Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/8651c5-bd77-460d-83bf-5933a09f72d1/1/4qvZpbHlQrEVGaculmgT9y6fbp0.roa
File:                     4qvZpbHlQrEVGaculmgT9y6fbp0.roa (raw, json)
Hash identifier:          tCJqK90XfNlOzC+CJIY2YiVu1YRsdGe0qc+sYvxZZ4k=
Subject key identifier:   E2:AB:D9:A5:B1:E5:42:B1:15:19:A7:2E:96:68:13:F7:2E:9F:6E:9D
Certificate issuer:       /CN=22877298dae5d5a3beabca16e92d1a141e948627
Certificate serial:       01966B8AF35AAD76F09852504692F750EE41
Authority key identifier: 22:87:72:98:DA:E5:D5:A3:BE:AB:CA:16:E9:2D:1A:14:1E:94:86:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IodymNrl1aO-q8oW6S0aFB6Uhic.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/8651c5-bd77-460d-83bf-5933a09f72d1/1/4qvZpbHlQrEVGaculmgT9y6fbp0.roa
Signing time:             Fri 25 Apr 2025 06:03:10 +0000
ROA not before:           Fri 25 Apr 2025 06:03:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     136468
IP address blocks:        163.114.204.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/8651c5-bd77-460d-83bf-5933a09f72d1/1/IodymNrl1aO-q8oW6S0aFB6Uhic.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/8651c5-bd77-460d-83bf-5933a09f72d1/1/IodymNrl1aO-q8oW6S0aFB6Uhic.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IodymNrl1aO-q8oW6S0aFB6Uhic.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 May 2025 09:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:6b:8a:f3:5a:ad:76:f0:98:52:50:46:92:f7:50:ee:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22877298dae5d5a3beabca16e92d1a141e948627
        Validity
            Not Before: Apr 25 06:03:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e2abd9a5b1e542b11519a72e966813f72e9f6e9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:6b:64:12:93:f1:7a:8d:5c:1c:43:b5:8c:15:
                    38:58:f8:1a:a4:be:09:b1:4d:49:f1:aa:59:12:d2:
                    49:65:8b:62:9f:63:48:08:c4:99:f9:93:fc:4d:cb:
                    f7:f8:cc:7c:3f:be:9c:0d:eb:cd:ad:46:0f:f6:e9:
                    76:18:7b:66:ce:34:c1:c0:76:31:ba:ad:63:e5:10:
                    bd:4b:e5:93:bc:81:de:53:14:32:15:81:5a:7f:0b:
                    ca:fb:b9:ed:f8:0e:83:bb:6d:a4:68:68:70:d6:5e:
                    4a:f0:b7:ef:ea:65:83:2c:5f:73:9b:0f:11:8d:25:
                    fe:3a:30:7a:56:e0:48:db:68:6e:40:b8:76:d0:b3:
                    64:a7:14:c4:f6:a2:cc:33:f0:2a:35:d5:eb:7d:be:
                    3b:a0:8e:90:fe:3a:ba:48:69:5d:72:95:e7:1b:95:
                    53:0e:bb:5f:c0:62:36:02:a7:39:4c:b7:3f:73:c2:
                    5d:49:17:86:b4:41:38:9c:f5:1d:ec:fd:3c:05:cb:
                    e3:9a:d2:2f:6d:7f:8c:ac:0f:ae:51:cb:92:99:a9:
                    a2:d3:96:fd:7e:ac:0c:3a:65:ea:be:22:4a:d0:02:
                    de:07:36:03:ca:d8:b4:74:5c:ac:8e:9c:e6:36:40:
                    44:81:f1:79:04:f0:fe:db:63:70:ff:c9:91:85:42:
                    8a:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:AB:D9:A5:B1:E5:42:B1:15:19:A7:2E:96:68:13:F7:2E:9F:6E:9D
            X509v3 Authority Key Identifier:
                keyid:22:87:72:98:DA:E5:D5:A3:BE:AB:CA:16:E9:2D:1A:14:1E:94:86:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IodymNrl1aO-q8oW6S0aFB6Uhic.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/8651c5-bd77-460d-83bf-5933a09f72d1/1/4qvZpbHlQrEVGaculmgT9y6fbp0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/8651c5-bd77-460d-83bf-5933a09f72d1/1/IodymNrl1aO-q8oW6S0aFB6Uhic.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.114.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:0c:60:31:58:49:f7:c1:e7:8c:7c:01:aa:6b:7a:c4:b2:e6:
         ae:70:36:bb:a8:09:85:16:dd:7e:9e:38:9f:5c:12:60:27:90:
         e0:8b:d9:bd:e0:51:f4:79:c4:30:5a:3e:b6:a0:61:64:d8:5d:
         ff:3e:ca:f1:c1:1d:72:f6:2e:d6:3a:70:b3:df:b8:a9:e2:db:
         5c:a9:0b:08:ad:e3:57:b2:a6:2b:62:1b:47:a9:c7:1b:b3:50:
         9e:17:5c:58:b3:7c:34:2a:48:d9:54:46:18:bf:f6:85:69:e6:
         5c:de:bf:c0:f3:1a:fb:c4:70:7e:8a:57:97:0b:53:bb:70:d3:
         c8:98:a3:ab:ea:5e:de:6c:12:cc:0f:8b:7b:45:1c:7f:96:0b:
         36:7d:68:ff:a4:53:5f:a6:d0:f9:4e:11:f0:a8:2b:a1:52:90:
         5b:03:06:94:fb:67:5f:d4:57:81:d0:cc:99:eb:c2:a2:8b:c0:
         6f:a4:3d:2b:03:17:06:44:6b:d8:b5:49:58:df:87:bd:1b:c2:
         94:7b:9d:c6:ba:d9:cf:40:97:55:2a:ad:8f:75:cc:69:86:f3:
         cd:2d:27:65:7b:b1:fd:08:3a:6e:47:0f:f4:e1:02:63:41:ab:
         17:36:d2:73:67:cb:be:7f:db:80:72:71:17:5e:5e:c8:98:91:
         a9:71:14:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZrivNarXbwmFJQRpL3UO5BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyODc3Mjk4ZGFlNWQ1YTNiZWFiY2ExNmU5MmQxYTE0MWU5
NDg2MjcwHhcNMjUwNDI1MDYwMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmFiZDlhNWIxZTU0MmIxMTUxOWE3MmU5NjY4MTNmNzJlOWY2ZTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsGtkEpPxeo1cHEO1jBU4WPgapL4J
sU1J8apZEtJJZYtin2NICMSZ+ZP8Tcv3+Mx8P76cDevNrUYP9ul2GHtmzjTBwHYx
uq1j5RC9S+WTvIHeUxQyFYFafwvK+7nt+A6Du22kaGhw1l5K8Lfv6mWDLF9zmw8R
jSX+OjB6VuBI22huQLh20LNkpxTE9qLMM/AqNdXrfb47oI6Q/jq6SGldcpXnG5VT
DrtfwGI2Aqc5TLc/c8JdSReGtEE4nPUd7P08BcvjmtIvbX+MrA+uUcuSmami05b9
fqwMOmXqviJK0ALeBzYDyti0dFysjpzmNkBEgfF5BPD+22Nw/8mRhUKKnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOKr2aWx5UKxFRmnLpZoE/cun26dMB8GA1UdIwQY
MBaAFCKHcpja5dWjvqvKFuktGhQelIYnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSW9keW1OcmwxYU8tcThvVzZTMGFGQjZVaGljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS84NjUxYzUtYmQ3Ny00NjBkLTgzYmYt
NTkzM2EwOWY3MmQxLzEvNHF2WnBiSGxRckVWR2FjdWxtZ1Q5eTZmYnAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS84NjUxYzUtYmQ3Ny00NjBkLTgzYmYtNTkzM2EwOWY3MmQx
LzEvSW9keW1OcmwxYU8tcThvVzZTMGFGQjZVaGljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAo3LMMA0G
CSqGSIb3DQEBCwUAA4IBAQAqDGAxWEn3weeMfAGqa3rEsuaucDa7qAmFFt1+njif
XBJgJ5Dgi9m94FH0ecQwWj62oGFk2F3/PsrxwR1y9i7WOnCz37ip4ttcqQsIreNX
sqYrYhtHqccbs1CeF1xYs3w0KkjZVEYYv/aFaeZc3r/A8xr7xHB+ileXC1O7cNPI
mKOr6l7ebBLMD4t7RRx/lgs2fWj/pFNfptD5ThHwqCuhUpBbAwaU+2df1FeB0MyZ
68Kii8BvpD0rAxcGRGvYtUlY34e9G8KUe53GutnPQJdVKq2PdcxphvPNLSdle7H9
CDpuRw/04QJjQasXNtJzZ8u+f9uAcnEXXl7ImJGpcRTp
-----END CERTIFICATE-----