Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/6b7512-92ca-49f9-9870-cb9e7ddad189/1/4mezRfHPXPaCo28qoJyolX64C48.roa
File:                     4mezRfHPXPaCo28qoJyolX64C48.roa (raw, json)
Hash identifier:          QHUvtDK2DiCjdwwLpsM73EoVrUrKJFVkLwmkkTWUE3k=
Subject key identifier:   E2:67:B3:45:F1:CF:5C:F6:82:A3:6F:2A:A0:9C:A8:95:7E:B8:0B:8F
Certificate issuer:       /CN=00a856a4173895af44b8fd34455469a5c4d6173b
Certificate serial:       0195D84E5FC54F21179A2526DE8BAB74AC1E
Authority key identifier: 00:A8:56:A4:17:38:95:AF:44:B8:FD:34:45:54:69:A5:C4:D6:17:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AKhWpBc4la9EuP00RVRppcTWFzs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/6b7512-92ca-49f9-9870-cb9e7ddad189/1/4mezRfHPXPaCo28qoJyolX64C48.roa
Signing time:             Thu 27 Mar 2025 15:52:49 +0000
ROA not before:           Thu 27 Mar 2025 15:52:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     53589
IP address blocks:        146.88.232.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/6b7512-92ca-49f9-9870-cb9e7ddad189/1/AKhWpBc4la9EuP00RVRppcTWFzs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/6b7512-92ca-49f9-9870-cb9e7ddad189/1/AKhWpBc4la9EuP00RVRppcTWFzs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AKhWpBc4la9EuP00RVRppcTWFzs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 May 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:d8:4e:5f:c5:4f:21:17:9a:25:26:de:8b:ab:74:ac:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00a856a4173895af44b8fd34455469a5c4d6173b
        Validity
            Not Before: Mar 27 15:52:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e267b345f1cf5cf682a36f2aa09ca8957eb80b8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:93:0b:10:34:b1:de:cb:4a:ce:13:c7:66:97:
                    be:f9:71:01:e3:41:cf:a5:bc:b7:8b:5f:4b:2c:13:
                    50:6c:9f:c1:5d:b5:aa:e8:7a:0f:ed:69:07:7d:e3:
                    14:36:1c:ee:51:d6:b1:4d:a5:41:15:f4:33:f6:7d:
                    49:f9:2d:0c:fc:69:76:fa:62:eb:cd:f4:7d:3e:6a:
                    65:72:79:62:3e:ac:4c:57:db:90:43:9e:f5:a6:15:
                    2c:ef:78:d5:45:41:8d:1c:07:df:c8:4a:ee:b8:e8:
                    dd:7a:e3:77:17:79:f3:fd:a1:db:47:31:e2:91:61:
                    58:b1:92:26:61:ac:5a:e2:c6:67:ee:fd:65:60:73:
                    13:e4:b4:00:5a:0b:43:47:80:25:6f:b8:7c:0e:a3:
                    5a:60:d6:96:a5:e9:0e:fa:ad:0e:ed:7f:5d:e1:09:
                    26:83:5d:b4:77:2d:89:ed:30:d9:c7:1b:c4:83:9d:
                    e2:fc:20:a1:a7:66:7a:d5:9f:a7:68:7c:9d:5a:be:
                    36:4f:7b:a3:d2:ac:82:4d:f0:7e:da:02:c3:71:92:
                    82:5f:41:e6:7a:99:10:e5:fe:5a:1f:86:59:65:13:
                    ff:ee:b6:f2:1d:0b:75:ef:4c:36:b4:72:0b:03:05:
                    ee:c7:f6:44:4d:33:d5:65:69:3a:de:d9:1c:7b:4c:
                    31:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:67:B3:45:F1:CF:5C:F6:82:A3:6F:2A:A0:9C:A8:95:7E:B8:0B:8F
            X509v3 Authority Key Identifier:
                keyid:00:A8:56:A4:17:38:95:AF:44:B8:FD:34:45:54:69:A5:C4:D6:17:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AKhWpBc4la9EuP00RVRppcTWFzs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/6b7512-92ca-49f9-9870-cb9e7ddad189/1/4mezRfHPXPaCo28qoJyolX64C48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/6b7512-92ca-49f9-9870-cb9e7ddad189/1/AKhWpBc4la9EuP00RVRppcTWFzs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.88.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         38:c0:52:e6:e2:9e:19:e3:5a:0e:1f:be:5e:c5:6b:c4:b8:99:
         0d:47:1d:e3:a1:f1:63:3a:c3:bc:70:92:ac:52:c0:52:fb:bf:
         d0:b1:94:a5:b1:45:6e:8f:ce:c2:b7:fc:d1:ba:27:b1:8b:03:
         7d:ec:de:8f:28:fd:29:4f:7e:c0:2b:db:4f:23:c5:20:f0:44:
         61:62:13:ad:f8:5c:b1:b4:b7:f5:dd:12:56:0a:df:10:67:fd:
         26:fa:dc:6e:3f:b2:ab:9b:7b:14:2b:2b:78:6e:73:2d:e4:ac:
         5f:f9:a5:ce:31:7a:df:57:fe:ed:ed:7c:c6:0b:9f:d9:6b:92:
         df:3c:91:f5:35:4c:c6:2d:9c:4b:e6:29:55:4d:33:a9:1a:d5:
         4c:2b:e5:91:5d:25:df:c3:8f:0b:fd:38:85:22:30:a7:6e:0b:
         04:2e:11:3a:5f:7a:59:02:22:f6:ae:c0:36:c6:69:5b:76:44:
         c0:29:ac:46:b6:80:5b:56:64:af:5f:fa:6e:66:c4:1a:02:ab:
         06:4d:2f:8f:91:1d:de:84:ec:9e:c7:08:ec:38:36:8a:9c:ab:
         36:d0:fc:71:f3:13:18:0d:20:91:cd:0e:f7:3f:da:a4:2e:cf:
         60:58:90:e1:c7:82:3f:45:4b:cc:86:52:e7:8d:b5:48:ca:f2:
         75:38:63:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXYTl/FTyEXmiUm3ourdKweMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwYTg1NmE0MTczODk1YWY0NGI4ZmQzNDQ1NTQ2OWE1YzRk
NjE3M2IwHhcNMjUwMzI3MTU1MjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjY3YjM0NWYxY2Y1Y2Y2ODJhMzZmMmFhMDljYTg5NTdlYjgwYjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpMLEDSx3stKzhPHZpe++XEB40HP
pby3i19LLBNQbJ/BXbWq6HoP7WkHfeMUNhzuUdaxTaVBFfQz9n1J+S0M/Gl2+mLr
zfR9PmplcnliPqxMV9uQQ571phUs73jVRUGNHAffyEruuOjdeuN3F3nz/aHbRzHi
kWFYsZImYaxa4sZn7v1lYHMT5LQAWgtDR4Alb7h8DqNaYNaWpekO+q0O7X9d4Qkm
g120dy2J7TDZxxvEg53i/CChp2Z61Z+naHydWr42T3uj0qyCTfB+2gLDcZKCX0Hm
epkQ5f5aH4ZZZRP/7rbyHQt170w2tHILAwXux/ZETTPVZWk63tkce0wxCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOJns0Xxz1z2gqNvKqCcqJV+uAuPMB8GA1UdIwQY
MBaAFACoVqQXOJWvRLj9NEVUaaXE1hc7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUtoV3BCYzRsYTlFdVAwMFJWUnBwY1RXRnpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC82Yjc1MTItOTJjYS00OWY5LTk4NzAt
Y2I5ZTdkZGFkMTg5LzEvNG1lelJmSFBYUGFDbzI4cW9KeW9sWDY0QzQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC82Yjc1MTItOTJjYS00OWY5LTk4NzAtY2I5ZTdkZGFkMTg5
LzEvQUtoV3BCYzRsYTlFdVAwMFJWUnBwY1RXRnpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDkljoMA0G
CSqGSIb3DQEBCwUAA4IBAQA4wFLm4p4Z41oOH75exWvEuJkNRx3jofFjOsO8cJKs
UsBS+7/QsZSlsUVuj87Ct/zRuiexiwN97N6PKP0pT37AK9tPI8Ug8ERhYhOt+Fyx
tLf13RJWCt8QZ/0m+txuP7Krm3sUKyt4bnMt5Kxf+aXOMXrfV/7t7XzGC5/Za5Lf
PJH1NUzGLZxL5ilVTTOpGtVMK+WRXSXfw48L/TiFIjCnbgsELhE6X3pZAiL2rsA2
xmlbdkTAKaxGtoBbVmSvX/puZsQaAqsGTS+PkR3ehOyexwjsODaKnKs20Pxx8xMY
DSCRzQ73P9qkLs9gWJDhx4I/RUvMhlLnjbVIyvJ1OGMK
-----END CERTIFICATE-----