Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/c0d467-f62a-419c-be85-e38030b69d5a/1/c4wHBWSbrNsVlf_a1cQ3OL9nR-U.roa
File:                     c4wHBWSbrNsVlf_a1cQ3OL9nR-U.roa (raw, json)
Hash identifier:          b+RfZmuxixUWKJA86U4yLBBzKqnW3kWf0oaDSsDCSts=
Subject key identifier:   73:8C:07:05:64:9B:AC:DB:15:95:FF:DA:D5:C4:37:38:BF:67:47:E5
Certificate issuer:       /CN=3bd9a177bb5dfb6eabe4cad79def8f8b005df656
Certificate serial:       019422FC265D713A447523ACF2421E9DA163
Authority key identifier: 3B:D9:A1:77:BB:5D:FB:6E:AB:E4:CA:D7:9D:EF:8F:8B:00:5D:F6:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O9mhd7td-26r5MrXne-PiwBd9lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/c0d467-f62a-419c-be85-e38030b69d5a/1/c4wHBWSbrNsVlf_a1cQ3OL9nR-U.roa
Signing time:             Wed 01 Jan 2025 17:48:57 +0000
ROA not before:           Wed 01 Jan 2025 17:48:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43260
IP address blocks:        213.190.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/c0d467-f62a-419c-be85-e38030b69d5a/1/O9mhd7td-26r5MrXne-PiwBd9lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/c0d467-f62a-419c-be85-e38030b69d5a/1/O9mhd7td-26r5MrXne-PiwBd9lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O9mhd7td-26r5MrXne-PiwBd9lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 05:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:26:5d:71:3a:44:75:23:ac:f2:42:1e:9d:a1:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3bd9a177bb5dfb6eabe4cad79def8f8b005df656
        Validity
            Not Before: Jan  1 17:48:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=738c0705649bacdb1595ffdad5c43738bf6747e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:8f:0d:b4:dd:0f:46:a2:eb:64:b4:47:e7:5e:
                    cb:94:19:30:09:e9:5a:aa:b2:11:9a:15:84:70:a1:
                    66:6e:df:42:64:56:6c:f7:27:1f:86:97:be:db:bc:
                    50:bc:6e:ea:6a:9f:9e:dd:92:be:54:d5:80:13:c6:
                    22:4e:25:5e:ec:70:63:59:f2:83:87:ed:0e:cf:c7:
                    18:4e:1d:99:3a:05:64:2e:a2:bc:6a:ad:d7:fb:56:
                    2d:f3:55:68:31:68:90:b3:65:85:99:cd:4c:49:7e:
                    7b:2f:b8:8f:39:54:46:9f:be:75:ad:52:74:54:40:
                    21:06:c2:dd:3e:9a:db:82:c1:02:12:04:05:c2:1a:
                    ad:9f:09:9d:ce:33:34:2d:9f:53:d4:35:15:56:e8:
                    94:a3:16:44:06:66:26:08:e1:b0:4e:eb:95:07:60:
                    28:51:44:c3:9d:b2:62:a1:8e:cd:89:b3:b3:9b:f2:
                    ad:b1:88:e9:c0:ce:ca:21:e3:33:a7:37:d6:ca:da:
                    5c:4e:0d:55:28:fd:a8:7e:30:ce:73:17:1c:9e:3f:
                    18:35:29:72:da:4b:1d:c8:c0:9e:24:8e:1f:e5:16:
                    d0:73:ee:7b:5d:fe:12:fd:58:1e:6c:da:97:7d:0c:
                    63:eb:3d:7a:80:f0:44:4e:f2:35:ab:30:0a:0f:9a:
                    c1:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:8C:07:05:64:9B:AC:DB:15:95:FF:DA:D5:C4:37:38:BF:67:47:E5
            X509v3 Authority Key Identifier:
                keyid:3B:D9:A1:77:BB:5D:FB:6E:AB:E4:CA:D7:9D:EF:8F:8B:00:5D:F6:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O9mhd7td-26r5MrXne-PiwBd9lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/c0d467-f62a-419c-be85-e38030b69d5a/1/c4wHBWSbrNsVlf_a1cQ3OL9nR-U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/c0d467-f62a-419c-be85-e38030b69d5a/1/O9mhd7td-26r5MrXne-PiwBd9lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.190.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:c1:c1:53:73:af:ac:c1:7a:22:c3:40:50:3c:8f:fb:96:1f:
         87:1c:1a:70:bc:ce:c1:4d:70:b6:62:29:e3:4f:0e:40:d5:43:
         8a:5d:26:3c:f6:79:0f:a6:89:c2:61:34:8a:c5:a4:ed:f4:3e:
         a9:b5:fc:ed:e2:35:6e:e2:91:d6:f8:0a:72:62:b7:ac:91:4b:
         1f:71:27:d2:e9:7e:fc:c0:d7:c4:57:ee:58:93:e8:68:3e:a9:
         12:0c:8c:06:70:28:c8:4f:1c:68:49:6b:4f:0a:1e:c9:33:4c:
         8c:29:d6:ef:20:62:a4:88:da:0c:d3:d1:10:6f:01:4a:d3:48:
         34:14:2b:db:4e:14:4b:c0:5a:22:75:c9:57:78:83:3d:ef:e3:
         56:b6:0c:35:90:d3:82:be:7d:de:09:74:52:4a:e3:82:b4:75:
         43:fe:43:41:5e:21:c1:26:46:7f:26:7b:e8:62:bf:d5:f4:41:
         6c:0d:78:01:f4:1f:1d:ea:bb:f5:05:03:69:8d:aa:39:13:f2:
         00:0c:82:80:bc:a3:0a:a8:66:f5:5b:4d:66:63:17:58:db:91:
         3c:97:7f:93:8a:a8:45:81:b9:63:23:28:0f:c0:53:27:fd:b6:
         67:c8:f0:c6:f9:a5:96:83:a0:86:ec:fe:a1:b8:87:0b:20:0a:
         5b:10:5a:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/CZdcTpEdSOs8kIenaFjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiZDlhMTc3YmI1ZGZiNmVhYmU0Y2FkNzlkZWY4ZjhiMDA1
ZGY2NTYwHhcNMjUwMTAxMTc0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzhjMDcwNTY0OWJhY2RiMTU5NWZmZGFkNWM0MzczOGJmNjc0N2U1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA048NtN0PRqLrZLRH517LlBkwCela
qrIRmhWEcKFmbt9CZFZs9ycfhpe+27xQvG7qap+e3ZK+VNWAE8YiTiVe7HBjWfKD
h+0Oz8cYTh2ZOgVkLqK8aq3X+1Yt81VoMWiQs2WFmc1MSX57L7iPOVRGn751rVJ0
VEAhBsLdPprbgsECEgQFwhqtnwmdzjM0LZ9T1DUVVuiUoxZEBmYmCOGwTuuVB2Ao
UUTDnbJioY7NibOzm/KtsYjpwM7KIeMzpzfWytpcTg1VKP2ofjDOcxccnj8YNSly
2ksdyMCeJI4f5RbQc+57Xf4S/VgebNqXfQxj6z16gPBETvI1qzAKD5rBKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHOMBwVkm6zbFZX/2tXENzi/Z0flMB8GA1UdIwQY
MBaAFDvZoXe7Xftuq+TK153vj4sAXfZWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzltaGQ3dGQtMjZyNU1yWG5lLVBpd0JkOWxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi9jMGQ0NjctZjYyYS00MTljLWJlODUt
ZTM4MDMwYjY5ZDVhLzEvYzR3SEJXU2JyTnNWbGZfYTFjUTNPTDluUi1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi9jMGQ0NjctZjYyYS00MTljLWJlODUtZTM4MDMwYjY5ZDVh
LzEvTzltaGQ3dGQtMjZyNU1yWG5lLVBpd0JkOWxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1b4OMA0G
CSqGSIb3DQEBCwUAA4IBAQAVwcFTc6+swXoiw0BQPI/7lh+HHBpwvM7BTXC2Yinj
Tw5A1UOKXSY89nkPponCYTSKxaTt9D6ptfzt4jVu4pHW+ApyYreskUsfcSfS6X78
wNfEV+5Yk+hoPqkSDIwGcCjITxxoSWtPCh7JM0yMKdbvIGKkiNoM09EQbwFK00g0
FCvbThRLwFoidclXeIM97+NWtgw1kNOCvn3eCXRSSuOCtHVD/kNBXiHBJkZ/Jnvo
Yr/V9EFsDXgB9B8d6rv1BQNpjao5E/IADIKAvKMKqGb1W01mYxdY25E8l3+TiqhF
gbljIygPwFMn/bZnyPDG+aWWg6CG7P6huIcLIApbEFrq
-----END CERTIFICATE-----