Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/8bf78d-c3b5-4691-8108-f0cad9ff65be/1/RHLLQaO9epjTpcYnivetdGCwuC4.roa
File:                     RHLLQaO9epjTpcYnivetdGCwuC4.roa (raw, json)
Hash identifier:          h0jWdRDzxRl/+lWehcEUFMB39+o17/XZJvBGMxvK8tY=
Subject key identifier:   44:72:CB:41:A3:BD:7A:98:D3:A5:C6:27:8A:F7:AD:74:60:B0:B8:2E
Certificate issuer:       /CN=534633f19f61d6546ebabf7de9fb7aa987ed5bf3
Certificate serial:       018CC26D6C57F35355366499F40D1B4E3FCC
Authority key identifier: 53:46:33:F1:9F:61:D6:54:6E:BA:BF:7D:E9:FB:7A:A9:87:ED:5B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U0Yz8Z9h1lRuur996ft6qYftW_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/8bf78d-c3b5-4691-8108-f0cad9ff65be/1/RHLLQaO9epjTpcYnivetdGCwuC4.roa
Signing time:             Mon 01 Jan 2024 00:30:00 +0000
ROA not before:           Mon 01 Jan 2024 00:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1103
IP address blocks:        141.252.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/8bf78d-c3b5-4691-8108-f0cad9ff65be/1/U0Yz8Z9h1lRuur996ft6qYftW_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/8bf78d-c3b5-4691-8108-f0cad9ff65be/1/U0Yz8Z9h1lRuur996ft6qYftW_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U0Yz8Z9h1lRuur996ft6qYftW_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:6c:57:f3:53:55:36:64:99:f4:0d:1b:4e:3f:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=534633f19f61d6546ebabf7de9fb7aa987ed5bf3
        Validity
            Not Before: Jan  1 00:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4472cb41a3bd7a98d3a5c6278af7ad7460b0b82e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:a8:9d:d3:c1:a9:a7:a2:63:a1:ab:01:ff:1f:
                    7c:cc:24:6f:29:b8:bb:e6:a8:0f:26:d1:42:e5:c3:
                    ee:36:36:fd:b2:6b:40:21:ea:7e:26:cf:c4:70:04:
                    fc:de:e9:b9:05:61:f4:e0:b9:b0:4a:c8:7d:34:13:
                    07:4d:a6:f2:4c:f3:23:5b:11:0c:af:15:eb:f8:8d:
                    e3:a8:df:ac:63:4a:92:27:c2:34:0a:0d:5c:bb:e9:
                    43:d0:3b:70:ba:e1:98:82:59:96:df:7d:e7:64:ca:
                    3d:79:f5:a4:c1:b7:94:88:43:46:75:2f:dc:b3:c0:
                    d9:04:5e:79:1d:15:d0:57:22:b0:ad:7f:01:43:14:
                    95:2e:94:ee:9d:03:a9:1f:f8:d2:5e:77:fe:0e:01:
                    6a:1d:e8:ac:a6:f8:7d:06:21:b6:82:e3:e3:39:70:
                    da:7c:9f:7f:35:9b:a4:6f:51:c4:4b:7b:90:29:36:
                    82:a4:a1:d5:8c:5f:bf:89:85:1d:69:6a:2e:00:5b:
                    e3:4c:7f:23:ed:87:c6:6f:f1:10:fc:38:64:b7:e3:
                    b5:80:e3:ff:39:13:7d:12:c4:9a:90:c7:bb:0e:a1:
                    43:1a:e1:73:c4:f1:58:26:2e:0d:8d:c0:d5:8d:1f:
                    23:9b:f2:8d:cb:22:ff:21:f0:46:fb:97:b0:af:52:
                    33:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:72:CB:41:A3:BD:7A:98:D3:A5:C6:27:8A:F7:AD:74:60:B0:B8:2E
            X509v3 Authority Key Identifier:
                keyid:53:46:33:F1:9F:61:D6:54:6E:BA:BF:7D:E9:FB:7A:A9:87:ED:5B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U0Yz8Z9h1lRuur996ft6qYftW_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/8bf78d-c3b5-4691-8108-f0cad9ff65be/1/RHLLQaO9epjTpcYnivetdGCwuC4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/8bf78d-c3b5-4691-8108-f0cad9ff65be/1/U0Yz8Z9h1lRuur996ft6qYftW_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.252.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         91:26:48:ab:db:20:ce:b8:8f:2a:da:a9:78:50:ce:b5:b7:60:
         75:7c:ea:57:9f:93:23:4c:a4:4f:c0:88:53:39:8f:6f:32:ee:
         40:2c:c4:3e:7f:9c:2b:b3:82:6c:42:2c:fd:34:66:8c:4d:43:
         96:09:6b:a2:a8:3e:8d:46:97:64:00:91:24:57:1d:df:4b:f4:
         e3:ec:a9:f0:8f:3b:83:5c:d4:ff:0f:15:95:24:59:10:59:ae:
         e2:46:65:96:82:e0:79:e8:a6:dc:17:01:53:d5:4b:77:ae:e2:
         f5:da:18:43:15:e6:32:49:a3:ee:e3:1d:b3:54:d2:5b:d5:48:
         00:a4:80:70:8b:a9:b5:17:bf:68:5f:c4:47:61:57:68:51:6d:
         47:4f:aa:c4:3f:15:61:b0:74:27:33:f4:0f:c1:5a:36:5f:46:
         a2:92:ba:93:c4:7f:2f:a2:ce:e8:16:e7:58:26:2a:1b:c9:6c:
         0e:80:ce:16:7c:7f:c0:06:eb:25:99:29:96:4d:73:f3:b8:a7:
         da:62:22:f3:02:69:65:3b:56:92:1b:b3:8d:0b:63:a9:3f:0d:
         18:f8:46:ac:1c:6c:72:f7:a4:10:e2:3c:bb:91:10:08:b9:39:
         63:5c:1b:b0:f9:64:7e:6d:ae:73:f1:53:eb:6c:3f:f5:42:a3:
         34:94:5a:0f
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzCbWxX81NVNmSZ9A0bTj/MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzNDYzM2YxOWY2MWQ2NTQ2ZWJhYmY3ZGU5ZmI3YWE5ODdl
ZDViZjMwHhcNMjQwMTAxMDAzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDcyY2I0MWEzYmQ3YTk4ZDNhNWM2Mjc4YWY3YWQ3NDYwYjBiODJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoaid08Gpp6JjoasB/x98zCRvKbi7
5qgPJtFC5cPuNjb9smtAIep+Js/EcAT83um5BWH04LmwSsh9NBMHTabyTPMjWxEM
rxXr+I3jqN+sY0qSJ8I0Cg1cu+lD0DtwuuGYglmW333nZMo9efWkwbeUiENGdS/c
s8DZBF55HRXQVyKwrX8BQxSVLpTunQOpH/jSXnf+DgFqHeispvh9BiG2guPjOXDa
fJ9/NZukb1HES3uQKTaCpKHVjF+/iYUdaWouAFvjTH8j7YfGb/EQ/Dhkt+O1gOP/
ORN9EsSakMe7DqFDGuFzxPFYJi4NjcDVjR8jm/KNyyL/IfBG+5ewr1IzHwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFERyy0GjvXqY06XGJ4r3rXRgsLguMB8GA1UdIwQY
MBaAFFNGM/GfYdZUbrq/fen7eqmH7VvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTBZejhaOWgxbFJ1dXI5OTZmdDZxWWZ0V19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC84YmY3OGQtYzNiNS00NjkxLTgxMDgt
ZjBjYWQ5ZmY2NWJlLzEvUkhMTFFhTzllcGpUcGNZbml2ZXRkR0N3dUM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC84YmY3OGQtYzNiNS00NjkxLTgxMDgtZjBjYWQ5ZmY2NWJl
LzEvVTBZejhaOWgxbFJ1dXI5OTZmdDZxWWZ0V19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjfwwDQYJ
KoZIhvcNAQELBQADggEBAJEmSKvbIM64jyraqXhQzrW3YHV86lefkyNMpE/AiFM5
j28y7kAsxD5/nCuzgmxCLP00ZoxNQ5YJa6KoPo1Gl2QAkSRXHd9L9OPsqfCPO4Nc
1P8PFZUkWRBZruJGZZaC4HnoptwXAVPVS3eu4vXaGEMV5jJJo+7jHbNU0lvVSACk
gHCLqbUXv2hfxEdhV2hRbUdPqsQ/FWGwdCcz9A/BWjZfRqKSupPEfy+izugW51gm
KhvJbA6AzhZ8f8AG6yWZKZZNc/O4p9piIvMCaWU7VpIbs40LY6k/DRj4RqwcbHL3
pBDiPLuREAi5OWNcG7D5ZH5trnPxU+tsP/VCozSUWg8=
-----END CERTIFICATE-----