Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/a27b39-8011-4142-86c2-cf83d6e40558/1/u4r--dRc7jWn-0jplkuEtDrEeSc.roa
File:                     u4r--dRc7jWn-0jplkuEtDrEeSc.roa (raw, json)
Hash identifier:          dyMpYRk5u2+QwQ2MiSARxc2gjN7riwKhPkaR1H44ncM=
Subject key identifier:   BB:8A:FE:F9:D4:5C:EE:35:A7:FB:48:E9:96:4B:84:B4:3A:C4:79:27
Certificate issuer:       /CN=bda96d02a822f46253c2aee680441d5ac27c3df5
Certificate serial:       018DCBD630D964738C0C398D1EA14A0CDCCA
Authority key identifier: BD:A9:6D:02:A8:22:F4:62:53:C2:AE:E6:80:44:1D:5A:C2:7C:3D:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/valtAqgi9GJTwq7mgEQdWsJ8PfU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/a27b39-8011-4142-86c2-cf83d6e40558/1/u4r--dRc7jWn-0jplkuEtDrEeSc.roa
Signing time:             Wed 21 Feb 2024 13:23:48 +0000
ROA not before:           Wed 21 Feb 2024 13:23:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25369
IP address blocks:        141.138.225.0/24 maxlen: 24
                          2a00:10e8:101::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/a27b39-8011-4142-86c2-cf83d6e40558/1/valtAqgi9GJTwq7mgEQdWsJ8PfU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/a27b39-8011-4142-86c2-cf83d6e40558/1/valtAqgi9GJTwq7mgEQdWsJ8PfU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/valtAqgi9GJTwq7mgEQdWsJ8PfU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:cb:d6:30:d9:64:73:8c:0c:39:8d:1e:a1:4a:0c:dc:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bda96d02a822f46253c2aee680441d5ac27c3df5
        Validity
            Not Before: Feb 21 13:23:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb8afef9d45cee35a7fb48e9964b84b43ac47927
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:a8:84:a4:be:42:28:6a:1a:74:39:d3:c2:5b:
                    07:e0:3a:69:95:c8:0f:8c:de:9f:30:4f:29:d0:42:
                    35:6c:b1:af:26:48:ae:0d:a0:4c:b8:1f:6c:71:58:
                    a6:ad:c1:d7:09:6a:d6:a9:45:2d:b1:b0:47:58:3d:
                    ff:8d:3c:cf:bb:b6:56:16:90:ed:c3:20:76:b5:dc:
                    64:6c:44:be:43:05:f8:a3:85:4a:50:27:95:b1:20:
                    47:2e:bd:a2:a1:81:8f:2c:f7:5b:dc:d4:e6:6c:87:
                    54:cb:4a:4f:76:eb:53:d9:2e:ae:c3:91:cc:d3:d3:
                    61:d0:ae:aa:19:e5:ec:af:e2:df:6b:ef:63:6d:1f:
                    40:e9:cd:14:61:de:44:f0:73:01:9f:37:62:61:00:
                    5c:df:51:1a:41:08:17:49:53:c7:1c:b2:89:c0:ed:
                    7a:bc:4b:f3:cb:c2:e1:ef:62:c4:eb:f7:c9:14:10:
                    ac:1f:a7:65:4a:4a:89:fc:b7:fb:74:06:32:c5:ad:
                    ef:0e:5a:d3:f0:25:36:e1:69:1d:5f:fa:7b:16:fe:
                    05:61:51:0b:05:00:aa:1a:cc:f0:2b:d6:9f:0f:f0:
                    8f:b3:ed:26:8d:73:45:25:be:c0:b4:04:31:7e:c4:
                    bf:89:d2:4b:4b:5f:7f:ff:bd:f3:07:4e:06:7d:a5:
                    6b:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:8A:FE:F9:D4:5C:EE:35:A7:FB:48:E9:96:4B:84:B4:3A:C4:79:27
            X509v3 Authority Key Identifier:
                keyid:BD:A9:6D:02:A8:22:F4:62:53:C2:AE:E6:80:44:1D:5A:C2:7C:3D:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/valtAqgi9GJTwq7mgEQdWsJ8PfU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/a27b39-8011-4142-86c2-cf83d6e40558/1/u4r--dRc7jWn-0jplkuEtDrEeSc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/a27b39-8011-4142-86c2-cf83d6e40558/1/valtAqgi9GJTwq7mgEQdWsJ8PfU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.138.225.0/24
                IPv6:
                  2a00:10e8:101::/48

    Signature Algorithm: sha256WithRSAEncryption
         0f:7f:25:6c:04:60:bb:d1:a2:69:8d:7c:4f:9b:17:94:aa:c4:
         29:53:e7:b4:fc:1f:4a:2d:56:ac:05:10:09:db:dc:3c:24:74:
         65:7f:a5:d3:85:fe:39:73:20:00:29:fe:ad:c4:78:65:34:91:
         03:81:ed:ee:ed:23:1d:2a:49:66:8a:bc:41:61:1c:fa:bf:5b:
         9d:40:61:13:3a:dc:c7:ea:6c:4d:3e:88:7c:57:79:cf:1f:61:
         2e:1e:a0:39:cc:1f:5f:8e:05:66:11:7f:ee:ec:fa:1b:f6:09:
         9a:4b:d1:4f:4d:62:be:2a:be:bd:7b:c1:4b:65:f8:95:7b:ec:
         26:90:d9:ac:cd:ee:b3:4a:af:5c:d0:63:4e:c1:3e:49:82:e3:
         ed:25:79:04:1e:1b:b0:35:94:b0:5d:1e:7d:7a:40:e2:58:01:
         98:f3:3a:81:09:2f:9f:4f:9b:ca:4a:0a:ff:d2:67:85:7d:19:
         21:12:bd:00:9a:7e:a0:d1:39:0b:90:40:83:a4:13:b5:d2:3f:
         a0:54:32:ad:18:c5:69:f5:ea:39:42:9b:e1:89:ba:e6:42:eb:
         2c:06:9a:c6:3b:96:be:ec:a2:59:8f:02:ac:8a:bf:66:b6:b9:
         4c:1f:3b:21:f0:e9:b6:55:de:a8:6e:5b:af:3c:28:5a:b7:cd:
         9e:ed:57:8e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY3L1jDZZHOMDDmNHqFKDNzKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkYTk2ZDAyYTgyMmY0NjI1M2MyYWVlNjgwNDQxZDVhYzI3
YzNkZjUwHhcNMjQwMjIxMTMyMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjhhZmVmOWQ0NWNlZTM1YTdmYjQ4ZTk5NjRiODRiNDNhYzQ3OTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqKiEpL5CKGoadDnTwlsH4DpplcgP
jN6fME8p0EI1bLGvJkiuDaBMuB9scVimrcHXCWrWqUUtsbBHWD3/jTzPu7ZWFpDt
wyB2tdxkbES+QwX4o4VKUCeVsSBHLr2ioYGPLPdb3NTmbIdUy0pPdutT2S6uw5HM
09Nh0K6qGeXsr+Lfa+9jbR9A6c0UYd5E8HMBnzdiYQBc31EaQQgXSVPHHLKJwO16
vEvzy8Lh72LE6/fJFBCsH6dlSkqJ/Lf7dAYyxa3vDlrT8CU24WkdX/p7Fv4FYVEL
BQCqGszwK9afD/CPs+0mjXNFJb7AtAQxfsS/idJLS19//73zB04GfaVrqwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLuK/vnUXO41p/tI6ZZLhLQ6xHknMB8GA1UdIwQY
MBaAFL2pbQKoIvRiU8Ku5oBEHVrCfD31MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmFsdEFxZ2k5R0pUd3E3bWdFUWRXc0o4UGZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9hMjdiMzktODAxMS00MTQyLTg2YzIt
Y2Y4M2Q2ZTQwNTU4LzEvdTRyLS1kUmM3alduLTBqcGxrdUV0RHJFZVNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9hMjdiMzktODAxMS00MTQyLTg2YzItY2Y4M2Q2ZTQwNTU4
LzEvdmFsdEFxZ2k5R0pUd3E3bWdFUWRXc0o4UGZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAjYrhMA8E
AgACMAkDBwAqABDoAQEwDQYJKoZIhvcNAQELBQADggEBAA9/JWwEYLvRommNfE+b
F5SqxClT57T8H0otVqwFEAnb3DwkdGV/pdOF/jlzIAAp/q3EeGU0kQOB7e7tIx0q
SWaKvEFhHPq/W51AYRM63MfqbE0+iHxXec8fYS4eoDnMH1+OBWYRf+7s+hv2CZpL
0U9NYr4qvr17wUtl+JV77CaQ2azN7rNKr1zQY07BPkmC4+0leQQeG7A1lLBdHn16
QOJYAZjzOoEJL59Pm8pKCv/SZ4V9GSESvQCafqDROQuQQIOkE7XSP6BUMq0YxWn1
6jlCm+GJuuZC6ywGmsY7lr7solmPAqyKv2a2uUwfOyHw6bZV3qhuW688KFq3zZ7t
V44=
-----END CERTIFICATE-----