Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/264f9a-13ea-4c50-a6a9-712d5e17a6f6/1/pe1o9e3jWHQk95p2Ei_dXirE0kc.roa
File:                     pe1o9e3jWHQk95p2Ei_dXirE0kc.roa (raw, json)
Hash identifier:          7nIBr99cFeZBlfuF7+XYt3ntEwToRh90vxok7wcdM9Q=
Subject key identifier:   A5:ED:68:F5:ED:E3:58:74:24:F7:9A:76:12:2F:DD:5E:2A:C4:D2:47
Certificate issuer:       /CN=95e88359b95a3964ae6f9a0cdaae07f579f98c35
Certificate serial:       01948456C47FE39D05DB3BCCAB5C9994BC80
Authority key identifier: 95:E8:83:59:B9:5A:39:64:AE:6F:9A:0C:DA:AE:07:F5:79:F9:8C:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/leiDWblaOWSub5oM2q4H9Xn5jDU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/264f9a-13ea-4c50-a6a9-712d5e17a6f6/1/pe1o9e3jWHQk95p2Ei_dXirE0kc.roa
Signing time:             Mon 20 Jan 2025 15:31:06 +0000
ROA not before:           Mon 20 Jan 2025 15:31:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213815
IP address blocks:        193.18.248.0/24 maxlen: 24
                          193.18.249.0/24 maxlen: 24
                          193.18.250.0/24 maxlen: 24
                          193.18.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/264f9a-13ea-4c50-a6a9-712d5e17a6f6/1/leiDWblaOWSub5oM2q4H9Xn5jDU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/264f9a-13ea-4c50-a6a9-712d5e17a6f6/1/leiDWblaOWSub5oM2q4H9Xn5jDU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/leiDWblaOWSub5oM2q4H9Xn5jDU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:84:56:c4:7f:e3:9d:05:db:3b:cc:ab:5c:99:94:bc:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95e88359b95a3964ae6f9a0cdaae07f579f98c35
        Validity
            Not Before: Jan 20 15:31:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a5ed68f5ede3587424f79a76122fdd5e2ac4d247
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:a0:f4:b8:bc:0e:ce:81:2e:7b:37:6d:09:de:
                    1d:18:eb:51:ec:a0:33:80:1d:57:93:ab:16:b5:11:
                    9a:cf:64:a4:41:24:14:02:dd:88:73:6c:40:f8:27:
                    9e:67:4f:d9:11:1d:74:c5:66:e1:59:9a:f1:cf:53:
                    40:1b:02:cb:ab:5d:ba:b5:83:df:a6:bc:b2:ba:e9:
                    e3:65:eb:d1:69:f4:4f:26:16:c6:c1:34:b1:fa:80:
                    3e:f0:2a:13:ed:31:dc:e1:85:fc:8f:9f:ee:b9:69:
                    86:fa:73:e9:c7:3c:18:3a:01:b6:b9:64:a4:bf:45:
                    93:fd:a3:d9:5d:a9:21:74:fa:ea:3c:c8:16:03:ca:
                    96:7c:71:93:02:7d:5f:88:21:91:3d:62:27:e1:25:
                    bb:71:7e:24:f1:33:9d:07:a4:4c:3f:e4:4b:62:34:
                    71:35:8f:81:68:dd:49:ab:f4:a4:13:c3:a7:bd:e8:
                    7b:c3:4a:1f:48:d2:f3:99:54:a4:0a:b0:a3:e5:cf:
                    37:30:29:6e:6a:75:16:a2:30:af:f2:34:db:44:d4:
                    a7:7f:27:2d:9e:df:ed:8e:05:76:31:3f:23:98:3d:
                    a0:89:7e:cf:94:e4:1a:20:7c:1e:1a:57:c0:fa:51:
                    86:71:8f:5f:ca:0d:10:f8:4f:de:f4:d6:6e:fd:b5:
                    54:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:ED:68:F5:ED:E3:58:74:24:F7:9A:76:12:2F:DD:5E:2A:C4:D2:47
            X509v3 Authority Key Identifier:
                keyid:95:E8:83:59:B9:5A:39:64:AE:6F:9A:0C:DA:AE:07:F5:79:F9:8C:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/leiDWblaOWSub5oM2q4H9Xn5jDU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/264f9a-13ea-4c50-a6a9-712d5e17a6f6/1/pe1o9e3jWHQk95p2Ei_dXirE0kc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/264f9a-13ea-4c50-a6a9-712d5e17a6f6/1/leiDWblaOWSub5oM2q4H9Xn5jDU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.18.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         63:03:81:4b:b0:85:a9:a0:db:3d:70:ef:f9:78:d5:fc:01:76:
         2c:7e:55:b3:19:54:ee:ff:42:cb:58:44:1b:ba:7f:09:1f:b3:
         bd:2b:71:66:0b:1c:e7:d5:56:dd:d4:20:8e:4d:ac:02:2e:13:
         8e:1e:db:11:df:25:6f:4f:a2:96:2e:33:1b:21:c6:70:4b:a5:
         21:e0:7c:14:98:ec:c0:77:9d:98:c0:bc:3e:cc:f6:55:1d:45:
         0b:ec:5f:c9:61:13:27:e0:53:1d:c1:44:8d:46:61:88:98:49:
         14:bf:36:c4:d5:86:cc:b3:41:83:d5:fb:2b:21:62:cb:a8:6a:
         ad:75:f9:ee:72:5f:17:9e:9d:8e:05:e4:00:b7:fd:7e:d0:1d:
         0b:69:fa:7b:45:69:01:f9:64:09:63:16:0c:9d:f9:1c:15:f0:
         c5:2e:22:ff:24:bf:f0:51:97:6a:ea:e2:07:00:63:0b:eb:1c:
         1c:db:3a:41:c4:ac:73:a9:84:02:4f:a4:3c:fb:00:a4:d3:52:
         3c:ff:fe:ef:cf:7a:53:3e:d1:10:8d:92:73:d9:25:25:0b:aa:
         a7:e4:44:3a:dc:19:60:b1:3f:33:a8:84:23:c7:73:51:af:31:
         4c:34:55:d5:53:5e:3d:20:bf:f0:f0:51:86:f0:17:3e:73:c3:
         2b:df:e9:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSEVsR/450F2zvMq1yZlLyAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1ZTg4MzU5Yjk1YTM5NjRhZTZmOWEwY2RhYWUwN2Y1Nzlm
OThjMzUwHhcNMjUwMTIwMTUzMTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWVkNjhmNWVkZTM1ODc0MjRmNzlhNzYxMjJmZGQ1ZTJhYzRkMjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2qD0uLwOzoEuezdtCd4dGOtR7KAz
gB1Xk6sWtRGaz2SkQSQUAt2Ic2xA+CeeZ0/ZER10xWbhWZrxz1NAGwLLq126tYPf
pryyuunjZevRafRPJhbGwTSx+oA+8CoT7THc4YX8j5/uuWmG+nPpxzwYOgG2uWSk
v0WT/aPZXakhdPrqPMgWA8qWfHGTAn1fiCGRPWIn4SW7cX4k8TOdB6RMP+RLYjRx
NY+BaN1Jq/SkE8Onveh7w0ofSNLzmVSkCrCj5c83MCluanUWojCv8jTbRNSnfyct
nt/tjgV2MT8jmD2giX7PlOQaIHweGlfA+lGGcY9fyg0Q+E/e9NZu/bVUYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKXtaPXt41h0JPeadhIv3V4qxNJHMB8GA1UdIwQY
MBaAFJXog1m5Wjlkrm+aDNquB/V5+Yw1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGVpRFdibGFPV1N1YjVvTTJxNEg5WG41akRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8yNjRmOWEtMTNlYS00YzUwLWE2YTkt
NzEyZDVlMTdhNmY2LzEvcGUxbzllM2pXSFFrOTVwMkVpX2RYaXJFMGtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8yNjRmOWEtMTNlYS00YzUwLWE2YTktNzEyZDVlMTdhNmY2
LzEvbGVpRFdibGFPV1N1YjVvTTJxNEg5WG41akRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwRL4MA0G
CSqGSIb3DQEBCwUAA4IBAQBjA4FLsIWpoNs9cO/5eNX8AXYsflWzGVTu/0LLWEQb
un8JH7O9K3FmCxzn1Vbd1CCOTawCLhOOHtsR3yVvT6KWLjMbIcZwS6Uh4HwUmOzA
d52YwLw+zPZVHUUL7F/JYRMn4FMdwUSNRmGImEkUvzbE1YbMs0GD1fsrIWLLqGqt
dfnucl8Xnp2OBeQAt/1+0B0Lafp7RWkB+WQJYxYMnfkcFfDFLiL/JL/wUZdq6uIH
AGML6xwc2zpBxKxzqYQCT6Q8+wCk01I8//7vz3pTPtEQjZJz2SUlC6qn5EQ63Blg
sT8zqIQjx3NRrzFMNFXVU149IL/w8FGG8Bc+c8Mr3+k+
-----END CERTIFICATE-----