Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/4wcsnbuQg9lisLfF66Jln3tVgj0.roa
File:                     4wcsnbuQg9lisLfF66Jln3tVgj0.roa (raw, json)
Hash identifier:          hLnZVohBENwlvnzoaX/kvPxPY3BdcbOl80iXDJUvS+8=
Subject key identifier:   E3:07:2C:9D:BB:90:83:D9:62:B0:B7:C5:EB:A2:65:9F:7B:55:82:3D
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       018CC64AE33FA13F44E9122848DAE878C29B
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/4wcsnbuQg9lisLfF66Jln3tVgj0.roa
Signing time:             Mon 01 Jan 2024 18:30:45 +0000
ROA not before:           Mon 01 Jan 2024 18:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200209
IP address blocks:        178.251.231.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:e3:3f:a1:3f:44:e9:12:28:48:da:e8:78:c2:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  1 18:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3072c9dbb9083d962b0b7c5eba2659f7b55823d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:62:5e:ab:96:30:6f:54:f7:cc:94:b8:2c:f5:
                    ba:30:71:53:4d:b6:3b:a3:e5:4a:ae:9a:50:74:ba:
                    c5:a6:47:a7:6e:55:cc:c6:57:5e:0d:1c:e4:77:39:
                    70:d8:f9:68:0d:86:29:6b:f0:5b:eb:b4:ff:3a:45:
                    7b:82:91:4f:0b:09:8e:da:e9:ef:c6:bc:f5:ef:c4:
                    e6:b9:e3:ee:ef:25:fe:a7:22:e6:b7:91:5e:75:9d:
                    40:36:b9:d9:3f:d9:6e:b4:7f:59:20:56:63:19:b1:
                    bc:44:f9:c7:58:fd:0a:20:56:06:b0:2a:cc:71:9a:
                    23:e3:5b:1f:84:fd:fb:91:71:5a:03:27:4f:9c:3b:
                    92:36:4f:af:17:37:91:46:e8:76:b7:1f:11:d4:56:
                    f0:19:c5:f0:a2:79:4f:0a:5b:06:c9:10:99:e9:00:
                    8d:98:9b:27:6a:3f:f7:30:64:4e:1b:d5:3d:df:ea:
                    e3:cc:45:b2:02:7f:45:76:43:1c:6f:3b:6d:5c:f4:
                    de:58:b0:77:35:e7:c7:cf:b7:fb:f1:6c:f3:cd:ad:
                    06:70:af:06:c7:6f:9d:ca:f2:32:77:c1:1d:20:72:
                    c7:ce:75:f9:6a:88:a0:16:28:0c:af:6f:d4:8e:d4:
                    a8:04:a5:e3:5e:56:df:38:e0:03:3a:bf:15:34:62:
                    be:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:07:2C:9D:BB:90:83:D9:62:B0:B7:C5:EB:A2:65:9F:7B:55:82:3D
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/4wcsnbuQg9lisLfF66Jln3tVgj0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.251.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:e5:d8:3e:91:5e:1c:25:c2:e5:a3:d1:9c:fc:23:51:83:1a:
         8e:39:2a:59:20:71:0b:11:d7:6d:06:dd:ea:02:be:5c:5f:b9:
         bb:1c:2e:67:0a:7d:28:e4:f3:f3:05:3d:05:14:ff:ef:81:b6:
         24:aa:09:21:44:37:c6:f6:5a:c8:80:f2:6d:f2:c8:df:3d:4c:
         47:b8:fd:26:f5:f5:a2:28:ca:b7:da:ad:d4:69:ea:86:8d:5a:
         d9:cb:36:4b:fd:f2:98:04:72:ae:4b:0a:a7:22:14:fa:aa:7c:
         9a:b0:29:47:98:fc:b5:53:0c:14:b3:2d:5a:4a:7e:84:6c:6e:
         68:83:a3:34:02:cc:64:80:23:3c:f0:d2:fa:b9:be:92:c3:a0:
         50:87:36:81:a4:ca:28:95:b2:dc:68:4f:d0:35:67:aa:61:73:
         3c:f8:75:1c:b8:3a:79:a3:24:ce:f6:73:4c:d2:da:ac:11:00:
         13:ab:ea:39:fd:06:3e:c8:ec:5b:d6:22:6c:94:03:87:96:bc:
         70:72:51:66:2c:56:84:05:39:8a:89:b5:84:37:79:8d:b3:33:
         6a:95:3a:53:d4:3f:4a:36:ce:df:89:fc:ef:1c:a7:e9:79:8b:
         44:65:ed:20:49:20:75:b4:5d:35:ed:67:2c:0e:b0:f7:c3:e4:
         bc:91:d4:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSuM/oT9E6RIoSNroeMKbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjQwMTAxMTgzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzA3MmM5ZGJiOTA4M2Q5NjJiMGI3YzVlYmEyNjU5ZjdiNTU4MjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3mJeq5Ywb1T3zJS4LPW6MHFTTbY7
o+VKrppQdLrFpkenblXMxldeDRzkdzlw2PloDYYpa/Bb67T/OkV7gpFPCwmO2unv
xrz178TmuePu7yX+pyLmt5FedZ1ANrnZP9lutH9ZIFZjGbG8RPnHWP0KIFYGsCrM
cZoj41sfhP37kXFaAydPnDuSNk+vFzeRRuh2tx8R1FbwGcXwonlPClsGyRCZ6QCN
mJsnaj/3MGROG9U93+rjzEWyAn9FdkMcbzttXPTeWLB3NefHz7f78Wzzza0GcK8G
x2+dyvIyd8EdIHLHznX5aoigFigMr2/UjtSoBKXjXlbfOOADOr8VNGK+awIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOMHLJ27kIPZYrC3xeuiZZ97VYI9MB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvNHdjc25idVFnOWxpc0xmRjY2SmxuM3RWZ2owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsvvnMA0G
CSqGSIb3DQEBCwUAA4IBAQBl5dg+kV4cJcLlo9Gc/CNRgxqOOSpZIHELEddtBt3q
Ar5cX7m7HC5nCn0o5PPzBT0FFP/vgbYkqgkhRDfG9lrIgPJt8sjfPUxHuP0m9fWi
KMq32q3UaeqGjVrZyzZL/fKYBHKuSwqnIhT6qnyasClHmPy1UwwUsy1aSn6EbG5o
g6M0AsxkgCM88NL6ub6Sw6BQhzaBpMoolbLcaE/QNWeqYXM8+HUcuDp5oyTO9nNM
0tqsEQATq+o5/QY+yOxb1iJslAOHlrxwclFmLFaEBTmKibWEN3mNszNqlTpT1D9K
Ns7fifzvHKfpeYtEZe0gSSB1tF017WcsDrD3w+S8kdRI
-----END CERTIFICATE-----