Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/6e6405-dbe7-42b2-887c-ffdebec8f505/1/Q41Bh49j8x0Af-AolPps_Lyk9UA.roa
File:                     Q41Bh49j8x0Af-AolPps_Lyk9UA.roa (raw, json)
Hash identifier:          c7nudvfhvDMN6k28jSggayeWQx0ztUGba2F28gZAKY4=
Subject key identifier:   43:8D:41:87:8F:63:F3:1D:00:7F:E0:28:94:FA:6C:FC:BC:A4:F5:40
Certificate issuer:       /CN=e4db0301fe2461c6de3f718d847cb5dc7c00b2d2
Certificate serial:       018CC2DB0504EF215D30403A138E7718F931
Authority key identifier: E4:DB:03:01:FE:24:61:C6:DE:3F:71:8D:84:7C:B5:DC:7C:00:B2:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5NsDAf4kYcbeP3GNhHy13HwAstI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/6e6405-dbe7-42b2-887c-ffdebec8f505/1/Q41Bh49j8x0Af-AolPps_Lyk9UA.roa
Signing time:             Mon 01 Jan 2024 02:29:42 +0000
ROA not before:           Mon 01 Jan 2024 02:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56433
IP address blocks:        178.54.3.0/24 maxlen: 24
                          178.54.124.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/6e6405-dbe7-42b2-887c-ffdebec8f505/1/5NsDAf4kYcbeP3GNhHy13HwAstI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/6e6405-dbe7-42b2-887c-ffdebec8f505/1/5NsDAf4kYcbeP3GNhHy13HwAstI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5NsDAf4kYcbeP3GNhHy13HwAstI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:05:04:ef:21:5d:30:40:3a:13:8e:77:18:f9:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4db0301fe2461c6de3f718d847cb5dc7c00b2d2
        Validity
            Not Before: Jan  1 02:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=438d41878f63f31d007fe02894fa6cfcbca4f540
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:ca:bf:ff:f3:a3:3c:78:02:3b:60:ba:ac:5c:
                    f8:3b:1d:94:31:f9:9b:4f:73:1a:06:c3:69:72:77:
                    3a:0d:1d:bb:71:ab:fc:f5:94:d3:5f:ce:c2:7c:cb:
                    b3:97:69:24:6f:9c:ad:81:07:d9:9c:aa:92:2e:59:
                    8f:f6:a2:73:b3:d6:21:24:ad:1a:5f:19:96:5e:f1:
                    36:bb:90:66:6b:34:6b:65:94:83:88:8e:6a:27:0b:
                    bf:16:6d:1a:8a:b8:c3:f2:7b:66:20:b1:e9:ea:51:
                    ee:60:0d:90:14:3a:bf:43:3a:6c:93:37:48:43:94:
                    60:af:b2:c5:ef:b0:31:34:fa:07:50:5f:9d:9f:a0:
                    b4:92:02:44:a7:7f:c1:ba:52:8b:71:18:fb:d0:fe:
                    54:b0:1b:dc:f5:bb:b9:1c:36:af:64:6f:e5:ca:17:
                    c9:a0:38:63:19:ee:b3:94:f1:3e:b3:5a:58:99:e4:
                    84:c9:b0:bb:dc:da:6b:c8:83:9f:a0:15:de:51:72:
                    c2:fc:9d:30:f4:ae:91:79:3b:00:04:39:8b:c8:e2:
                    84:4b:3c:d0:05:d4:f3:6d:bb:52:77:3a:34:22:c3:
                    6a:36:78:9b:58:6f:fe:89:95:bc:40:9a:5b:fc:78:
                    4e:8b:bb:04:4e:31:f0:45:05:4c:42:59:27:77:29:
                    97:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:8D:41:87:8F:63:F3:1D:00:7F:E0:28:94:FA:6C:FC:BC:A4:F5:40
            X509v3 Authority Key Identifier:
                keyid:E4:DB:03:01:FE:24:61:C6:DE:3F:71:8D:84:7C:B5:DC:7C:00:B2:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5NsDAf4kYcbeP3GNhHy13HwAstI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/6e6405-dbe7-42b2-887c-ffdebec8f505/1/Q41Bh49j8x0Af-AolPps_Lyk9UA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/6e6405-dbe7-42b2-887c-ffdebec8f505/1/5NsDAf4kYcbeP3GNhHy13HwAstI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.54.3.0/24
                  178.54.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         46:a4:e1:4a:ef:a5:77:e4:4f:fb:3a:04:b8:d6:3f:2f:2f:d2:
         a7:c5:f5:63:45:da:b4:78:9c:14:0d:2e:5c:60:47:ad:0e:29:
         e1:17:7b:a0:33:1f:c7:23:58:ae:69:03:c7:8d:5b:df:49:de:
         6e:11:d2:32:ce:79:71:99:2f:e6:a0:2b:6f:83:1a:57:c7:e4:
         76:c4:94:ad:7f:02:2a:26:2f:51:5b:f4:92:82:ef:56:34:20:
         27:c7:03:79:41:1e:34:48:9d:0a:97:30:93:19:bd:db:a5:44:
         5a:2b:6d:ec:eb:c3:9d:d7:70:01:38:06:87:61:ce:cb:bd:38:
         40:f2:bd:db:ff:3f:5d:c8:30:0c:b6:a1:7d:70:22:2d:11:98:
         2b:a2:b9:0b:16:71:ad:9d:e6:88:16:12:16:51:92:c0:4e:c6:
         eb:36:fc:9b:23:93:d3:e8:7a:c6:17:c3:0f:5b:48:de:de:3e:
         c0:28:ce:d5:50:93:a0:02:4c:8b:94:f2:95:cd:fa:53:47:33:
         2d:29:78:77:6e:27:9e:70:b3:df:51:fc:96:03:6f:b4:91:2f:
         b3:71:2e:d7:6f:8c:84:38:af:a6:c4:bb:f1:88:86:09:3f:c0:
         19:e8:da:c1:49:f8:25:ab:54:6e:04:c5:e3:c7:9d:17:2c:c8:
         eb:0a:4f:52
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2wUE7yFdMEA6E453GPkxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0ZGIwMzAxZmUyNDYxYzZkZTNmNzE4ZDg0N2NiNWRjN2Mw
MGIyZDIwHhcNMjQwMTAxMDIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzhkNDE4NzhmNjNmMzFkMDA3ZmUwMjg5NGZhNmNmY2JjYTRmNTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwcq///OjPHgCO2C6rFz4Ox2UMfmb
T3MaBsNpcnc6DR27cav89ZTTX87CfMuzl2kkb5ytgQfZnKqSLlmP9qJzs9YhJK0a
XxmWXvE2u5BmazRrZZSDiI5qJwu/Fm0airjD8ntmILHp6lHuYA2QFDq/QzpskzdI
Q5Rgr7LF77AxNPoHUF+dn6C0kgJEp3/BulKLcRj70P5UsBvc9bu5HDavZG/lyhfJ
oDhjGe6zlPE+s1pYmeSEybC73NpryIOfoBXeUXLC/J0w9K6ReTsABDmLyOKESzzQ
BdTzbbtSdzo0IsNqNnibWG/+iZW8QJpb/HhOi7sETjHwRQVMQlkndymXGQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEONQYePY/MdAH/gKJT6bPy8pPVAMB8GA1UdIwQY
MBaAFOTbAwH+JGHG3j9xjYR8tdx8ALLSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNU5zREFmNGtZY2JlUDNHTmhIeTEzSHdBc3RJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC82ZTY0MDUtZGJlNy00MmIyLTg4N2Mt
ZmZkZWJlYzhmNTA1LzEvUTQxQmg0OWo4eDBBZi1Bb2xQcHNfTHlrOVVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC82ZTY0MDUtZGJlNy00MmIyLTg4N2MtZmZkZWJlYzhmNTA1
LzEvNU5zREFmNGtZY2JlUDNHTmhIeTEzSHdBc3RJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsjYDAwQC
sjZ8MA0GCSqGSIb3DQEBCwUAA4IBAQBGpOFK76V35E/7OgS41j8vL9KnxfVjRdq0
eJwUDS5cYEetDinhF3ugMx/HI1iuaQPHjVvfSd5uEdIyznlxmS/moCtvgxpXx+R2
xJStfwIqJi9RW/SSgu9WNCAnxwN5QR40SJ0KlzCTGb3bpURaK23s68Od13ABOAaH
Yc7LvThA8r3b/z9dyDAMtqF9cCItEZgrorkLFnGtneaIFhIWUZLATsbrNvybI5PT
6HrGF8MPW0je3j7AKM7VUJOgAkyLlPKVzfpTRzMtKXh3bieecLPfUfyWA2+0kS+z
cS7Xb4yEOK+mxLvxiIYJP8AZ6NrBSfglq1RuBMXjx50XLMjrCk9S
-----END CERTIFICATE-----