Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/bb46f5-9ff2-4058-9050-fbdcb1a41467/1/c4bLrKnAkTRBkWnGAk0rUMNmNi0.roa
File:                     c4bLrKnAkTRBkWnGAk0rUMNmNi0.roa (raw, json)
Hash identifier:          MeURMVUFI1PNljAcbfvTNPtm4Rnq7dMhBu12jSOQpgc=
Subject key identifier:   73:86:CB:AC:A9:C0:91:34:41:91:69:C6:02:4D:2B:50:C3:66:36:2D
Certificate issuer:       /CN=4b796f0b3051b5bc814b2e89cb470a3826b2bf00
Certificate serial:       019649A3BFCE9E86D62AB97F980EB1A502A6
Authority key identifier: 4B:79:6F:0B:30:51:B5:BC:81:4B:2E:89:CB:47:0A:38:26:B2:BF:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S3lvCzBRtbyBSy6Jy0cKOCayvwA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/bb46f5-9ff2-4058-9050-fbdcb1a41467/1/c4bLrKnAkTRBkWnGAk0rUMNmNi0.roa
Signing time:             Fri 18 Apr 2025 16:03:10 +0000
ROA not before:           Fri 18 Apr 2025 16:03:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        185.42.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/bb46f5-9ff2-4058-9050-fbdcb1a41467/1/S3lvCzBRtbyBSy6Jy0cKOCayvwA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/bb46f5-9ff2-4058-9050-fbdcb1a41467/1/S3lvCzBRtbyBSy6Jy0cKOCayvwA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S3lvCzBRtbyBSy6Jy0cKOCayvwA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:49:a3:bf:ce:9e:86:d6:2a:b9:7f:98:0e:b1:a5:02:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b796f0b3051b5bc814b2e89cb470a3826b2bf00
        Validity
            Not Before: Apr 18 16:03:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7386cbaca9c09134419169c6024d2b50c366362d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:0f:97:6f:8f:57:0b:3d:cc:e2:fa:e3:1a:f8:
                    fa:bd:c9:49:27:b6:a4:e7:04:21:a2:b3:53:86:0e:
                    a0:cd:2c:dc:fa:58:e2:02:17:0c:ec:87:4b:16:65:
                    89:0d:0b:cc:ae:ab:61:85:9a:44:b0:fb:d3:1d:f7:
                    43:67:7f:48:dd:3e:7c:f6:94:3c:e3:32:22:e7:01:
                    04:86:ae:dd:73:1d:ed:02:b9:00:09:ef:ca:e9:33:
                    19:2e:fa:6f:42:43:7a:5c:8c:f7:cc:c9:ef:70:f6:
                    ea:29:3e:22:75:8a:40:18:bb:dd:73:ef:04:39:da:
                    07:69:bf:c3:3c:96:a8:7b:54:ba:16:05:16:1c:f6:
                    82:0e:57:28:68:58:e8:66:e2:2a:79:7b:28:5a:55:
                    10:ea:dd:54:54:b2:c7:97:b7:96:d5:51:52:e2:49:
                    7c:a6:ed:ab:6d:6d:3a:4e:0e:28:79:79:e9:22:ad:
                    40:03:1a:fd:65:81:77:6b:b2:c4:24:98:f7:f9:7b:
                    25:a0:48:29:4b:15:34:90:00:e2:1f:78:d8:ed:92:
                    7d:f4:9c:93:ba:5c:18:d2:7c:24:ad:d2:b1:9d:89:
                    34:49:16:73:b9:fa:c1:90:70:e6:2f:1b:d2:5c:36:
                    7d:69:47:7b:68:e2:2c:33:fa:da:31:b2:89:fd:ae:
                    43:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:86:CB:AC:A9:C0:91:34:41:91:69:C6:02:4D:2B:50:C3:66:36:2D
            X509v3 Authority Key Identifier:
                keyid:4B:79:6F:0B:30:51:B5:BC:81:4B:2E:89:CB:47:0A:38:26:B2:BF:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S3lvCzBRtbyBSy6Jy0cKOCayvwA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/bb46f5-9ff2-4058-9050-fbdcb1a41467/1/c4bLrKnAkTRBkWnGAk0rUMNmNi0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/bb46f5-9ff2-4058-9050-fbdcb1a41467/1/S3lvCzBRtbyBSy6Jy0cKOCayvwA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.42.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:34:c6:f2:55:53:15:db:12:5d:08:d4:c0:c3:18:21:7f:bf:
         a1:ee:88:d0:fc:6c:2e:55:c5:4d:dc:69:76:aa:06:65:3c:08:
         73:0b:42:9d:31:18:09:0b:23:d5:81:d3:8d:d7:14:3a:d4:86:
         76:71:3e:b3:47:ea:20:8d:ff:7c:88:3b:ac:f8:37:53:f2:61:
         f2:31:d6:b9:9a:a3:79:d6:35:a9:dd:0f:ad:f3:52:60:7f:82:
         cc:16:85:eb:eb:4e:3b:32:3c:02:ec:eb:b3:7b:64:01:1b:4e:
         84:dc:c3:12:1f:9d:5d:93:6c:fe:ee:6d:2b:1d:d4:d7:ec:14:
         32:47:09:54:3b:97:2a:06:68:6a:2d:2d:e5:79:aa:52:1f:d3:
         b4:60:2f:55:d1:9f:39:a2:8e:bd:ef:3d:82:83:40:b7:ca:93:
         70:bb:44:12:8c:e2:f0:62:02:62:27:ab:75:f4:d7:34:9f:02:
         2e:09:02:ca:1e:07:ef:dd:ee:9a:4e:3d:3a:9f:eb:97:53:e1:
         5c:30:eb:f9:b9:5d:98:95:74:5b:a0:29:cc:70:17:57:10:cb:
         07:2c:62:bb:ab:33:e4:9c:dc:01:28:47:ea:38:44:37:2f:60:
         e5:47:8f:c8:e0:48:1e:96:a5:eb:d4:c3:27:ac:87:01:df:f3:
         ae:bb:7b:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZJo7/OnobWKrl/mA6xpQKmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNzk2ZjBiMzA1MWI1YmM4MTRiMmU4OWNiNDcwYTM4MjZi
MmJmMDAwHhcNMjUwNDE4MTYwMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Mzg2Y2JhY2E5YzA5MTM0NDE5MTY5YzYwMjRkMmI1MGMzNjYzNjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAng+Xb49XCz3M4vrjGvj6vclJJ7ak
5wQhorNThg6gzSzc+ljiAhcM7IdLFmWJDQvMrqthhZpEsPvTHfdDZ39I3T589pQ8
4zIi5wEEhq7dcx3tArkACe/K6TMZLvpvQkN6XIz3zMnvcPbqKT4idYpAGLvdc+8E
OdoHab/DPJaoe1S6FgUWHPaCDlcoaFjoZuIqeXsoWlUQ6t1UVLLHl7eW1VFS4kl8
pu2rbW06Tg4oeXnpIq1AAxr9ZYF3a7LEJJj3+XsloEgpSxU0kADiH3jY7ZJ99JyT
ulwY0nwkrdKxnYk0SRZzufrBkHDmLxvSXDZ9aUd7aOIsM/raMbKJ/a5DNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHOGy6ypwJE0QZFpxgJNK1DDZjYtMB8GA1UdIwQY
MBaAFEt5bwswUbW8gUsuictHCjgmsr8AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzNsdkN6QlJ0YnlCU3k2SnkwY0tPQ2F5dndBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9iYjQ2ZjUtOWZmMi00MDU4LTkwNTAt
ZmJkY2IxYTQxNDY3LzEvYzRiTHJLbkFrVFJCa1duR0FrMHJVTU5tTmkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9iYjQ2ZjUtOWZmMi00MDU4LTkwNTAtZmJkY2IxYTQxNDY3
LzEvUzNsdkN6QlJ0YnlCU3k2SnkwY0tPQ2F5dndBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSpHMA0G
CSqGSIb3DQEBCwUAA4IBAQA9NMbyVVMV2xJdCNTAwxghf7+h7ojQ/GwuVcVN3Gl2
qgZlPAhzC0KdMRgJCyPVgdON1xQ61IZ2cT6zR+ogjf98iDus+DdT8mHyMda5mqN5
1jWp3Q+t81Jgf4LMFoXr6047MjwC7Ouze2QBG06E3MMSH51dk2z+7m0rHdTX7BQy
RwlUO5cqBmhqLS3leapSH9O0YC9V0Z85oo697z2Cg0C3ypNwu0QSjOLwYgJiJ6t1
9Nc0nwIuCQLKHgfv3e6aTj06n+uXU+FcMOv5uV2YlXRboCnMcBdXEMsHLGK7qzPk
nNwBKEfqOEQ3L2DlR4/I4EgelqXr1MMnrIcB3/Ouu3vO
-----END CERTIFICATE-----