Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/ad6f5f-53b5-4e07-94b4-70f94d5ee5fc/1/T_t661bCYLw7fv-NWHBYahq_jF4.roa
File:                     T_t661bCYLw7fv-NWHBYahq_jF4.roa (raw, json)
Hash identifier:          oLn4cLLJQ8m+MlOl5L0VA1MdOv7PHg3oBhT32EhkcGI=
Subject key identifier:   4F:FB:7A:EB:56:C2:60:BC:3B:7E:FF:8D:58:70:58:6A:1A:BF:8C:5E
Certificate issuer:       /CN=f4e018fddfd422517c3069e75658657b40e73601
Certificate serial:       018E669A06D695DC6768630CE190D9D29936
Authority key identifier: F4:E0:18:FD:DF:D4:22:51:7C:30:69:E7:56:58:65:7B:40:E7:36:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9OAY_d_UIlF8MGnnVlhle0DnNgE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/ad6f5f-53b5-4e07-94b4-70f94d5ee5fc/1/T_t661bCYLw7fv-NWHBYahq_jF4.roa
Signing time:             Fri 22 Mar 2024 14:39:14 +0000
ROA not before:           Fri 22 Mar 2024 14:39:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207291
IP address blocks:        141.136.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/ad6f5f-53b5-4e07-94b4-70f94d5ee5fc/1/9OAY_d_UIlF8MGnnVlhle0DnNgE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/ad6f5f-53b5-4e07-94b4-70f94d5ee5fc/1/9OAY_d_UIlF8MGnnVlhle0DnNgE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9OAY_d_UIlF8MGnnVlhle0DnNgE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 14:49:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:66:9a:06:d6:95:dc:67:68:63:0c:e1:90:d9:d2:99:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4e018fddfd422517c3069e75658657b40e73601
        Validity
            Not Before: Mar 22 14:39:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ffb7aeb56c260bc3b7eff8d5870586a1abf8c5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:fe:72:d1:a8:d6:97:c2:40:0d:5c:6f:05:92:
                    44:74:fe:46:5c:dc:a3:99:d4:4a:99:52:da:a5:a4:
                    9c:7b:16:06:d4:73:b4:ed:72:62:d6:95:59:3d:2e:
                    51:de:71:97:70:79:79:36:28:18:94:d2:17:66:ea:
                    f9:52:a6:2e:3e:c7:c8:d4:8c:06:6c:bd:49:f6:80:
                    b9:47:5b:4b:0b:a2:bf:d5:6c:a1:95:6c:c2:aa:e4:
                    ff:47:20:c3:24:bb:cd:dd:6d:7c:1f:22:ff:38:de:
                    1e:65:b9:da:44:03:34:e9:16:0a:e9:1e:5f:a9:93:
                    2b:d9:2f:bd:af:12:16:17:e8:dc:9e:32:7d:bd:9b:
                    5f:56:4d:cb:2a:82:77:63:64:93:d9:47:7b:31:70:
                    2b:69:1c:41:e3:e5:6f:11:5c:68:e1:6a:a1:b9:f6:
                    86:c4:0d:de:46:7d:5a:7e:0e:72:e1:a2:73:0d:86:
                    5a:69:5f:64:cc:41:24:b9:df:96:15:eb:56:5d:1a:
                    65:07:0e:39:ef:56:95:08:75:b0:50:bf:92:4d:b6:
                    6b:06:3b:1e:2d:f9:6b:43:19:13:0a:83:84:9c:bc:
                    48:ca:c7:ac:b1:86:76:b4:a3:96:1c:41:29:ea:fd:
                    b8:7e:fb:85:cd:e7:73:7c:97:90:79:92:7f:fd:2c:
                    60:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:FB:7A:EB:56:C2:60:BC:3B:7E:FF:8D:58:70:58:6A:1A:BF:8C:5E
            X509v3 Authority Key Identifier:
                keyid:F4:E0:18:FD:DF:D4:22:51:7C:30:69:E7:56:58:65:7B:40:E7:36:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9OAY_d_UIlF8MGnnVlhle0DnNgE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/ad6f5f-53b5-4e07-94b4-70f94d5ee5fc/1/T_t661bCYLw7fv-NWHBYahq_jF4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/ad6f5f-53b5-4e07-94b4-70f94d5ee5fc/1/9OAY_d_UIlF8MGnnVlhle0DnNgE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.136.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:fe:a1:65:69:7f:4c:3e:99:35:b1:1e:74:fa:89:17:36:49:
         5a:ea:fe:64:ba:83:d6:cf:c0:f8:f1:16:d0:3e:31:e2:4d:d8:
         26:53:1d:9c:c2:5d:d1:18:b9:86:0b:58:69:b1:89:6a:28:1d:
         8e:48:bd:d9:66:bb:38:96:c3:28:0a:57:b0:63:5f:52:f0:5d:
         2d:f6:15:3d:7f:3c:02:38:18:b4:69:c8:74:41:82:87:e4:ba:
         f4:06:0c:cc:b8:65:db:76:61:82:b4:61:2d:57:a5:36:65:d2:
         97:9f:66:6a:78:0a:2d:30:3a:88:72:9f:9f:1e:3e:d5:27:a5:
         69:3c:d4:b2:5b:12:93:a4:37:be:08:87:9c:b6:ba:10:03:d3:
         8f:ed:65:83:39:23:45:31:81:68:2c:d9:82:fa:61:05:95:66:
         56:37:a9:28:34:15:b4:78:16:3d:aa:c0:e2:c0:1e:20:32:3a:
         80:bf:51:3f:05:b5:a5:aa:d5:ed:cc:7a:31:d3:8c:79:be:43:
         a5:18:5d:62:b7:4d:f4:fd:58:d0:93:b8:64:ac:5c:e1:aa:fb:
         31:d8:b3:dd:23:eb:26:45:64:4c:b6:59:0f:77:b9:ae:0d:56:
         47:a2:a3:eb:bc:3a:35:3d:01:aa:45:02:81:4b:11:3a:2d:90:
         13:31:f9:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5mmgbWldxnaGMM4ZDZ0pk2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZTAxOGZkZGZkNDIyNTE3YzMwNjllNzU2NTg2NTdiNDBl
NzM2MDEwHhcNMjQwMzIyMTQzOTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmZiN2FlYjU2YzI2MGJjM2I3ZWZmOGQ1ODcwNTg2YTFhYmY4YzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/5y0ajWl8JADVxvBZJEdP5GXNyj
mdRKmVLapaScexYG1HO07XJi1pVZPS5R3nGXcHl5NigYlNIXZur5UqYuPsfI1IwG
bL1J9oC5R1tLC6K/1WyhlWzCquT/RyDDJLvN3W18HyL/ON4eZbnaRAM06RYK6R5f
qZMr2S+9rxIWF+jcnjJ9vZtfVk3LKoJ3Y2ST2Ud7MXAraRxB4+VvEVxo4WqhufaG
xA3eRn1afg5y4aJzDYZaaV9kzEEkud+WFetWXRplBw4571aVCHWwUL+STbZrBjse
LflrQxkTCoOEnLxIysessYZ2tKOWHEEp6v24fvuFzedzfJeQeZJ//Sxg5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE/7eutWwmC8O37/jVhwWGoav4xeMB8GA1UdIwQY
MBaAFPTgGP3f1CJRfDBp51ZYZXtA5zYBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU9BWV9kX1VJbEY4TUdublZsaGxlMERuTmdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9hZDZmNWYtNTNiNS00ZTA3LTk0YjQt
NzBmOTRkNWVlNWZjLzEvVF90NjYxYkNZTHc3ZnYtTldIQllhaHFfakY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9hZDZmNWYtNTNiNS00ZTA3LTk0YjQtNzBmOTRkNWVlNWZj
LzEvOU9BWV9kX1VJbEY4TUdublZsaGxlMERuTmdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjYgmMA0G
CSqGSIb3DQEBCwUAA4IBAQAk/qFlaX9MPpk1sR50+okXNkla6v5kuoPWz8D48RbQ
PjHiTdgmUx2cwl3RGLmGC1hpsYlqKB2OSL3ZZrs4lsMoClewY19S8F0t9hU9fzwC
OBi0ach0QYKH5Lr0BgzMuGXbdmGCtGEtV6U2ZdKXn2ZqeAotMDqIcp+fHj7VJ6Vp
PNSyWxKTpDe+CIectroQA9OP7WWDOSNFMYFoLNmC+mEFlWZWN6koNBW0eBY9qsDi
wB4gMjqAv1E/BbWlqtXtzHox04x5vkOlGF1it030/VjQk7hkrFzhqvsx2LPdI+sm
RWRMtlkPd7muDVZHoqPrvDo1PQGqRQKBSxE6LZATMfkF
-----END CERTIFICATE-----