Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/3e8dcc-a764-44be-b507-9b3dd417c308/1/4GMh7fIw13Bz3DUcceuO2FBtK6M.roa
File:                     4GMh7fIw13Bz3DUcceuO2FBtK6M.roa (raw, json)
Hash identifier:          E9IDQ7QjcqjZJIn5bDeaHNVCqS2wv2WqYXLU0FEPSXU=
Subject key identifier:   E0:63:21:ED:F2:30:D7:70:73:DC:35:1C:71:EB:8E:D8:50:6D:2B:A3
Certificate issuer:       /CN=a056b42383ad862ce6a374ad2ca6d36c254dc7b1
Certificate serial:       0194266BBA8A00C0A239EEFFE36380BBC86F
Authority key identifier: A0:56:B4:23:83:AD:86:2C:E6:A3:74:AD:2C:A6:D3:6C:25:4D:C7:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oFa0I4Othizmo3StLKbTbCVNx7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/3e8dcc-a764-44be-b507-9b3dd417c308/1/4GMh7fIw13Bz3DUcceuO2FBtK6M.roa
Signing time:             Thu 02 Jan 2025 09:49:41 +0000
ROA not before:           Thu 02 Jan 2025 09:49:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209181
IP address blocks:        176.119.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/3e8dcc-a764-44be-b507-9b3dd417c308/1/oFa0I4Othizmo3StLKbTbCVNx7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/3e8dcc-a764-44be-b507-9b3dd417c308/1/oFa0I4Othizmo3StLKbTbCVNx7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oFa0I4Othizmo3StLKbTbCVNx7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:ba:8a:00:c0:a2:39:ee:ff:e3:63:80:bb:c8:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a056b42383ad862ce6a374ad2ca6d36c254dc7b1
        Validity
            Not Before: Jan  2 09:49:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e06321edf230d77073dc351c71eb8ed8506d2ba3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:b0:4b:92:23:56:52:45:3f:e9:4e:b8:c9:3c:
                    cc:c6:84:53:87:5f:52:c8:d7:35:99:6f:3d:93:87:
                    54:22:ac:f3:05:03:17:0f:69:37:a5:5d:a9:d5:4b:
                    f4:e6:da:0e:60:3a:4f:45:6e:d2:df:f9:61:19:b0:
                    ca:d2:be:07:c7:b1:ab:23:15:eb:a7:5a:87:4d:d9:
                    67:81:2c:26:72:44:55:1f:94:15:6c:ce:87:52:89:
                    e0:d5:1a:20:39:23:1a:9d:80:51:35:c9:98:41:a9:
                    45:bd:fd:ea:da:be:fc:a2:7d:8f:f2:fb:79:c7:d6:
                    2e:0b:83:ce:4a:e0:b4:26:10:6c:a4:5e:2e:85:20:
                    fd:1d:f0:e2:71:c8:1e:17:e9:a8:b0:ff:55:fd:5a:
                    46:0c:cb:0b:04:92:8f:ad:10:3e:86:db:a8:5c:74:
                    57:01:21:c2:4f:c5:dc:4a:61:c4:d6:79:4b:ad:43:
                    8e:db:f2:ac:60:bb:a2:0c:95:b4:08:f2:6b:ad:cd:
                    2e:83:7f:65:d5:1a:0b:64:c1:f3:d6:8d:c7:dc:01:
                    82:10:09:70:8d:e9:86:ad:0a:6c:f5:59:17:43:88:
                    ee:f7:b7:6f:b0:f1:a2:3a:57:e1:96:90:1c:37:1a:
                    67:85:3d:4c:6a:25:ff:9f:b9:0a:dc:70:9c:b7:7d:
                    af:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:63:21:ED:F2:30:D7:70:73:DC:35:1C:71:EB:8E:D8:50:6D:2B:A3
            X509v3 Authority Key Identifier:
                keyid:A0:56:B4:23:83:AD:86:2C:E6:A3:74:AD:2C:A6:D3:6C:25:4D:C7:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oFa0I4Othizmo3StLKbTbCVNx7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/3e8dcc-a764-44be-b507-9b3dd417c308/1/4GMh7fIw13Bz3DUcceuO2FBtK6M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/3e8dcc-a764-44be-b507-9b3dd417c308/1/oFa0I4Othizmo3StLKbTbCVNx7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.119.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:75:56:26:b7:66:b9:5c:6f:1c:82:b0:88:c6:74:4f:79:86:
         98:d2:88:54:81:cb:5c:a6:7d:07:1c:49:ff:4b:e2:94:f9:2d:
         ac:b2:52:22:b6:9d:4b:b6:48:1c:b9:c6:30:8b:6b:8d:e8:04:
         5c:87:9c:10:06:dc:1f:51:e7:49:95:bb:13:3e:a3:49:9a:70:
         2f:84:ba:d4:0c:f6:c9:38:20:bd:25:29:e8:67:8c:6f:5c:b7:
         c5:54:6a:1d:30:3b:8b:30:b9:da:2c:7f:07:42:48:6b:3d:7a:
         8d:ba:cc:ff:b9:71:c6:46:17:06:b3:6a:8c:3c:fd:87:5f:96:
         5d:b2:28:cd:e9:5b:b5:1b:cb:2d:30:e6:4a:f9:50:e0:88:e1:
         20:f5:0d:1c:3b:ad:77:e8:10:81:01:55:6b:8a:f9:d3:1e:8c:
         04:4f:3c:10:cc:90:1a:da:0f:dc:1c:90:ea:04:4d:1a:fa:45:
         14:36:a2:5d:9b:7f:4b:95:09:f9:12:47:50:f0:d7:a0:0d:4b:
         4e:99:b3:f0:76:24:8b:25:bc:ec:0f:ac:07:bd:af:56:69:c2:
         f7:24:c8:85:92:38:e1:16:e2:87:7a:ea:33:64:2e:c5:f9:f1:
         13:57:9f:6a:93:b1:23:97:c6:c6:9a:09:96:82:d8:cd:66:0d:
         b1:46:1f:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma7qKAMCiOe7/42OAu8hvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwNTZiNDIzODNhZDg2MmNlNmEzNzRhZDJjYTZkMzZjMjU0
ZGM3YjEwHhcNMjUwMTAyMDk0OTQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDYzMjFlZGYyMzBkNzcwNzNkYzM1MWM3MWViOGVkODUwNmQyYmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw7BLkiNWUkU/6U64yTzMxoRTh19S
yNc1mW89k4dUIqzzBQMXD2k3pV2p1Uv05toOYDpPRW7S3/lhGbDK0r4Hx7GrIxXr
p1qHTdlngSwmckRVH5QVbM6HUong1RogOSManYBRNcmYQalFvf3q2r78on2P8vt5
x9YuC4POSuC0JhBspF4uhSD9HfDiccgeF+mosP9V/VpGDMsLBJKPrRA+htuoXHRX
ASHCT8XcSmHE1nlLrUOO2/KsYLuiDJW0CPJrrc0ug39l1RoLZMHz1o3H3AGCEAlw
jemGrQps9VkXQ4ju97dvsPGiOlfhlpAcNxpnhT1MaiX/n7kK3HCct32vowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOBjIe3yMNdwc9w1HHHrjthQbSujMB8GA1UdIwQY
MBaAFKBWtCODrYYs5qN0rSym02wlTcexMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0ZhMEk0T3RoaXptbzNTdExLYlRiQ1ZOeDdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC8zZThkY2MtYTc2NC00NGJlLWI1MDct
OWIzZGQ0MTdjMzA4LzEvNEdNaDdmSXcxM0J6M0RVY2NldU8yRkJ0SzZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC8zZThkY2MtYTc2NC00NGJlLWI1MDctOWIzZGQ0MTdjMzA4
LzEvb0ZhMEk0T3RoaXptbzNTdExLYlRiQ1ZOeDdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHfeMA0G
CSqGSIb3DQEBCwUAA4IBAQB2dVYmt2a5XG8cgrCIxnRPeYaY0ohUgctcpn0HHEn/
S+KU+S2sslIitp1LtkgcucYwi2uN6ARch5wQBtwfUedJlbsTPqNJmnAvhLrUDPbJ
OCC9JSnoZ4xvXLfFVGodMDuLMLnaLH8HQkhrPXqNusz/uXHGRhcGs2qMPP2HX5Zd
sijN6Vu1G8stMOZK+VDgiOEg9Q0cO6136BCBAVVrivnTHowETzwQzJAa2g/cHJDq
BE0a+kUUNqJdm39LlQn5EkdQ8NegDUtOmbPwdiSLJbzsD6wHva9WacL3JMiFkjjh
FuKHeuozZC7F+fETV59qk7Ejl8bGmgmWgtjNZg2xRh8D
-----END CERTIFICATE-----