Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/4URO2C3ml1u1p3j0aVym-OypCmw.roa
File:                     4URO2C3ml1u1p3j0aVym-OypCmw.roa (raw, json)
Hash identifier:          FBodq3AGj9I/WrFusJYGhp0BteIh9N9SY38AbrciYWk=
Subject key identifier:   E1:44:4E:D8:2D:E6:97:5B:B5:A7:78:F4:69:5C:A6:F8:EC:A9:0A:6C
Certificate issuer:       /CN=4104a40821c4176cc42e255ef6c1727473c3f00a
Certificate serial:       0194221F8FD6A98E1266F50442B298D7F2A5
Authority key identifier: 41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/4URO2C3ml1u1p3j0aVym-OypCmw.roa
Signing time:             Wed 01 Jan 2025 13:48:01 +0000
ROA not before:           Wed 01 Jan 2025 13:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197741
IP address blocks:        82.119.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:8f:d6:a9:8e:12:66:f5:04:42:b2:98:d7:f2:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4104a40821c4176cc42e255ef6c1727473c3f00a
        Validity
            Not Before: Jan  1 13:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e1444ed82de6975bb5a778f4695ca6f8eca90a6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:e7:c8:50:a4:d8:75:99:f7:b3:05:1e:c2:95:
                    7f:de:74:4d:a6:fb:52:68:86:09:6d:fc:21:1e:b8:
                    4b:a6:c3:3b:2f:93:cd:31:64:40:d3:75:e5:ac:cc:
                    a0:8c:f0:92:24:10:7a:ff:78:f0:a1:8b:1e:24:82:
                    29:f6:39:fa:2e:05:28:93:cc:2c:97:f3:a5:f0:f1:
                    3b:a3:49:26:c3:32:68:07:53:ee:eb:74:4c:32:52:
                    f3:1a:39:81:39:0f:29:47:d8:33:e6:0c:c6:f4:87:
                    ba:70:a2:5c:38:8b:da:73:3e:98:fc:83:8a:e7:25:
                    7c:90:b0:2f:b6:7d:fc:03:d4:64:b0:37:7d:7c:4f:
                    80:af:59:c7:11:52:44:4c:f1:fa:ea:dc:9c:7d:94:
                    ae:56:0e:54:5f:ea:34:a7:f5:24:b9:e4:33:4c:89:
                    f1:a0:09:b5:96:f8:f6:05:e2:3f:dc:4b:f3:e5:82:
                    a4:fc:7d:79:ea:46:c5:7b:b0:98:ef:f7:eb:d1:86:
                    5c:f9:a4:f5:e3:43:91:fc:87:31:ca:11:e5:93:56:
                    cd:9a:ad:b5:62:e8:70:8d:85:04:c9:3a:b1:74:47:
                    45:ff:d6:35:67:f4:10:75:bc:0d:fb:c8:b1:00:9f:
                    e3:c3:06:c0:c9:f0:0c:5c:a8:36:25:2e:33:29:53:
                    3f:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:44:4E:D8:2D:E6:97:5B:B5:A7:78:F4:69:5C:A6:F8:EC:A9:0A:6C
            X509v3 Authority Key Identifier:
                keyid:41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/4URO2C3ml1u1p3j0aVym-OypCmw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.119.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:8b:6c:43:86:df:fa:0e:dd:8c:f1:16:5d:d0:1a:d8:7a:1c:
         de:b6:95:69:9c:0b:a6:20:6d:c1:d6:0d:3b:dc:7d:eb:dc:65:
         b0:30:c6:e7:0c:ac:8e:76:dc:86:61:1b:87:a8:f5:8c:cb:c2:
         b2:52:49:ac:8f:f0:dd:a2:87:86:ea:68:b8:a0:a9:f7:21:bf:
         a0:c2:51:b7:f4:56:c3:2b:fd:ff:6c:95:10:fa:b9:6f:69:54:
         41:c1:4e:ee:37:ce:7d:a4:6e:78:5b:cc:3e:11:30:02:92:13:
         8a:0d:c1:05:14:fa:3e:c7:56:3e:e5:e0:4c:d3:6b:35:41:10:
         1f:43:0a:a6:7d:87:59:1e:63:54:05:08:28:db:16:e2:b4:34:
         9f:ea:9c:27:98:5e:aa:52:48:14:b4:37:f6:d8:78:9c:d8:e4:
         be:ca:f0:af:59:6b:3f:41:c2:22:a9:30:46:7a:c7:07:27:97:
         11:f1:30:16:c2:c0:e6:72:e6:b1:96:5e:3a:53:3a:31:d2:a0:
         9a:ec:15:bd:db:ed:b1:a5:80:bd:be:a4:a8:77:eb:49:51:93:
         c2:d5:74:95:44:78:bf:cd:be:4b:6b:bc:b9:f3:27:a3:d4:73:
         9b:ac:59:b6:48:bf:51:cd:b2:8f:b9:83:5b:8b:9a:4e:a6:4e:
         2c:6c:ea:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH4/WqY4SZvUEQrKY1/KlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMDRhNDA4MjFjNDE3NmNjNDJlMjU1ZWY2YzE3Mjc0NzNj
M2YwMGEwHhcNMjUwMTAxMTM0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTQ0NGVkODJkZTY5NzViYjVhNzc4ZjQ2OTVjYTZmOGVjYTkwYTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1OfIUKTYdZn3swUewpV/3nRNpvtS
aIYJbfwhHrhLpsM7L5PNMWRA03XlrMygjPCSJBB6/3jwoYseJIIp9jn6LgUok8ws
l/Ol8PE7o0kmwzJoB1Pu63RMMlLzGjmBOQ8pR9gz5gzG9Ie6cKJcOIvacz6Y/IOK
5yV8kLAvtn38A9RksDd9fE+Ar1nHEVJETPH66tycfZSuVg5UX+o0p/UkueQzTInx
oAm1lvj2BeI/3Evz5YKk/H156kbFe7CY7/fr0YZc+aT140OR/IcxyhHlk1bNmq21
YuhwjYUEyTqxdEdF/9Y1Z/QQdbwN+8ixAJ/jwwbAyfAMXKg2JS4zKVM/2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOFETtgt5pdbtad49GlcpvjsqQpsMB8GA1UdIwQY
MBaAFEEEpAghxBdsxC4lXvbBcnRzw/AKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMt
YjI3ZDZlMjc4ZTE4LzEvNFVSTzJDM21sMXUxcDNqMGFWeW0tT3lwQ213LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMtYjI3ZDZlMjc4ZTE4
LzEvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUndRMA0G
CSqGSIb3DQEBCwUAA4IBAQAHi2xDht/6Dt2M8RZd0BrYehzetpVpnAumIG3B1g07
3H3r3GWwMMbnDKyOdtyGYRuHqPWMy8KyUkmsj/DdooeG6mi4oKn3Ib+gwlG39FbD
K/3/bJUQ+rlvaVRBwU7uN859pG54W8w+ETACkhOKDcEFFPo+x1Y+5eBM02s1QRAf
QwqmfYdZHmNUBQgo2xbitDSf6pwnmF6qUkgUtDf22Hic2OS+yvCvWWs/QcIiqTBG
escHJ5cR8TAWwsDmcuaxll46Uzox0qCa7BW92+2xpYC9vqSod+tJUZPC1XSVRHi/
zb5La7y58yej1HObrFm2SL9RzbKPuYNbi5pOpk4sbOo+
-----END CERTIFICATE-----