Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/8fa354-4bd5-454d-b2d8-03f604324fcf/1/kE8LdGAFW614HUcjN1MoZxFokJs.roa
File:                     kE8LdGAFW614HUcjN1MoZxFokJs.roa (raw, json)
Hash identifier:          XYMGtkKoA87TX5nzm+UQ3ylduTU9EvUGKlmdAtXqyu4=
Subject key identifier:   90:4F:0B:74:60:05:5B:AD:78:1D:47:23:37:53:28:67:11:68:90:9B
Certificate issuer:       /CN=4cb6de3cd910f3bff7ff85ded452c431b1e8a520
Certificate serial:       019422FBE424A7F5E56FA8AF921106220C39
Authority key identifier: 4C:B6:DE:3C:D9:10:F3:BF:F7:FF:85:DE:D4:52:C4:31:B1:E8:A5:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TLbePNkQ87_3_4Xe1FLEMbHopSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/8fa354-4bd5-454d-b2d8-03f604324fcf/1/kE8LdGAFW614HUcjN1MoZxFokJs.roa
Signing time:             Wed 01 Jan 2025 17:48:40 +0000
ROA not before:           Wed 01 Jan 2025 17:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58111
IP address blocks:        193.47.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/8fa354-4bd5-454d-b2d8-03f604324fcf/1/TLbePNkQ87_3_4Xe1FLEMbHopSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/8fa354-4bd5-454d-b2d8-03f604324fcf/1/TLbePNkQ87_3_4Xe1FLEMbHopSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TLbePNkQ87_3_4Xe1FLEMbHopSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:e4:24:a7:f5:e5:6f:a8:af:92:11:06:22:0c:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cb6de3cd910f3bff7ff85ded452c431b1e8a520
        Validity
            Not Before: Jan  1 17:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=904f0b7460055bad781d4723375328671168909b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:b3:6d:16:4d:a5:32:93:5a:c7:ba:ff:39:b7:
                    ed:50:da:d8:01:3f:5b:93:97:d3:2f:2c:bd:99:91:
                    f3:39:0f:06:b2:0d:fb:2d:32:e8:f3:3e:72:a2:87:
                    6e:8c:97:3f:ec:7c:d5:3d:a1:da:72:ef:e6:07:fb:
                    87:3b:68:3d:9f:31:38:06:d4:99:bf:c5:cd:22:03:
                    15:66:2c:22:a7:12:1b:a4:b2:9b:26:48:a8:70:74:
                    9c:bf:96:d0:89:ee:19:30:4e:4b:2e:03:fd:b0:11:
                    bb:01:c7:c2:0e:06:8f:70:bb:86:68:6e:c1:01:28:
                    80:17:41:a3:4d:eb:7c:c7:57:91:37:70:2b:27:3b:
                    60:63:16:04:5a:95:50:0a:3a:01:b5:f7:9d:a3:f6:
                    66:72:6e:fb:e4:12:47:d3:b3:17:57:ae:7c:e0:ba:
                    56:61:db:f6:e7:5d:32:d7:33:a7:64:af:88:05:0a:
                    48:97:3b:4f:7e:e2:66:eb:0c:89:e8:59:e7:ec:fb:
                    31:88:e4:45:fa:a2:43:de:e6:7b:5d:cd:58:71:4a:
                    24:a9:91:10:3a:5b:4e:7c:f3:7b:71:6e:11:14:55:
                    e2:bb:88:ed:86:64:55:18:f9:0c:19:17:2d:8f:76:
                    b5:9d:a4:c7:80:c1:d4:ad:e6:0f:05:98:d3:8a:e0:
                    40:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:4F:0B:74:60:05:5B:AD:78:1D:47:23:37:53:28:67:11:68:90:9B
            X509v3 Authority Key Identifier:
                keyid:4C:B6:DE:3C:D9:10:F3:BF:F7:FF:85:DE:D4:52:C4:31:B1:E8:A5:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TLbePNkQ87_3_4Xe1FLEMbHopSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/8fa354-4bd5-454d-b2d8-03f604324fcf/1/kE8LdGAFW614HUcjN1MoZxFokJs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/8fa354-4bd5-454d-b2d8-03f604324fcf/1/TLbePNkQ87_3_4Xe1FLEMbHopSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.47.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:ce:52:21:f1:64:0f:02:ac:d2:51:31:bc:3e:bc:a3:74:50:
         62:c2:38:3a:23:0c:e0:d2:db:d4:b9:7b:52:50:cc:f3:f3:28:
         c0:ae:6f:a3:12:f5:41:88:f5:d4:8f:1e:74:e4:f2:84:42:0c:
         2b:c5:72:e5:62:0e:a5:8e:1c:be:cc:cd:a9:18:d9:ab:85:e8:
         77:13:c9:b1:47:e1:ce:03:eb:b0:7d:fb:15:4c:46:b2:63:a8:
         49:b7:39:d1:af:be:39:a2:10:80:b7:27:e6:80:af:8e:0f:da:
         81:c5:9d:a2:c0:22:b6:66:b0:20:c3:b6:16:77:3f:53:42:28:
         26:51:bd:69:0c:61:da:ee:df:1f:fc:86:9f:43:61:84:a2:92:
         3e:c7:e0:b1:9b:6e:46:29:03:4b:ad:59:14:6f:6a:18:de:f8:
         94:5c:95:27:79:eb:b4:69:93:35:91:e6:a7:72:21:38:d8:f8:
         56:bf:8b:00:a4:93:81:34:fd:71:27:57:cd:9f:80:82:ff:f9:
         ad:4b:0b:bd:84:f7:06:6a:79:28:85:e7:b3:ea:40:8e:05:fa:
         71:a8:4f:48:fd:40:6c:af:23:5f:7f:d3:b3:a6:27:9c:80:ec:
         28:4d:ce:b4:53:1d:19:ab:b7:40:67:7f:bb:d1:56:7e:5b:fd:
         69:78:c0:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi++Qkp/Xlb6ivkhEGIgw5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjYjZkZTNjZDkxMGYzYmZmN2ZmODVkZWQ0NTJjNDMxYjFl
OGE1MjAwHhcNMjUwMTAxMTc0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDRmMGI3NDYwMDU1YmFkNzgxZDQ3MjMzNzUzMjg2NzExNjg5MDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrNtFk2lMpNax7r/ObftUNrYAT9b
k5fTLyy9mZHzOQ8Gsg37LTLo8z5yoodujJc/7HzVPaHacu/mB/uHO2g9nzE4BtSZ
v8XNIgMVZiwipxIbpLKbJkiocHScv5bQie4ZME5LLgP9sBG7AcfCDgaPcLuGaG7B
ASiAF0GjTet8x1eRN3ArJztgYxYEWpVQCjoBtfedo/Zmcm775BJH07MXV6584LpW
Ydv2510y1zOnZK+IBQpIlztPfuJm6wyJ6Fnn7PsxiORF+qJD3uZ7Xc1YcUokqZEQ
OltOfPN7cW4RFFXiu4jthmRVGPkMGRctj3a1naTHgMHUreYPBZjTiuBAPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJBPC3RgBVuteB1HIzdTKGcRaJCbMB8GA1UdIwQY
MBaAFEy23jzZEPO/9/+F3tRSxDGx6KUgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVExiZVBOa1E4N18zXzRYZTFGTEVNYkhvcFNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS84ZmEzNTQtNGJkNS00NTRkLWIyZDgt
MDNmNjA0MzI0ZmNmLzEva0U4TGRHQUZXNjE0SFVjak4xTW9aeEZva0pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS84ZmEzNTQtNGJkNS00NTRkLWIyZDgtMDNmNjA0MzI0ZmNm
LzEvVExiZVBOa1E4N18zXzRYZTFGTEVNYkhvcFNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwS9HMA0G
CSqGSIb3DQEBCwUAA4IBAQAUzlIh8WQPAqzSUTG8PryjdFBiwjg6Iwzg0tvUuXtS
UMzz8yjArm+jEvVBiPXUjx505PKEQgwrxXLlYg6ljhy+zM2pGNmrheh3E8mxR+HO
A+uwffsVTEayY6hJtznRr745ohCAtyfmgK+OD9qBxZ2iwCK2ZrAgw7YWdz9TQigm
Ub1pDGHa7t8f/IafQ2GEopI+x+Cxm25GKQNLrVkUb2oY3viUXJUneeu0aZM1kean
ciE42PhWv4sApJOBNP1xJ1fNn4CC//mtSwu9hPcGankoheez6kCOBfpxqE9I/UBs
ryNff9OzpiecgOwoTc60Ux0Zq7dAZ3+70VZ+W/1peMDp
-----END CERTIFICATE-----