Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/PYhvTWu2gLGxgQFdlL60IH92CE8.roa
File:                     PYhvTWu2gLGxgQFdlL60IH92CE8.roa (raw, json)
Hash identifier:          yV6fRqMha8M+YZ9PxKlydMdQ/YHg+s/tvkAKEMqbpOQ=
Subject key identifier:   3D:88:6F:4D:6B:B6:80:B1:B1:81:01:5D:94:BE:B4:20:7F:76:08:4F
Certificate issuer:       /CN=a4ce9640a3ef2fea19374ad8f99f423d7aa7c76b
Certificate serial:       018CC794DB54177B1D3D4864083BCDEAF7DF
Authority key identifier: A4:CE:96:40:A3:EF:2F:EA:19:37:4A:D8:F9:9F:42:3D:7A:A7:C7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/PYhvTWu2gLGxgQFdlL60IH92CE8.roa
Signing time:             Tue 02 Jan 2024 00:31:10 +0000
ROA not before:           Tue 02 Jan 2024 00:31:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24658
IP address blocks:        81.19.128.0/20 maxlen: 32
                          2a10:ad80::/48 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:db:54:17:7b:1d:3d:48:64:08:3b:cd:ea:f7:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4ce9640a3ef2fea19374ad8f99f423d7aa7c76b
        Validity
            Not Before: Jan  2 00:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d886f4d6bb680b1b181015d94beb4207f76084f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:0e:e9:d5:8e:57:8b:88:ce:ff:4f:77:2e:f7:
                    a9:7e:c9:a9:98:e7:2c:22:58:8d:71:98:f7:bb:cd:
                    84:11:54:9b:f0:56:bc:9d:e4:62:ee:48:44:7b:eb:
                    6f:5f:f7:35:47:99:ce:8b:e7:e6:18:5c:fb:78:0b:
                    6b:13:be:05:8f:b4:20:ea:4f:9e:70:cd:0e:80:8e:
                    84:7d:6f:5f:23:0b:ea:8c:33:48:9e:68:a5:2c:80:
                    f9:0c:80:02:4b:d8:02:5c:31:d1:57:fe:e0:2a:dd:
                    7f:70:5c:8a:98:12:a3:92:36:c0:50:57:ae:0d:05:
                    46:04:ab:af:35:20:b6:11:62:c8:85:1b:20:32:3d:
                    50:92:09:74:2f:56:63:66:21:56:be:6f:87:ac:e0:
                    d3:0f:4b:3e:29:de:7a:c5:46:40:92:d1:7b:d6:98:
                    cb:d8:72:3c:23:2e:7a:ad:6a:7f:65:58:52:a2:d7:
                    87:6e:dc:00:e3:cc:8a:6b:f2:aa:99:88:23:40:4e:
                    64:b4:20:60:09:57:64:7c:3a:96:08:0f:2e:47:c7:
                    c6:ef:ba:57:61:75:ca:e2:b5:db:bc:87:97:a1:ca:
                    11:10:f0:15:8d:ac:3b:3a:d7:6e:16:fa:fc:9b:2e:
                    e4:ce:06:19:84:b1:b5:fc:4c:f1:e1:e9:bf:c9:ae:
                    4c:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:88:6F:4D:6B:B6:80:B1:B1:81:01:5D:94:BE:B4:20:7F:76:08:4F
            X509v3 Authority Key Identifier:
                keyid:A4:CE:96:40:A3:EF:2F:EA:19:37:4A:D8:F9:9F:42:3D:7A:A7:C7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/PYhvTWu2gLGxgQFdlL60IH92CE8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.128.0/20
                IPv6:
                  2a10:ad80::/48

    Signature Algorithm: sha256WithRSAEncryption
         38:4a:15:6f:14:c5:07:3e:27:33:5d:ab:70:5a:b3:33:e7:5b:
         17:83:57:0e:63:5a:f8:35:6f:19:4d:21:ca:35:86:6e:c9:c0:
         b8:b2:c2:06:12:cb:1e:7a:1d:c4:d6:97:46:84:cd:91:ab:2c:
         26:b2:95:87:69:d4:60:b5:a9:33:13:a0:f2:ba:95:3f:e3:ee:
         ec:9e:cd:1b:ad:cd:12:a6:df:c7:08:47:49:c6:15:50:d8:aa:
         a1:94:7f:85:fd:0a:69:26:3f:a2:e9:2e:96:a4:4d:46:ca:9f:
         5d:3a:45:27:6d:4c:10:88:66:66:5f:57:3d:9f:94:55:f6:91:
         e4:cc:ef:ac:6b:ce:d8:ed:41:45:40:a1:23:fb:d5:c4:1c:a4:
         55:35:91:cd:48:53:d1:94:0a:b0:9b:30:00:d7:6a:c5:20:17:
         0d:4c:c9:2e:8c:8a:47:13:b3:6a:46:6b:2f:17:c8:43:ff:70:
         a6:c6:84:7b:43:5e:ec:d6:64:28:7a:a3:c2:36:a0:85:02:79:
         ff:a0:dc:0f:7f:4b:1a:35:b7:99:1c:3c:b6:a1:93:8f:3e:89:
         a3:6b:9e:6e:96:97:0f:7e:dc:5e:d3:3e:b1:46:a7:ab:c5:34:
         d8:7e:64:0f:45:3c:af:6e:19:11:78:72:f0:66:92:28:d3:25:
         db:fd:92:f4
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHlNtUF3sdPUhkCDvN6vffMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0Y2U5NjQwYTNlZjJmZWExOTM3NGFkOGY5OWY0MjNkN2Fh
N2M3NmIwHhcNMjQwMTAyMDAzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDg4NmY0ZDZiYjY4MGIxYjE4MTAxNWQ5NGJlYjQyMDdmNzYwODRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkA7p1Y5Xi4jO/093LvepfsmpmOcs
IliNcZj3u82EEVSb8Fa8neRi7khEe+tvX/c1R5nOi+fmGFz7eAtrE74Fj7Qg6k+e
cM0OgI6EfW9fIwvqjDNInmilLID5DIACS9gCXDHRV/7gKt1/cFyKmBKjkjbAUFeu
DQVGBKuvNSC2EWLIhRsgMj1Qkgl0L1ZjZiFWvm+HrODTD0s+Kd56xUZAktF71pjL
2HI8Iy56rWp/ZVhSoteHbtwA48yKa/KqmYgjQE5ktCBgCVdkfDqWCA8uR8fG77pX
YXXK4rXbvIeXocoREPAVjaw7OtduFvr8my7kzgYZhLG1/Ezx4em/ya5MzwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFD2Ib01rtoCxsYEBXZS+tCB/dghPMB8GA1UdIwQY
MBaAFKTOlkCj7y/qGTdK2PmfQj16p8drMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcE02V1FLUHZMLW9aTjByWS1aOUNQWHFueDJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mOGE1ZDEtMjYwYS00NmE0LWE4ZTQt
MjgzZmU1NGE2ZjJmLzEvUFlodlRXdTJnTEd4Z1FGZGxMNjBJSDkyQ0U4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mOGE1ZDEtMjYwYS00NmE0LWE4ZTQtMjgzZmU1NGE2ZjJm
LzEvcE02V1FLUHZMLW9aTjByWS1aOUNQWHFueDJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQEUROAMA8E
AgACMAkDBwAqEK2AAAAwDQYJKoZIhvcNAQELBQADggEBADhKFW8UxQc+JzNdq3Ba
szPnWxeDVw5jWvg1bxlNIco1hm7JwLiywgYSyx56HcTWl0aEzZGrLCaylYdp1GC1
qTMToPK6lT/j7uyezRutzRKm38cIR0nGFVDYqqGUf4X9CmkmP6LpLpakTUbKn106
RSdtTBCIZmZfVz2flFX2keTM76xrztjtQUVAoSP71cQcpFU1kc1IU9GUCrCbMADX
asUgFw1MyS6MikcTs2pGay8XyEP/cKbGhHtDXuzWZCh6o8I2oIUCef+g3A9/Sxo1
t5kcPLahk48+iaNrnm6Wlw9+3F7TPrFGp6vFNNh+ZA9FPK9uGRF4cvBmkijTJdv9
kvQ=
-----END CERTIFICATE-----