Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/ERlQozT9VPgnhv2eJiMZQIpro7w.roa
File:                     ERlQozT9VPgnhv2eJiMZQIpro7w.roa (raw, json)
Hash identifier:          nEtGTDWtrGNr2MflMz/nrudBJ/BIf492NGsLb9UYI5I=
Subject key identifier:   11:19:50:A3:34:FD:54:F8:27:86:FD:9E:26:23:19:40:8A:6B:A3:BC
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       018F3EE5C5AD63D65B89EFD28054BDDD8D42
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/ERlQozT9VPgnhv2eJiMZQIpro7w.roa
Signing time:             Fri 03 May 2024 14:39:56 +0000
ROA not before:           Fri 03 May 2024 14:39:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210918
IP address blocks:        5.1.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:3e:e5:c5:ad:63:d6:5b:89:ef:d2:80:54:bd:dd:8d:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: May  3 14:39:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=111950a334fd54f82786fd9e262319408a6ba3bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:98:06:b6:6a:77:27:e2:af:ff:32:b3:fa:98:
                    85:55:3b:f6:06:40:ea:d4:e7:33:15:c6:db:47:3c:
                    90:77:ef:79:6d:7d:58:7e:d5:7d:bd:c1:f4:d8:33:
                    4f:48:43:8d:63:a9:f4:77:a4:21:5e:34:2b:c0:d3:
                    bb:67:d2:ba:30:43:d3:7e:9f:5e:75:cb:38:8b:af:
                    3f:44:b4:47:cf:5c:db:49:9c:28:2a:94:37:9b:7a:
                    74:5d:e9:ef:d0:09:72:99:4d:7c:09:e1:c9:fa:09:
                    25:02:86:16:8e:1e:f0:a8:30:88:e2:12:95:26:b5:
                    b0:74:25:b9:64:92:a9:e5:b5:6c:c4:52:95:f4:16:
                    3e:60:c9:c7:e3:20:d1:51:5b:37:bb:69:66:28:25:
                    7d:f6:46:bd:0a:9f:81:e9:43:89:a1:55:40:13:4e:
                    12:04:82:09:9a:ce:e7:6b:95:34:87:e6:b1:a5:28:
                    c8:db:e1:3b:5a:f0:06:0d:f7:b9:84:af:df:3e:2d:
                    92:d7:15:a9:0c:b7:a2:a9:3c:f2:63:06:3c:e6:37:
                    ce:e2:fb:85:44:47:4f:26:bf:26:ff:2d:ec:41:d6:
                    b4:c7:33:47:30:27:9d:db:dc:b4:c3:41:ae:83:b7:
                    54:e7:e9:f3:a0:88:91:ab:e4:75:de:e5:1b:1e:7a:
                    cf:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:19:50:A3:34:FD:54:F8:27:86:FD:9E:26:23:19:40:8A:6B:A3:BC
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/ERlQozT9VPgnhv2eJiMZQIpro7w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.1.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:45:b7:86:8b:44:6f:ed:3b:d7:c0:42:b6:06:55:e0:36:af:
         a8:c2:91:14:e5:bd:7d:21:2b:3a:d8:04:21:d2:7b:c3:b6:78:
         fd:a1:15:00:17:d0:c1:0d:78:da:b0:2f:ab:60:5e:e3:d8:93:
         df:ba:29:87:73:19:d2:a8:72:02:21:31:59:94:23:f8:74:2f:
         b8:38:13:fd:8d:1e:48:89:56:1b:72:61:43:64:e9:31:7f:2c:
         5d:ba:78:bc:8e:6a:3e:07:8a:0a:60:98:b2:6d:05:73:6d:52:
         10:59:b3:a6:23:5c:f8:ef:bd:9e:50:02:85:47:11:2e:4e:76:
         58:62:ef:33:2f:40:46:0e:cb:13:1e:07:3f:76:85:30:45:eb:
         26:8a:ee:8a:ee:e3:3e:79:32:36:be:cc:08:1f:18:41:e0:87:
         66:6c:fc:d5:5b:fd:6a:4b:64:3e:24:47:32:95:16:4d:06:a2:
         b9:1c:77:00:04:b5:7a:ad:fd:e1:0f:7b:78:46:48:a2:1a:76:
         8c:db:53:4c:76:23:5c:e9:47:c2:47:8d:2a:c5:f5:04:7f:86:
         66:01:f0:37:f3:c9:fa:b1:8a:0b:22:59:14:c9:c4:43:8d:1a:
         c2:f8:19:3d:0e:59:a9:f1:25:59:45:dc:97:98:f5:22:ca:b0:
         b4:05:d0:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8+5cWtY9Zbie/SgFS93Y1CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjQwNTAzMTQzOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTE5NTBhMzM0ZmQ1NGY4Mjc4NmZkOWUyNjIzMTk0MDhhNmJhM2JjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZgGtmp3J+Kv/zKz+piFVTv2BkDq
1OczFcbbRzyQd+95bX1YftV9vcH02DNPSEONY6n0d6QhXjQrwNO7Z9K6MEPTfp9e
dcs4i68/RLRHz1zbSZwoKpQ3m3p0Xenv0AlymU18CeHJ+gklAoYWjh7wqDCI4hKV
JrWwdCW5ZJKp5bVsxFKV9BY+YMnH4yDRUVs3u2lmKCV99ka9Cp+B6UOJoVVAE04S
BIIJms7na5U0h+axpSjI2+E7WvAGDfe5hK/fPi2S1xWpDLeiqTzyYwY85jfO4vuF
REdPJr8m/y3sQda0xzNHMCed29y0w0Gug7dU5+nzoIiRq+R13uUbHnrPHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBEZUKM0/VT4J4b9niYjGUCKa6O8MB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvRVJsUW96VDlWUGduaHYyZUppTVpRSXBybzd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABQFKMA0G
CSqGSIb3DQEBCwUAA4IBAQCORbeGi0Rv7TvXwEK2BlXgNq+owpEU5b19ISs62AQh
0nvDtnj9oRUAF9DBDXjasC+rYF7j2JPfuimHcxnSqHICITFZlCP4dC+4OBP9jR5I
iVYbcmFDZOkxfyxduni8jmo+B4oKYJiybQVzbVIQWbOmI1z4772eUAKFRxEuTnZY
Yu8zL0BGDssTHgc/doUwResmiu6K7uM+eTI2vswIHxhB4IdmbPzVW/1qS2Q+JEcy
lRZNBqK5HHcABLV6rf3hD3t4RkiiGnaM21NMdiNc6UfCR40qxfUEf4ZmAfA388n6
sYoLIlkUycRDjRrC+Bk9Dlmp8SVZRdyXmPUiyrC0BdDJ
-----END CERTIFICATE-----