Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/74bd35-0aa8-4718-8900-ccbb6e90a19b/1/SrZmZuifyUP3saO4L8RRvupkBYU.roa
File:                     SrZmZuifyUP3saO4L8RRvupkBYU.roa (raw, json)
Hash identifier:          WYYklL3ufadVb6LYJ2Zlw8xBzRO9gfD4J0oeT+jmY24=
Subject key identifier:   4A:B6:66:66:E8:9F:C9:43:F7:B1:A3:B8:2F:C4:51:BE:EA:64:05:85
Certificate issuer:       /CN=9e475c9202606e6667e94a779e903db697a59025
Certificate serial:       018EE06D91C24FFB6A278201FA636D3C4471
Authority key identifier: 9E:47:5C:92:02:60:6E:66:67:E9:4A:77:9E:90:3D:B6:97:A5:90:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nkdckgJgbmZn6Up3npA9tpelkCU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/74bd35-0aa8-4718-8900-ccbb6e90a19b/1/SrZmZuifyUP3saO4L8RRvupkBYU.roa
Signing time:             Mon 15 Apr 2024 06:24:20 +0000
ROA not before:           Mon 15 Apr 2024 06:24:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12552
IP address blocks:        193.53.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/74bd35-0aa8-4718-8900-ccbb6e90a19b/1/nkdckgJgbmZn6Up3npA9tpelkCU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/74bd35-0aa8-4718-8900-ccbb6e90a19b/1/nkdckgJgbmZn6Up3npA9tpelkCU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nkdckgJgbmZn6Up3npA9tpelkCU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e0:6d:91:c2:4f:fb:6a:27:82:01:fa:63:6d:3c:44:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e475c9202606e6667e94a779e903db697a59025
        Validity
            Not Before: Apr 15 06:24:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ab66666e89fc943f7b1a3b82fc451beea640585
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:16:c5:cb:62:24:b1:0f:57:31:dc:d3:46:35:
                    39:ed:1d:0b:bf:e3:08:62:37:35:61:9e:c3:dc:25:
                    a9:4b:f6:b9:3b:6d:b8:6f:28:0c:4e:42:68:37:df:
                    a7:f8:a7:4f:c9:c5:b0:21:1b:af:07:39:21:61:42:
                    5f:02:51:cb:94:aa:ed:ec:1f:df:fe:40:7b:ff:c4:
                    98:e9:c9:1a:fb:c6:4d:31:1e:15:c4:b5:03:37:3c:
                    b3:83:51:dd:68:7a:5e:c8:42:6b:c3:fa:4c:3e:24:
                    d9:38:e3:e5:12:c8:f4:b6:f5:81:95:5f:26:47:27:
                    62:68:a3:52:84:04:c2:ac:fd:33:e4:38:df:17:cd:
                    94:c1:ee:d0:f2:26:af:e2:41:1e:e7:d4:05:59:1c:
                    57:01:75:a3:0b:bb:a7:7f:ae:4b:70:0d:85:ba:55:
                    1c:15:03:fb:a6:5a:b3:86:1a:f7:01:a6:3d:ca:59:
                    cb:9a:20:7e:48:c1:6c:e8:c9:23:35:d0:87:45:8d:
                    d9:d8:9c:91:c8:18:dd:4a:12:12:37:84:83:88:6c:
                    c8:e5:ab:d9:fa:1e:9a:8f:36:e1:f4:cf:4d:0d:77:
                    12:60:25:d7:2f:43:44:ec:06:1d:45:55:49:1c:ef:
                    f5:54:2f:3c:87:43:a2:68:61:2f:b3:81:6d:a9:c1:
                    42:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:B6:66:66:E8:9F:C9:43:F7:B1:A3:B8:2F:C4:51:BE:EA:64:05:85
            X509v3 Authority Key Identifier:
                keyid:9E:47:5C:92:02:60:6E:66:67:E9:4A:77:9E:90:3D:B6:97:A5:90:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nkdckgJgbmZn6Up3npA9tpelkCU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/74bd35-0aa8-4718-8900-ccbb6e90a19b/1/SrZmZuifyUP3saO4L8RRvupkBYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/74bd35-0aa8-4718-8900-ccbb6e90a19b/1/nkdckgJgbmZn6Up3npA9tpelkCU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.53.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:58:8a:a1:9e:32:a7:84:08:42:80:70:7e:26:3f:7d:70:f1:
         9f:ee:5f:71:12:cf:be:e5:7b:64:f3:ef:e5:7c:7f:a2:2e:e7:
         1c:1a:4c:0a:24:93:e7:90:dd:49:fd:25:c2:14:13:7e:0c:80:
         bd:a4:05:d4:73:54:29:8d:75:27:f9:12:fb:f8:4a:8f:1b:58:
         83:ae:ae:dd:f0:52:06:57:64:51:73:36:0d:a0:a0:ca:28:bd:
         f0:14:52:ec:2e:c5:85:8d:fa:c6:68:23:5a:1a:86:03:ce:59:
         07:1c:6c:d5:13:45:bf:f4:68:2f:10:5d:dd:55:3f:85:2d:d3:
         0e:8e:a3:0e:4c:d5:d1:c8:17:23:04:20:4a:b9:ba:1e:60:34:
         f9:28:82:dc:c2:54:fc:b3:f7:d8:e4:b2:90:fd:b2:2e:68:f6:
         3d:f9:c1:96:29:2a:ea:9d:81:9e:5c:cb:1a:d6:02:5f:6e:5e:
         4b:ba:70:6e:fe:d5:55:ae:67:b0:29:a4:14:24:85:df:08:c6:
         4d:d1:f6:ac:9f:60:d3:71:dc:6b:04:29:f3:9a:6d:93:78:ef:
         19:83:3d:a3:e9:d0:f5:61:41:d8:0f:27:e2:ec:bb:58:4c:ab:
         ba:6a:a5:76:35:1d:ef:ef:44:22:1b:a1:d9:c3:09:e4:51:6b:
         0e:14:3d:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7gbZHCT/tqJ4IB+mNtPERxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNDc1YzkyMDI2MDZlNjY2N2U5NGE3NzllOTAzZGI2OTdh
NTkwMjUwHhcNMjQwNDE1MDYyNDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWI2NjY2NmU4OWZjOTQzZjdiMWEzYjgyZmM0NTFiZWVhNjQwNTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjRbFy2IksQ9XMdzTRjU57R0Lv+MI
Yjc1YZ7D3CWpS/a5O224bygMTkJoN9+n+KdPycWwIRuvBzkhYUJfAlHLlKrt7B/f
/kB7/8SY6cka+8ZNMR4VxLUDNzyzg1HdaHpeyEJrw/pMPiTZOOPlEsj0tvWBlV8m
RydiaKNShATCrP0z5DjfF82Uwe7Q8iav4kEe59QFWRxXAXWjC7unf65LcA2FulUc
FQP7plqzhhr3AaY9ylnLmiB+SMFs6MkjNdCHRY3Z2JyRyBjdShISN4SDiGzI5avZ
+h6ajzbh9M9NDXcSYCXXL0NE7AYdRVVJHO/1VC88h0OiaGEvs4FtqcFCdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEq2Zmbon8lD97GjuC/EUb7qZAWFMB8GA1UdIwQY
MBaAFJ5HXJICYG5mZ+lKd56QPbaXpZAlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmtkY2tnSmdibVpuNlVwM25wQTl0cGVsa0NVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC83NGJkMzUtMGFhOC00NzE4LTg5MDAt
Y2NiYjZlOTBhMTliLzEvU3JabVp1aWZ5VVAzc2FPNEw4UlJ2dXBrQllVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC83NGJkMzUtMGFhOC00NzE4LTg5MDAtY2NiYjZlOTBhMTli
LzEvbmtkY2tnSmdibVpuNlVwM25wQTl0cGVsa0NVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTVRMA0G
CSqGSIb3DQEBCwUAA4IBAQBRWIqhnjKnhAhCgHB+Jj99cPGf7l9xEs++5Xtk8+/l
fH+iLuccGkwKJJPnkN1J/SXCFBN+DIC9pAXUc1QpjXUn+RL7+EqPG1iDrq7d8FIG
V2RRczYNoKDKKL3wFFLsLsWFjfrGaCNaGoYDzlkHHGzVE0W/9GgvEF3dVT+FLdMO
jqMOTNXRyBcjBCBKuboeYDT5KILcwlT8s/fY5LKQ/bIuaPY9+cGWKSrqnYGeXMsa
1gJfbl5LunBu/tVVrmewKaQUJIXfCMZN0fasn2DTcdxrBCnzmm2TeO8Zgz2j6dD1
YUHYDyfi7LtYTKu6aqV2NR3v70QiG6HZwwnkUWsOFD18
-----END CERTIFICATE-----