Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/4eOCFNOBECX2Vv6GWaN08OGzQEk.roa
File:                     4eOCFNOBECX2Vv6GWaN08OGzQEk.roa (raw, json)
Hash identifier:          SHh7w4LZwKE1It7Jc8tpdQbiqOFLXylf+YxEAvmby8E=
Subject key identifier:   E1:E3:82:14:D3:81:10:25:F6:56:FE:86:59:A3:74:F0:E1:B3:40:49
Certificate issuer:       /CN=4986c73994d02d91fc97d916e9809a6d981e6b17
Certificate serial:       01979BE23863970CFFE19124B25F77F67881
Authority key identifier: 49:86:C7:39:94:D0:2D:91:FC:97:D9:16:E9:80:9A:6D:98:1E:6B:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/4eOCFNOBECX2Vv6GWaN08OGzQEk.roa
Signing time:             Mon 23 Jun 2025 08:23:03 +0000
ROA not before:           Mon 23 Jun 2025 08:23:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213520
IP address blocks:        91.132.160.0/22 maxlen: 23
                          193.135.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 20:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:9b:e2:38:63:97:0c:ff:e1:91:24:b2:5f:77:f6:78:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4986c73994d02d91fc97d916e9809a6d981e6b17
        Validity
            Not Before: Jun 23 08:23:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e1e38214d3811025f656fe8659a374f0e1b34049
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:78:a4:b5:f3:e6:91:7e:8c:71:ae:1c:8d:df:
                    46:ee:b7:05:4d:02:80:26:3f:b4:7d:e1:93:55:a1:
                    d0:d0:6c:76:c6:b4:53:0e:e3:68:26:f7:60:f4:86:
                    38:57:28:1a:df:e9:18:4b:1f:56:4c:f7:64:c1:28:
                    ae:55:71:c6:98:44:29:45:78:9a:cb:eb:49:a8:22:
                    dd:59:a3:1a:eb:3e:36:51:a8:fa:b2:d9:64:72:95:
                    bc:e4:3a:21:7b:c0:2c:b4:80:9a:db:38:bf:aa:70:
                    da:19:61:7f:69:5d:04:2c:0d:8d:52:59:28:8f:b9:
                    67:19:d5:1c:5f:15:0a:20:37:ad:7e:f9:25:65:08:
                    ed:b9:76:8d:64:30:36:52:9c:7f:cc:44:0b:df:dd:
                    2e:7e:a2:6d:77:6a:ef:af:7d:19:51:85:d6:50:45:
                    12:64:39:57:65:e8:64:20:79:17:60:33:8f:08:46:
                    a8:7a:80:b9:74:ee:2e:6f:7a:41:82:a0:64:26:14:
                    15:45:7b:ef:33:d2:fc:a2:b9:04:41:70:eb:2d:c8:
                    ca:e0:62:fb:2e:16:6a:4f:ad:33:96:3f:f9:a6:35:
                    82:fa:e2:e3:ec:09:88:06:65:08:f2:63:53:55:ef:
                    d6:a6:86:cc:26:e1:bd:cc:35:26:6d:22:8d:9c:f5:
                    73:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:E3:82:14:D3:81:10:25:F6:56:FE:86:59:A3:74:F0:E1:B3:40:49
            X509v3 Authority Key Identifier:
                keyid:49:86:C7:39:94:D0:2D:91:FC:97:D9:16:E9:80:9A:6D:98:1E:6B:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/4eOCFNOBECX2Vv6GWaN08OGzQEk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.132.160.0/22
                  193.135.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:91:bb:25:0b:ae:4f:5f:99:8c:2a:63:39:40:f5:48:56:2d:
         70:d5:27:f4:62:05:7c:33:48:02:e7:fd:8c:55:b4:c3:77:b3:
         ec:50:ea:4b:45:86:21:ad:1a:cc:c2:ff:72:27:85:a9:1b:ef:
         bf:12:d2:9e:d2:16:41:ca:e2:ed:0b:77:a9:54:af:22:15:dc:
         4a:c4:a7:4b:bf:28:51:fb:cb:23:e2:7e:f5:ae:08:cf:a7:fd:
         5d:8e:1b:2c:73:71:23:34:35:25:e0:c4:ae:35:bd:78:47:4b:
         a3:26:09:26:23:53:c9:f2:69:86:5c:b8:00:5a:b8:2f:01:2c:
         4d:e8:ec:fd:ee:b1:a4:27:d0:c7:d8:1f:c7:c8:e3:d9:f7:64:
         cf:7c:c4:3f:42:16:81:ea:ac:00:c6:29:82:f3:e4:7e:36:f3:
         63:f8:f4:f0:99:36:5c:ac:ca:6f:af:e3:79:f6:87:30:db:96:
         3d:8b:cd:94:bc:59:cd:bf:02:ed:64:ba:c4:7b:28:a4:48:01:
         c9:91:74:59:71:65:07:b1:e7:fd:25:7b:6e:30:4e:53:54:c1:
         57:88:06:34:d7:ad:cd:64:7b:76:fb:94:a7:e5:1e:ad:38:47:
         5f:ff:46:ae:fd:2e:fc:84:6e:7b:c7:c3:96:88:31:24:97:97:
         e2:31:e5:19
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZeb4jhjlwz/4ZEksl939niBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ODZjNzM5OTRkMDJkOTFmYzk3ZDkxNmU5ODA5YTZkOTgx
ZTZiMTcwHhcNMjUwNjIzMDgyMzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWUzODIxNGQzODExMDI1ZjY1NmZlODY1OWEzNzRmMGUxYjM0MDQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtXiktfPmkX6Mca4cjd9G7rcFTQKA
Jj+0feGTVaHQ0Gx2xrRTDuNoJvdg9IY4Vyga3+kYSx9WTPdkwSiuVXHGmEQpRXia
y+tJqCLdWaMa6z42Uaj6stlkcpW85Dohe8AstICa2zi/qnDaGWF/aV0ELA2NUlko
j7lnGdUcXxUKIDetfvklZQjtuXaNZDA2Upx/zEQL390ufqJtd2rvr30ZUYXWUEUS
ZDlXZehkIHkXYDOPCEaoeoC5dO4ub3pBgqBkJhQVRXvvM9L8orkEQXDrLcjK4GL7
LhZqT60zlj/5pjWC+uLj7AmIBmUI8mNTVe/WpobMJuG9zDUmbSKNnPVz5QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOHjghTTgRAl9lb+hlmjdPDhs0BJMB8GA1UdIwQY
MBaAFEmGxzmU0C2R/JfZFumAmm2YHmsXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1liSE9aVFFMWkg4bDlrVzZZQ2FiWmdlYXhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS80NTdlMTMtNDFkMy00MGVmLWI1NzIt
OWU4OTVkMGVmOGQyLzEvNGVPQ0ZOT0JFQ1gyVnY2R1dhTjA4T0d6UUVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS80NTdlMTMtNDFkMy00MGVmLWI1NzItOWU4OTVkMGVmOGQy
LzEvU1liSE9aVFFMWkg4bDlrVzZZQ2FiWmdlYXhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW4SgAwQA
wYeJMA0GCSqGSIb3DQEBCwUAA4IBAQAfkbslC65PX5mMKmM5QPVIVi1w1Sf0YgV8
M0gC5/2MVbTDd7PsUOpLRYYhrRrMwv9yJ4WpG++/EtKe0hZByuLtC3epVK8iFdxK
xKdLvyhR+8sj4n71rgjPp/1djhssc3EjNDUl4MSuNb14R0ujJgkmI1PJ8mmGXLgA
WrgvASxN6Oz97rGkJ9DH2B/HyOPZ92TPfMQ/QhaB6qwAximC8+R+NvNj+PTwmTZc
rMpvr+N59ocw25Y9i82UvFnNvwLtZLrEeyikSAHJkXRZcWUHsef9JXtuME5TVMFX
iAY0163NZHt2+5Sn5R6tOEdf/0au/S78hG57x8OWiDEkl5fiMeUZ
-----END CERTIFICATE-----