Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/7qODuGSs4dmqZxJ-1yR3uLnt78I.roa
File:                     7qODuGSs4dmqZxJ-1yR3uLnt78I.roa (raw, json)
Hash identifier:          u9dD83B9w4i3dzT6MQPlhoVscgdl/eJq2CSU2nReV/s=
Subject key identifier:   EE:A3:83:B8:64:AC:E1:D9:AA:67:12:7E:D7:24:77:B8:B9:ED:EF:C2
Certificate issuer:       /CN=a4ce9640a3ef2fea19374ad8f99f423d7aa7c76b
Certificate serial:       018CC794DDD0AC0F937A8E25E47A8EA62144
Authority key identifier: A4:CE:96:40:A3:EF:2F:EA:19:37:4A:D8:F9:9F:42:3D:7A:A7:C7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/7qODuGSs4dmqZxJ-1yR3uLnt78I.roa
Signing time:             Tue 02 Jan 2024 00:31:11 +0000
ROA not before:           Tue 02 Jan 2024 00:31:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209272
IP address blocks:        81.19.136.0/24 maxlen: 32
                          81.19.138.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:dd:d0:ac:0f:93:7a:8e:25:e4:7a:8e:a6:21:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4ce9640a3ef2fea19374ad8f99f423d7aa7c76b
        Validity
            Not Before: Jan  2 00:31:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eea383b864ace1d9aa67127ed72477b8b9edefc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:8b:9e:a2:0a:23:60:72:57:f9:4e:ff:73:00:
                    47:38:94:5f:15:6b:6f:ca:4e:21:d8:05:ca:3a:2b:
                    22:a5:75:c9:4d:cd:ee:9b:0d:50:1b:b8:ee:d7:96:
                    3d:87:ac:5f:4f:71:43:c8:73:e8:d0:f7:29:da:0e:
                    3e:74:83:4c:7d:fc:f3:6e:13:2e:7f:33:3d:ea:25:
                    d5:19:06:f0:e5:49:1d:2e:95:7c:fb:e0:e7:d5:bd:
                    0c:c7:28:f9:5a:52:67:f9:7e:91:c6:d4:c5:b9:b5:
                    1d:61:93:60:ad:c8:e1:54:36:c7:7b:03:db:94:10:
                    1f:39:8a:6a:f9:7d:aa:1c:14:c1:e3:85:42:b1:6f:
                    12:8a:9b:42:76:c5:78:de:93:43:f8:2e:3c:f9:93:
                    16:c0:f5:60:1a:a3:52:c2:37:26:f2:2b:56:d4:7a:
                    90:84:be:ba:11:31:5a:de:ac:97:55:27:9e:fb:7f:
                    8f:39:6e:e4:58:40:c7:a1:b5:95:2b:ea:61:61:3e:
                    53:78:ab:78:de:9a:6b:a6:73:be:92:d1:5a:6d:6d:
                    69:ec:22:23:19:d3:ef:a6:43:f8:e3:e2:db:8d:c2:
                    e9:31:99:38:18:22:51:c6:34:ce:7a:c5:f6:44:bb:
                    2d:13:b5:3b:5a:85:f5:fd:18:ee:fa:00:51:08:0e:
                    ab:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:A3:83:B8:64:AC:E1:D9:AA:67:12:7E:D7:24:77:B8:B9:ED:EF:C2
            X509v3 Authority Key Identifier:
                keyid:A4:CE:96:40:A3:EF:2F:EA:19:37:4A:D8:F9:9F:42:3D:7A:A7:C7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/7qODuGSs4dmqZxJ-1yR3uLnt78I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.136.0/24
                  81.19.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:14:99:32:4f:15:64:7c:f0:23:a9:18:b2:d3:30:d9:d5:94:
         7d:45:b2:52:86:5e:cb:18:7a:b7:32:ed:da:a3:82:3d:93:a2:
         21:5a:3c:d9:f7:44:20:21:dc:44:bf:8c:16:5d:48:cd:97:45:
         db:ce:bd:8f:bf:c5:94:94:5e:7f:d6:9e:25:2f:81:c5:cd:8b:
         52:1d:63:e4:50:e6:9c:29:a6:87:98:96:f7:bc:44:43:e2:bd:
         b1:3a:0c:60:6b:49:50:79:5a:21:aa:51:23:cf:ab:4c:03:90:
         d6:43:5a:e7:2f:d9:43:76:30:72:e0:ee:9c:00:38:6b:3c:f0:
         92:a7:d7:5f:b0:c5:25:2f:d9:94:c2:c2:b4:a1:57:19:db:75:
         98:e9:8a:34:93:2c:25:cd:6f:6f:1d:4c:15:74:f7:3b:e4:41:
         e3:dd:5c:ea:8b:22:78:b8:d6:f6:8a:96:26:30:03:8e:14:8f:
         a8:e6:d6:85:af:b8:1a:b6:0f:11:ac:24:58:3e:99:7c:9e:de:
         a0:ad:18:a2:b3:9e:da:aa:bb:60:74:ab:36:7e:43:a5:6c:26:
         65:2a:de:7f:15:78:27:9e:82:b7:00:8d:66:f3:3b:e1:b2:6c:
         3b:89:f1:49:d5:e4:90:1b:6b:3b:43:8e:17:82:90:d7:90:15:
         75:97:ee:74
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlN3QrA+Teo4l5HqOpiFEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0Y2U5NjQwYTNlZjJmZWExOTM3NGFkOGY5OWY0MjNkN2Fh
N2M3NmIwHhcNMjQwMTAyMDAzMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWEzODNiODY0YWNlMWQ5YWE2NzEyN2VkNzI0NzdiOGI5ZWRlZmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiYueogojYHJX+U7/cwBHOJRfFWtv
yk4h2AXKOisipXXJTc3umw1QG7ju15Y9h6xfT3FDyHPo0Pcp2g4+dINMffzzbhMu
fzM96iXVGQbw5UkdLpV8++Dn1b0Mxyj5WlJn+X6RxtTFubUdYZNgrcjhVDbHewPb
lBAfOYpq+X2qHBTB44VCsW8SiptCdsV43pND+C48+ZMWwPVgGqNSwjcm8itW1HqQ
hL66ETFa3qyXVSee+3+POW7kWEDHobWVK+phYT5TeKt43pprpnO+ktFabW1p7CIj
GdPvpkP44+LbjcLpMZk4GCJRxjTOesX2RLstE7U7WoX1/Rju+gBRCA6rEwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO6jg7hkrOHZqmcSftckd7i57e/CMB8GA1UdIwQY
MBaAFKTOlkCj7y/qGTdK2PmfQj16p8drMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcE02V1FLUHZMLW9aTjByWS1aOUNQWHFueDJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mOGE1ZDEtMjYwYS00NmE0LWE4ZTQt
MjgzZmU1NGE2ZjJmLzEvN3FPRHVHU3M0ZG1xWnhKLTF5UjN1TG50NzhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mOGE1ZDEtMjYwYS00NmE0LWE4ZTQtMjgzZmU1NGE2ZjJm
LzEvcE02V1FLUHZMLW9aTjByWS1aOUNQWHFueDJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUROIAwQA
UROKMA0GCSqGSIb3DQEBCwUAA4IBAQBcFJkyTxVkfPAjqRiy0zDZ1ZR9RbJShl7L
GHq3Mu3ao4I9k6IhWjzZ90QgIdxEv4wWXUjNl0Xbzr2Pv8WUlF5/1p4lL4HFzYtS
HWPkUOacKaaHmJb3vERD4r2xOgxga0lQeVohqlEjz6tMA5DWQ1rnL9lDdjBy4O6c
ADhrPPCSp9dfsMUlL9mUwsK0oVcZ23WY6Yo0kywlzW9vHUwVdPc75EHj3VzqiyJ4
uNb2ipYmMAOOFI+o5taFr7gatg8RrCRYPpl8nt6grRiis57aqrtgdKs2fkOlbCZl
Kt5/FXgnnoK3AI1m8zvhsmw7ifFJ1eSQG2s7Q44XgpDXkBV1l+50
-----END CERTIFICATE-----