Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/d7300f-de06-4f7b-a909-6598b4ceb069/1/4d-Yja16Kt9sPFGgwetGuOudFS0.roa
File:                     4d-Yja16Kt9sPFGgwetGuOudFS0.roa (raw, json)
Hash identifier:          NDeDT1zAQH0NL/7T2E+E2WEE9VSSrxh4tW1HrP4+ggA=
Subject key identifier:   E1:DF:98:8D:AD:7A:2A:DF:6C:3C:51:A0:C1:EB:46:B8:EB:9D:15:2D
Certificate issuer:       /CN=12694f6945a21d08d30192cfc1a6b780de728e3b
Certificate serial:       018CC8707F8879E5B389AA79BC1FCB6921D4
Authority key identifier: 12:69:4F:69:45:A2:1D:08:D3:01:92:CF:C1:A6:B7:80:DE:72:8E:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EmlPaUWiHQjTAZLPwaa3gN5yjjs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/d7300f-de06-4f7b-a909-6598b4ceb069/1/4d-Yja16Kt9sPFGgwetGuOudFS0.roa
Signing time:             Tue 02 Jan 2024 04:31:05 +0000
ROA not before:           Tue 02 Jan 2024 04:31:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35584
IP address blocks:        193.200.200.0/24 maxlen: 24
                          89.33.96.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/d7300f-de06-4f7b-a909-6598b4ceb069/1/EmlPaUWiHQjTAZLPwaa3gN5yjjs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/d7300f-de06-4f7b-a909-6598b4ceb069/1/EmlPaUWiHQjTAZLPwaa3gN5yjjs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EmlPaUWiHQjTAZLPwaa3gN5yjjs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:7f:88:79:e5:b3:89:aa:79:bc:1f:cb:69:21:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12694f6945a21d08d30192cfc1a6b780de728e3b
        Validity
            Not Before: Jan  2 04:31:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1df988dad7a2adf6c3c51a0c1eb46b8eb9d152d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:6a:50:ab:1e:5e:f4:76:f8:b0:34:81:7c:dc:
                    da:25:6d:4e:53:b8:2f:bb:5c:6b:e0:d5:57:5f:2d:
                    91:2b:b9:d9:eb:63:64:87:cf:8f:22:85:4d:12:47:
                    5f:95:5b:87:45:db:9e:0c:29:77:02:96:14:05:7e:
                    c7:12:32:6e:48:39:17:70:9c:1b:d4:c1:40:27:ea:
                    90:fa:58:7f:83:e8:3a:f6:b4:a9:cb:56:53:38:22:
                    0c:aa:80:71:a6:19:60:aa:fe:0a:bb:84:ed:58:01:
                    dd:eb:1f:82:11:a5:78:46:90:f4:8a:41:19:54:d2:
                    aa:7e:a8:67:9d:b7:93:14:a3:1e:cf:71:d8:32:2e:
                    78:eb:73:0a:e2:3f:d7:78:32:52:d6:08:75:ca:c6:
                    04:4d:b5:81:b0:4c:61:58:2e:88:02:3c:fe:be:a1:
                    52:4c:62:7f:89:96:84:5b:03:d2:8b:b1:ee:ed:c1:
                    b6:81:e4:12:8a:8c:5e:0c:59:38:2e:fd:4c:b4:e3:
                    e8:60:28:61:8a:d5:3e:0d:ff:ab:66:7d:b0:d8:cd:
                    73:5b:6e:d0:04:63:e0:c9:3c:51:40:ea:84:b1:91:
                    d7:bf:2d:bb:6f:8d:68:31:91:ed:a7:52:76:15:28:
                    da:e5:08:12:c7:78:d8:e6:8c:e6:19:d2:ce:55:1f:
                    28:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:DF:98:8D:AD:7A:2A:DF:6C:3C:51:A0:C1:EB:46:B8:EB:9D:15:2D
            X509v3 Authority Key Identifier:
                keyid:12:69:4F:69:45:A2:1D:08:D3:01:92:CF:C1:A6:B7:80:DE:72:8E:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EmlPaUWiHQjTAZLPwaa3gN5yjjs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d7300f-de06-4f7b-a909-6598b4ceb069/1/4d-Yja16Kt9sPFGgwetGuOudFS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d7300f-de06-4f7b-a909-6598b4ceb069/1/EmlPaUWiHQjTAZLPwaa3gN5yjjs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.33.96.0/22
                  193.200.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:41:6e:2b:48:45:54:92:9c:67:98:af:91:4f:b7:e5:18:7c:
         ce:27:d1:dd:ac:fb:2c:a1:63:1a:35:de:e9:cb:95:9e:d6:cf:
         bb:05:e9:cc:6c:c1:df:86:c2:e8:42:98:bc:60:01:df:52:c7:
         6c:02:63:55:cd:c7:e0:a2:71:7e:5b:58:85:1f:e7:b0:c8:87:
         81:61:b9:d0:6c:07:9c:fb:11:a5:4d:da:77:d8:5b:d3:d1:43:
         d8:1e:21:6d:6c:a2:22:71:d4:60:13:58:0d:eb:8e:5d:81:1a:
         ec:34:db:a7:bc:1e:ca:ac:3f:da:f8:3d:f2:b0:eb:1d:ae:0b:
         4e:01:68:70:49:70:ab:05:8a:8f:7b:e6:1b:03:f8:71:b4:e5:
         95:a0:e2:d9:fe:b1:33:9a:ef:4e:61:ba:49:05:63:06:cc:dc:
         12:a7:76:7f:a0:21:e8:45:f3:47:7e:bc:38:35:69:00:d7:7d:
         79:e6:4c:ca:b6:00:1b:1c:1d:bd:45:91:73:26:5f:5c:d8:0c:
         bc:e7:f7:a3:c5:58:9a:c7:e5:b9:20:49:21:87:37:29:6b:cd:
         49:3a:12:71:ea:fe:27:73:9f:f5:75:61:73:28:01:15:14:62:
         81:0f:8e:e5:aa:1f:5a:ff:49:b5:3b:91:23:62:d5:24:87:65:
         35:5b:19:b4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIcH+IeeWziap5vB/LaSHUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyNjk0ZjY5NDVhMjFkMDhkMzAxOTJjZmMxYTZiNzgwZGU3
MjhlM2IwHhcNMjQwMTAyMDQzMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWRmOTg4ZGFkN2EyYWRmNmMzYzUxYTBjMWViNDZiOGViOWQxNTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGpQqx5e9Hb4sDSBfNzaJW1OU7gv
u1xr4NVXXy2RK7nZ62Nkh8+PIoVNEkdflVuHRdueDCl3ApYUBX7HEjJuSDkXcJwb
1MFAJ+qQ+lh/g+g69rSpy1ZTOCIMqoBxphlgqv4Ku4TtWAHd6x+CEaV4RpD0ikEZ
VNKqfqhnnbeTFKMez3HYMi5463MK4j/XeDJS1gh1ysYETbWBsExhWC6IAjz+vqFS
TGJ/iZaEWwPSi7Hu7cG2geQSioxeDFk4Lv1MtOPoYChhitU+Df+rZn2w2M1zW27Q
BGPgyTxRQOqEsZHXvy27b41oMZHtp1J2FSja5QgSx3jY5ozmGdLOVR8oIwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOHfmI2teirfbDxRoMHrRrjrnRUtMB8GA1UdIwQY
MBaAFBJpT2lFoh0I0wGSz8Gmt4Deco47MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRW1sUGFVV2lIUWpUQVpMUHdhYTNnTjV5ampzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9kNzMwMGYtZGUwNi00ZjdiLWE5MDkt
NjU5OGI0Y2ViMDY5LzEvNGQtWWphMTZLdDlzUEZHZ3dldEd1T3VkRlMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9kNzMwMGYtZGUwNi00ZjdiLWE5MDktNjU5OGI0Y2ViMDY5
LzEvRW1sUGFVV2lIUWpUQVpMUHdhYTNnTjV5ampzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCWSFgAwQA
wcjIMA0GCSqGSIb3DQEBCwUAA4IBAQBuQW4rSEVUkpxnmK+RT7flGHzOJ9HdrPss
oWMaNd7py5We1s+7BenMbMHfhsLoQpi8YAHfUsdsAmNVzcfgonF+W1iFH+ewyIeB
YbnQbAec+xGlTdp32FvT0UPYHiFtbKIicdRgE1gN645dgRrsNNunvB7KrD/a+D3y
sOsdrgtOAWhwSXCrBYqPe+YbA/hxtOWVoOLZ/rEzmu9OYbpJBWMGzNwSp3Z/oCHo
RfNHfrw4NWkA13155kzKtgAbHB29RZFzJl9c2Ay85/ejxViax+W5IEkhhzcpa81J
OhJx6v4nc5/1dWFzKAEVFGKBD47lqh9a/0m1O5EjYtUkh2U1Wxm0
-----END CERTIFICATE-----