Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/57d908-207d-497c-ab18-de7be1e5c776/1/aIa4G2Sz1R-JuoMKXvKxvx0-JHY.roa
File:                     aIa4G2Sz1R-JuoMKXvKxvx0-JHY.roa (raw, json)
Hash identifier:          w//xwQXOYwVtcovKFE8TPCciYY93WhxB8SDw4zEwmbM=
Subject key identifier:   68:86:B8:1B:64:B3:D5:1F:89:BA:83:0A:5E:F2:B1:BF:1D:3E:24:76
Certificate issuer:       /CN=e4984f8f36ebf9f8f54c12174f463664d7b23aee
Certificate serial:       019271C1632400C2F7F32FCC12E2A03BAA9C
Authority key identifier: E4:98:4F:8F:36:EB:F9:F8:F5:4C:12:17:4F:46:36:64:D7:B2:3A:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5JhPjzbr-fj1TBIXT0Y2ZNeyOu4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/57d908-207d-497c-ab18-de7be1e5c776/1/aIa4G2Sz1R-JuoMKXvKxvx0-JHY.roa
Signing time:             Wed 09 Oct 2024 14:49:12 +0000
ROA not before:           Wed 09 Oct 2024 14:49:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203966
IP address blocks:        213.171.70.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/57d908-207d-497c-ab18-de7be1e5c776/1/5JhPjzbr-fj1TBIXT0Y2ZNeyOu4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/57d908-207d-497c-ab18-de7be1e5c776/1/5JhPjzbr-fj1TBIXT0Y2ZNeyOu4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5JhPjzbr-fj1TBIXT0Y2ZNeyOu4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 14:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:71:c1:63:24:00:c2:f7:f3:2f:cc:12:e2:a0:3b:aa:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4984f8f36ebf9f8f54c12174f463664d7b23aee
        Validity
            Not Before: Oct  9 14:49:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6886b81b64b3d51f89ba830a5ef2b1bf1d3e2476
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ce:ec:f0:65:e8:be:58:95:4c:c3:c4:e4:44:
                    1c:c0:f4:ac:0f:5f:37:db:23:b6:57:31:b3:b6:07:
                    48:6f:55:a3:b7:f3:5a:7d:e4:58:8b:07:09:4b:6a:
                    f8:00:5f:ab:18:ad:d3:d3:ce:0c:0a:b4:19:ae:66:
                    c1:15:d7:ac:0e:68:d5:cb:ef:b2:e9:c2:04:22:01:
                    b2:1d:1c:91:b5:d6:18:57:96:c4:8f:c5:2e:57:4c:
                    6a:a6:a9:d1:0c:52:c1:d9:1b:d6:c6:50:7e:06:c5:
                    49:4d:b5:1d:dd:76:5c:82:ed:b8:d3:e4:bd:f2:c2:
                    ca:e7:de:13:b1:f7:27:90:67:8e:e8:f3:ad:c5:1d:
                    18:e0:5d:05:17:3d:39:0f:db:8b:7f:c4:e1:b4:bc:
                    82:86:f1:0e:a7:d7:55:aa:fe:90:db:ef:db:75:01:
                    25:85:8b:7f:42:a8:5d:32:c7:cb:57:df:99:dc:61:
                    73:10:d3:1e:ae:c0:83:66:c1:67:49:17:41:95:a8:
                    e6:2a:22:e3:66:ae:a1:d9:69:d6:ca:4c:5b:ec:80:
                    88:00:93:98:5b:4e:e7:1a:82:47:5d:f3:99:14:c4:
                    bf:4a:08:d3:78:79:12:d2:68:a0:4d:f2:eb:b4:2c:
                    fb:b2:29:80:49:b6:03:67:f4:10:6b:88:92:ed:7a:
                    8c:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:86:B8:1B:64:B3:D5:1F:89:BA:83:0A:5E:F2:B1:BF:1D:3E:24:76
            X509v3 Authority Key Identifier:
                keyid:E4:98:4F:8F:36:EB:F9:F8:F5:4C:12:17:4F:46:36:64:D7:B2:3A:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5JhPjzbr-fj1TBIXT0Y2ZNeyOu4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/57d908-207d-497c-ab18-de7be1e5c776/1/aIa4G2Sz1R-JuoMKXvKxvx0-JHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/57d908-207d-497c-ab18-de7be1e5c776/1/5JhPjzbr-fj1TBIXT0Y2ZNeyOu4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.171.70.0/23

    Signature Algorithm: sha256WithRSAEncryption
         24:d1:5b:e7:c8:c8:e4:01:d5:a2:e9:47:de:b1:e4:aa:72:9f:
         ff:48:b9:1c:08:61:81:82:e1:27:06:fd:40:46:18:6f:a0:00:
         29:30:40:0d:85:f0:d5:ff:22:42:f2:e4:3e:83:24:a5:4f:93:
         a6:5a:b3:f0:97:3f:8b:75:0b:b1:d3:35:5a:f0:b9:ac:22:1f:
         ea:8d:27:60:9e:a0:0b:d3:c6:1a:94:85:05:00:1a:c6:53:c4:
         53:16:b9:ac:1b:bb:68:40:5f:ae:34:1d:40:19:83:8c:07:b2:
         69:0e:a2:53:85:f2:6b:1e:48:c1:7a:f7:8e:96:9a:16:f3:75:
         8f:f2:42:ff:0c:b1:a4:a1:f7:a0:36:52:de:0e:9f:70:32:71:
         2b:23:44:c5:68:fd:e5:af:58:26:8c:86:95:b1:ca:a6:89:0e:
         07:93:fb:21:c9:3b:9c:91:97:8d:4d:40:54:c7:26:36:e3:b2:
         8a:30:05:e8:55:4e:21:c5:8e:98:e5:a8:4f:96:e5:26:05:e7:
         00:1a:74:e8:a0:17:71:37:9b:a3:2e:2b:39:a7:a7:74:f8:c6:
         f2:ca:4f:a0:42:f8:52:2a:6c:50:9f:a8:89:a1:03:bf:a0:99:
         e0:89:f0:87:11:96:94:8f:6a:a3:45:d2:c3:bc:60:02:5b:1e:
         d3:1e:20:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJxwWMkAML38y/MEuKgO6qcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0OTg0ZjhmMzZlYmY5ZjhmNTRjMTIxNzRmNDYzNjY0ZDdi
MjNhZWUwHhcNMjQxMDA5MTQ0OTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODg2YjgxYjY0YjNkNTFmODliYTgzMGE1ZWYyYjFiZjFkM2UyNDc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuc7s8GXovliVTMPE5EQcwPSsD183
2yO2VzGztgdIb1Wjt/NafeRYiwcJS2r4AF+rGK3T084MCrQZrmbBFdesDmjVy++y
6cIEIgGyHRyRtdYYV5bEj8UuV0xqpqnRDFLB2RvWxlB+BsVJTbUd3XZcgu240+S9
8sLK594TsfcnkGeO6POtxR0Y4F0FFz05D9uLf8ThtLyChvEOp9dVqv6Q2+/bdQEl
hYt/QqhdMsfLV9+Z3GFzENMersCDZsFnSRdBlajmKiLjZq6h2WnWykxb7ICIAJOY
W07nGoJHXfOZFMS/SgjTeHkS0migTfLrtCz7simASbYDZ/QQa4iS7XqMpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGiGuBtks9UfibqDCl7ysb8dPiR2MB8GA1UdIwQY
MBaAFOSYT4826/n49UwSF09GNmTXsjruMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUpoUGp6YnItZmoxVEJJWFQwWTJaTmV5T3U0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi81N2Q5MDgtMjA3ZC00OTdjLWFiMTgt
ZGU3YmUxZTVjNzc2LzEvYUlhNEcyU3oxUi1KdW9NS1h2S3h2eDAtSkhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi81N2Q5MDgtMjA3ZC00OTdjLWFiMTgtZGU3YmUxZTVjNzc2
LzEvNUpoUGp6YnItZmoxVEJJWFQwWTJaTmV5T3U0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1atGMA0G
CSqGSIb3DQEBCwUAA4IBAQAk0VvnyMjkAdWi6UfeseSqcp//SLkcCGGBguEnBv1A
RhhvoAApMEANhfDV/yJC8uQ+gySlT5OmWrPwlz+LdQux0zVa8LmsIh/qjSdgnqAL
08YalIUFABrGU8RTFrmsG7toQF+uNB1AGYOMB7JpDqJThfJrHkjBeveOlpoW83WP
8kL/DLGkofegNlLeDp9wMnErI0TFaP3lr1gmjIaVscqmiQ4Hk/shyTuckZeNTUBU
xyY247KKMAXoVU4hxY6Y5ahPluUmBecAGnTooBdxN5ujLis5p6d0+Mbyyk+gQvhS
KmxQn6iJoQO/oJngifCHEZaUj2qjRdLDvGACWx7THiCx
-----END CERTIFICATE-----