Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/aa1797-4373-4a2f-a074-c73cbe70abb9/1/bN7oUkyOjKWf5IXm9vdRB_yLWtk.roa
File:                     bN7oUkyOjKWf5IXm9vdRB_yLWtk.roa (raw, json)
Hash identifier:          LjibpLjy3Mo93VJC0PxkHu1xI/PC2FCi9UXUSDbAUo0=
Subject key identifier:   6C:DE:E8:52:4C:8E:8C:A5:9F:E4:85:E6:F6:F7:51:07:FC:8B:5A:D9
Certificate issuer:       /CN=4aab65873cb2782f13c378f5543c691443d16f79
Certificate serial:       0191E5ADFF93210370BE31546AE958D84B42
Authority key identifier: 4A:AB:65:87:3C:B2:78:2F:13:C3:78:F5:54:3C:69:14:43:D1:6F:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SqtlhzyyeC8Tw3j1VDxpFEPRb3k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/aa1797-4373-4a2f-a074-c73cbe70abb9/1/bN7oUkyOjKWf5IXm9vdRB_yLWtk.roa
Signing time:             Thu 12 Sep 2024 10:01:10 +0000
ROA not before:           Thu 12 Sep 2024 10:01:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29119
IP address blocks:        185.201.4.0/24 maxlen: 24
                          185.201.5.0/24 maxlen: 24
                          185.201.6.0/24 maxlen: 24
                          185.201.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/aa1797-4373-4a2f-a074-c73cbe70abb9/1/SqtlhzyyeC8Tw3j1VDxpFEPRb3k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/aa1797-4373-4a2f-a074-c73cbe70abb9/1/SqtlhzyyeC8Tw3j1VDxpFEPRb3k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SqtlhzyyeC8Tw3j1VDxpFEPRb3k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e5:ad:ff:93:21:03:70:be:31:54:6a:e9:58:d8:4b:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4aab65873cb2782f13c378f5543c691443d16f79
        Validity
            Not Before: Sep 12 10:01:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6cdee8524c8e8ca59fe485e6f6f75107fc8b5ad9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:7d:fe:06:52:61:21:cb:f3:3b:63:6d:c8:c2:
                    b0:06:c7:30:5f:88:c5:2d:80:94:27:7f:6e:6f:7b:
                    93:ff:fc:a0:a6:58:c2:4c:d4:1c:5f:f4:53:ea:17:
                    ac:82:93:cd:f4:f4:5d:74:5c:9f:1e:68:d9:a9:f8:
                    9b:42:5c:ad:6a:00:7e:fd:88:04:f2:c6:f2:dc:79:
                    d4:f6:9a:41:7f:cc:71:b8:59:ff:76:df:7f:7c:91:
                    f9:17:6d:0e:41:c2:1d:74:da:bb:75:da:14:50:a2:
                    cf:12:5a:28:58:50:4a:20:a0:d2:78:38:2d:6f:a6:
                    87:f9:55:ee:fe:6a:59:16:38:3a:ee:8b:11:f9:aa:
                    04:21:45:1e:dc:f8:70:87:50:96:b2:5e:a5:fb:51:
                    61:65:60:92:ab:cd:50:89:a9:5e:96:3f:ce:c5:84:
                    02:2e:bc:0e:df:20:57:7e:72:01:dd:d1:bd:89:96:
                    3a:74:27:b0:0e:ea:3f:eb:66:22:9f:5e:cd:c9:f8:
                    66:0e:09:33:38:4f:98:de:77:e1:15:e4:e2:2a:ae:
                    f8:01:3b:de:dc:57:3c:bf:aa:46:fc:71:2f:46:49:
                    76:a8:18:be:db:82:18:65:7f:65:10:a4:3f:73:0a:
                    6f:03:76:1a:78:76:d0:08:f3:92:4c:25:a9:93:aa:
                    1a:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:DE:E8:52:4C:8E:8C:A5:9F:E4:85:E6:F6:F7:51:07:FC:8B:5A:D9
            X509v3 Authority Key Identifier:
                keyid:4A:AB:65:87:3C:B2:78:2F:13:C3:78:F5:54:3C:69:14:43:D1:6F:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SqtlhzyyeC8Tw3j1VDxpFEPRb3k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/aa1797-4373-4a2f-a074-c73cbe70abb9/1/bN7oUkyOjKWf5IXm9vdRB_yLWtk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/aa1797-4373-4a2f-a074-c73cbe70abb9/1/SqtlhzyyeC8Tw3j1VDxpFEPRb3k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.201.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         91:bc:e3:c1:63:75:bf:85:79:00:65:48:90:f2:c0:83:02:02:
         2e:f2:33:b2:4c:bc:b3:36:6c:ac:5f:92:d9:f0:cf:e2:65:2a:
         98:aa:92:5f:44:5d:bc:c2:19:33:0e:80:92:5e:15:d9:2b:72:
         42:14:c4:c1:ec:c2:a0:b0:a0:1a:78:d9:21:e2:62:af:9c:23:
         02:f2:29:c3:16:88:7d:c0:e5:f9:c4:78:fa:54:f4:1c:bb:db:
         c5:ae:28:ac:bb:2e:60:43:7c:9d:a1:3f:ad:1c:e6:65:93:2b:
         d2:93:aa:fa:bd:db:86:51:6b:a0:02:bb:f0:ca:69:b7:10:40:
         ec:6d:b1:71:5a:4b:9f:c2:80:68:cb:81:94:40:21:ff:18:c2:
         64:d7:35:9b:ec:84:e2:3f:40:a8:7b:57:52:f6:7a:c8:97:94:
         8a:dd:d3:c6:a2:5a:fa:aa:34:a8:fd:98:ad:a5:c7:87:27:b9:
         47:94:08:30:02:6f:0a:a2:d2:52:02:60:70:e8:49:ae:80:0d:
         4d:db:23:98:e1:8c:d6:77:71:de:2e:d1:4f:c2:df:a4:5c:45:
         5e:b9:83:1b:60:5c:50:5c:6b:70:29:8e:c7:06:65:d6:cd:86:
         80:20:6f:dc:f9:50:36:73:37:1d:93:4c:ce:66:5a:00:b5:23:
         29:51:60:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHlrf+TIQNwvjFUaulY2EtCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhYWI2NTg3M2NiMjc4MmYxM2MzNzhmNTU0M2M2OTE0NDNk
MTZmNzkwHhcNMjQwOTEyMTAwMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2RlZTg1MjRjOGU4Y2E1OWZlNDg1ZTZmNmY3NTEwN2ZjOGI1YWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl33+BlJhIcvzO2NtyMKwBscwX4jF
LYCUJ39ub3uT//ygpljCTNQcX/RT6hesgpPN9PRddFyfHmjZqfibQlytagB+/YgE
8sby3HnU9ppBf8xxuFn/dt9/fJH5F20OQcIddNq7ddoUUKLPElooWFBKIKDSeDgt
b6aH+VXu/mpZFjg67osR+aoEIUUe3Phwh1CWsl6l+1FhZWCSq81Qialelj/OxYQC
LrwO3yBXfnIB3dG9iZY6dCewDuo/62Yin17NyfhmDgkzOE+Y3nfhFeTiKq74ATve
3Fc8v6pG/HEvRkl2qBi+24IYZX9lEKQ/cwpvA3YaeHbQCPOSTCWpk6oanwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGze6FJMjoyln+SF5vb3UQf8i1rZMB8GA1UdIwQY
MBaAFEqrZYc8sngvE8N49VQ8aRRD0W95MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3F0bGh6eXllQzhUdzNqMVZEeHBGRVBSYjNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi9hYTE3OTctNDM3My00YTJmLWEwNzQt
YzczY2JlNzBhYmI5LzEvYk43b1VreU9qS1dmNUlYbTl2ZFJCX3lMV3RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi9hYTE3OTctNDM3My00YTJmLWEwNzQtYzczY2JlNzBhYmI5
LzEvU3F0bGh6eXllQzhUdzNqMVZEeHBGRVBSYjNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuckEMA0G
CSqGSIb3DQEBCwUAA4IBAQCRvOPBY3W/hXkAZUiQ8sCDAgIu8jOyTLyzNmysX5LZ
8M/iZSqYqpJfRF28whkzDoCSXhXZK3JCFMTB7MKgsKAaeNkh4mKvnCMC8inDFoh9
wOX5xHj6VPQcu9vFriisuy5gQ3ydoT+tHOZlkyvSk6r6vduGUWugArvwymm3EEDs
bbFxWkufwoBoy4GUQCH/GMJk1zWb7ITiP0Coe1dS9nrIl5SK3dPGolr6qjSo/Zit
pceHJ7lHlAgwAm8KotJSAmBw6EmugA1N2yOY4YzWd3HeLtFPwt+kXEVeuYMbYFxQ
XGtwKY7HBmXWzYaAIG/c+VA2czcdk0zOZloAtSMpUWAG
-----END CERTIFICATE-----