Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/P4INOB7X-XLo8ty81jhTvZSDCAE.roa
File:                     P4INOB7X-XLo8ty81jhTvZSDCAE.roa (raw, json)
Hash identifier:          J4LPMvcZnOd+GVmxq1o/5h8HZ4F+TJmSOXLPPZtFCVI=
Subject key identifier:   3F:82:0D:38:1E:D7:F9:72:E8:F2:DC:BC:D6:38:53:BD:94:83:08:01
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       019423D706B76F884A3FAA136FE764CCD76F
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/P4INOB7X-XLo8ty81jhTvZSDCAE.roa
Signing time:             Wed 01 Jan 2025 21:48:02 +0000
ROA not before:           Wed 01 Jan 2025 21:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15440
IP address blocks:        91.103.255.0/24 maxlen: 24
                          176.118.198.0/24 maxlen: 24
                          185.40.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 08:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:06:b7:6f:88:4a:3f:aa:13:6f:e7:64:cc:d7:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  1 21:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3f820d381ed7f972e8f2dcbcd63853bd94830801
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:9e:42:2d:4e:d8:fd:df:82:8e:6b:15:83:53:
                    4a:31:4e:f4:a2:87:72:af:7d:7b:9a:53:61:ae:c4:
                    8c:62:cb:4d:08:59:cb:ab:8e:19:8f:98:47:10:39:
                    8d:6d:e3:7a:5e:74:9c:da:e9:d2:e1:f7:75:35:89:
                    e1:d9:09:6c:76:0a:ab:fe:fc:22:8b:0f:b9:81:a1:
                    4f:2c:ac:56:70:dc:db:f2:83:fd:77:13:62:a2:49:
                    62:23:5a:39:af:e0:1a:ed:8c:fe:1a:48:f6:de:65:
                    f5:fc:b3:32:9a:51:90:69:59:fb:5a:02:14:d6:61:
                    11:70:b1:96:e6:9a:6b:3a:0f:89:12:5b:94:fc:bb:
                    62:14:76:b1:02:62:ba:f2:3a:cb:a3:d8:17:f8:db:
                    5b:69:bb:88:20:b5:12:dc:7c:6a:98:76:8c:6a:d1:
                    4f:c3:9a:a6:93:a1:48:c2:6c:7d:aa:bc:43:0a:f2:
                    7a:96:63:8e:09:65:ec:f8:37:a8:04:20:c6:3e:b5:
                    34:d1:60:a5:de:9c:95:98:3e:6a:95:7e:99:53:ef:
                    b5:47:6c:53:f3:db:17:ec:7a:48:e0:b9:9c:09:61:
                    cd:89:a3:6e:e9:ce:4e:86:90:a9:56:d4:73:a7:02:
                    c9:a4:77:97:d6:40:c3:f0:aa:7d:70:18:a3:35:be:
                    fb:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:82:0D:38:1E:D7:F9:72:E8:F2:DC:BC:D6:38:53:BD:94:83:08:01
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/P4INOB7X-XLo8ty81jhTvZSDCAE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.103.255.0/24
                  176.118.198.0/24
                  185.40.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:b9:f9:f0:66:d4:a7:bb:99:6a:da:48:d6:8d:27:47:aa:de:
         23:e3:60:ef:d0:12:5a:47:42:5f:ec:f4:c5:d9:fc:d1:fd:50:
         71:f6:de:66:3e:5b:ca:04:0b:60:b6:10:d9:28:64:12:15:cc:
         a7:81:7f:77:ac:d2:98:92:7b:66:50:a1:9c:4c:4e:a3:0a:bb:
         b9:5d:61:82:10:90:42:fd:b8:36:f4:d8:4f:b3:60:c0:76:b4:
         74:33:47:60:9c:2e:ca:86:86:de:b7:4e:11:e0:dd:bb:f1:b5:
         19:6d:6e:60:ff:48:c1:0e:3d:0c:83:66:e4:23:03:b8:52:76:
         a8:79:a6:6e:24:80:57:17:f4:69:ed:92:ee:9d:ac:5a:79:16:
         83:bc:f7:bc:7d:10:5c:50:c8:55:8e:72:5b:a1:d5:a7:65:e9:
         52:18:19:55:93:39:e2:e8:05:a5:aa:11:da:b0:a0:13:63:41:
         ef:43:25:11:db:c6:7d:ce:19:50:98:47:60:83:76:ae:2a:fe:
         5f:93:89:67:1b:01:d5:76:27:7d:ec:23:8a:37:a7:04:4f:a0:
         dc:be:4d:ad:db:4a:72:ce:fb:0d:cf:e5:f0:87:18:0f:b0:cf:
         9c:6a:66:e2:8a:8b:7e:86:ea:d3:57:58:3d:bc:03:4b:2a:5a:
         b7:c1:eb:b5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQj1wa3b4hKP6oTb+dkzNdvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwMTAxMjE0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjgyMGQzODFlZDdmOTcyZThmMmRjYmNkNjM4NTNiZDk0ODMwODAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArp5CLU7Y/d+CjmsVg1NKMU70oody
r317mlNhrsSMYstNCFnLq44Zj5hHEDmNbeN6XnSc2unS4fd1NYnh2Qlsdgqr/vwi
iw+5gaFPLKxWcNzb8oP9dxNiokliI1o5r+Aa7Yz+Gkj23mX1/LMymlGQaVn7WgIU
1mERcLGW5pprOg+JEluU/LtiFHaxAmK68jrLo9gX+NtbabuIILUS3HxqmHaMatFP
w5qmk6FIwmx9qrxDCvJ6lmOOCWXs+DeoBCDGPrU00WCl3pyVmD5qlX6ZU++1R2xT
89sX7HpI4LmcCWHNiaNu6c5OhpCpVtRzpwLJpHeX1kDD8Kp9cBijNb77BwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFD+CDTge1/ly6PLcvNY4U72UgwgBMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvUDRJTk9CN1gtWExvOHR5ODFqaFR2WlNEQ0FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW2f/AwQA
sHbGAwQAuSgGMA0GCSqGSIb3DQEBCwUAA4IBAQARufnwZtSnu5lq2kjWjSdHqt4j
42Dv0BJaR0Jf7PTF2fzR/VBx9t5mPlvKBAtgthDZKGQSFcyngX93rNKYkntmUKGc
TE6jCru5XWGCEJBC/bg29NhPs2DAdrR0M0dgnC7Khobet04R4N278bUZbW5g/0jB
Dj0Mg2bkIwO4UnaoeaZuJIBXF/Rp7ZLunaxaeRaDvPe8fRBcUMhVjnJbodWnZelS
GBlVkzni6AWlqhHasKATY0HvQyUR28Z9zhlQmEdgg3auKv5fk4lnGwHVdid97COK
N6cET6Dcvk2t20pyzvsNz+XwhxgPsM+cambiiot+hurTV1g9vANLKlq3weu1
-----END CERTIFICATE-----