Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/JhcnO_f3vyWsqORCbqRb3pMOP9o.roa
File:                     JhcnO_f3vyWsqORCbqRb3pMOP9o.roa (raw, json)
Hash identifier:          QlJfGZeKFSMCeTj/+DzDXYivB2hKP7gLhvKjLsKYzVo=
Subject key identifier:   26:17:27:3B:F7:F7:BF:25:AC:A8:E4:42:6E:A4:5B:DE:93:0E:3F:DA
Certificate issuer:       /CN=a4ce9640a3ef2fea19374ad8f99f423d7aa7c76b
Certificate serial:       018E5006C6A40774A400E32266CF5B7EC8C2
Authority key identifier: A4:CE:96:40:A3:EF:2F:EA:19:37:4A:D8:F9:9F:42:3D:7A:A7:C7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/JhcnO_f3vyWsqORCbqRb3pMOP9o.roa
Signing time:             Mon 18 Mar 2024 05:26:45 +0000
ROA not before:           Mon 18 Mar 2024 05:26:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215540
IP address blocks:        81.19.139.0/24 maxlen: 24
                          81.19.140.0/24 maxlen: 24
                          81.19.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:50:06:c6:a4:07:74:a4:00:e3:22:66:cf:5b:7e:c8:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4ce9640a3ef2fea19374ad8f99f423d7aa7c76b
        Validity
            Not Before: Mar 18 05:26:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2617273bf7f7bf25aca8e4426ea45bde930e3fda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:70:5b:d0:dc:27:14:ab:a2:88:7e:14:42:56:
                    ba:97:7a:35:a0:72:ec:29:df:a5:a5:a5:d6:42:66:
                    08:c2:6e:90:f2:be:4a:15:c7:68:65:08:f2:c1:67:
                    8c:13:56:ac:e6:0e:51:5b:a8:09:6a:47:57:7a:3c:
                    41:8f:74:bf:4a:e8:5f:86:27:cc:5a:b4:13:6a:b4:
                    f7:17:30:d5:1f:c7:f9:3c:18:98:bd:7c:5a:e0:9c:
                    df:88:f2:8e:75:88:a4:21:7a:1f:e9:5c:c5:23:24:
                    88:ce:4f:36:53:36:0c:f0:4a:73:36:6c:7f:97:e3:
                    1e:f9:14:ec:91:e8:b3:21:0e:e6:08:29:a9:39:b1:
                    be:b9:ae:76:85:09:75:e9:f4:2c:60:8b:65:41:f7:
                    47:0f:36:b5:c2:cf:b3:5f:f0:ae:8d:99:57:3b:e3:
                    18:ea:0a:44:47:c9:f1:df:92:db:9c:1e:86:9d:8b:
                    a4:6f:8f:c2:a3:81:a4:0b:6c:88:09:2d:13:15:f4:
                    7f:96:68:59:2d:72:17:12:ae:16:96:5b:b9:6b:2f:
                    84:d5:77:e8:25:54:1c:c2:f5:2f:5b:40:bf:64:9f:
                    55:71:a9:c4:9b:c0:52:38:01:bc:a5:bb:17:f1:54:
                    a3:b3:a4:7c:c6:be:ad:4a:ce:5c:b7:e5:a5:50:29:
                    11:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:17:27:3B:F7:F7:BF:25:AC:A8:E4:42:6E:A4:5B:DE:93:0E:3F:DA
            X509v3 Authority Key Identifier:
                keyid:A4:CE:96:40:A3:EF:2F:EA:19:37:4A:D8:F9:9F:42:3D:7A:A7:C7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/JhcnO_f3vyWsqORCbqRb3pMOP9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.139.0-81.19.141.255

    Signature Algorithm: sha256WithRSAEncryption
         b7:e7:ff:a0:0f:44:bf:5d:6f:41:b4:a0:be:b3:4e:df:5b:12:
         f8:bf:01:5c:cd:3a:c5:1f:e2:1b:5e:ff:89:f8:52:d9:fc:e3:
         02:b7:b7:f2:8e:7c:2a:28:37:73:b6:11:ba:f3:02:98:04:44:
         de:97:91:19:c1:83:25:4f:e2:2a:7d:72:f2:8f:a3:82:77:c5:
         90:59:23:57:29:93:a6:95:74:f5:30:a2:6b:b8:cc:1d:bc:1c:
         df:a6:4e:aa:86:a6:bc:46:45:76:74:8b:ee:b7:60:34:09:0f:
         d4:7b:76:d9:c8:e8:8b:e9:af:df:e5:57:d0:dc:06:8e:07:9f:
         35:b6:cf:bd:5a:b4:72:e8:ef:6a:b6:ae:e5:a3:ad:5c:29:d9:
         94:51:46:00:9e:c3:e2:fa:20:4d:8c:29:bc:05:d0:33:7b:12:
         02:18:9a:94:79:1b:ec:4b:f4:e4:7d:95:ce:44:fe:58:96:ad:
         66:50:d8:b6:dc:28:11:c5:63:51:32:b2:cf:80:0b:76:73:90:
         de:05:96:cc:cc:cd:9e:28:29:e1:93:87:8c:22:55:99:b3:45:
         d1:30:36:63:98:cf:70:4c:e7:b9:b6:bf:c7:72:75:f3:f3:46:
         e3:10:92:12:50:46:ca:9c:7c:a4:f9:03:b4:f9:13:16:2a:bb:
         7a:2f:15:bf
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY5QBsakB3SkAOMiZs9bfsjCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0Y2U5NjQwYTNlZjJmZWExOTM3NGFkOGY5OWY0MjNkN2Fh
N2M3NmIwHhcNMjQwMzE4MDUyNjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjE3MjczYmY3ZjdiZjI1YWNhOGU0NDI2ZWE0NWJkZTkzMGUzZmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjXBb0NwnFKuiiH4UQla6l3o1oHLs
Kd+lpaXWQmYIwm6Q8r5KFcdoZQjywWeME1as5g5RW6gJakdXejxBj3S/SuhfhifM
WrQTarT3FzDVH8f5PBiYvXxa4JzfiPKOdYikIXof6VzFIySIzk82UzYM8EpzNmx/
l+Me+RTskeizIQ7mCCmpObG+ua52hQl16fQsYItlQfdHDza1ws+zX/CujZlXO+MY
6gpER8nx35LbnB6GnYukb4/Co4GkC2yICS0TFfR/lmhZLXIXEq4Wllu5ay+E1Xfo
JVQcwvUvW0C/ZJ9VcanEm8BSOAG8pbsX8VSjs6R8xr6tSs5ct+WlUCkRswIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFCYXJzv3978lrKjkQm6kW96TDj/aMB8GA1UdIwQY
MBaAFKTOlkCj7y/qGTdK2PmfQj16p8drMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcE02V1FLUHZMLW9aTjByWS1aOUNQWHFueDJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mOGE1ZDEtMjYwYS00NmE0LWE4ZTQt
MjgzZmU1NGE2ZjJmLzEvSmhjbk9fZjN2eVdzcU9SQ2JxUmIzcE1PUDlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mOGE1ZDEtMjYwYS00NmE0LWE4ZTQtMjgzZmU1NGE2ZjJm
LzEvcE02V1FLUHZMLW9aTjByWS1aOUNQWHFueDJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABRE4sD
BAFRE4wwDQYJKoZIhvcNAQELBQADggEBALfn/6APRL9db0G0oL6zTt9bEvi/AVzN
OsUf4hte/4n4Utn84wK3t/KOfCooN3O2EbrzApgERN6XkRnBgyVP4ip9cvKPo4J3
xZBZI1cpk6aVdPUwomu4zB28HN+mTqqGprxGRXZ0i+63YDQJD9R7dtnI6Ivpr9/l
V9DcBo4HnzW2z71atHLo72q2ruWjrVwp2ZRRRgCew+L6IE2MKbwF0DN7EgIYmpR5
G+xL9OR9lc5E/liWrWZQ2LbcKBHFY1Eyss+AC3ZzkN4FlszMzZ4oKeGTh4wiVZmz
RdEwNmOYz3BM57m2v8dydfPzRuMQkhJQRsqcfKT5A7T5ExYqu3ovFb8=
-----END CERTIFICATE-----