Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/VnNOyhJgLmShK4zlF9XdAN2q4s4.roa
File:                     VnNOyhJgLmShK4zlF9XdAN2q4s4.roa (raw, json)
Hash identifier:          B/S8y9b1ISPp/BBs9L+1yYuLtM/Q6p7iTzrPaTaI4+Q=
Subject key identifier:   56:73:4E:CA:12:60:2E:64:A1:2B:8C:E5:17:D5:DD:00:DD:AA:E2:CE
Certificate issuer:       /CN=a4ce9640a3ef2fea19374ad8f99f423d7aa7c76b
Certificate serial:       0192619A82FE6C4AE7EBA03FF7F254FFF462
Authority key identifier: A4:CE:96:40:A3:EF:2F:EA:19:37:4A:D8:F9:9F:42:3D:7A:A7:C7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/VnNOyhJgLmShK4zlF9XdAN2q4s4.roa
Signing time:             Sun 06 Oct 2024 11:32:48 +0000
ROA not before:           Sun 06 Oct 2024 11:32:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51685
IP address blocks:        81.19.128.0/23 maxlen: 23
                          81.19.130.0/24 maxlen: 24
                          81.19.142.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:61:9a:82:fe:6c:4a:e7:eb:a0:3f:f7:f2:54:ff:f4:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4ce9640a3ef2fea19374ad8f99f423d7aa7c76b
        Validity
            Not Before: Oct  6 11:32:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=56734eca12602e64a12b8ce517d5dd00ddaae2ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:57:01:a2:b3:34:ee:f5:cf:31:90:4e:9a:31:
                    5f:59:ae:75:db:8c:61:8d:40:8f:29:03:c6:69:fe:
                    9e:67:11:2a:c6:45:11:0e:08:a6:a9:81:7c:d1:16:
                    72:b6:3e:58:80:06:44:6d:f4:2d:6c:6e:bf:3a:c8:
                    ab:d8:5a:e0:43:6d:41:b8:7f:21:da:54:a7:72:71:
                    f5:7a:43:2b:e8:e9:39:a4:f4:b5:0c:e6:98:50:59:
                    c2:ae:a7:cf:64:69:0b:66:fd:be:57:9c:65:0c:cb:
                    63:ff:1d:e4:b2:c3:99:52:60:85:5a:1a:d6:01:0b:
                    2e:66:a7:e4:bd:f1:28:ad:fd:40:66:32:64:e7:a7:
                    00:d5:16:a6:68:bb:13:0e:7f:f9:64:3b:20:f6:04:
                    3e:c5:fb:a2:9c:a6:e4:b8:2e:fc:97:5f:25:5d:15:
                    1e:0d:7a:94:12:63:15:07:8d:54:e0:cb:00:1b:39:
                    30:eb:f3:49:04:d9:07:ac:41:f7:73:93:cf:c8:22:
                    24:1d:79:66:04:dd:97:45:b8:0c:96:03:b2:2b:95:
                    d6:d5:ec:60:d4:d8:22:9e:5e:2d:7d:cc:5d:2a:4f:
                    b0:8f:d0:ff:3a:81:5f:63:18:7d:a3:58:2d:ba:07:
                    24:87:4a:e1:64:3c:87:d3:97:a0:2d:fe:e7:9f:04:
                    bd:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:73:4E:CA:12:60:2E:64:A1:2B:8C:E5:17:D5:DD:00:DD:AA:E2:CE
            X509v3 Authority Key Identifier:
                keyid:A4:CE:96:40:A3:EF:2F:EA:19:37:4A:D8:F9:9F:42:3D:7A:A7:C7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/VnNOyhJgLmShK4zlF9XdAN2q4s4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.128.0-81.19.130.255
                  81.19.142.0/23

    Signature Algorithm: sha256WithRSAEncryption
         12:5f:25:93:fc:d4:45:b9:ab:84:f9:9b:30:e3:62:bc:86:7b:
         52:b7:59:97:c9:50:ec:c1:a3:54:b2:6e:f6:57:70:ec:6d:d0:
         f1:5e:94:6e:db:e6:6b:6b:91:0d:31:c7:31:b4:ce:e9:9e:75:
         0f:15:90:94:ae:33:d9:1d:61:b9:bd:45:38:d8:f1:39:5e:75:
         bd:25:b7:04:9a:99:96:2f:93:03:2c:65:8a:2e:91:32:10:05:
         c8:33:42:b4:4a:cf:99:e5:5e:a1:4b:a3:07:89:28:89:11:76:
         18:17:79:fa:f4:62:22:d9:00:6f:6a:55:87:d3:c1:62:6a:81:
         29:05:a4:6c:38:a0:00:f1:ad:5b:9c:b9:29:00:fb:4e:b9:7f:
         05:95:8f:85:e7:50:b8:49:27:e1:50:c1:5c:16:cb:8d:c6:ae:
         1b:fd:5c:2a:cc:33:30:53:d0:c6:bf:a7:59:02:bd:0b:40:da:
         b6:aa:ee:41:ce:5a:e1:a8:5f:49:26:27:09:46:df:98:af:ad:
         86:9a:0a:60:1a:0e:af:c7:c8:75:e6:f2:ce:39:67:fe:c7:ea:
         4a:a8:11:10:49:cb:c8:dd:f8:d5:7b:49:f2:3e:c9:ed:59:ee:
         b0:18:8d:a2:74:38:c9:f0:63:05:7e:15:96:1e:b5:ea:b4:b0:
         5b:02:ed:0f
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZJhmoL+bErn66A/9/JU//RiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0Y2U5NjQwYTNlZjJmZWExOTM3NGFkOGY5OWY0MjNkN2Fh
N2M3NmIwHhcNMjQxMDA2MTEzMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjczNGVjYTEyNjAyZTY0YTEyYjhjZTUxN2Q1ZGQwMGRkYWFlMmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvFcBorM07vXPMZBOmjFfWa5124xh
jUCPKQPGaf6eZxEqxkURDgimqYF80RZytj5YgAZEbfQtbG6/Osir2FrgQ21BuH8h
2lSncnH1ekMr6Ok5pPS1DOaYUFnCrqfPZGkLZv2+V5xlDMtj/x3kssOZUmCFWhrW
AQsuZqfkvfEorf1AZjJk56cA1RamaLsTDn/5ZDsg9gQ+xfuinKbkuC78l18lXRUe
DXqUEmMVB41U4MsAGzkw6/NJBNkHrEH3c5PPyCIkHXlmBN2XRbgMlgOyK5XW1exg
1Nginl4tfcxdKk+wj9D/OoFfYxh9o1gtugckh0rhZDyH05egLf7nnwS9pQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFFZzTsoSYC5koSuM5RfV3QDdquLOMB8GA1UdIwQY
MBaAFKTOlkCj7y/qGTdK2PmfQj16p8drMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcE02V1FLUHZMLW9aTjByWS1aOUNQWHFueDJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mOGE1ZDEtMjYwYS00NmE0LWE4ZTQt
MjgzZmU1NGE2ZjJmLzEvVm5OT3loSmdMbVNoSzR6bEY5WGRBTjJxNHM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mOGE1ZDEtMjYwYS00NmE0LWE4ZTQtMjgzZmU1NGE2ZjJm
LzEvcE02V1FLUHZMLW9aTjByWS1aOUNQWHFueDJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAdRE4AD
BABRE4IDBAFRE44wDQYJKoZIhvcNAQELBQADggEBABJfJZP81EW5q4T5mzDjYryG
e1K3WZfJUOzBo1SybvZXcOxt0PFelG7b5mtrkQ0xxzG0zumedQ8VkJSuM9kdYbm9
RTjY8Tledb0ltwSamZYvkwMsZYoukTIQBcgzQrRKz5nlXqFLoweJKIkRdhgXefr0
YiLZAG9qVYfTwWJqgSkFpGw4oADxrVucuSkA+065fwWVj4XnULhJJ+FQwVwWy43G
rhv9XCrMMzBT0Ma/p1kCvQtA2raq7kHOWuGoX0kmJwlG35ivrYaaCmAaDq/HyHXm
8s45Z/7H6kqoERBJy8jd+NV7SfI+ye1Z7rAYjaJ0OMnwYwV+FZYeteq0sFsC7Q8=
-----END CERTIFICATE-----