Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/dcAEUZ_ghRVpaUYo3WWA9zUPe9U.roa
File:                     dcAEUZ_ghRVpaUYo3WWA9zUPe9U.roa (raw, json)
Hash identifier:          AsvsdGamYH2cSArWOQT5cvLOD/2t8gp5MEnt/aWjLII=
Subject key identifier:   75:C0:04:51:9F:E0:85:15:69:69:46:28:DD:65:80:F7:35:0F:7B:D5
Certificate issuer:       /CN=a4ce9640a3ef2fea19374ad8f99f423d7aa7c76b
Certificate serial:       0194221F849846BD02C5692B14E0E966229B
Authority key identifier: A4:CE:96:40:A3:EF:2F:EA:19:37:4A:D8:F9:9F:42:3D:7A:A7:C7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/dcAEUZ_ghRVpaUYo3WWA9zUPe9U.roa
Signing time:             Wed 01 Jan 2025 13:47:58 +0000
ROA not before:           Wed 01 Jan 2025 13:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42233
IP address blocks:        81.19.134.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:84:98:46:bd:02:c5:69:2b:14:e0:e9:66:22:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4ce9640a3ef2fea19374ad8f99f423d7aa7c76b
        Validity
            Not Before: Jan  1 13:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=75c004519fe0851569694628dd6580f7350f7bd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:25:b2:11:c3:13:8e:28:65:84:9b:ee:06:75:
                    9f:27:ff:46:6a:82:a7:92:73:ce:f4:01:b6:2f:c4:
                    09:05:20:86:d1:8a:b0:57:05:07:dc:f1:c0:a7:59:
                    2c:2c:00:03:19:8c:09:70:b9:8e:2a:23:8a:fe:a7:
                    a5:3b:31:5a:80:9c:7d:c3:35:db:e4:92:50:ae:59:
                    19:2f:19:19:16:f7:14:e4:40:fc:b4:90:50:ec:4d:
                    05:ce:e2:94:6c:c2:69:97:56:a4:e5:44:fe:e7:0b:
                    59:ca:a0:02:13:14:b8:30:a1:f4:59:b4:35:99:78:
                    08:ab:b0:d3:b1:99:05:17:9e:6e:49:23:68:81:87:
                    cf:36:e5:99:15:6e:0d:21:dd:a4:01:20:f0:91:ff:
                    72:7a:32:7b:f1:c6:ec:11:34:89:1a:96:ed:1d:25:
                    f5:00:c6:e8:68:b4:00:ed:21:b9:85:d9:11:bd:5d:
                    e5:d7:22:c3:b2:fc:d4:ed:dd:03:af:b9:f4:01:34:
                    ab:05:88:2e:4b:0c:55:aa:89:37:56:10:06:fe:e2:
                    3e:74:e4:f0:01:5c:bd:42:cd:ef:4c:76:24:0c:e5:
                    fd:02:68:dd:a7:a3:fc:42:86:64:ef:bf:18:c1:e0:
                    7e:67:4c:fe:6f:fe:45:13:35:84:28:ee:1e:49:a2:
                    bf:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:C0:04:51:9F:E0:85:15:69:69:46:28:DD:65:80:F7:35:0F:7B:D5
            X509v3 Authority Key Identifier:
                keyid:A4:CE:96:40:A3:EF:2F:EA:19:37:4A:D8:F9:9F:42:3D:7A:A7:C7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/dcAEUZ_ghRVpaUYo3WWA9zUPe9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:e1:f6:1f:43:5b:0c:74:ad:e0:ca:7d:a6:3f:d5:f2:63:f3:
         c8:a9:f9:1d:d2:52:29:8d:49:94:3d:69:56:b9:aa:39:d5:27:
         4e:a7:88:0e:89:25:fe:81:aa:c7:a4:e3:5a:bb:11:55:b2:c5:
         36:42:c0:db:e6:57:29:44:02:58:bd:83:b2:e8:c0:37:c4:62:
         37:32:ef:32:92:82:b2:91:dd:a7:9c:62:68:33:4a:89:2b:af:
         16:39:0d:ce:2d:77:91:db:43:f7:9e:61:16:ec:06:0f:51:34:
         9d:c7:ac:8f:ff:c2:2f:47:ed:04:70:f1:75:d3:19:e2:d1:03:
         b8:0a:5a:75:50:ef:6b:f9:28:b5:72:f7:a8:70:e3:2a:f8:b0:
         3e:01:bb:30:21:52:d6:39:e4:1f:08:31:01:2f:2a:d4:f6:91:
         94:e4:d5:9a:ae:35:9e:76:2c:18:b3:c4:7a:9a:19:98:51:ff:
         21:8b:b0:13:8e:82:a8:50:28:85:14:38:82:88:e3:49:45:e9:
         91:8a:db:e0:65:f3:06:c4:76:12:e6:34:f6:e7:28:6d:b8:23:
         39:cb:3e:b2:26:ee:7e:94:e0:e7:47:12:b4:61:39:6f:91:32:
         fd:36:f7:21:b6:33:db:e4:84:69:22:cd:7d:ff:7a:91:c7:18:
         9d:87:07:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH4SYRr0CxWkrFODpZiKbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0Y2U5NjQwYTNlZjJmZWExOTM3NGFkOGY5OWY0MjNkN2Fh
N2M3NmIwHhcNMjUwMTAxMTM0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWMwMDQ1MTlmZTA4NTE1Njk2OTQ2MjhkZDY1ODBmNzM1MGY3YmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8yWyEcMTjihlhJvuBnWfJ/9GaoKn
knPO9AG2L8QJBSCG0YqwVwUH3PHAp1ksLAADGYwJcLmOKiOK/qelOzFagJx9wzXb
5JJQrlkZLxkZFvcU5ED8tJBQ7E0FzuKUbMJpl1ak5UT+5wtZyqACExS4MKH0WbQ1
mXgIq7DTsZkFF55uSSNogYfPNuWZFW4NId2kASDwkf9yejJ78cbsETSJGpbtHSX1
AMboaLQA7SG5hdkRvV3l1yLDsvzU7d0Dr7n0ATSrBYguSwxVqok3VhAG/uI+dOTw
AVy9Qs3vTHYkDOX9Amjdp6P8QoZk778YweB+Z0z+b/5FEzWEKO4eSaK/LQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHXABFGf4IUVaWlGKN1lgPc1D3vVMB8GA1UdIwQY
MBaAFKTOlkCj7y/qGTdK2PmfQj16p8drMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcE02V1FLUHZMLW9aTjByWS1aOUNQWHFueDJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mOGE1ZDEtMjYwYS00NmE0LWE4ZTQt
MjgzZmU1NGE2ZjJmLzEvZGNBRVVaX2doUlZwYVVZbzNXV0E5elVQZTlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mOGE1ZDEtMjYwYS00NmE0LWE4ZTQtMjgzZmU1NGE2ZjJm
LzEvcE02V1FLUHZMLW9aTjByWS1aOUNQWHFueDJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUROGMA0G
CSqGSIb3DQEBCwUAA4IBAQBT4fYfQ1sMdK3gyn2mP9XyY/PIqfkd0lIpjUmUPWlW
uao51SdOp4gOiSX+garHpONauxFVssU2QsDb5lcpRAJYvYOy6MA3xGI3Mu8ykoKy
kd2nnGJoM0qJK68WOQ3OLXeR20P3nmEW7AYPUTSdx6yP/8IvR+0EcPF10xni0QO4
Clp1UO9r+Si1cveocOMq+LA+AbswIVLWOeQfCDEBLyrU9pGU5NWarjWediwYs8R6
mhmYUf8hi7ATjoKoUCiFFDiCiONJRemRitvgZfMGxHYS5jT25yhtuCM5yz6yJu5+
lODnRxK0YTlvkTL9NvchtjPb5IRpIs19/3qRxxidhwck
-----END CERTIFICATE-----