Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/8bf78d-c3b5-4691-8108-f0cad9ff65be/1/dxBH4TV51cTFiAYXOVtwRqrZraY.roa
File:                     dxBH4TV51cTFiAYXOVtwRqrZraY.roa (raw, json)
Hash identifier:          kYpITsy+89G8dkg3+FaIKDSidYdWIry8+rbXb5yDBDM=
Subject key identifier:   77:10:47:E1:35:79:D5:C4:C5:88:06:17:39:5B:70:46:AA:D9:AD:A6
Certificate issuer:       /CN=534633f19f61d6546ebabf7de9fb7aa987ed5bf3
Certificate serial:       019473BCE45CE4928930098E5C8F6FBF1CA5
Authority key identifier: 53:46:33:F1:9F:61:D6:54:6E:BA:BF:7D:E9:FB:7A:A9:87:ED:5B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U0Yz8Z9h1lRuur996ft6qYftW_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/8bf78d-c3b5-4691-8108-f0cad9ff65be/1/dxBH4TV51cTFiAYXOVtwRqrZraY.roa
Signing time:             Fri 17 Jan 2025 10:09:06 +0000
ROA not before:           Fri 17 Jan 2025 10:09:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1103
IP address blocks:        141.252.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/8bf78d-c3b5-4691-8108-f0cad9ff65be/1/U0Yz8Z9h1lRuur996ft6qYftW_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/8bf78d-c3b5-4691-8108-f0cad9ff65be/1/U0Yz8Z9h1lRuur996ft6qYftW_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U0Yz8Z9h1lRuur996ft6qYftW_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 07:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:73:bc:e4:5c:e4:92:89:30:09:8e:5c:8f:6f:bf:1c:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=534633f19f61d6546ebabf7de9fb7aa987ed5bf3
        Validity
            Not Before: Jan 17 10:09:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=771047e13579d5c4c5880617395b7046aad9ada6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:12:8d:a4:8d:f9:db:5f:4d:67:02:99:32:86:
                    b6:02:81:1a:55:f9:5e:65:68:07:88:55:7e:de:88:
                    9c:4b:fb:7d:6e:73:eb:ec:aa:c6:3a:65:18:4e:0f:
                    57:43:31:30:ff:dd:36:6b:3e:c3:38:55:45:88:17:
                    1a:34:2a:96:f6:22:46:dd:df:01:50:1a:ff:3a:60:
                    56:18:74:46:70:3b:8b:c2:46:30:7c:df:d2:68:db:
                    38:b0:54:cb:80:15:82:d9:bf:00:aa:09:ee:08:4d:
                    2e:e5:17:13:df:dc:7f:19:3d:87:58:4e:6c:c6:f9:
                    71:35:37:68:cd:79:dd:f8:d4:f5:b8:6a:47:99:31:
                    f3:47:4e:1b:57:d0:58:c3:f9:4f:d0:65:fb:cc:cc:
                    55:45:6d:1f:b3:df:54:c7:b0:46:0e:b9:f7:21:da:
                    9d:03:c1:39:e4:bc:28:a5:98:78:24:f8:88:60:58:
                    be:12:3b:cd:b4:25:fd:5a:28:a1:0e:f1:73:50:a3:
                    2b:aa:c9:14:1f:8b:3c:b1:6e:e1:db:89:21:dc:51:
                    b1:6c:05:56:36:ae:c3:0e:e7:bb:e3:00:9f:a9:88:
                    28:a9:78:f6:f4:24:60:22:7c:60:a7:9f:a0:de:47:
                    3d:be:da:ac:d5:c8:bb:88:9d:f1:96:cd:61:99:87:
                    42:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:10:47:E1:35:79:D5:C4:C5:88:06:17:39:5B:70:46:AA:D9:AD:A6
            X509v3 Authority Key Identifier:
                keyid:53:46:33:F1:9F:61:D6:54:6E:BA:BF:7D:E9:FB:7A:A9:87:ED:5B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U0Yz8Z9h1lRuur996ft6qYftW_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/8bf78d-c3b5-4691-8108-f0cad9ff65be/1/dxBH4TV51cTFiAYXOVtwRqrZraY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/8bf78d-c3b5-4691-8108-f0cad9ff65be/1/U0Yz8Z9h1lRuur996ft6qYftW_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.252.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         60:b9:2e:39:eb:e0:69:a0:46:a1:9f:88:ee:c9:cc:1c:40:6d:
         5d:c5:fb:e3:09:fb:22:3c:34:87:2f:58:e0:9b:2d:92:84:68:
         16:fe:4a:08:ef:a3:5f:ee:5a:bc:2d:94:3d:c5:c2:89:ba:71:
         95:05:bc:bf:0a:ab:77:18:99:3e:86:28:9e:c9:52:76:83:89:
         9c:6d:df:17:45:b8:69:0b:f0:ac:b2:db:10:11:e6:f4:83:a8:
         f7:cb:07:9f:b5:1a:2c:41:8e:9a:97:ac:d0:c1:1a:0f:44:34:
         65:82:64:8a:ae:60:42:0c:73:e7:4e:4e:77:03:82:e1:69:51:
         2d:0e:cb:7e:3b:d2:ce:30:3d:c1:9a:ec:eb:b6:c1:0a:4f:18:
         17:53:68:ed:4b:97:42:39:f7:6b:f9:9a:f5:d0:b7:83:3c:95:
         8b:e2:d1:cc:de:cc:fa:f0:8d:62:c0:d7:55:ac:d4:dd:3e:5c:
         66:54:85:ac:bb:5e:0a:48:2c:da:14:ef:45:9d:f0:e0:77:9f:
         a1:4a:74:c8:ed:5e:ed:8a:64:14:42:1c:1a:df:9d:b7:1c:4a:
         e9:5b:bc:52:ac:f8:60:69:49:11:ef:b3:cd:d6:fa:f9:81:67:
         1a:42:3d:45:83:7d:d7:e9:c5:19:e8:7c:76:42:23:d6:dc:64:
         c5:ea:18:45
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZRzvORc5JKJMAmOXI9vvxylMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzNDYzM2YxOWY2MWQ2NTQ2ZWJhYmY3ZGU5ZmI3YWE5ODdl
ZDViZjMwHhcNMjUwMTE3MTAwOTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzEwNDdlMTM1NzlkNWM0YzU4ODA2MTczOTViNzA0NmFhZDlhZGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsBKNpI35219NZwKZMoa2AoEaVfle
ZWgHiFV+3oicS/t9bnPr7KrGOmUYTg9XQzEw/902az7DOFVFiBcaNCqW9iJG3d8B
UBr/OmBWGHRGcDuLwkYwfN/SaNs4sFTLgBWC2b8AqgnuCE0u5RcT39x/GT2HWE5s
xvlxNTdozXnd+NT1uGpHmTHzR04bV9BYw/lP0GX7zMxVRW0fs99Ux7BGDrn3Idqd
A8E55LwopZh4JPiIYFi+EjvNtCX9WiihDvFzUKMrqskUH4s8sW7h24kh3FGxbAVW
Nq7DDue74wCfqYgoqXj29CRgInxgp5+g3kc9vtqs1ci7iJ3xls1hmYdCWQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFHcQR+E1edXExYgGFzlbcEaq2a2mMB8GA1UdIwQY
MBaAFFNGM/GfYdZUbrq/fen7eqmH7VvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTBZejhaOWgxbFJ1dXI5OTZmdDZxWWZ0V19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC84YmY3OGQtYzNiNS00NjkxLTgxMDgt
ZjBjYWQ5ZmY2NWJlLzEvZHhCSDRUVjUxY1RGaUFZWE9WdHdScXJacmFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC84YmY3OGQtYzNiNS00NjkxLTgxMDgtZjBjYWQ5ZmY2NWJl
LzEvVTBZejhaOWgxbFJ1dXI5OTZmdDZxWWZ0V19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjfwwDQYJ
KoZIhvcNAQELBQADggEBAGC5Ljnr4GmgRqGfiO7JzBxAbV3F++MJ+yI8NIcvWOCb
LZKEaBb+Sgjvo1/uWrwtlD3Fwom6cZUFvL8Kq3cYmT6GKJ7JUnaDiZxt3xdFuGkL
8Kyy2xAR5vSDqPfLB5+1GixBjpqXrNDBGg9ENGWCZIquYEIMc+dOTncDguFpUS0O
y3470s4wPcGa7Ou2wQpPGBdTaO1Ll0I592v5mvXQt4M8lYvi0czezPrwjWLA11Ws
1N0+XGZUhay7XgpILNoU70Wd8OB3n6FKdMjtXu2KZBRCHBrfnbccSulbvFKs+GBp
SRHvs83W+vmBZxpCPUWDfdfpxRnofHZCI9bcZMXqGEU=
-----END CERTIFICATE-----