Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/rlnANYhn0Q231-PfjCIDLWqigZ8.roa
File:                     rlnANYhn0Q231-PfjCIDLWqigZ8.roa (raw, json)
Hash identifier:          tYS4VBMCC5IOv+h+4UqQl4XLZr73w9nq5Q5PDJrqrrM=
Subject key identifier:   AE:59:C0:35:88:67:D1:0D:B7:D7:E3:DF:8C:22:03:2D:6A:A2:81:9F
Certificate issuer:       /CN=d411abc4c0468ab2891eaacadba0dc0377936fd5
Certificate serial:       018CC501498814E284372063548AE365DDFE
Authority key identifier: D4:11:AB:C4:C0:46:8A:B2:89:1E:AA:CA:DB:A0:DC:03:77:93:6F:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/rlnANYhn0Q231-PfjCIDLWqigZ8.roa
Signing time:             Mon 01 Jan 2024 12:30:45 +0000
ROA not before:           Mon 01 Jan 2024 12:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24655
IP address blocks:        81.4.190.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:49:88:14:e2:84:37:20:63:54:8a:e3:65:dd:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d411abc4c0468ab2891eaacadba0dc0377936fd5
        Validity
            Not Before: Jan  1 12:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae59c0358867d10db7d7e3df8c22032d6aa2819f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:d4:37:24:73:56:11:57:fc:c2:a4:f2:96:e0:
                    4e:86:65:70:95:e5:97:e1:02:c4:69:a4:61:71:59:
                    ab:72:a3:d9:d1:98:5e:49:f6:54:89:90:09:92:9a:
                    72:6b:1f:07:34:7b:ed:a1:7a:55:33:54:16:a7:0c:
                    1a:c6:f3:a0:2b:6b:9b:09:a1:02:59:2c:2c:bd:1c:
                    bf:88:bd:38:9b:0b:21:80:c8:c5:8f:44:92:9a:77:
                    96:11:2d:c6:4a:6a:1d:41:ad:68:91:bd:df:a5:13:
                    38:45:8c:bc:29:38:39:26:3e:fb:2c:ca:af:33:0e:
                    31:f0:6a:fe:a1:4e:c0:e8:ed:5f:8f:a3:65:43:92:
                    cc:10:77:a4:4b:89:be:74:da:66:4a:59:6f:c1:d5:
                    1b:97:9e:49:3a:c4:2a:1e:19:54:fe:bc:10:9b:0e:
                    22:55:f1:89:ba:d3:b9:0d:c5:02:ca:31:89:50:f8:
                    19:63:d7:68:10:2a:f6:94:ca:51:a1:bb:64:9d:5f:
                    d5:25:8e:3d:6d:2f:6a:ca:76:59:4f:d1:6c:5d:ba:
                    cf:9e:d9:0f:6f:e7:31:fb:9c:94:e7:32:04:74:87:
                    41:03:86:03:a4:84:9d:3f:d6:b9:7e:b1:8a:f9:6e:
                    b5:30:d6:e5:35:a7:47:48:5b:0c:ef:14:1f:f6:8a:
                    b2:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:59:C0:35:88:67:D1:0D:B7:D7:E3:DF:8C:22:03:2D:6A:A2:81:9F
            X509v3 Authority Key Identifier:
                keyid:D4:11:AB:C4:C0:46:8A:B2:89:1E:AA:CA:DB:A0:DC:03:77:93:6F:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/rlnANYhn0Q231-PfjCIDLWqigZ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.4.190.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5d:d1:51:da:27:58:c0:49:98:95:db:5e:cc:a0:0a:75:ee:6c:
         c8:14:52:50:ef:7d:14:c9:4d:d3:62:d2:73:50:ac:0a:64:96:
         d2:4a:f5:2a:34:03:e3:ec:08:32:31:b1:02:5d:74:e1:02:54:
         03:e7:ba:e4:ac:59:83:7e:18:61:40:27:c8:54:bc:a2:43:38:
         68:e2:d5:c5:d8:c1:b4:11:e9:65:87:51:91:82:14:84:62:03:
         8b:fe:96:ef:b6:1a:ee:1e:28:9a:55:a1:31:d1:52:f7:ec:51:
         b5:be:ff:16:ca:b2:f8:bd:fb:98:c3:0f:c6:26:35:44:57:3f:
         d8:ed:63:ee:91:24:67:9e:38:95:58:a3:bc:aa:95:d7:12:8a:
         19:30:da:e2:ba:31:20:14:b1:8a:96:b0:6d:83:80:b1:b5:bd:
         b1:14:36:a7:6c:ad:9a:fc:c2:6c:14:84:11:da:84:0a:65:9d:
         13:cc:07:a5:c3:15:2c:fd:14:99:3b:29:ed:c1:37:1c:41:95:
         60:fd:aa:31:80:0a:4d:1a:20:74:93:43:ba:aa:9c:bd:3f:6e:
         53:9f:8f:f2:c3:22:b8:6d:97:c4:b3:b4:45:92:99:70:9f:21:
         93:27:9a:a7:2b:d8:87:33:24:05:91:16:75:e3:90:a0:32:23:
         1a:24:19:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAUmIFOKENyBjVIrjZd3+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MTFhYmM0YzA0NjhhYjI4OTFlYWFjYWRiYTBkYzAzNzc5
MzZmZDUwHhcNMjQwMTAxMTIzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTU5YzAzNTg4NjdkMTBkYjdkN2UzZGY4YzIyMDMyZDZhYTI4MTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNQ3JHNWEVf8wqTyluBOhmVwleWX
4QLEaaRhcVmrcqPZ0ZheSfZUiZAJkppyax8HNHvtoXpVM1QWpwwaxvOgK2ubCaEC
WSwsvRy/iL04mwshgMjFj0SSmneWES3GSmodQa1okb3fpRM4RYy8KTg5Jj77LMqv
Mw4x8Gr+oU7A6O1fj6NlQ5LMEHekS4m+dNpmSllvwdUbl55JOsQqHhlU/rwQmw4i
VfGJutO5DcUCyjGJUPgZY9doECr2lMpRobtknV/VJY49bS9qynZZT9FsXbrPntkP
b+cx+5yU5zIEdIdBA4YDpISdP9a5frGK+W61MNblNadHSFsM7xQf9oqyrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK5ZwDWIZ9ENt9fj34wiAy1qooGfMB8GA1UdIwQY
MBaAFNQRq8TARoqyiR6qytug3AN3k2/VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUJHcnhNQkdpcktKSHFySzI2RGNBM2VUYjlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My82MThlNTMtYWZjNC00MGRmLTg2MTIt
YjBmNGI5YzM3ZTQ5LzEvcmxuQU5ZaG4wUTIzMS1QZmpDSURMV3FpZ1o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My82MThlNTMtYWZjNC00MGRmLTg2MTItYjBmNGI5YzM3ZTQ5
LzEvMUJHcnhNQkdpcktKSHFySzI2RGNBM2VUYjlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUQS+MA0G
CSqGSIb3DQEBCwUAA4IBAQBd0VHaJ1jASZiV217MoAp17mzIFFJQ730UyU3TYtJz
UKwKZJbSSvUqNAPj7AgyMbECXXThAlQD57rkrFmDfhhhQCfIVLyiQzho4tXF2MG0
Eellh1GRghSEYgOL/pbvthruHiiaVaEx0VL37FG1vv8WyrL4vfuYww/GJjVEVz/Y
7WPukSRnnjiVWKO8qpXXEooZMNriujEgFLGKlrBtg4Cxtb2xFDanbK2a/MJsFIQR
2oQKZZ0TzAelwxUs/RSZOyntwTccQZVg/aoxgApNGiB0k0O6qpy9P25Tn4/ywyK4
bZfEs7RFkplwnyGTJ5qnK9iHMyQFkRZ145CgMiMaJBlB
-----END CERTIFICATE-----