Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/47b413-6416-402a-b5e1-6596d5036362/1/F4j0SvgLwOArGutleMjOUsweLH0.roa
File:                     F4j0SvgLwOArGutleMjOUsweLH0.roa (raw, json)
Hash identifier:          rtZZS/ojxAM0GrxEZyr9Anac9IUDzruPbDxrnYwBPLQ=
Subject key identifier:   17:88:F4:4A:F8:0B:C0:E0:2B:1A:EB:65:78:C8:CE:52:CC:1E:2C:7D
Certificate issuer:       /CN=2d4873e6e8be4f9d3764184f13e5750f8c61f68b
Certificate serial:       0196A037C024B6969E51188CDC3F8964844D
Authority key identifier: 2D:48:73:E6:E8:BE:4F:9D:37:64:18:4F:13:E5:75:0F:8C:61:F6:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LUhz5ui-T503ZBhPE-V1D4xh9os.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/47b413-6416-402a-b5e1-6596d5036362/1/F4j0SvgLwOArGutleMjOUsweLH0.roa
Signing time:             Mon 05 May 2025 11:32:10 +0000
ROA not before:           Mon 05 May 2025 11:32:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8758
IP address blocks:        91.132.180.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/47b413-6416-402a-b5e1-6596d5036362/1/LUhz5ui-T503ZBhPE-V1D4xh9os.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/47b413-6416-402a-b5e1-6596d5036362/1/LUhz5ui-T503ZBhPE-V1D4xh9os.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LUhz5ui-T503ZBhPE-V1D4xh9os.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 05:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a0:37:c0:24:b6:96:9e:51:18:8c:dc:3f:89:64:84:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d4873e6e8be4f9d3764184f13e5750f8c61f68b
        Validity
            Not Before: May  5 11:32:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1788f44af80bc0e02b1aeb6578c8ce52cc1e2c7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:5f:73:24:3a:ae:38:a8:ad:03:d8:93:e2:06:
                    c2:ce:4a:6a:10:7e:8f:d4:7f:06:06:6a:2d:0b:f1:
                    e7:bc:49:e6:60:cb:fc:a3:c3:03:2e:0c:98:01:c7:
                    84:84:9a:c5:e4:b8:e3:3f:78:19:ab:f4:71:67:0d:
                    e2:75:3d:35:1c:b5:e6:1d:de:cf:cd:88:08:4f:3e:
                    88:63:d3:ca:8f:c8:10:11:d3:08:be:4f:a2:50:b9:
                    7c:81:f4:9b:8f:b9:77:55:27:5e:2c:17:62:ec:c5:
                    d6:92:d1:d5:01:89:35:62:0b:a5:e7:5c:ea:de:25:
                    3f:57:57:50:ce:51:88:ef:42:1e:7b:c4:9d:a3:f0:
                    eb:9b:5f:9e:9a:37:f7:49:1e:95:83:50:84:3b:ff:
                    65:1e:b4:30:76:60:e5:03:79:ee:0a:c9:65:18:d3:
                    cc:7b:95:98:e6:2c:5a:e9:43:79:da:f9:1d:65:1b:
                    0d:a1:13:c4:87:f2:1c:da:98:42:d0:da:e1:d0:78:
                    ab:df:fb:88:3d:a8:3f:27:0e:e8:40:40:f3:2e:36:
                    6d:a0:f0:12:c3:12:3e:71:20:73:7f:91:71:58:d7:
                    ce:e5:b3:3d:c2:97:4e:77:f7:87:37:6f:05:fe:99:
                    4f:d2:99:7f:cc:5a:69:d5:ec:24:bc:8c:34:77:09:
                    37:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:88:F4:4A:F8:0B:C0:E0:2B:1A:EB:65:78:C8:CE:52:CC:1E:2C:7D
            X509v3 Authority Key Identifier:
                keyid:2D:48:73:E6:E8:BE:4F:9D:37:64:18:4F:13:E5:75:0F:8C:61:F6:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LUhz5ui-T503ZBhPE-V1D4xh9os.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/47b413-6416-402a-b5e1-6596d5036362/1/F4j0SvgLwOArGutleMjOUsweLH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/47b413-6416-402a-b5e1-6596d5036362/1/LUhz5ui-T503ZBhPE-V1D4xh9os.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.132.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         45:3d:51:ee:36:e8:24:0f:3f:0f:bc:a5:05:8a:79:f8:6e:dd:
         49:85:12:cc:d9:b2:bd:c3:24:2c:1f:8b:ca:fd:e1:68:18:40:
         43:9e:71:fe:81:37:e1:be:a0:37:f2:58:f6:98:72:97:61:8e:
         8d:95:86:d0:a6:e8:49:46:f4:8d:7b:b6:54:4f:5f:07:65:85:
         af:b1:ee:b8:eb:3f:eb:6d:4f:f6:1a:4b:67:30:00:d4:b8:46:
         8b:b9:aa:6e:2f:56:92:69:eb:86:f7:36:63:6f:56:10:e3:08:
         29:71:4c:19:7f:0f:91:69:85:4c:e3:de:0a:8f:a6:32:45:14:
         ea:d4:8c:d5:24:d1:f0:b1:14:81:aa:51:ab:da:70:e9:22:56:
         65:82:2f:34:30:84:4f:41:ee:83:6b:7e:bb:a1:91:d2:02:2a:
         47:c6:85:d9:07:77:e8:c3:5a:8e:4b:8b:44:bb:0f:80:d1:b0:
         72:28:fc:c7:c0:c2:e0:3b:c2:6f:d9:a3:27:3c:f1:c9:b0:d2:
         3a:86:dd:86:ef:a2:aa:6b:f5:bd:cd:dc:94:53:60:72:f2:3a:
         a1:c5:50:4c:55:38:a9:84:7b:df:ff:d3:89:98:be:c6:1c:39:
         b0:f2:27:b7:31:8a:9d:6c:93:62:fc:14:a8:b0:e3:b8:67:d4:
         27:97:91:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZagN8AktpaeURiM3D+JZIRNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkNDg3M2U2ZThiZTRmOWQzNzY0MTg0ZjEzZTU3NTBmOGM2
MWY2OGIwHhcNMjUwNTA1MTEzMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzg4ZjQ0YWY4MGJjMGUwMmIxYWViNjU3OGM4Y2U1MmNjMWUyYzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp19zJDquOKitA9iT4gbCzkpqEH6P
1H8GBmotC/HnvEnmYMv8o8MDLgyYAceEhJrF5LjjP3gZq/RxZw3idT01HLXmHd7P
zYgITz6IY9PKj8gQEdMIvk+iULl8gfSbj7l3VSdeLBdi7MXWktHVAYk1Ygul51zq
3iU/V1dQzlGI70Iee8Sdo/Drm1+emjf3SR6Vg1CEO/9lHrQwdmDlA3nuCsllGNPM
e5WY5ixa6UN52vkdZRsNoRPEh/Ic2phC0Nrh0Hir3/uIPag/Jw7oQEDzLjZtoPAS
wxI+cSBzf5FxWNfO5bM9wpdOd/eHN28F/plP0pl/zFpp1ewkvIw0dwk3hwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBeI9Er4C8DgKxrrZXjIzlLMHix9MB8GA1UdIwQY
MBaAFC1Ic+bovk+dN2QYTxPldQ+MYfaLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFVoejV1aS1UNTAzWkJoUEUtVjFENHhoOW9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC80N2I0MTMtNjQxNi00MDJhLWI1ZTEt
NjU5NmQ1MDM2MzYyLzEvRjRqMFN2Z0x3T0FyR3V0bGVNak9Vc3dlTEgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC80N2I0MTMtNjQxNi00MDJhLWI1ZTEtNjU5NmQ1MDM2MzYy
LzEvTFVoejV1aS1UNTAzWkJoUEUtVjFENHhoOW9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW4S0MA0G
CSqGSIb3DQEBCwUAA4IBAQBFPVHuNugkDz8PvKUFinn4bt1JhRLM2bK9wyQsH4vK
/eFoGEBDnnH+gTfhvqA38lj2mHKXYY6NlYbQpuhJRvSNe7ZUT18HZYWvse646z/r
bU/2GktnMADUuEaLuapuL1aSaeuG9zZjb1YQ4wgpcUwZfw+RaYVM494Kj6YyRRTq
1IzVJNHwsRSBqlGr2nDpIlZlgi80MIRPQe6Da367oZHSAipHxoXZB3fow1qOS4tE
uw+A0bByKPzHwMLgO8Jv2aMnPPHJsNI6ht2G76Kqa/W9zdyUU2By8jqhxVBMVTip
hHvf/9OJmL7GHDmw8ie3MYqdbJNi/BSosOO4Z9Qnl5ER
-----END CERTIFICATE-----