Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/Sw4udI0T0y4YHGeTVXfDQcoJ940.roa
File:                     Sw4udI0T0y4YHGeTVXfDQcoJ940.roa (raw, json)
Hash identifier:          5vLOl6taXz6BqFF79WLaaJDHov0EKzWQ9/OvOqSi+J8=
Subject key identifier:   4B:0E:2E:74:8D:13:D3:2E:18:1C:67:93:55:77:C3:41:CA:09:F7:8D
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       018CC7952944A2FFC10FDCC109BE7050F4D5
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/Sw4udI0T0y4YHGeTVXfDQcoJ940.roa
Signing time:             Tue 02 Jan 2024 00:31:30 +0000
ROA not before:           Tue 02 Jan 2024 00:31:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202104
IP address blocks:        81.25.70.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 14:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:29:44:a2:ff:c1:0f:dc:c1:09:be:70:50:f4:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 00:31:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b0e2e748d13d32e181c67935577c341ca09f78d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:67:c7:46:ab:33:b0:34:71:3c:64:b9:d6:b3:
                    69:2d:a1:37:37:33:e3:f0:d3:31:f5:63:3c:af:52:
                    73:48:10:5a:65:ca:a6:4f:86:98:b9:e9:a6:fa:37:
                    36:17:2b:fe:75:27:c4:72:22:d4:a7:1e:5d:ee:57:
                    41:b6:6d:c5:66:7f:ec:4b:17:48:2c:cd:b1:fa:18:
                    3f:2f:a5:22:09:3b:73:b2:79:b4:de:93:62:57:bc:
                    dc:4f:60:09:a9:9b:98:8a:a6:25:ee:54:6e:e9:23:
                    71:81:90:29:09:b5:53:ba:4b:4f:c9:a1:3e:82:aa:
                    a5:eb:34:e8:34:df:e0:32:12:36:25:aa:d8:a5:cb:
                    83:b9:9c:58:07:aa:0b:7e:89:52:c1:32:92:db:45:
                    57:28:df:9b:76:fa:32:40:a0:45:26:70:13:09:75:
                    29:39:b2:a1:8b:25:a7:6b:a7:43:ab:ab:e9:bc:02:
                    c7:fa:d0:98:51:92:24:0a:f3:69:cf:c2:ca:a4:b7:
                    5e:6a:2a:73:90:f2:8e:06:59:01:20:b7:dd:9b:10:
                    e6:f1:a2:9d:82:ca:ad:28:ef:2d:60:66:62:03:84:
                    88:74:f2:70:ee:92:32:83:1d:43:e0:bf:c9:24:f4:
                    2e:05:04:ca:a9:36:75:6b:e3:b0:44:11:7f:ed:16:
                    9b:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:0E:2E:74:8D:13:D3:2E:18:1C:67:93:55:77:C3:41:CA:09:F7:8D
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/Sw4udI0T0y4YHGeTVXfDQcoJ940.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.25.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:60:12:2b:48:b0:91:63:cc:cf:fe:de:8d:68:6f:81:77:5b:
         53:a0:41:a6:23:2e:59:1d:bb:57:ef:5b:d9:3e:64:14:dc:85:
         45:db:7a:30:06:1b:fd:00:62:81:dc:d4:30:5a:91:91:ba:1d:
         97:89:ce:91:af:f2:ad:41:4a:b8:e1:4a:25:91:87:42:24:d1:
         c1:e5:0f:06:f9:58:bd:45:1c:10:f1:4e:ca:ca:d9:c3:13:14:
         3f:76:ef:d3:31:e6:07:0b:d4:8e:5e:6a:bf:b5:5f:ef:fd:58:
         ca:d9:7f:44:ca:ef:bf:f1:25:76:e2:27:a2:13:1c:b1:2f:7c:
         6b:a8:c8:94:97:79:c5:82:bb:30:75:bd:f2:fe:a0:b1:23:3f:
         3e:18:9f:9d:42:fe:6f:fd:49:c4:88:a1:1b:73:f3:6b:2a:ff:
         cb:4f:e7:74:7a:0e:08:6f:07:06:bf:a1:84:be:96:70:e4:e6:
         0a:6a:68:0e:0f:33:aa:2d:d0:7a:6b:3c:0c:66:48:bd:28:3f:
         37:9d:5e:47:5c:66:3e:b5:ca:50:f0:89:ea:37:e8:ab:7d:8f:
         3b:0b:60:ae:a6:be:9f:62:cf:e6:f8:74:cd:48:31:e0:74:e2:
         86:df:66:71:42:95:8b:a0:ec:29:cc:b8:c0:44:d2:52:3a:bf:
         e0:a1:53:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlSlEov/BD9zBCb5wUPTVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjQwMTAyMDAzMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjBlMmU3NDhkMTNkMzJlMTgxYzY3OTM1NTc3YzM0MWNhMDlmNzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmmfHRqszsDRxPGS51rNpLaE3NzPj
8NMx9WM8r1JzSBBaZcqmT4aYuemm+jc2Fyv+dSfEciLUpx5d7ldBtm3FZn/sSxdI
LM2x+hg/L6UiCTtzsnm03pNiV7zcT2AJqZuYiqYl7lRu6SNxgZApCbVTuktPyaE+
gqql6zToNN/gMhI2JarYpcuDuZxYB6oLfolSwTKS20VXKN+bdvoyQKBFJnATCXUp
ObKhiyWna6dDq6vpvALH+tCYUZIkCvNpz8LKpLdeaipzkPKOBlkBILfdmxDm8aKd
gsqtKO8tYGZiA4SIdPJw7pIygx1D4L/JJPQuBQTKqTZ1a+OwRBF/7RabpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEsOLnSNE9MuGBxnk1V3w0HKCfeNMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvU3c0dWRJMFQweTRZSEdlVFZYZkRRY29KOTQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURlGMA0G
CSqGSIb3DQEBCwUAA4IBAQA8YBIrSLCRY8zP/t6NaG+Bd1tToEGmIy5ZHbtX71vZ
PmQU3IVF23owBhv9AGKB3NQwWpGRuh2Xic6Rr/KtQUq44UolkYdCJNHB5Q8G+Vi9
RRwQ8U7KytnDExQ/du/TMeYHC9SOXmq/tV/v/VjK2X9Eyu+/8SV24ieiExyxL3xr
qMiUl3nFgrswdb3y/qCxIz8+GJ+dQv5v/UnEiKEbc/NrKv/LT+d0eg4IbwcGv6GE
vpZw5OYKamgODzOqLdB6azwMZki9KD83nV5HXGY+tcpQ8InqN+irfY87C2Cupr6f
Ys/m+HTNSDHgdOKG32ZxQpWLoOwpzLjARNJSOr/goVOv
-----END CERTIFICATE-----