Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/79fbc0-3351-4fff-b9d5-75561cbf104d/1/4tZVN6Ms2htfi-RUFAQoYddn0Gc.roa
File:                     4tZVN6Ms2htfi-RUFAQoYddn0Gc.roa (raw, json)
Hash identifier:          8DMo4FWTe0TsEvPfuOSSd/UQpNua/hhzg/dtRxsjrVI=
Subject key identifier:   E2:D6:55:37:A3:2C:DA:1B:5F:8B:E4:54:14:04:28:61:D7:67:D0:67
Certificate issuer:       /CN=9e1aca341635166f802f98a97e00280ccee64ce2
Certificate serial:       018CC94DA591F592C8D37C8275B3D9425184
Authority key identifier: 9E:1A:CA:34:16:35:16:6F:80:2F:98:A9:7E:00:28:0C:CE:E6:4C:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nhrKNBY1Fm-AL5ipfgAoDM7mTOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/79fbc0-3351-4fff-b9d5-75561cbf104d/1/4tZVN6Ms2htfi-RUFAQoYddn0Gc.roa
Signing time:             Tue 02 Jan 2024 08:32:38 +0000
ROA not before:           Tue 02 Jan 2024 08:32:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200315
IP address blocks:        138.128.224.0/22 maxlen: 24
                          2a13:90c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/79fbc0-3351-4fff-b9d5-75561cbf104d/1/nhrKNBY1Fm-AL5ipfgAoDM7mTOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/79fbc0-3351-4fff-b9d5-75561cbf104d/1/nhrKNBY1Fm-AL5ipfgAoDM7mTOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nhrKNBY1Fm-AL5ipfgAoDM7mTOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 11:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:a5:91:f5:92:c8:d3:7c:82:75:b3:d9:42:51:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e1aca341635166f802f98a97e00280ccee64ce2
        Validity
            Not Before: Jan  2 08:32:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2d65537a32cda1b5f8be45414042861d767d067
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:6c:4f:3c:c5:20:a5:e2:c1:80:88:e7:38:96:
                    36:8c:16:6f:05:37:ea:49:2b:e6:2d:83:ab:f1:ed:
                    3a:f2:62:0f:3b:fd:e9:c5:1c:8b:cd:72:4c:1e:58:
                    37:03:c4:a6:f1:22:1f:e6:68:e0:5c:79:26:af:eb:
                    6a:be:50:82:7e:32:18:f1:ed:cc:ef:77:da:34:4f:
                    53:0a:2e:ac:fb:30:51:5c:44:cd:da:d1:78:bf:74:
                    8a:31:5d:4e:dd:ab:14:90:0a:df:f7:a2:48:57:0b:
                    80:24:90:68:42:b4:89:64:c6:e2:c7:0c:46:31:b7:
                    ea:a6:68:ae:1f:2f:11:1b:d8:9c:88:4b:1e:e7:41:
                    e5:81:fe:48:cb:47:b5:ae:27:f7:85:b4:68:ca:06:
                    9c:a9:11:1e:35:14:d1:86:f8:20:54:16:6c:c5:2f:
                    8b:15:a2:fe:02:7a:bb:97:c8:63:8c:04:b9:7a:6b:
                    93:a0:d2:44:e0:ea:57:d7:53:08:16:6d:aa:64:7e:
                    df:cc:e5:68:0e:1b:85:22:f4:92:e7:29:75:da:41:
                    cb:22:52:f2:51:43:15:e1:0a:25:46:94:76:ec:f3:
                    6f:8c:a3:65:78:6c:bb:f6:42:66:58:c6:e7:f5:22:
                    8f:ff:1c:ec:76:12:aa:6e:71:d1:e8:e3:0f:5f:b3:
                    93:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:D6:55:37:A3:2C:DA:1B:5F:8B:E4:54:14:04:28:61:D7:67:D0:67
            X509v3 Authority Key Identifier:
                keyid:9E:1A:CA:34:16:35:16:6F:80:2F:98:A9:7E:00:28:0C:CE:E6:4C:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nhrKNBY1Fm-AL5ipfgAoDM7mTOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/79fbc0-3351-4fff-b9d5-75561cbf104d/1/4tZVN6Ms2htfi-RUFAQoYddn0Gc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/79fbc0-3351-4fff-b9d5-75561cbf104d/1/nhrKNBY1Fm-AL5ipfgAoDM7mTOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.128.224.0/22
                IPv6:
                  2a13:90c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         44:53:2a:39:9b:57:30:31:ea:75:69:ca:6e:7b:46:3b:1b:c3:
         93:6a:b9:48:cf:6c:81:28:f2:b2:6a:ae:86:fb:da:bc:9c:ba:
         1e:f5:dc:1c:7e:71:89:13:41:89:74:b6:98:d5:c2:73:54:3e:
         9d:85:33:6a:bc:ae:51:80:3f:02:ac:ac:34:6d:1d:a1:00:ed:
         6b:f1:5c:26:fa:97:8a:b4:06:4d:0d:ae:84:25:d5:1f:4e:0b:
         74:31:af:27:85:f0:fe:bb:99:d5:8f:7f:35:e8:06:cc:f5:7f:
         c0:f5:ac:31:49:35:d9:5a:b6:f5:54:c8:dc:4a:35:88:ef:7d:
         e1:c0:be:e7:03:8d:44:d2:88:e3:92:60:56:f9:5a:87:d7:e4:
         b1:32:3a:29:d7:94:e8:eb:fd:a8:f2:4d:91:53:7e:db:12:b4:
         f7:69:fb:14:23:26:12:8b:f6:9d:06:ed:5e:cb:d2:61:bc:ed:
         3c:13:eb:8f:0d:88:01:72:68:33:51:45:22:e8:e2:99:b7:8b:
         77:28:05:06:09:14:11:38:c6:91:20:48:1e:19:fe:20:b2:bd:
         db:54:2e:cd:77:f0:fb:67:f5:f0:e7:e4:a2:0b:4f:ef:94:ad:
         77:a5:df:d1:61:11:14:0f:85:a5:ff:f0:92:dd:89:fc:5d:e2:
         33:51:9d:96
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTaWR9ZLI03yCdbPZQlGEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllMWFjYTM0MTYzNTE2NmY4MDJmOThhOTdlMDAyODBjY2Vl
NjRjZTIwHhcNMjQwMTAyMDgzMjM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmQ2NTUzN2EzMmNkYTFiNWY4YmU0NTQxNDA0Mjg2MWQ3NjdkMDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyGxPPMUgpeLBgIjnOJY2jBZvBTfq
SSvmLYOr8e068mIPO/3pxRyLzXJMHlg3A8Sm8SIf5mjgXHkmr+tqvlCCfjIY8e3M
73faNE9TCi6s+zBRXETN2tF4v3SKMV1O3asUkArf96JIVwuAJJBoQrSJZMbixwxG
MbfqpmiuHy8RG9iciEse50Hlgf5Iy0e1rif3hbRoygacqREeNRTRhvggVBZsxS+L
FaL+Anq7l8hjjAS5emuToNJE4OpX11MIFm2qZH7fzOVoDhuFIvSS5yl12kHLIlLy
UUMV4QolRpR27PNvjKNleGy79kJmWMbn9SKP/xzsdhKqbnHR6OMPX7OTlwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOLWVTejLNobX4vkVBQEKGHXZ9BnMB8GA1UdIwQY
MBaAFJ4ayjQWNRZvgC+YqX4AKAzO5kziMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmhyS05CWTFGbS1BTDVpcGZnQW9ETTdtVE9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS83OWZiYzAtMzM1MS00ZmZmLWI5ZDUt
NzU1NjFjYmYxMDRkLzEvNHRaVk42TXMyaHRmaS1SVUZBUW9ZZGRuMEdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS83OWZiYzAtMzM1MS00ZmZmLWI5ZDUtNzU1NjFjYmYxMDRk
LzEvbmhyS05CWTFGbS1BTDVpcGZnQW9ETTdtVE9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCioDgMA0E
AgACMAcDBQMqE5DAMA0GCSqGSIb3DQEBCwUAA4IBAQBEUyo5m1cwMep1acpue0Y7
G8OTarlIz2yBKPKyaq6G+9q8nLoe9dwcfnGJE0GJdLaY1cJzVD6dhTNqvK5RgD8C
rKw0bR2hAO1r8Vwm+peKtAZNDa6EJdUfTgt0Ma8nhfD+u5nVj3816AbM9X/A9awx
STXZWrb1VMjcSjWI733hwL7nA41E0ojjkmBW+VqH1+SxMjop15To6/2o8k2RU37b
ErT3afsUIyYSi/adBu1ey9JhvO08E+uPDYgBcmgzUUUi6OKZt4t3KAUGCRQROMaR
IEgeGf4gsr3bVC7Nd/D7Z/Xw5+SiC0/vlK13pd/RYREUD4Wl//CS3Yn8XeIzUZ2W
-----END CERTIFICATE-----