Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/2a55a5-3304-4108-8d92-4d8e90e0333b/1/Fl6pOlPLU-YJzCc-HkB3wwedcd0.roa
File:                     Fl6pOlPLU-YJzCc-HkB3wwedcd0.roa (raw, json)
Hash identifier:          jlDQ+VkQoTEiq8ZQ7EeJUmtKUn70x3pUuA4q7simdPM=
Subject key identifier:   16:5E:A9:3A:53:CB:53:E6:09:CC:27:3E:1E:40:77:C3:07:9D:71:DD
Certificate issuer:       /CN=89aea6988481cea4b95b65131cc49884f3ed0e3f
Certificate serial:       019421B23517DD4100ADFB3992E231929D5D
Authority key identifier: 89:AE:A6:98:84:81:CE:A4:B9:5B:65:13:1C:C4:98:84:F3:ED:0E:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ia6mmISBzqS5W2UTHMSYhPPtDj8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/2a55a5-3304-4108-8d92-4d8e90e0333b/1/Fl6pOlPLU-YJzCc-HkB3wwedcd0.roa
Signing time:             Wed 01 Jan 2025 11:48:34 +0000
ROA not before:           Wed 01 Jan 2025 11:48:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        193.16.4.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/2a55a5-3304-4108-8d92-4d8e90e0333b/1/ia6mmISBzqS5W2UTHMSYhPPtDj8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/2a55a5-3304-4108-8d92-4d8e90e0333b/1/ia6mmISBzqS5W2UTHMSYhPPtDj8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ia6mmISBzqS5W2UTHMSYhPPtDj8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:35:17:dd:41:00:ad:fb:39:92:e2:31:92:9d:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89aea6988481cea4b95b65131cc49884f3ed0e3f
        Validity
            Not Before: Jan  1 11:48:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=165ea93a53cb53e609cc273e1e4077c3079d71dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:ab:5e:13:c4:a5:f2:49:a4:c1:19:5a:d3:e1:
                    cc:09:37:e5:e9:6f:a6:d2:59:31:cc:63:6d:5e:c7:
                    ac:99:86:36:ed:49:44:81:66:84:b9:62:90:ec:da:
                    29:31:3a:5c:b3:01:65:e0:a2:5a:08:c7:78:21:78:
                    07:b6:03:72:f6:3d:90:b8:34:26:a8:0b:d4:c2:4e:
                    9b:f2:c1:d9:48:4f:78:e0:1e:10:83:63:cb:16:cd:
                    21:ff:fa:45:2c:e6:5b:cc:ed:d7:b7:aa:46:dd:11:
                    22:7f:fe:75:2d:4a:46:25:21:d1:a4:f0:4c:6e:d4:
                    b6:cc:a6:17:c4:42:8c:0d:c3:a2:6b:2d:85:58:2d:
                    30:97:f5:9e:af:eb:18:61:26:4c:65:96:5e:e6:1a:
                    8a:14:ff:13:92:86:ed:ab:cc:16:92:85:bc:99:e8:
                    23:e5:01:1b:94:a6:a6:1c:80:8d:a4:1b:41:be:83:
                    99:7e:fb:ab:7c:2d:e9:c4:cb:7a:0e:c7:3f:1f:82:
                    9e:a7:1c:27:30:15:fa:c8:ad:88:08:e8:b6:a0:c0:
                    e0:75:63:5d:87:27:5c:61:3e:15:43:c8:58:8c:08:
                    ef:03:d1:be:ae:fa:14:04:db:34:d0:fb:c0:6d:93:
                    fc:7c:e4:c2:5c:8f:de:f5:a6:b1:3f:ff:81:76:c7:
                    1b:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:5E:A9:3A:53:CB:53:E6:09:CC:27:3E:1E:40:77:C3:07:9D:71:DD
            X509v3 Authority Key Identifier:
                keyid:89:AE:A6:98:84:81:CE:A4:B9:5B:65:13:1C:C4:98:84:F3:ED:0E:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ia6mmISBzqS5W2UTHMSYhPPtDj8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/2a55a5-3304-4108-8d92-4d8e90e0333b/1/Fl6pOlPLU-YJzCc-HkB3wwedcd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/2a55a5-3304-4108-8d92-4d8e90e0333b/1/ia6mmISBzqS5W2UTHMSYhPPtDj8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.16.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0e:c4:ef:2c:3b:36:2a:51:32:69:59:bd:05:4e:3b:89:87:59:
         e5:c4:ab:f3:2b:61:8c:8a:4a:1a:36:c6:4e:11:e1:c5:d7:91:
         61:f8:f0:a4:e7:55:9b:b2:23:83:ce:47:04:e4:9c:48:e3:d1:
         df:a1:8a:8d:aa:09:96:3d:ef:33:95:84:66:c4:91:3c:65:86:
         ee:7b:8e:68:82:13:dc:fa:db:32:af:44:9b:a0:e1:f9:bf:98:
         1f:3e:91:01:d4:3c:e2:92:1f:fa:48:5f:db:28:42:6f:65:57:
         f6:7f:9e:61:37:54:0e:82:52:b0:a5:fe:dd:f0:2b:e7:d0:58:
         de:0a:0c:e5:02:1a:dd:92:4f:c3:0d:6a:7b:80:db:02:36:f8:
         41:40:ef:7c:c8:84:49:03:78:7c:fd:6b:c9:a6:d7:ad:fb:10:
         38:67:d5:28:b7:a6:b9:83:88:28:00:c7:98:fa:97:1f:fe:0f:
         4b:77:86:70:2c:14:8d:8f:05:5d:ca:26:b2:27:ec:46:ba:93:
         76:7b:6f:c0:e2:d8:fd:2d:df:e7:14:56:f4:df:60:be:13:e2:
         90:03:32:3b:51:51:54:99:34:d3:ff:2a:00:8a:a1:e1:00:7b:
         c3:8a:ef:c9:bc:bb:57:4f:cb:c2:a4:91:39:b4:b5:c0:71:a8:
         7e:b2:d7:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsjUX3UEArfs5kuIxkp1dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YWVhNjk4ODQ4MWNlYTRiOTViNjUxMzFjYzQ5ODg0ZjNl
ZDBlM2YwHhcNMjUwMTAxMTE0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjVlYTkzYTUzY2I1M2U2MDljYzI3M2UxZTQwNzdjMzA3OWQ3MWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7qteE8Sl8kmkwRla0+HMCTfl6W+m
0lkxzGNtXsesmYY27UlEgWaEuWKQ7NopMTpcswFl4KJaCMd4IXgHtgNy9j2QuDQm
qAvUwk6b8sHZSE944B4Qg2PLFs0h//pFLOZbzO3Xt6pG3REif/51LUpGJSHRpPBM
btS2zKYXxEKMDcOiay2FWC0wl/Wer+sYYSZMZZZe5hqKFP8Tkobtq8wWkoW8megj
5QEblKamHICNpBtBvoOZfvurfC3pxMt6Dsc/H4KepxwnMBX6yK2ICOi2oMDgdWNd
hydcYT4VQ8hYjAjvA9G+rvoUBNs00PvAbZP8fOTCXI/e9aaxP/+BdscbjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBZeqTpTy1PmCcwnPh5Ad8MHnXHdMB8GA1UdIwQY
MBaAFImuppiEgc6kuVtlExzEmITz7Q4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWE2bW1JU0J6cVM1VzJVVEhNU1loUFB0RGo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8yYTU1YTUtMzMwNC00MTA4LThkOTIt
NGQ4ZTkwZTAzMzNiLzEvRmw2cE9sUExVLVlKekNjLUhrQjN3d2VkY2QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8yYTU1YTUtMzMwNC00MTA4LThkOTItNGQ4ZTkwZTAzMzNi
LzEvaWE2bW1JU0J6cVM1VzJVVEhNU1loUFB0RGo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwRAEMA0G
CSqGSIb3DQEBCwUAA4IBAQAOxO8sOzYqUTJpWb0FTjuJh1nlxKvzK2GMikoaNsZO
EeHF15Fh+PCk51WbsiODzkcE5JxI49HfoYqNqgmWPe8zlYRmxJE8ZYbue45oghPc
+tsyr0SboOH5v5gfPpEB1Dzikh/6SF/bKEJvZVf2f55hN1QOglKwpf7d8Cvn0Fje
CgzlAhrdkk/DDWp7gNsCNvhBQO98yIRJA3h8/WvJptet+xA4Z9Uot6a5g4goAMeY
+pcf/g9Ld4ZwLBSNjwVdyiayJ+xGupN2e2/A4tj9Ld/nFFb032C+E+KQAzI7UVFU
mTTT/yoAiqHhAHvDiu/JvLtXT8vCpJE5tLXAcah+stcw
-----END CERTIFICATE-----