Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/f03cdc-2945-408c-8889-c69871f5d305/1/1-4QYL3zSIvubO19_zc5_sPHbtmM.roa
File:                     1-4QYL3zSIvubO19_zc5_sPHbtmM.roa (raw, json)
Hash identifier:          RSu12j4NBBmo2Fros21N8BPczXB3VUvZpIMKKBoV+WA=
Subject key identifier:   FB:84:18:2F:7C:D2:22:FB:9B:3B:5F:7F:CD:CE:7F:B0:F1:DB:B6:63
Certificate issuer:       /CN=5dedd6b0e36f4bd8f1d57e26cc1c2d18c6993c04
Certificate serial:       0194244585983EF1C36A453A6E8E56B3C2F7
Authority key identifier: 5D:ED:D6:B0:E3:6F:4B:D8:F1:D5:7E:26:CC:1C:2D:18:C6:99:3C:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xe3WsONvS9jx1X4mzBwtGMaZPAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/f03cdc-2945-408c-8889-c69871f5d305/1/1-4QYL3zSIvubO19_zc5_sPHbtmM.roa
Signing time:             Wed 01 Jan 2025 23:48:43 +0000
ROA not before:           Wed 01 Jan 2025 23:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8820
IP address blocks:        188.246.17.0/24 maxlen: 24
                          188.246.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/f03cdc-2945-408c-8889-c69871f5d305/1/Xe3WsONvS9jx1X4mzBwtGMaZPAQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/f03cdc-2945-408c-8889-c69871f5d305/1/Xe3WsONvS9jx1X4mzBwtGMaZPAQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xe3WsONvS9jx1X4mzBwtGMaZPAQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 21:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:85:98:3e:f1:c3:6a:45:3a:6e:8e:56:b3:c2:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dedd6b0e36f4bd8f1d57e26cc1c2d18c6993c04
        Validity
            Not Before: Jan  1 23:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fb84182f7cd222fb9b3b5f7fcdce7fb0f1dbb663
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:c6:cb:81:f7:79:52:c1:e2:a7:5b:22:3c:0a:
                    7c:ac:82:bf:75:ba:81:f6:42:24:43:65:26:d5:25:
                    1c:0f:bc:ec:56:7d:5c:28:e9:e5:56:9c:9e:71:0c:
                    a7:7a:a4:88:75:be:f4:c3:37:b8:74:ad:85:15:44:
                    19:96:45:ed:9f:fe:e5:a5:b0:80:a1:18:51:be:81:
                    3b:db:7c:a4:27:4e:a6:2c:d0:db:51:d7:fa:32:9a:
                    ae:86:95:e0:b8:46:b4:92:8b:3e:e7:66:76:8a:29:
                    41:01:37:84:ca:6e:1c:63:f2:a1:bb:0f:5e:c7:7f:
                    37:4e:b1:69:c9:14:6d:7f:f8:f9:50:36:06:c6:df:
                    bf:08:f5:30:a4:6a:73:f9:0d:d4:43:c5:05:a0:fd:
                    6f:ce:bc:40:55:5a:ad:a6:dd:ad:7d:b1:41:ac:56:
                    d9:bf:af:86:34:77:13:71:7e:30:45:16:53:39:ca:
                    0d:c0:91:d2:f7:b4:9a:74:e4:f2:2e:67:95:b2:2b:
                    9a:ac:e5:92:9e:7a:4d:2f:ed:8e:cd:6a:6b:79:04:
                    e1:6b:dc:4f:3b:6c:cb:ed:f3:55:03:71:97:8e:68:
                    c0:09:34:5b:45:02:42:76:5b:98:74:ac:01:42:d1:
                    33:51:39:33:a5:c4:0a:40:ba:f2:82:1c:15:0b:5e:
                    8e:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:84:18:2F:7C:D2:22:FB:9B:3B:5F:7F:CD:CE:7F:B0:F1:DB:B6:63
            X509v3 Authority Key Identifier:
                keyid:5D:ED:D6:B0:E3:6F:4B:D8:F1:D5:7E:26:CC:1C:2D:18:C6:99:3C:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xe3WsONvS9jx1X4mzBwtGMaZPAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/f03cdc-2945-408c-8889-c69871f5d305/1/1-4QYL3zSIvubO19_zc5_sPHbtmM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/f03cdc-2945-408c-8889-c69871f5d305/1/Xe3WsONvS9jx1X4mzBwtGMaZPAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.246.17.0/24
                  188.246.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:39:1c:19:25:ee:0a:71:91:ca:1a:57:56:95:68:f3:e4:a7:
         48:3d:f6:04:52:96:41:95:08:9a:c7:1b:b6:d6:39:eb:27:53:
         b1:f1:83:bc:e1:e8:d2:67:6f:58:43:49:8f:02:d0:b1:0d:a8:
         fa:83:34:ae:51:f2:a0:0e:05:2e:81:ac:2a:30:76:54:13:2a:
         72:2c:bd:ca:b5:23:59:29:fc:c9:e6:b7:38:98:69:5a:fb:73:
         6a:7b:b5:85:8d:44:f0:99:8d:0e:92:24:7e:b5:46:3c:1c:44:
         0b:75:3b:2d:c9:c1:ec:e2:00:ac:35:15:f1:41:45:20:9c:2b:
         01:12:24:6b:cc:d3:0d:58:e4:d8:0b:05:2a:ff:36:d5:29:77:
         c9:99:47:e0:1e:9a:9d:33:a7:a6:c3:aa:00:f8:44:3b:a2:5e:
         73:3d:49:48:3e:b0:b7:0a:85:4d:da:fa:64:1a:78:fd:48:69:
         40:c8:0a:74:e5:64:fd:12:5e:1c:a3:26:00:9d:86:88:76:8e:
         ad:df:c7:e9:bb:c0:a9:93:19:79:c4:82:e3:9a:10:cf:31:f6:
         48:77:8e:1d:27:d1:f0:a6:3f:7b:d0:8c:6e:47:07:14:7c:9d:
         f8:74:7f:d2:bf:63:86:ad:8c:52:93:1e:cc:e4:87:d5:62:7b:
         49:b0:8b:8d
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZQkRYWYPvHDakU6bo5Ws8L3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZWRkNmIwZTM2ZjRiZDhmMWQ1N2UyNmNjMWMyZDE4YzY5
OTNjMDQwHhcNMjUwMTAxMjM0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjg0MTgyZjdjZDIyMmZiOWIzYjVmN2ZjZGNlN2ZiMGYxZGJiNjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1sbLgfd5UsHip1siPAp8rIK/dbqB
9kIkQ2Um1SUcD7zsVn1cKOnlVpyecQyneqSIdb70wze4dK2FFUQZlkXtn/7lpbCA
oRhRvoE723ykJ06mLNDbUdf6MpquhpXguEa0kos+52Z2iilBATeEym4cY/Khuw9e
x383TrFpyRRtf/j5UDYGxt+/CPUwpGpz+Q3UQ8UFoP1vzrxAVVqtpt2tfbFBrFbZ
v6+GNHcTcX4wRRZTOcoNwJHS97SadOTyLmeVsiuarOWSnnpNL+2OzWpreQTha9xP
O2zL7fNVA3GXjmjACTRbRQJCdluYdKwBQtEzUTkzpcQKQLryghwVC16OHQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPuEGC980iL7mztff83Of7Dx27ZjMB8GA1UdIwQY
MBaAFF3t1rDjb0vY8dV+JswcLRjGmTwEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGUzV3NPTnZTOWp4MVg0bXpCd3RHTWFaUEFRLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9mMDNjZGMtMjk0NS00MDhjLTg4ODkt
YzY5ODcxZjVkMzA1LzEvMS00UVlMM3pTSXZ1Yk8xOV96YzVfc1BIYnRtTS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTkvZjAzY2RjLTI5NDUtNDA4Yy04ODg5LWM2OTg3MWY1ZDMw
NS8xL1hlM1dzT052UzlqeDFYNG16Qnd0R01hWlBBUS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEALz2EQME
ALz2FzANBgkqhkiG9w0BAQsFAAOCAQEAbDkcGSXuCnGRyhpXVpVo8+SnSD32BFKW
QZUImscbttY56ydTsfGDvOHo0mdvWENJjwLQsQ2o+oM0rlHyoA4FLoGsKjB2VBMq
ciy9yrUjWSn8yea3OJhpWvtzanu1hY1E8JmNDpIkfrVGPBxEC3U7LcnB7OIArDUV
8UFFIJwrARIka8zTDVjk2AsFKv821Sl3yZlH4B6anTOnpsOqAPhEO6Jecz1JSD6w
twqFTdr6ZBp4/UhpQMgKdOVk/RJeHKMmAJ2GiHaOrd/H6bvAqZMZecSC45oQzzH2
SHeOHSfR8KY/e9CMbkcHFHyd+HR/0r9jhq2MUpMezOSH1WJ7SbCLjQ==
-----END CERTIFICATE-----