Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/382597-0d50-400d-a71b-676e80dc1de6/1/UR2RuHCBWF4wKv4yVoxaXNNCi_4.roa
File:                     UR2RuHCBWF4wKv4yVoxaXNNCi_4.roa (raw, json)
Hash identifier:          jHf0mvprSEbxpqn/IM1esqYL8393M8C/Q1WQeX3vbFM=
Subject key identifier:   51:1D:91:B8:70:81:58:5E:30:2A:FE:32:56:8C:5A:5C:D3:42:8B:FE
Certificate issuer:       /CN=9854da518232319f67a32fd8ad4c06536c41d5bf
Certificate serial:       018CC4255530C160A65EA42408063FE385D0
Authority key identifier: 98:54:DA:51:82:32:31:9F:67:A3:2F:D8:AD:4C:06:53:6C:41:D5:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mFTaUYIyMZ9noy_YrUwGU2xB1b8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/382597-0d50-400d-a71b-676e80dc1de6/1/UR2RuHCBWF4wKv4yVoxaXNNCi_4.roa
Signing time:             Mon 01 Jan 2024 08:30:30 +0000
ROA not before:           Mon 01 Jan 2024 08:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        141.75.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/382597-0d50-400d-a71b-676e80dc1de6/1/mFTaUYIyMZ9noy_YrUwGU2xB1b8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/382597-0d50-400d-a71b-676e80dc1de6/1/mFTaUYIyMZ9noy_YrUwGU2xB1b8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mFTaUYIyMZ9noy_YrUwGU2xB1b8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:55:30:c1:60:a6:5e:a4:24:08:06:3f:e3:85:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9854da518232319f67a32fd8ad4c06536c41d5bf
        Validity
            Not Before: Jan  1 08:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=511d91b87081585e302afe32568c5a5cd3428bfe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:63:32:20:d6:1d:57:f7:07:04:e2:38:1d:2d:
                    d3:e7:db:da:ad:9f:c1:25:1c:5b:c7:ae:96:a4:fb:
                    95:ba:57:f3:bf:8e:ab:d1:18:5e:d8:6d:3c:fa:4f:
                    2b:22:a4:51:04:ce:d8:a3:0d:7a:6d:ff:bc:2d:b8:
                    b1:11:3e:8d:9b:61:29:18:dd:3f:05:cd:85:4b:9a:
                    45:cf:cf:39:55:a9:78:39:6f:ff:59:7f:d8:df:5f:
                    e6:fb:be:d8:2b:60:1b:2b:3a:e7:e7:7c:35:4e:cc:
                    83:c9:23:61:61:0f:8e:f1:af:69:d5:6a:c5:08:ba:
                    50:74:b1:77:45:16:55:3f:47:b2:dc:78:b7:1c:49:
                    c7:7b:3c:42:8e:d2:c8:b7:e0:c1:41:32:17:cd:6a:
                    64:a5:79:82:ac:5a:09:68:ff:c5:dc:1b:e0:5b:19:
                    ad:8d:b4:b1:f7:30:d6:69:d6:0f:78:1d:3e:55:3e:
                    8d:91:9b:62:f3:03:e4:89:f3:ec:d6:e2:0b:43:b2:
                    18:da:8b:60:fc:e8:32:5b:73:d4:66:5a:d5:39:57:
                    55:ba:88:2a:31:fb:2c:a2:21:27:b1:7c:d8:15:5c:
                    7f:40:ca:99:36:e4:f3:32:63:dd:3b:c0:5d:7e:95:
                    66:39:2a:51:fd:40:5a:07:94:d6:6a:d6:fd:2d:6c:
                    6d:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:1D:91:B8:70:81:58:5E:30:2A:FE:32:56:8C:5A:5C:D3:42:8B:FE
            X509v3 Authority Key Identifier:
                keyid:98:54:DA:51:82:32:31:9F:67:A3:2F:D8:AD:4C:06:53:6C:41:D5:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mFTaUYIyMZ9noy_YrUwGU2xB1b8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/382597-0d50-400d-a71b-676e80dc1de6/1/UR2RuHCBWF4wKv4yVoxaXNNCi_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/382597-0d50-400d-a71b-676e80dc1de6/1/mFTaUYIyMZ9noy_YrUwGU2xB1b8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.75.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         53:08:83:9a:11:d7:0d:1d:a0:e0:0a:06:ab:c1:39:4c:2f:c3:
         2d:0d:c3:1a:91:05:b3:7a:29:4f:be:6b:ee:35:b4:70:03:24:
         2b:9c:74:71:d8:7c:c4:49:bc:7b:73:0b:2f:99:89:25:b8:5f:
         91:72:31:ac:70:79:f4:ed:e4:be:f0:ee:2c:55:48:36:ba:e5:
         e6:91:11:3f:a9:f4:87:f0:aa:b6:e0:9b:e9:16:b3:0b:4a:04:
         58:ac:4b:1e:f5:c8:10:bd:ac:b6:c2:8d:4e:ac:64:ab:d8:7b:
         5b:ec:a7:a8:14:99:7b:d0:c1:56:c9:76:62:2c:36:dc:50:95:
         54:dd:e5:9f:4d:de:b9:ef:86:75:92:85:5d:b8:a5:80:26:e3:
         92:a7:5d:2a:a3:f1:80:8b:b4:de:21:6a:fa:91:71:b3:95:18:
         89:a2:50:18:ff:a4:0c:e4:37:35:f6:0f:f8:00:a1:8d:68:ae:
         25:96:5f:53:a4:2e:b1:44:41:52:4e:ea:b0:7a:ee:3a:41:b0:
         04:33:bf:2b:78:98:24:9b:43:b1:c3:d2:48:55:ce:b7:02:78:
         b1:fc:1a:66:70:38:02:e7:d5:a7:26:f7:cd:d1:cc:aa:b8:ac:
         08:73:e0:d7:26:79:0e:4d:9c:7e:f3:0c:25:74:34:84:64:70:
         7d:90:8a:dc
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzEJVUwwWCmXqQkCAY/44XQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4NTRkYTUxODIzMjMxOWY2N2EzMmZkOGFkNGMwNjUzNmM0
MWQ1YmYwHhcNMjQwMTAxMDgzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTFkOTFiODcwODE1ODVlMzAyYWZlMzI1NjhjNWE1Y2QzNDI4YmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAimMyINYdV/cHBOI4HS3T59varZ/B
JRxbx66WpPuVulfzv46r0Rhe2G08+k8rIqRRBM7Yow16bf+8LbixET6Nm2EpGN0/
Bc2FS5pFz885Val4OW//WX/Y31/m+77YK2AbKzrn53w1TsyDySNhYQ+O8a9p1WrF
CLpQdLF3RRZVP0ey3Hi3HEnHezxCjtLIt+DBQTIXzWpkpXmCrFoJaP/F3BvgWxmt
jbSx9zDWadYPeB0+VT6NkZti8wPkifPs1uILQ7IY2otg/OgyW3PUZlrVOVdVuogq
MfssoiEnsXzYFVx/QMqZNuTzMmPdO8BdfpVmOSpR/UBaB5TWatb9LWxtEwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFFEdkbhwgVheMCr+MlaMWlzTQov+MB8GA1UdIwQY
MBaAFJhU2lGCMjGfZ6Mv2K1MBlNsQdW/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUZUYVVZSXlNWjlub3lfWXJVd0dVMnhCMWI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8zODI1OTctMGQ1MC00MDBkLWE3MWIt
Njc2ZTgwZGMxZGU2LzEvVVIyUnVIQ0JXRjR3S3Y0eVZveGFYTk5DaV80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8zODI1OTctMGQ1MC00MDBkLWE3MWItNjc2ZTgwZGMxZGU2
LzEvbUZUYVVZSXlNWjlub3lfWXJVd0dVMnhCMWI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjUswDQYJ
KoZIhvcNAQELBQADggEBAFMIg5oR1w0doOAKBqvBOUwvwy0NwxqRBbN6KU++a+41
tHADJCucdHHYfMRJvHtzCy+ZiSW4X5FyMaxwefTt5L7w7ixVSDa65eaRET+p9Ifw
qrbgm+kWswtKBFisSx71yBC9rLbCjU6sZKvYe1vsp6gUmXvQwVbJdmIsNtxQlVTd
5Z9N3rnvhnWShV24pYAm45KnXSqj8YCLtN4havqRcbOVGImiUBj/pAzkNzX2D/gA
oY1oriWWX1OkLrFEQVJO6rB67jpBsAQzvyt4mCSbQ7HD0khVzrcCeLH8GmZwOALn
1acm983RzKq4rAhz4NcmeQ5NnH7zDCV0NIRkcH2Qitw=
-----END CERTIFICATE-----