Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/32ab16-8f6d-414d-80cf-0a86358e9c84/1/4nov_nt6GEsQWCkcquH9SVS1bMU.roa
File:                     4nov_nt6GEsQWCkcquH9SVS1bMU.roa (raw, json)
Hash identifier:          Ylgq5sDsdH7k78HDH4UBmheF5iyrFEvrHVeDharXE+U=
Subject key identifier:   E2:7A:2F:FE:7B:7A:18:4B:10:58:29:1C:AA:E1:FD:49:54:B5:6C:C5
Certificate issuer:       /CN=d796afc54fe63ed1740d5e896b3f591b1184f6dc
Certificate serial:       0194258F57523CA626D77621A906EFF8E5B1
Authority key identifier: D7:96:AF:C5:4F:E6:3E:D1:74:0D:5E:89:6B:3F:59:1B:11:84:F6:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/15avxU_mPtF0DV6Jaz9ZGxGE9tw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/32ab16-8f6d-414d-80cf-0a86358e9c84/1/4nov_nt6GEsQWCkcquH9SVS1bMU.roa
Signing time:             Thu 02 Jan 2025 05:48:58 +0000
ROA not before:           Thu 02 Jan 2025 05:48:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12509
IP address blocks:        91.194.176.0/24 maxlen: 24
                          194.153.79.0/24 maxlen: 24
                          2001:67c:368::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/32ab16-8f6d-414d-80cf-0a86358e9c84/1/15avxU_mPtF0DV6Jaz9ZGxGE9tw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/32ab16-8f6d-414d-80cf-0a86358e9c84/1/15avxU_mPtF0DV6Jaz9ZGxGE9tw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/15avxU_mPtF0DV6Jaz9ZGxGE9tw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:57:52:3c:a6:26:d7:76:21:a9:06:ef:f8:e5:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d796afc54fe63ed1740d5e896b3f591b1184f6dc
        Validity
            Not Before: Jan  2 05:48:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e27a2ffe7b7a184b1058291caae1fd4954b56cc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:4a:8f:dc:a8:a3:d4:44:10:e5:c1:75:74:37:
                    df:9a:a9:98:cb:a2:fc:c0:2e:3e:ff:13:c8:df:8b:
                    c0:3c:5b:ec:d6:e4:6f:cc:e5:fc:82:91:15:c8:f4:
                    e3:3c:db:1f:6d:a1:96:73:23:59:6e:60:d0:46:e3:
                    4c:23:7a:e2:e0:4b:7b:4b:32:5d:e1:c7:53:ed:b6:
                    7f:d1:73:4d:c3:5c:75:55:bc:23:46:ee:d4:c6:a3:
                    cc:b9:93:09:17:1f:f7:a6:bc:7d:41:4f:20:65:6e:
                    49:43:84:e9:88:57:b6:bd:08:64:fc:60:8c:34:e7:
                    95:b9:45:83:c8:90:6d:48:9e:a8:61:05:a0:d5:9a:
                    90:16:82:72:9d:3d:09:8c:35:f8:b4:82:a9:76:28:
                    b7:bf:b0:57:0e:c4:b5:0d:4b:a8:02:66:34:c7:dd:
                    f6:86:85:86:c0:7c:ce:f8:cd:4a:43:df:bc:98:90:
                    d4:91:bf:ff:35:b5:cd:95:c6:39:16:f9:53:aa:9d:
                    1c:70:28:04:56:60:e4:5a:29:78:fe:0a:2e:20:cf:
                    5d:ef:77:6d:fe:c4:90:29:cb:ef:63:cf:14:b3:0e:
                    d4:66:7e:64:eb:47:55:f3:21:91:56:74:d3:41:41:
                    53:8b:fc:84:50:c2:d2:76:f8:ba:dd:75:fd:f2:70:
                    e8:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:7A:2F:FE:7B:7A:18:4B:10:58:29:1C:AA:E1:FD:49:54:B5:6C:C5
            X509v3 Authority Key Identifier:
                keyid:D7:96:AF:C5:4F:E6:3E:D1:74:0D:5E:89:6B:3F:59:1B:11:84:F6:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/15avxU_mPtF0DV6Jaz9ZGxGE9tw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/32ab16-8f6d-414d-80cf-0a86358e9c84/1/4nov_nt6GEsQWCkcquH9SVS1bMU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/32ab16-8f6d-414d-80cf-0a86358e9c84/1/15avxU_mPtF0DV6Jaz9ZGxGE9tw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.176.0/24
                  194.153.79.0/24
                IPv6:
                  2001:67c:368::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:18:04:ff:da:6e:86:e4:a5:62:4f:94:21:ec:14:c5:ed:83:
         3c:bc:93:b9:5b:8e:2f:71:8e:28:7e:90:40:a6:8a:f5:3f:a0:
         78:ad:c8:59:44:f3:94:fe:b0:f1:ab:84:12:cd:95:27:81:c7:
         48:9f:76:ca:30:b3:b3:ae:9e:59:6e:c8:23:f2:4d:b2:5d:ca:
         27:27:0d:71:9f:0d:2b:b4:c5:c5:82:05:12:2b:42:72:ca:b5:
         f9:ad:c3:ff:e3:33:f7:ff:72:ae:2b:5d:95:b7:b0:23:b0:26:
         df:15:f7:2a:bd:65:c9:d0:8e:da:88:1f:bb:07:9b:12:a8:fe:
         bc:73:ae:73:7f:84:b2:94:d4:0d:86:73:ba:0b:f9:0c:d7:75:
         d4:30:29:bf:38:6b:21:94:c9:fc:07:d5:f8:a8:87:a5:71:1c:
         a5:1b:61:f2:d7:19:dd:85:7a:34:49:14:fc:e1:14:6b:9e:60:
         b2:a1:cc:39:08:d9:44:f6:f0:1b:c8:8e:1c:0a:56:22:72:a4:
         b3:f7:28:df:23:13:f6:f5:89:34:2b:01:15:75:cc:f4:8c:6f:
         b2:8e:0f:94:cd:c5:82:45:33:4a:97:c6:17:90:a8:dc:10:68:
         17:8c:c8:82:07:26:bc:ca:58:06:14:87:63:9d:dd:43:c8:ff:
         a1:39:31:06
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZQlj1dSPKYm13YhqQbv+OWxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3OTZhZmM1NGZlNjNlZDE3NDBkNWU4OTZiM2Y1OTFiMTE4
NGY2ZGMwHhcNMjUwMTAyMDU0ODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjdhMmZmZTdiN2ExODRiMTA1ODI5MWNhYWUxZmQ0OTU0YjU2Y2M1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3UqP3Kij1EQQ5cF1dDffmqmYy6L8
wC4+/xPI34vAPFvs1uRvzOX8gpEVyPTjPNsfbaGWcyNZbmDQRuNMI3ri4Et7SzJd
4cdT7bZ/0XNNw1x1VbwjRu7UxqPMuZMJFx/3prx9QU8gZW5JQ4TpiFe2vQhk/GCM
NOeVuUWDyJBtSJ6oYQWg1ZqQFoJynT0JjDX4tIKpdii3v7BXDsS1DUuoAmY0x932
hoWGwHzO+M1KQ9+8mJDUkb//NbXNlcY5FvlTqp0ccCgEVmDkWil4/gouIM9d73dt
/sSQKcvvY88Usw7UZn5k60dV8yGRVnTTQUFTi/yEUMLSdvi63XX98nDofQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFOJ6L/57ehhLEFgpHKrh/UlUtWzFMB8GA1UdIwQY
MBaAFNeWr8VP5j7RdA1eiWs/WRsRhPbcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTVhdnhVX21QdEYwRFY2SmF6OVpHeEdFOXR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi8zMmFiMTYtOGY2ZC00MTRkLTgwY2Yt
MGE4NjM1OGU5Yzg0LzEvNG5vdl9udDZHRXNRV0NrY3F1SDlTVlMxYk1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi8zMmFiMTYtOGY2ZC00MTRkLTgwY2YtMGE4NjM1OGU5Yzg0
LzEvMTVhdnhVX21QdEYwRFY2SmF6OVpHeEdFOXR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAW8KwAwQA
wplPMA8EAgACMAkDBwAgAQZ8A2gwDQYJKoZIhvcNAQELBQADggEBABUYBP/abobk
pWJPlCHsFMXtgzy8k7lbji9xjih+kECmivU/oHityFlE85T+sPGrhBLNlSeBx0if
dsows7OunlluyCPyTbJdyicnDXGfDSu0xcWCBRIrQnLKtfmtw//jM/f/cq4rXZW3
sCOwJt8V9yq9ZcnQjtqIH7sHmxKo/rxzrnN/hLKU1A2Gc7oL+QzXddQwKb84ayGU
yfwH1fioh6VxHKUbYfLXGd2FejRJFPzhFGueYLKhzDkI2UT28BvIjhwKViJypLP3
KN8jE/b1iTQrARV1zPSMb7KOD5TNxYJFM0qXxheQqNwQaBeMyIIHJrzKWAYUh2Od
3UPI/6E5MQY=
-----END CERTIFICATE-----