Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/b81d08-66c9-4be9-a221-aff871b5b5f7/1/4AdcEbUIm1jUWryNWT7uHkF02DQ.roa
File:                     4AdcEbUIm1jUWryNWT7uHkF02DQ.roa (raw, json)
Hash identifier:          bt94BJFtgx7Fdp+bGHLWFpvt7srCfzCYyNxSCtRgTYU=
Subject key identifier:   E0:07:5C:11:B5:08:9B:58:D4:5A:BC:8D:59:3E:EE:1E:41:74:D8:34
Certificate issuer:       /CN=61edfe7a4fc64de529d162df2fed0780c6e5e1a8
Certificate serial:       018CC8DED77DE18DD35FD6D974E91040C2ED
Authority key identifier: 61:ED:FE:7A:4F:C6:4D:E5:29:D1:62:DF:2F:ED:07:80:C6:E5:E1:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ye3-ek_GTeUp0WLfL-0HgMbl4ag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/b81d08-66c9-4be9-a221-aff871b5b5f7/1/4AdcEbUIm1jUWryNWT7uHkF02DQ.roa
Signing time:             Tue 02 Jan 2024 06:31:36 +0000
ROA not before:           Tue 02 Jan 2024 06:31:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6730
IP address blocks:        193.134.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/b81d08-66c9-4be9-a221-aff871b5b5f7/1/Ye3-ek_GTeUp0WLfL-0HgMbl4ag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/b81d08-66c9-4be9-a221-aff871b5b5f7/1/Ye3-ek_GTeUp0WLfL-0HgMbl4ag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ye3-ek_GTeUp0WLfL-0HgMbl4ag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:d7:7d:e1:8d:d3:5f:d6:d9:74:e9:10:40:c2:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61edfe7a4fc64de529d162df2fed0780c6e5e1a8
        Validity
            Not Before: Jan  2 06:31:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0075c11b5089b58d45abc8d593eee1e4174d834
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:9c:fc:9b:0c:13:5e:13:58:4e:8d:10:ff:7d:
                    51:92:d0:6e:97:b4:0b:ba:05:14:83:5c:c6:57:bb:
                    36:f7:8a:d5:4c:84:f6:4c:5d:81:84:e7:a4:3d:07:
                    61:5e:d5:92:5c:41:b6:94:72:29:2b:35:12:c6:2e:
                    5c:d4:a1:7f:f0:a6:39:08:d7:cc:1c:b5:b0:0f:89:
                    ab:4b:b0:2b:4f:bc:b9:ce:9e:44:88:00:d5:19:00:
                    86:be:d2:f9:61:15:0d:53:60:6f:b3:13:03:ea:b6:
                    af:1d:f5:0e:f2:ed:a7:97:36:4f:7a:1c:37:3a:6f:
                    15:e2:bc:18:1a:95:22:a4:45:76:2c:0e:0d:26:b8:
                    31:f8:74:89:9a:10:e4:71:88:a3:18:9e:38:9c:cf:
                    db:7d:49:5f:80:9c:7a:3b:9a:9f:a8:d9:50:44:0e:
                    40:fc:53:ae:13:5c:93:4d:45:00:b9:e2:e4:e4:79:
                    6d:f9:dc:03:ed:f0:b3:92:55:21:84:08:32:c1:21:
                    fe:18:8d:d1:38:a9:b8:0c:94:6a:59:8c:e1:c9:e4:
                    ef:72:3c:30:0b:36:f0:6d:2e:80:90:44:2c:aa:1c:
                    e5:a9:64:30:db:d2:17:75:4a:5a:58:94:2b:06:48:
                    85:0a:5b:98:20:70:ef:ac:f0:ee:99:cb:a8:74:a2:
                    3b:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:07:5C:11:B5:08:9B:58:D4:5A:BC:8D:59:3E:EE:1E:41:74:D8:34
            X509v3 Authority Key Identifier:
                keyid:61:ED:FE:7A:4F:C6:4D:E5:29:D1:62:DF:2F:ED:07:80:C6:E5:E1:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ye3-ek_GTeUp0WLfL-0HgMbl4ag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/b81d08-66c9-4be9-a221-aff871b5b5f7/1/4AdcEbUIm1jUWryNWT7uHkF02DQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/b81d08-66c9-4be9-a221-aff871b5b5f7/1/Ye3-ek_GTeUp0WLfL-0HgMbl4ag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.134.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:b0:e2:16:ef:b5:a7:e3:7d:ae:15:cf:87:9b:2a:f0:68:f0:
         f0:be:ed:6c:0d:65:53:60:9a:3b:27:7a:71:bd:51:ae:72:74:
         52:74:aa:30:0b:09:bf:ee:e4:81:cd:26:29:c0:4a:21:f8:80:
         31:8c:7c:86:a3:aa:22:bf:f1:64:a2:ce:fd:c7:61:90:57:ad:
         62:fe:d6:60:1c:d9:ab:88:66:72:6b:5a:44:94:fa:54:e6:15:
         fa:e0:26:25:1b:74:00:f8:d0:79:d8:1e:05:f7:6e:ee:2c:fe:
         40:f0:15:53:e3:62:b8:a1:a4:64:a9:a6:be:48:0e:93:2c:d0:
         91:d6:2f:0d:fe:d1:35:8b:a3:9b:e0:2a:d7:bf:16:e4:b0:3c:
         dd:49:5f:36:4e:67:70:25:91:fa:f6:1c:d6:d1:8d:7b:18:f8:
         54:cd:39:92:87:20:ff:63:a9:54:36:1c:95:57:ba:80:b2:9a:
         e6:ef:45:c9:5a:9b:28:a5:b8:48:39:66:ab:8d:e4:d8:66:2c:
         f1:43:a9:0f:9c:9d:1e:b0:50:a7:79:d1:62:99:aa:de:b3:c1:
         f9:01:a1:ee:ab:ff:a7:5d:39:78:c0:cf:40:55:d0:7a:68:be:
         83:d5:29:90:f0:46:18:5d:4c:54:d4:2d:ae:2c:63:d2:2a:e9:
         11:68:5a:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3td94Y3TX9bZdOkQQMLtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxZWRmZTdhNGZjNjRkZTUyOWQxNjJkZjJmZWQwNzgwYzZl
NWUxYTgwHhcNMjQwMTAyMDYzMTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDA3NWMxMWI1MDg5YjU4ZDQ1YWJjOGQ1OTNlZWUxZTQxNzRkODM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjpz8mwwTXhNYTo0Q/31RktBul7QL
ugUUg1zGV7s294rVTIT2TF2BhOekPQdhXtWSXEG2lHIpKzUSxi5c1KF/8KY5CNfM
HLWwD4mrS7ArT7y5zp5EiADVGQCGvtL5YRUNU2BvsxMD6ravHfUO8u2nlzZPehw3
Om8V4rwYGpUipEV2LA4NJrgx+HSJmhDkcYijGJ44nM/bfUlfgJx6O5qfqNlQRA5A
/FOuE1yTTUUAueLk5Hlt+dwD7fCzklUhhAgywSH+GI3ROKm4DJRqWYzhyeTvcjww
CzbwbS6AkEQsqhzlqWQw29IXdUpaWJQrBkiFCluYIHDvrPDumcuodKI7uQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOAHXBG1CJtY1Fq8jVk+7h5BdNg0MB8GA1UdIwQY
MBaAFGHt/npPxk3lKdFi3y/tB4DG5eGoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWUzLWVrX0dUZVVwMFdMZkwtMEhnTWJsNGFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy9iODFkMDgtNjZjOS00YmU5LWEyMjEt
YWZmODcxYjViNWY3LzEvNEFkY0ViVUltMWpVV3J5TldUN3VIa0YwMkRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy9iODFkMDgtNjZjOS00YmU5LWEyMjEtYWZmODcxYjViNWY3
LzEvWWUzLWVrX0dUZVVwMFdMZkwtMEhnTWJsNGFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwYb8MA0G
CSqGSIb3DQEBCwUAA4IBAQC4sOIW77Wn432uFc+HmyrwaPDwvu1sDWVTYJo7J3px
vVGucnRSdKowCwm/7uSBzSYpwEoh+IAxjHyGo6oiv/Fkos79x2GQV61i/tZgHNmr
iGZya1pElPpU5hX64CYlG3QA+NB52B4F927uLP5A8BVT42K4oaRkqaa+SA6TLNCR
1i8N/tE1i6Ob4CrXvxbksDzdSV82TmdwJZH69hzW0Y17GPhUzTmShyD/Y6lUNhyV
V7qAsprm70XJWpsopbhIOWarjeTYZizxQ6kPnJ0esFCnedFimares8H5AaHuq/+n
XTl4wM9AVdB6aL6D1SmQ8EYYXUxU1C2uLGPSKukRaFod
-----END CERTIFICATE-----