:3b:d9:cf:7f:49:16:62:34:ee:01:e3:b9:32:
                    d6:98:89:76:fa:77:d9:5d:3c:47:d5:74:34:f0:1f:
                    1b:50:c4:fe:b6:1e:ce:f1:b6:c2:91:55:33:b4:ac:
                    a9:92:c1:72:b7:0f:50:2e:af:b8:43:66:a9:69:f6:
                    65:f2:63:b4:0b:2c:40:da:77:6b:91:e0:59:96:d2:
                    85:36:21:7d:75:d0:8e:78:b4:91:43:d8:45:4d:ea:
                    e7:70:9b:fd:bb:ef:46:bd:ca:3c:d5:d4:a8:bd:5b:
                    0b:90:96:0c:f4:66:8d:1c:8a:00:76:c3:b8:48:78:
                    7b:67:b7:97:a5:b7:e6:b3:0a:b8:c0:12:34:f3:7c:
                    30:45:f4:1f:17:fd:14:fa:d0:2a:1c:e1:f7:7b:ca:
                    7d:32:98:ed:b3:32:45:45:7d:b7:e1:79:34:4a:43:
                    f8:04:98:a9:8e:1f:89:20:ed:87:3a:9d:fd:f3:2e:
                    3a:08:9b:1a:2a:78:02:86:e7:69:24:23:23:44:47:
                    bd:0e:e9:46:6c:82:e6:4e:23:96:74:0b:3e:4d:9e:
                    11:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:92:74:63:F0:C7:35:B6:71:02:B9:F2:40:FE:37:95:B2:E9:A7:09
            X509v3 Authority Key Identifier:
                keyid:C0:BA:50:FC:A3:3B:18:0D:68:43:6E:7E:F0:CB:F6:90:4B:AF:45:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wLpQ_KM7GA1oQ25-8Mv2kEuvRdQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/422a4c-8394-46b4-aa18-d1fbe5a91d70/1/4ZJ0Y_DHNbZxArnyQP43lbLppwk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/422a4c-8394-46b4-aa18-d1fbe5a91d70/1/wLpQ_KM7GA1oQ25-8Mv2kEuvRdQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.33.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:4e:4e:ae:28:a8:80:55:57:02:e9:77:af:34:b5:58:47:6f:
         fa:aa:31:95:71:f9:c3:55:f2:b3:ca:2c:5a:b6:09:b1:31:24:
         64:d1:42:01:82:a9:35:d3:0a:0a:00:15:0e:71:ef:88:e0:55:
         00:4d:68:86:48:18:a3:1a:45:f6:ed:1b:ab:17:0e:47:d1:db:
         70:d8:0e:95:c4:c8:71:d0:d9:67:27:e7:1e:b8:5a:a8:c6:04:
         68:87:b1:bd:66:20:8f:4f:a1:cb:b8:dc:5f:5a:d9:02:09:de:
         d9:a0:58:85:46:68:f8:a2:fc:c6:81:6b:57:cf:f5:f0:1a:0f:
         51:8a:4a:64:f0:33:57:aa:0d:e4:ad:56:b0:7b:da:64:86:b9:
         6c:b8:24:33:5d:cb:79:ce:6d:87:11:55:9e:6d:6b:1c:6b:a4:
         20:06:8a:5a:4c:54:50:1d:a8:9f:d0:88:95:91:32:44:3c:67:
         5d:4f:c5:89:e9:dd:06:41:51:b4:ae:9f:ba:fd:5e:04:16:ed:
         54:dc:30:ec:06:c8:d9:63:b4:43:03:c0:42:ae:12:62:19:38:
         a1:ca:61:7c:41:b9:e1:d0:34:0c:24:d5:99:c0:81:f8:5c:1b:
         c2:5a:fe:cb:de:6c:e6:c2:54:49:e2:f8:c8:7b:53:db:99:85:
         2a:72:07:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBlB6bBqJio8AEj+p5HvB9zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwYmE1MGZjYTMzYjE4MGQ2ODQzNmU3ZWYwY2JmNjkwNGJh
ZjQ1ZDQwHhcNMjQwNjI5MTcyNTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTkyNzQ2M2YwYzczNWI2NzEwMmI5ZjI0MGZlMzc5NWIyZTlhNzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy1sqkkXeGOjjJ3fRH3mgIkT1jTTE
zk/b4nT6PMyT3bNKLqSMiWu7e8rjdRLsjjvZz39JFmI07gHjuTLWmIl2+nfZXTxH
1XQ08B8bUMT+th7O8bbCkVUztKypksFytw9QLq+4Q2apafZl8mO0CyxA2ndrkeBZ
ltKFNiF9ddCOeLSRQ9hFTerncJv9u+9Gvco81dSovVsLkJYM9GaNHIoAdsO4SHh7
Z7eXpbfmswq4wBI083wwRfQfF/0U+tAqHOH3e8p9MpjtszJFRX234Xk0SkP4BJip
jh+JIO2HOp398y46CJsaKngChudpJCMjREe9DulGbILmTiOWdAs+TZ4R9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOGSdGPwxzW2cQK58kD+N5Wy6acJMB8GA1UdIwQY
MBaAFMC6UPyjOxgNaENufvDL9pBLr0XUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0xwUV9LTTdHQTFvUTI1LThNdjJrRXV2UmRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC80MjJhNGMtODM5NC00NmI0LWFhMTgt
ZDFmYmU1YTkxZDcwLzEvNFpKMFlfREhOYlp4QXJueVFQNDNsYkxwcHdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC80MjJhNGMtODM5NC00NmI0LWFhMTgtZDFmYmU1YTkxZDcw
LzEvd0xwUV9LTTdHQTFvUTI1LThNdjJrRXV2UmRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiEcMA0G
CSqGSIb3DQEBCwUAA4IBAQC0Tk6uKKiAVVcC6XevNLVYR2/6qjGVcfnDVfKzyixa
tgmxMSRk0UIBgqk10woKABUOce+I4FUATWiGSBijGkX27RurFw5H0dtw2A6VxMhx
0NlnJ+ceuFqoxgRoh7G9ZiCPT6HLuNxfWtkCCd7ZoFiFRmj4ovzGgWtXz/XwGg9R
ikpk8DNXqg3krVawe9pkhrlsuCQzXct5zm2HEVWebWsca6QgBopaTFRQHaif0IiV
kTJEPGddT8WJ6d0GQVG0rp+6/V4EFu1U3DDsBsjZY7RDA8BCrhJiGTihymF8Qbnh
0DQMJNWZwIH4XBvCWv7L3mzmwlRJ4vjIe1PbmYUqcgc8
-----END CERTIFICATE-----