Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/d81aa2-8a55-40db-96dc-8fbb5128a2c9/1/ydSpSmVctt-PTc3WJS01NCnPbsw.roa
File:                     ydSpSmVctt-PTc3WJS01NCnPbsw.roa (raw, json)
Hash identifier:          UGRZxn469rFBXXtnWA2IhhVe1zHxCZT+BU6CNI4U/O0=
Subject key identifier:   C9:D4:A9:4A:65:5C:B6:DF:8F:4D:CD:D6:25:2D:35:34:29:CF:6E:CC
Certificate issuer:       /CN=ae3adb58c108b8bb13e43c15eea3c7899b64a3aa
Certificate serial:       018CC2DB19471CE67F55A7722590AFEC1089
Authority key identifier: AE:3A:DB:58:C1:08:B8:BB:13:E4:3C:15:EE:A3:C7:89:9B:64:A3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rjrbWMEIuLsT5DwV7qPHiZtko6o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/d81aa2-8a55-40db-96dc-8fbb5128a2c9/1/ydSpSmVctt-PTc3WJS01NCnPbsw.roa
Signing time:             Mon 01 Jan 2024 02:29:47 +0000
ROA not before:           Mon 01 Jan 2024 02:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21137
IP address blocks:        194.4.141.0/24 maxlen: 24
                          194.4.142.0/24 maxlen: 24
                          194.4.143.0/24 maxlen: 24
                          194.4.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/d81aa2-8a55-40db-96dc-8fbb5128a2c9/1/rjrbWMEIuLsT5DwV7qPHiZtko6o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/d81aa2-8a55-40db-96dc-8fbb5128a2c9/1/rjrbWMEIuLsT5DwV7qPHiZtko6o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rjrbWMEIuLsT5DwV7qPHiZtko6o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:19:47:1c:e6:7f:55:a7:72:25:90:af:ec:10:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae3adb58c108b8bb13e43c15eea3c7899b64a3aa
        Validity
            Not Before: Jan  1 02:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9d4a94a655cb6df8f4dcdd6252d353429cf6ecc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:4d:c7:99:7d:24:72:a9:67:4a:3d:a0:7e:9c:
                    b4:c3:ab:0f:2e:a0:c6:30:a8:68:8e:fe:21:fa:16:
                    a4:da:92:03:ea:87:24:16:d4:71:5b:8b:e4:d5:53:
                    26:e5:d5:49:06:33:a2:a1:1b:11:94:8c:fb:55:36:
                    66:b4:fb:8d:f0:f9:34:da:09:c4:9f:20:a9:b6:a7:
                    60:44:fb:7c:6a:c4:a6:d8:6f:ce:2d:23:f3:7a:e8:
                    bf:8e:a1:96:d8:3f:f3:42:31:18:58:6c:f0:28:0e:
                    59:f6:1f:e1:5d:c6:8f:a9:d3:17:a1:c1:b2:72:9a:
                    7f:6d:df:2f:62:41:4d:b0:3c:f2:fb:cd:18:f1:22:
                    e8:31:03:a5:73:4a:0d:a3:e7:4c:33:95:60:b2:d9:
                    f9:7b:2b:54:89:92:95:34:b0:9a:d8:6b:43:c7:38:
                    d6:76:8e:39:94:ed:c0:59:90:d5:1e:1e:b1:50:2e:
                    cf:f3:51:ce:60:99:38:56:27:9e:12:bc:7d:c5:e1:
                    13:46:f4:c7:4a:a8:4f:7b:6d:66:59:18:46:91:02:
                    3c:ea:c2:aa:80:d9:ff:14:95:5d:36:5e:cd:fb:bd:
                    b6:3b:38:af:ee:0b:f1:31:96:a0:40:90:eb:6e:7a:
                    8c:28:50:b8:ad:72:df:5e:b8:9c:84:08:29:3e:74:
                    9c:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:D4:A9:4A:65:5C:B6:DF:8F:4D:CD:D6:25:2D:35:34:29:CF:6E:CC
            X509v3 Authority Key Identifier:
                keyid:AE:3A:DB:58:C1:08:B8:BB:13:E4:3C:15:EE:A3:C7:89:9B:64:A3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rjrbWMEIuLsT5DwV7qPHiZtko6o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/d81aa2-8a55-40db-96dc-8fbb5128a2c9/1/ydSpSmVctt-PTc3WJS01NCnPbsw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/d81aa2-8a55-40db-96dc-8fbb5128a2c9/1/rjrbWMEIuLsT5DwV7qPHiZtko6o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.4.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         24:8c:12:6f:62:ea:72:59:01:6e:71:6b:82:e7:7a:48:f7:fc:
         fd:06:70:ac:f1:00:58:e7:91:32:67:4a:24:80:cd:43:fe:10:
         a1:b8:49:70:5e:d2:6b:2c:72:b2:49:05:2b:80:c7:20:4f:6d:
         ed:36:de:e3:f3:89:31:24:de:75:de:8f:9a:bb:52:97:d8:5b:
         3b:87:81:6d:99:cb:8d:cf:0c:fe:3e:79:6f:43:ca:34:5b:7a:
         77:a6:7f:69:d1:47:06:5e:90:ab:b1:23:33:cc:8c:27:6c:ae:
         38:67:29:c6:e5:c3:17:a0:61:70:6b:9c:2e:b4:bb:66:df:17:
         32:4d:29:25:2d:43:51:8c:21:d8:eb:c1:29:fc:bc:fe:12:92:
         9e:da:0a:6a:51:09:5c:99:4e:a3:fb:b9:83:e9:d2:75:0c:35:
         40:1d:bf:9f:57:1f:59:8e:12:e0:3d:74:53:ee:f1:f8:85:5d:
         09:35:aa:c3:8f:fc:07:f6:a5:ea:c4:13:2b:6d:24:90:ef:4c:
         76:e6:0e:fb:98:6b:a8:01:eb:af:cc:de:f1:74:cb:97:21:ee:
         9c:06:e3:93:cc:71:56:7b:89:4a:35:a3:31:d9:2f:d4:16:e4:
         eb:5a:fa:35:5b:49:7d:6b:30:4c:22:ba:fa:e3:61:01:fb:b4:
         66:d5:13:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2xlHHOZ/VadyJZCv7BCJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlM2FkYjU4YzEwOGI4YmIxM2U0M2MxNWVlYTNjNzg5OWI2
NGEzYWEwHhcNMjQwMTAxMDIyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWQ0YTk0YTY1NWNiNmRmOGY0ZGNkZDYyNTJkMzUzNDI5Y2Y2ZWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4U3HmX0kcqlnSj2gfpy0w6sPLqDG
MKhojv4h+hak2pID6ockFtRxW4vk1VMm5dVJBjOioRsRlIz7VTZmtPuN8Pk02gnE
nyCptqdgRPt8asSm2G/OLSPzeui/jqGW2D/zQjEYWGzwKA5Z9h/hXcaPqdMXocGy
cpp/bd8vYkFNsDzy+80Y8SLoMQOlc0oNo+dMM5Vgstn5eytUiZKVNLCa2GtDxzjW
do45lO3AWZDVHh6xUC7P81HOYJk4VieeErx9xeETRvTHSqhPe21mWRhGkQI86sKq
gNn/FJVdNl7N+722Oziv7gvxMZagQJDrbnqMKFC4rXLfXrichAgpPnScwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMnUqUplXLbfj03N1iUtNTQpz27MMB8GA1UdIwQY
MBaAFK4621jBCLi7E+Q8Fe6jx4mbZKOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmpyYldNRUl1THNUNUR3VjdxUEhpWnRrbzZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC9kODFhYTItOGE1NS00MGRiLTk2ZGMt
OGZiYjUxMjhhMmM5LzEveWRTcFNtVmN0dC1QVGMzV0pTMDFOQ25QYnN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC9kODFhYTItOGE1NS00MGRiLTk2ZGMtOGZiYjUxMjhhMmM5
LzEvcmpyYldNRUl1THNUNUR3VjdxUEhpWnRrbzZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwgSMMA0G
CSqGSIb3DQEBCwUAA4IBAQAkjBJvYupyWQFucWuC53pI9/z9BnCs8QBY55EyZ0ok
gM1D/hChuElwXtJrLHKySQUrgMcgT23tNt7j84kxJN513o+au1KX2Fs7h4FtmcuN
zwz+PnlvQ8o0W3p3pn9p0UcGXpCrsSMzzIwnbK44ZynG5cMXoGFwa5wutLtm3xcy
TSklLUNRjCHY68Ep/Lz+EpKe2gpqUQlcmU6j+7mD6dJ1DDVAHb+fVx9ZjhLgPXRT
7vH4hV0JNarDj/wH9qXqxBMrbSSQ70x25g77mGuoAeuvzN7xdMuXIe6cBuOTzHFW
e4lKNaMx2S/UFuTrWvo1W0l9azBMIrr642EB+7Rm1RMu
-----END CERTIFICATE-----