Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/115c44-bc4a-4e24-bf38-8c72609f2f02/1/4bKIEfLG3yVTu5xmI7zZvZdudAk.roa
File:                     4bKIEfLG3yVTu5xmI7zZvZdudAk.roa (raw, json)
Hash identifier:          Q2S2ghL+36U7e1byPU0qyLSRdvWc8zDtATPd1BS6eMc=
Subject key identifier:   E1:B2:88:11:F2:C6:DF:25:53:BB:9C:66:23:BC:D9:BD:97:6E:74:09
Certificate issuer:       /CN=47ea61d7cc2c278a7c4bcfbc2137b394a22654ad
Certificate serial:       018F0B5E1FB9AD030BAFA7CB8EF59A9572B1
Authority key identifier: 47:EA:61:D7:CC:2C:27:8A:7C:4B:CF:BC:21:37:B3:94:A2:26:54:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R-ph18wsJ4p8S8-8ITezlKImVK0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/115c44-bc4a-4e24-bf38-8c72609f2f02/1/4bKIEfLG3yVTu5xmI7zZvZdudAk.roa
Signing time:             Tue 23 Apr 2024 14:31:08 +0000
ROA not before:           Tue 23 Apr 2024 14:31:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42640
IP address blocks:        195.248.228.0/24 maxlen: 24
                          195.248.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/115c44-bc4a-4e24-bf38-8c72609f2f02/1/R-ph18wsJ4p8S8-8ITezlKImVK0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/115c44-bc4a-4e24-bf38-8c72609f2f02/1/R-ph18wsJ4p8S8-8ITezlKImVK0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R-ph18wsJ4p8S8-8ITezlKImVK0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0b:5e:1f:b9:ad:03:0b:af:a7:cb:8e:f5:9a:95:72:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47ea61d7cc2c278a7c4bcfbc2137b394a22654ad
        Validity
            Not Before: Apr 23 14:31:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1b28811f2c6df2553bb9c6623bcd9bd976e7409
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:2c:b8:7c:d3:0a:fb:ed:12:9e:3b:ea:b8:50:
                    7f:11:7a:29:0a:52:50:fc:8a:27:c9:60:5c:86:76:
                    6e:41:f9:0c:e2:9c:88:34:4f:84:d7:df:3c:a4:77:
                    ac:fb:04:aa:a9:87:5c:69:8f:e3:89:08:b6:82:e0:
                    a4:30:7e:7d:02:c5:fa:f6:5c:69:e5:d5:ed:8d:df:
                    cf:1b:42:c0:6d:3e:a2:6b:e7:78:36:c9:a9:c6:6f:
                    51:93:f8:e6:40:c4:e8:f2:a2:14:48:7b:48:7d:98:
                    61:8c:68:79:02:d3:d0:76:d8:54:fe:82:a4:c0:c5:
                    76:34:eb:df:64:61:ef:92:26:8b:a3:9d:f2:37:d8:
                    19:98:11:ab:2d:8f:03:05:29:ef:cd:f5:5f:7d:b4:
                    15:cb:5d:5a:1e:d7:d1:a6:15:a5:19:1e:07:25:65:
                    70:19:7c:ef:b7:ec:64:8e:fb:94:b8:bf:6b:8a:0a:
                    e7:fd:0f:81:c7:99:99:a6:a7:0b:65:94:13:07:be:
                    a9:5d:67:07:d0:f9:3a:7b:56:37:f2:0c:5d:17:48:
                    ce:f8:68:ef:bb:a9:82:c0:d7:97:1f:2b:7c:81:27:
                    6e:1c:2e:bb:56:3d:70:70:47:cc:cd:d8:0b:2d:1e:
                    84:0f:3f:62:d9:26:a0:1f:5d:1d:2b:c1:a9:ab:99:
                    71:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:B2:88:11:F2:C6:DF:25:53:BB:9C:66:23:BC:D9:BD:97:6E:74:09
            X509v3 Authority Key Identifier:
                keyid:47:EA:61:D7:CC:2C:27:8A:7C:4B:CF:BC:21:37:B3:94:A2:26:54:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R-ph18wsJ4p8S8-8ITezlKImVK0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/115c44-bc4a-4e24-bf38-8c72609f2f02/1/4bKIEfLG3yVTu5xmI7zZvZdudAk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/115c44-bc4a-4e24-bf38-8c72609f2f02/1/R-ph18wsJ4p8S8-8ITezlKImVK0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.248.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7f:e1:e5:5c:50:d0:6e:da:ab:16:f3:02:83:09:37:77:a1:47:
         7a:0b:43:ef:b5:b8:44:db:7b:ec:ba:18:46:f5:03:4a:bc:64:
         24:8b:73:0c:24:15:dc:04:fb:f3:ca:45:ab:b8:25:19:23:5b:
         56:57:17:cd:d6:4e:98:e8:d7:b5:b3:1c:77:12:a8:a1:6a:16:
         b5:1f:fc:f8:c1:49:82:84:aa:2c:4e:c4:c6:1f:38:14:db:1e:
         41:ec:6c:ef:8d:67:5e:15:a4:e0:43:79:97:ba:33:53:9e:98:
         dc:d9:83:89:0f:d6:77:75:ea:c6:32:b1:10:fc:6a:ab:47:d0:
         00:dd:80:43:79:a7:48:e7:45:25:db:94:f8:91:7f:18:93:e8:
         4f:c9:e7:49:f2:42:6f:45:a8:13:95:7d:05:57:15:2b:c6:1a:
         fe:25:21:ba:32:ce:c0:c7:be:70:bf:23:b9:9e:64:cc:d7:b4:
         f4:b9:06:b7:cb:22:39:84:8e:b8:26:de:d0:bc:d9:06:71:2f:
         ef:8a:85:3e:87:1f:e1:0c:9a:a1:bf:1b:16:e0:d3:61:10:17:
         64:b6:63:6a:b8:e0:d3:0b:74:00:cb:7d:8a:04:6f:b1:71:b3:
         7a:89:9b:81:b4:d1:fb:cd:12:1a:6c:4a:51:11:30:d5:6a:61:
         93:48:a5:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8LXh+5rQMLr6fLjvWalXKxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3ZWE2MWQ3Y2MyYzI3OGE3YzRiY2ZiYzIxMzdiMzk0YTIy
NjU0YWQwHhcNMjQwNDIzMTQzMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWIyODgxMWYyYzZkZjI1NTNiYjljNjYyM2JjZDliZDk3NmU3NDA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsSy4fNMK++0SnjvquFB/EXopClJQ
/IonyWBchnZuQfkM4pyINE+E1988pHes+wSqqYdcaY/jiQi2guCkMH59AsX69lxp
5dXtjd/PG0LAbT6ia+d4Nsmpxm9Rk/jmQMTo8qIUSHtIfZhhjGh5AtPQdthU/oKk
wMV2NOvfZGHvkiaLo53yN9gZmBGrLY8DBSnvzfVffbQVy11aHtfRphWlGR4HJWVw
GXzvt+xkjvuUuL9rigrn/Q+Bx5mZpqcLZZQTB76pXWcH0Pk6e1Y38gxdF0jO+Gjv
u6mCwNeXHyt8gSduHC67Vj1wcEfMzdgLLR6EDz9i2SagH10dK8Gpq5lxwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOGyiBHyxt8lU7ucZiO82b2XbnQJMB8GA1UdIwQY
MBaAFEfqYdfMLCeKfEvPvCE3s5SiJlStMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUi1waDE4d3NKNHA4UzgtOElUZXpsS0ltVkswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi8xMTVjNDQtYmM0YS00ZTI0LWJmMzgt
OGM3MjYwOWYyZjAyLzEvNGJLSUVmTEczeVZUdTV4bUk3elp2WmR1ZEFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi8xMTVjNDQtYmM0YS00ZTI0LWJmMzgtOGM3MjYwOWYyZjAy
LzEvUi1waDE4d3NKNHA4UzgtOElUZXpsS0ltVkswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw/jkMA0G
CSqGSIb3DQEBCwUAA4IBAQB/4eVcUNBu2qsW8wKDCTd3oUd6C0PvtbhE23vsuhhG
9QNKvGQki3MMJBXcBPvzykWruCUZI1tWVxfN1k6Y6Ne1sxx3Eqihaha1H/z4wUmC
hKosTsTGHzgU2x5B7GzvjWdeFaTgQ3mXujNTnpjc2YOJD9Z3derGMrEQ/GqrR9AA
3YBDeadI50Ul25T4kX8Yk+hPyedJ8kJvRagTlX0FVxUrxhr+JSG6Ms7Ax75wvyO5
nmTM17T0uQa3yyI5hI64Jt7QvNkGcS/vioU+hx/hDJqhvxsW4NNhEBdktmNquODT
C3QAy32KBG+xcbN6iZuBtNH7zRIabEpRETDVamGTSKUS
-----END CERTIFICATE-----