Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/YmAp41lC9tYrHA7qmTNZdrlL3Ms.roa
File:                     YmAp41lC9tYrHA7qmTNZdrlL3Ms.roa (raw, json)
Hash identifier:          vVwnBwZzRgRE+k8wHtwl2ZlcPT2gl69pHHScZYHzIM4=
Subject key identifier:   62:60:29:E3:59:42:F6:D6:2B:1C:0E:EA:99:33:59:76:B9:4B:DC:CB
Certificate issuer:       /CN=d411abc4c0468ab2891eaacadba0dc0377936fd5
Certificate serial:       018CC5014AA728E6356FDE38001F05DAE21D
Authority key identifier: D4:11:AB:C4:C0:46:8A:B2:89:1E:AA:CA:DB:A0:DC:03:77:93:6F:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/YmAp41lC9tYrHA7qmTNZdrlL3Ms.roa
Signing time:             Mon 01 Jan 2024 12:30:45 +0000
ROA not before:           Mon 01 Jan 2024 12:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48623
IP address blocks:        81.4.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:4a:a7:28:e6:35:6f:de:38:00:1f:05:da:e2:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d411abc4c0468ab2891eaacadba0dc0377936fd5
        Validity
            Not Before: Jan  1 12:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=626029e35942f6d62b1c0eea99335976b94bdccb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:1d:4b:9d:f6:45:8d:a7:ce:48:23:40:d4:9c:
                    b0:57:38:e2:88:f0:0e:a0:4c:7e:8b:f8:27:13:9c:
                    48:18:fd:c7:33:ba:0f:6b:e8:69:c4:40:3b:f6:70:
                    f6:5e:cc:c5:4a:77:38:9f:d3:1d:c8:76:e7:3f:fa:
                    26:40:54:d2:e1:00:ca:ae:b9:d7:ef:88:0b:27:f1:
                    15:32:85:9a:cb:17:b2:4f:e9:89:46:45:31:5f:80:
                    91:99:78:c0:be:bb:64:a3:34:52:04:38:d3:d7:1a:
                    fc:f0:de:95:ec:50:ff:5e:7c:d9:d0:91:8d:33:90:
                    db:e3:08:9c:b1:0b:64:31:88:24:20:7d:7f:45:04:
                    b8:b0:b4:05:5e:01:77:68:0c:3b:6f:a0:d3:ae:74:
                    c4:b8:83:a7:e2:e4:be:87:eb:10:c5:ed:ce:10:ea:
                    d2:f5:96:5e:85:3b:08:b5:ae:e0:84:0d:ba:4f:f8:
                    9d:2e:a2:c6:1e:94:4f:ac:b0:fc:29:61:9a:f6:b4:
                    46:69:62:08:0c:8e:38:c9:f0:7b:40:c2:18:15:b5:
                    70:b0:b8:51:ae:20:13:9a:9f:c6:bd:cc:24:ed:d4:
                    45:5d:a2:00:7b:81:93:4c:70:5e:6b:c4:9e:f6:0b:
                    85:90:a9:2b:1d:07:c3:3f:c4:ef:4a:77:8e:6b:c1:
                    26:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:60:29:E3:59:42:F6:D6:2B:1C:0E:EA:99:33:59:76:B9:4B:DC:CB
            X509v3 Authority Key Identifier:
                keyid:D4:11:AB:C4:C0:46:8A:B2:89:1E:AA:CA:DB:A0:DC:03:77:93:6F:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/YmAp41lC9tYrHA7qmTNZdrlL3Ms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.4.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:c6:0b:c9:87:85:bf:5a:a4:c2:f9:70:e5:0e:7c:cf:bb:44:
         ce:9c:bb:8a:61:ce:20:b9:d0:26:92:74:a9:11:ff:c8:c9:66:
         3b:ba:94:4b:d4:71:ef:d1:db:8d:37:b2:d1:6d:17:f4:a9:fa:
         b7:37:3f:a2:8c:02:ff:d2:36:9e:22:ee:e6:03:ab:0c:a1:ad:
         ad:1d:8d:8f:af:0c:03:b6:7a:10:e1:27:b8:10:47:d5:ec:cf:
         18:cb:c0:9f:e8:8a:51:57:cb:52:5a:9c:c3:f9:a4:9c:f4:85:
         86:6d:de:76:0e:cf:a3:06:ac:d7:3b:ae:6b:47:9f:76:93:21:
         07:9d:c0:cb:e0:ae:55:32:35:13:af:d7:c6:92:50:57:b4:a3:
         9f:43:1d:12:07:53:9e:31:30:f7:32:57:34:df:95:9d:6d:22:
         39:62:51:e0:b4:46:db:70:ec:9f:6d:37:21:e9:6f:69:8f:e1:
         b7:bc:16:25:05:e0:ae:9c:e8:0b:e1:99:43:2a:1c:55:56:1e:
         6b:81:22:6a:91:ad:8c:0e:3e:e5:8c:84:65:bb:a3:f0:86:52:
         dd:2b:ce:aa:00:bc:b0:de:fd:71:c7:ad:03:06:90:23:27:cd:
         ba:bf:75:d1:aa:36:8d:98:0b:fb:63:1f:90:a4:54:b8:2e:df:
         87:72:57:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAUqnKOY1b944AB8F2uIdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MTFhYmM0YzA0NjhhYjI4OTFlYWFjYWRiYTBkYzAzNzc5
MzZmZDUwHhcNMjQwMTAxMTIzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjYwMjllMzU5NDJmNmQ2MmIxYzBlZWE5OTMzNTk3NmI5NGJkY2NiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAph1LnfZFjafOSCNA1JywVzjiiPAO
oEx+i/gnE5xIGP3HM7oPa+hpxEA79nD2XszFSnc4n9MdyHbnP/omQFTS4QDKrrnX
74gLJ/EVMoWayxeyT+mJRkUxX4CRmXjAvrtkozRSBDjT1xr88N6V7FD/XnzZ0JGN
M5Db4wicsQtkMYgkIH1/RQS4sLQFXgF3aAw7b6DTrnTEuIOn4uS+h+sQxe3OEOrS
9ZZehTsIta7ghA26T/idLqLGHpRPrLD8KWGa9rRGaWIIDI44yfB7QMIYFbVwsLhR
riATmp/Gvcwk7dRFXaIAe4GTTHBea8Se9guFkKkrHQfDP8TvSneOa8EmiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGJgKeNZQvbWKxwO6pkzWXa5S9zLMB8GA1UdIwQY
MBaAFNQRq8TARoqyiR6qytug3AN3k2/VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUJHcnhNQkdpcktKSHFySzI2RGNBM2VUYjlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My82MThlNTMtYWZjNC00MGRmLTg2MTIt
YjBmNGI5YzM3ZTQ5LzEvWW1BcDQxbEM5dFlySEE3cW1UTlpkcmxMM01zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My82MThlNTMtYWZjNC00MGRmLTg2MTItYjBmNGI5YzM3ZTQ5
LzEvMUJHcnhNQkdpcktKSHFySzI2RGNBM2VUYjlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUQSaMA0G
CSqGSIb3DQEBCwUAA4IBAQCgxgvJh4W/WqTC+XDlDnzPu0TOnLuKYc4gudAmknSp
Ef/IyWY7upRL1HHv0duNN7LRbRf0qfq3Nz+ijAL/0jaeIu7mA6sMoa2tHY2PrwwD
tnoQ4Se4EEfV7M8Yy8Cf6IpRV8tSWpzD+aSc9IWGbd52Ds+jBqzXO65rR592kyEH
ncDL4K5VMjUTr9fGklBXtKOfQx0SB1OeMTD3Mlc035WdbSI5YlHgtEbbcOyfbTch
6W9pj+G3vBYlBeCunOgL4ZlDKhxVVh5rgSJqka2MDj7ljIRlu6PwhlLdK86qALyw
3v1xx60DBpAjJ826v3XRqjaNmAv7Yx+QpFS4Lt+Hcley
-----END CERTIFICATE-----