Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/4WeEm62p5FgMYId4eLzx0DO4DQQ.roa
File:                     4WeEm62p5FgMYId4eLzx0DO4DQQ.roa (raw, json)
Hash identifier:          SfUjJMisBodNol0xz1hBmx57JM10oD+RFDpFsIDQJ8A=
Subject key identifier:   E1:67:84:9B:AD:A9:E4:58:0C:60:87:78:78:BC:F1:D0:33:B8:0D:04
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019422204D427BC2626AFE77465B43AFC491
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/4WeEm62p5FgMYId4eLzx0DO4DQQ.roa
Signing time:             Wed 01 Jan 2025 13:48:49 +0000
ROA not before:           Wed 01 Jan 2025 13:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212335
IP address blocks:        193.58.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:4d:42:7b:c2:62:6a:fe:77:46:5b:43:af:c4:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  1 13:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e167849bada9e4580c60877878bcf1d033b80d04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:e5:a9:94:72:e9:9d:a7:8a:92:fb:b8:a0:a9:
                    da:39:cc:20:f0:79:1a:5e:8d:be:36:11:90:0c:5c:
                    13:16:f9:90:7e:f9:dd:55:8b:6c:06:11:d0:56:b7:
                    3f:ba:f4:88:72:f7:5b:4d:1c:b5:48:74:82:92:3e:
                    9e:75:94:67:54:ce:f9:f2:7e:b6:28:c0:dc:df:9b:
                    ce:c4:d4:ce:cc:c9:66:52:ec:6f:68:83:a2:62:e3:
                    36:34:e1:73:ac:89:64:ad:56:53:5e:a8:5d:cd:a4:
                    3c:21:c4:df:aa:7b:2a:27:3b:f3:bc:2e:fe:54:b3:
                    f0:aa:43:d1:36:4b:38:1a:1c:48:46:50:a9:e0:25:
                    46:d4:53:35:4f:46:11:83:75:d1:a1:b8:62:90:68:
                    5b:1c:cf:64:d8:f6:23:8c:3b:1c:04:fd:91:05:7f:
                    b5:b2:4f:e4:2b:1e:ca:4b:d2:9f:fe:f7:f2:23:d3:
                    2e:da:51:ac:73:0c:e7:3e:0f:29:22:e9:af:9b:ed:
                    7d:3c:f9:ca:2f:36:cc:a4:0b:46:49:9d:bf:da:c6:
                    c5:38:b1:d0:4f:37:db:65:4a:a2:09:39:e8:ee:1d:
                    e1:2d:ec:76:de:44:b0:0d:08:8e:7d:3a:bc:c2:ba:
                    0c:00:d6:31:ee:f1:1b:4c:a8:54:82:16:32:2d:a7:
                    ff:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:67:84:9B:AD:A9:E4:58:0C:60:87:78:78:BC:F1:D0:33:B8:0D:04
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/4WeEm62p5FgMYId4eLzx0DO4DQQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.58.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:73:3b:9b:cc:e7:26:8e:4c:1b:f0:78:6c:60:f4:cc:db:be:
         90:5d:fc:9b:f7:06:82:8b:53:26:9f:84:05:17:c9:f6:c0:37:
         ad:02:36:dd:c0:c4:7d:2e:ba:90:4f:13:d3:81:97:a2:0e:02:
         d9:23:1d:8d:95:fa:69:90:bd:e6:f6:a7:db:d6:15:06:21:f6:
         d0:b3:38:e3:62:52:da:6b:90:eb:34:75:e0:4f:b0:c6:4b:76:
         3c:d5:6f:94:a3:2c:40:2c:d6:8a:32:53:ac:63:9f:61:20:c9:
         7e:1a:1c:b6:87:28:c6:d8:aa:10:fc:00:c6:bd:ca:a3:9c:1a:
         90:cf:7d:3c:65:96:da:68:60:a1:d5:75:eb:ab:5e:f2:7a:2e:
         dd:0f:83:7e:d3:56:92:17:25:cc:a1:fd:fb:5a:0e:70:3b:fb:
         a9:dc:55:95:88:95:c0:99:b3:c8:5d:0d:f3:ce:08:12:f3:58:
         d5:29:05:32:53:e7:5a:d1:44:ec:ea:8c:ad:b3:45:0c:31:f6:
         9f:86:6a:fa:83:94:80:15:33:97:31:a8:a6:62:82:f3:30:05:
         1c:4f:a1:79:6a:bb:0a:02:6c:3c:8d:39:0b:37:a1:bb:28:58:
         b8:ed:1f:03:ed:3f:c5:3c:e7:c6:92:24:11:10:4f:66:f3:e2:
         1e:b8:28:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIE1Ce8Jiav53RltDr8SRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMTAxMTM0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTY3ODQ5YmFkYTllNDU4MGM2MDg3Nzg3OGJjZjFkMDMzYjgwZDA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqOWplHLpnaeKkvu4oKnaOcwg8Hka
Xo2+NhGQDFwTFvmQfvndVYtsBhHQVrc/uvSIcvdbTRy1SHSCkj6edZRnVM758n62
KMDc35vOxNTOzMlmUuxvaIOiYuM2NOFzrIlkrVZTXqhdzaQ8IcTfqnsqJzvzvC7+
VLPwqkPRNks4GhxIRlCp4CVG1FM1T0YRg3XRobhikGhbHM9k2PYjjDscBP2RBX+1
sk/kKx7KS9Kf/vfyI9Mu2lGscwznPg8pIumvm+19PPnKLzbMpAtGSZ2/2sbFOLHQ
TzfbZUqiCTno7h3hLex23kSwDQiOfTq8wroMANYx7vEbTKhUghYyLaf/twIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOFnhJutqeRYDGCHeHi88dAzuA0EMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvNFdlRW02MnA1RmdNWUlkNGVMengwRE80RFFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTqRMA0G
CSqGSIb3DQEBCwUAA4IBAQCjczubzOcmjkwb8HhsYPTM276QXfyb9waCi1Mmn4QF
F8n2wDetAjbdwMR9LrqQTxPTgZeiDgLZIx2NlfppkL3m9qfb1hUGIfbQszjjYlLa
a5DrNHXgT7DGS3Y81W+UoyxALNaKMlOsY59hIMl+Ghy2hyjG2KoQ/ADGvcqjnBqQ
z308ZZbaaGCh1XXrq17yei7dD4N+01aSFyXMof37Wg5wO/up3FWViJXAmbPIXQ3z
zggS81jVKQUyU+da0UTs6oyts0UMMfafhmr6g5SAFTOXMaimYoLzMAUcT6F5arsK
Amw8jTkLN6G7KFi47R8D7T/FPOfGkiQREE9m8+IeuChl
-----END CERTIFICATE-----