Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/wZF77SiErYymosNHzp8aF-JhSN0.roa
File:                     wZF77SiErYymosNHzp8aF-JhSN0.roa (raw, json)
Hash identifier:          KReCDeSN+XFI3gXfRjrK0vu1WQZqer0ApJzCHW9RNDg=
Subject key identifier:   C1:91:7B:ED:28:84:AD:8C:A6:A2:C3:47:CE:9F:1A:17:E2:61:48:DD
Certificate issuer:       /CN=a4ce9640a3ef2fea19374ad8f99f423d7aa7c76b
Certificate serial:       018CC794DCAD34B3156A343FA84C7D273246
Authority key identifier: A4:CE:96:40:A3:EF:2F:EA:19:37:4A:D8:F9:9F:42:3D:7A:A7:C7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/wZF77SiErYymosNHzp8aF-JhSN0.roa
Signing time:             Tue 02 Jan 2024 00:31:10 +0000
ROA not before:           Tue 02 Jan 2024 00:31:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     142019
IP address blocks:        81.19.134.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:dc:ad:34:b3:15:6a:34:3f:a8:4c:7d:27:32:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4ce9640a3ef2fea19374ad8f99f423d7aa7c76b
        Validity
            Not Before: Jan  2 00:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1917bed2884ad8ca6a2c347ce9f1a17e26148dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:17:3e:54:ad:d1:94:71:da:eb:d3:0a:73:0c:
                    e5:e3:1d:f9:34:ed:be:a1:22:20:d7:e1:8e:6a:8e:
                    d0:d1:c3:fe:b5:f5:ce:6f:09:88:1d:cc:8d:2f:99:
                    84:57:71:cc:2c:b1:f7:3d:b3:82:4b:43:77:d9:bd:
                    67:58:0c:5d:1f:69:db:83:36:4a:3a:6f:2b:80:ea:
                    64:82:80:84:0e:c6:9c:9e:65:07:33:11:f7:b1:4a:
                    14:57:cf:fe:0f:bc:c3:61:e6:37:3c:68:9a:89:63:
                    6a:c9:23:31:fd:e4:b1:30:d9:ff:9d:26:ce:c4:59:
                    33:2e:e3:da:b0:f1:4d:de:11:2f:a3:cb:39:04:11:
                    e0:63:e6:bb:d6:ce:59:98:fc:3d:a5:10:a5:70:d0:
                    ee:b6:f0:ea:98:b5:86:5a:9a:d6:32:ba:24:f9:81:
                    18:d0:65:d0:42:0a:61:0c:ea:3f:dc:4f:b6:24:b3:
                    fa:05:c1:e8:7f:fd:29:bb:e6:30:67:c5:40:f4:09:
                    d3:c2:f4:62:55:88:8e:a2:83:cf:14:0f:df:be:8b:
                    87:41:96:7f:ed:20:8f:43:35:49:05:c9:a4:97:9d:
                    56:80:90:7f:e5:ae:10:c7:53:a7:40:35:cc:d5:d7:
                    db:8e:19:85:b8:e9:11:4e:64:23:c5:23:33:a2:08:
                    fe:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:91:7B:ED:28:84:AD:8C:A6:A2:C3:47:CE:9F:1A:17:E2:61:48:DD
            X509v3 Authority Key Identifier:
                keyid:A4:CE:96:40:A3:EF:2F:EA:19:37:4A:D8:F9:9F:42:3D:7A:A7:C7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/wZF77SiErYymosNHzp8aF-JhSN0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:14:11:c8:2b:51:8f:84:5b:ef:62:3d:39:82:61:d1:a2:4b:
         4a:d1:96:ac:37:53:1c:60:f2:8d:db:aa:95:cb:4e:4d:8d:e5:
         e1:9b:15:71:a7:f6:5c:6e:3d:ec:39:10:98:4d:11:bc:43:b1:
         00:2a:28:68:c8:d7:ec:03:a5:c7:ca:13:75:f7:ce:e3:f5:72:
         56:51:be:d3:ce:22:f5:32:c0:07:a2:b2:a3:eb:65:1b:57:0a:
         65:01:6c:57:b7:da:7c:e5:75:78:3c:44:c1:72:ad:2d:30:eb:
         de:0c:1f:d8:f1:f4:e5:1c:05:ab:53:d2:eb:22:00:4b:8b:5a:
         a3:be:cf:6a:9b:25:07:fd:9f:3e:60:dd:83:0a:15:fc:59:fb:
         a5:50:17:62:07:04:d3:99:a7:70:88:0c:c3:61:fc:13:71:af:
         73:58:d2:de:ef:2b:66:e7:53:22:7e:64:97:9c:ab:65:bc:82:
         3f:cc:3d:e4:c2:3f:5b:c1:03:91:13:83:06:98:43:f1:8c:de:
         6c:f0:03:e0:53:10:f5:dc:5f:8f:74:7f:ad:ea:ab:b2:0a:2d:
         a4:05:47:b2:0e:49:1f:6d:02:5a:5d:54:21:bb:47:b0:73:95:
         cc:fb:7c:d5:ed:27:ac:61:35:75:93:5c:8d:80:de:9d:cf:0b:
         86:af:8e:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlNytNLMVajQ/qEx9JzJGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0Y2U5NjQwYTNlZjJmZWExOTM3NGFkOGY5OWY0MjNkN2Fh
N2M3NmIwHhcNMjQwMTAyMDAzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTkxN2JlZDI4ODRhZDhjYTZhMmMzNDdjZTlmMWExN2UyNjE0OGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgRc+VK3RlHHa69MKcwzl4x35NO2+
oSIg1+GOao7Q0cP+tfXObwmIHcyNL5mEV3HMLLH3PbOCS0N32b1nWAxdH2nbgzZK
Om8rgOpkgoCEDsacnmUHMxH3sUoUV8/+D7zDYeY3PGiaiWNqySMx/eSxMNn/nSbO
xFkzLuPasPFN3hEvo8s5BBHgY+a71s5ZmPw9pRClcNDutvDqmLWGWprWMrok+YEY
0GXQQgphDOo/3E+2JLP6BcHof/0pu+YwZ8VA9AnTwvRiVYiOooPPFA/fvouHQZZ/
7SCPQzVJBcmkl51WgJB/5a4Qx1OnQDXM1dfbjhmFuOkRTmQjxSMzogj+xQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMGRe+0ohK2MpqLDR86fGhfiYUjdMB8GA1UdIwQY
MBaAFKTOlkCj7y/qGTdK2PmfQj16p8drMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcE02V1FLUHZMLW9aTjByWS1aOUNQWHFueDJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mOGE1ZDEtMjYwYS00NmE0LWE4ZTQt
MjgzZmU1NGE2ZjJmLzEvd1pGNzdTaUVyWXltb3NOSHpwOGFGLUpoU04wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mOGE1ZDEtMjYwYS00NmE0LWE4ZTQtMjgzZmU1NGE2ZjJm
LzEvcE02V1FLUHZMLW9aTjByWS1aOUNQWHFueDJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUROGMA0G
CSqGSIb3DQEBCwUAA4IBAQCYFBHIK1GPhFvvYj05gmHRoktK0ZasN1McYPKN26qV
y05NjeXhmxVxp/Zcbj3sORCYTRG8Q7EAKihoyNfsA6XHyhN1987j9XJWUb7TziL1
MsAHorKj62UbVwplAWxXt9p85XV4PETBcq0tMOveDB/Y8fTlHAWrU9LrIgBLi1qj
vs9qmyUH/Z8+YN2DChX8WfulUBdiBwTTmadwiAzDYfwTca9zWNLe7ytm51MifmSX
nKtlvII/zD3kwj9bwQORE4MGmEPxjN5s8APgUxD13F+PdH+t6quyCi2kBUeyDkkf
bQJaXVQhu0ewc5XM+3zV7SesYTV1k1yNgN6dzwuGr449
-----END CERTIFICATE-----