Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/H7F_0BQY9F_vqEdMMlcW-DDy7VQ.roa
File:                     H7F_0BQY9F_vqEdMMlcW-DDy7VQ.roa (raw, json)
Hash identifier:          unxO3BoaME5QVELFtPjBOedR7U60ugmeLRDAif8cQIw=
Subject key identifier:   1F:B1:7F:D0:14:18:F4:5F:EF:A8:47:4C:32:57:16:F8:30:F2:ED:54
Certificate issuer:       /CN=a4ce9640a3ef2fea19374ad8f99f423d7aa7c76b
Certificate serial:       018CC794DD42FDCA8342FC16011B680EFB9C
Authority key identifier: A4:CE:96:40:A3:EF:2F:EA:19:37:4A:D8:F9:9F:42:3D:7A:A7:C7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/H7F_0BQY9F_vqEdMMlcW-DDy7VQ.roa
Signing time:             Tue 02 Jan 2024 00:31:11 +0000
ROA not before:           Tue 02 Jan 2024 00:31:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198369
IP address blocks:        81.19.132.0/24 maxlen: 32
                          81.19.134.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jul 2024 20:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:dd:42:fd:ca:83:42:fc:16:01:1b:68:0e:fb:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4ce9640a3ef2fea19374ad8f99f423d7aa7c76b
        Validity
            Not Before: Jan  2 00:31:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1fb17fd01418f45fefa8474c325716f830f2ed54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:21:2d:ea:30:a1:29:28:87:05:25:58:a2:82:
                    f9:f3:16:09:6a:95:1a:e9:32:85:04:4e:d5:26:0c:
                    75:7d:2e:ca:00:4e:98:75:2b:28:2d:85:3a:24:8e:
                    2a:b6:54:4e:94:2f:83:fa:a1:b4:de:f6:8a:b2:32:
                    0d:51:15:3f:14:2b:ac:33:99:a0:00:b5:c2:a1:9a:
                    18:27:24:1c:a2:be:70:af:69:fc:89:7f:d0:09:f9:
                    63:e3:3f:95:74:8e:92:5e:50:a0:a6:ad:b4:47:5c:
                    1c:a8:bc:0a:06:d5:a4:70:ae:7d:59:26:77:ae:8b:
                    24:86:30:d8:fd:62:56:e7:0b:95:c5:3c:e0:c9:a9:
                    7a:3e:6c:42:e2:46:6b:56:b2:c3:c0:33:a0:c5:e3:
                    bd:af:5e:db:67:e1:7c:ab:d1:06:55:c2:f5:b4:8d:
                    f8:3f:fb:c3:f8:4f:90:e7:1d:d2:ec:6a:ea:73:f6:
                    0e:75:6f:01:9a:c2:f8:6d:a9:c1:ad:f8:e5:b2:41:
                    a5:27:a1:1c:4a:4f:69:aa:ec:f8:cf:68:4d:e0:ad:
                    b4:f0:45:ef:36:02:65:3d:b8:af:c8:a5:84:74:a1:
                    dd:35:bb:3e:91:bb:3b:32:f2:2b:7a:25:93:a5:3b:
                    f8:c9:e4:9b:46:c8:1b:03:5a:b4:78:94:e3:23:44:
                    7a:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:B1:7F:D0:14:18:F4:5F:EF:A8:47:4C:32:57:16:F8:30:F2:ED:54
            X509v3 Authority Key Identifier:
                keyid:A4:CE:96:40:A3:EF:2F:EA:19:37:4A:D8:F9:9F:42:3D:7A:A7:C7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/H7F_0BQY9F_vqEdMMlcW-DDy7VQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.132.0/24
                  81.19.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:08:b2:54:6a:31:b8:e7:8c:b1:f5:ad:46:7d:cc:2a:65:18:
         36:50:40:87:ec:fa:d6:b0:c7:dc:33:79:13:aa:53:7b:7f:38:
         14:38:f6:03:c2:15:e6:18:81:ab:eb:01:eb:89:8a:3f:2e:37:
         f9:12:2e:0c:01:10:69:72:cf:61:e3:54:fd:c5:3b:8f:44:23:
         ca:11:e2:54:39:e7:4b:ae:53:8d:eb:f0:99:41:64:29:21:17:
         12:54:ec:69:6c:94:1e:e4:be:12:23:6f:e8:68:04:1e:fd:e0:
         c7:20:c5:25:ae:79:3c:9a:db:ac:6d:3e:87:0b:91:bc:b8:e3:
         3d:c1:ba:cb:96:fd:a2:44:f2:54:b8:7e:d5:47:a2:fc:02:1b:
         a0:03:fa:71:c2:e8:23:ed:96:00:e1:96:18:d6:60:5d:70:90:
         5b:01:50:30:e3:19:d8:51:2d:f9:d5:0a:75:d6:ef:4c:19:61:
         94:d2:69:90:92:48:ac:67:2f:3b:e1:18:7e:e6:11:0e:27:3b:
         06:8e:e1:dd:35:65:87:54:d2:4a:19:ba:a4:5e:50:0f:11:b5:
         c1:7e:a6:9f:04:bc:81:b9:8e:d6:af:3d:bb:6a:fc:d1:d0:f8:
         11:a2:a2:b2:a9:dd:84:b1:34:3e:01:a0:4e:4e:bc:8a:42:f3:
         bc:ac:d5:01
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlN1C/cqDQvwWARtoDvucMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0Y2U5NjQwYTNlZjJmZWExOTM3NGFkOGY5OWY0MjNkN2Fh
N2M3NmIwHhcNMjQwMTAyMDAzMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmIxN2ZkMDE0MThmNDVmZWZhODQ3NGMzMjU3MTZmODMwZjJlZDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlyEt6jChKSiHBSVYooL58xYJapUa
6TKFBE7VJgx1fS7KAE6YdSsoLYU6JI4qtlROlC+D+qG03vaKsjINURU/FCusM5mg
ALXCoZoYJyQcor5wr2n8iX/QCflj4z+VdI6SXlCgpq20R1wcqLwKBtWkcK59WSZ3
roskhjDY/WJW5wuVxTzgyal6PmxC4kZrVrLDwDOgxeO9r17bZ+F8q9EGVcL1tI34
P/vD+E+Q5x3S7Grqc/YOdW8BmsL4banBrfjlskGlJ6EcSk9pquz4z2hN4K208EXv
NgJlPbivyKWEdKHdNbs+kbs7MvIreiWTpTv4yeSbRsgbA1q0eJTjI0R6BQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB+xf9AUGPRf76hHTDJXFvgw8u1UMB8GA1UdIwQY
MBaAFKTOlkCj7y/qGTdK2PmfQj16p8drMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcE02V1FLUHZMLW9aTjByWS1aOUNQWHFueDJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mOGE1ZDEtMjYwYS00NmE0LWE4ZTQt
MjgzZmU1NGE2ZjJmLzEvSDdGXzBCUVk5Rl92cUVkTU1sY1ctRER5N1ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mOGE1ZDEtMjYwYS00NmE0LWE4ZTQtMjgzZmU1NGE2ZjJm
LzEvcE02V1FLUHZMLW9aTjByWS1aOUNQWHFueDJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUROEAwQA
UROGMA0GCSqGSIb3DQEBCwUAA4IBAQBICLJUajG454yx9a1GfcwqZRg2UECH7PrW
sMfcM3kTqlN7fzgUOPYDwhXmGIGr6wHriYo/Ljf5Ei4MARBpcs9h41T9xTuPRCPK
EeJUOedLrlON6/CZQWQpIRcSVOxpbJQe5L4SI2/oaAQe/eDHIMUlrnk8mtusbT6H
C5G8uOM9wbrLlv2iRPJUuH7VR6L8AhugA/pxwugj7ZYA4ZYY1mBdcJBbAVAw4xnY
US351Qp11u9MGWGU0mmQkkisZy874Rh+5hEOJzsGjuHdNWWHVNJKGbqkXlAPEbXB
fqafBLyBuY7Wrz27avzR0PgRoqKyqd2EsTQ+AaBOTryKQvO8rNUB
-----END CERTIFICATE-----