Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/NZ2lAQlurwxTjnE_j91IZ7K3fsQ.roa
File:                     NZ2lAQlurwxTjnE_j91IZ7K3fsQ.roa (raw, json)
Hash identifier:          EYrIGPZXCNwVwWu9nm2DlCU0yGomEzDG6Oe3XuXtqvg=
Subject key identifier:   35:9D:A5:01:09:6E:AF:0C:53:8E:71:3F:8F:DD:48:67:B2:B7:7E:C4
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       018CC64ADA4A28990948F33F88E904315DAF
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/NZ2lAQlurwxTjnE_j91IZ7K3fsQ.roa
Signing time:             Mon 01 Jan 2024 18:30:43 +0000
ROA not before:           Mon 01 Jan 2024 18:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12586
IP address blocks:        178.251.228.102/32 maxlen: 32
                          5.1.81.142/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:da:4a:28:99:09:48:f3:3f:88:e9:04:31:5d:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  1 18:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=359da501096eaf0c538e713f8fdd4867b2b77ec4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:e0:ca:29:d4:4d:53:45:5c:51:89:a7:17:e2:
                    8f:23:be:58:93:6d:3e:33:ac:74:c5:b7:cd:ff:c4:
                    02:69:a8:04:9a:71:51:ea:b4:3e:2b:11:9f:38:e5:
                    e1:e1:e1:53:e0:aa:41:92:6a:9a:ca:a7:0e:2a:48:
                    e7:8c:80:24:2d:76:a5:d4:cd:93:0e:bb:ed:24:79:
                    7e:58:8c:0f:62:ee:9f:ab:00:ec:b4:c6:28:18:65:
                    9b:42:cf:db:82:56:29:30:28:97:4b:05:ef:bd:85:
                    05:41:54:03:d3:cc:d1:0e:a8:80:7e:a8:2b:b2:90:
                    95:5d:ee:d5:8c:c2:39:40:9d:0d:4f:ed:4b:13:3b:
                    f0:f6:7f:a6:ad:7b:25:3c:7c:36:2b:97:ca:e1:8a:
                    4d:c2:49:46:76:d2:9f:ae:21:7d:87:c2:c0:83:4f:
                    cb:54:09:4c:d2:91:f4:af:62:55:bb:80:cc:d0:62:
                    d5:95:ba:c7:1b:f5:89:78:46:81:57:21:f7:0d:30:
                    7b:f1:f4:09:2e:ce:82:28:6b:35:12:ec:d3:dd:f9:
                    14:60:ee:32:d0:ad:81:fe:05:9d:0d:d0:fa:41:5b:
                    01:74:23:55:65:7b:da:da:24:c7:7f:9b:eb:7c:14:
                    5c:b3:b0:25:6b:7e:c4:3c:41:c3:a1:ff:ff:ab:cf:
                    a5:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:9D:A5:01:09:6E:AF:0C:53:8E:71:3F:8F:DD:48:67:B2:B7:7E:C4
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/NZ2lAQlurwxTjnE_j91IZ7K3fsQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.1.81.142/32
                  178.251.228.102/32

    Signature Algorithm: sha256WithRSAEncryption
         13:74:70:70:73:4b:a6:35:0e:28:41:36:d1:17:c0:6e:11:57:
         eb:86:eb:98:ef:c2:f2:f0:42:a1:0f:f3:62:99:fd:32:7b:f9:
         bd:78:3d:a8:6f:13:3e:3e:6d:d0:8d:cb:54:64:df:a9:ee:fe:
         8e:54:7a:dc:0d:12:a4:12:00:59:ea:89:c2:15:de:4e:0d:f4:
         f1:31:a1:70:05:6a:e7:71:4f:94:d8:be:7c:00:0a:1c:3e:b5:
         89:c5:f1:8a:c7:5b:5f:da:49:26:ae:d2:8b:44:1b:a5:4c:5c:
         32:2b:3d:59:c7:74:20:33:db:69:23:48:77:d6:a1:9a:75:21:
         dc:9a:b6:c8:7f:79:a3:eb:ea:70:bc:b0:94:37:06:f7:36:94:
         1f:df:34:f4:ab:27:9f:17:77:4c:ce:6d:ea:31:94:aa:22:73:
         ad:a9:52:ac:b5:73:cb:4e:e0:cc:c7:f8:13:dd:4a:05:ee:a1:
         76:6b:a0:7e:8f:94:9e:59:9d:00:d9:c6:e3:bb:5a:69:91:0e:
         b4:7c:fe:67:26:e6:e7:f9:2f:fe:c4:2a:01:1b:07:1d:65:ab:
         2f:1f:da:40:e4:c2:ee:15:0f:99:c4:fb:6b:37:d4:a6:e9:ab:
         60:d3:70:85:de:ea:4c:6c:34:d5:8a:01:61:ff:a5:ab:78:94:
         4e:a1:8b:70
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzGStpKKJkJSPM/iOkEMV2vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjQwMTAxMTgzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTlkYTUwMTA5NmVhZjBjNTM4ZTcxM2Y4ZmRkNDg2N2IyYjc3ZWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+DKKdRNU0VcUYmnF+KPI75Yk20+
M6x0xbfN/8QCaagEmnFR6rQ+KxGfOOXh4eFT4KpBkmqayqcOKkjnjIAkLXal1M2T
DrvtJHl+WIwPYu6fqwDstMYoGGWbQs/bglYpMCiXSwXvvYUFQVQD08zRDqiAfqgr
spCVXe7VjMI5QJ0NT+1LEzvw9n+mrXslPHw2K5fK4YpNwklGdtKfriF9h8LAg0/L
VAlM0pH0r2JVu4DM0GLVlbrHG/WJeEaBVyH3DTB78fQJLs6CKGs1EuzT3fkUYO4y
0K2B/gWdDdD6QVsBdCNVZXva2iTHf5vrfBRcs7Ala37EPEHDof//q8+lNwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDWdpQEJbq8MU45xP4/dSGeyt37EMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvTloybEFRbHVyd3hUam5FX2o5MUlaN0szZnNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOAwUABQFRjgMF
ALL75GYwDQYJKoZIhvcNAQELBQADggEBABN0cHBzS6Y1DihBNtEXwG4RV+uG65jv
wvLwQqEP82KZ/TJ7+b14PahvEz4+bdCNy1Rk36nu/o5UetwNEqQSAFnqicIV3k4N
9PExoXAFaudxT5TYvnwAChw+tYnF8YrHW1/aSSau0otEG6VMXDIrPVnHdCAz22kj
SHfWoZp1Idyatsh/eaPr6nC8sJQ3Bvc2lB/fNPSrJ58Xd0zObeoxlKoic62pUqy1
c8tO4MzH+BPdSgXuoXZroH6PlJ5ZnQDZxuO7WmmRDrR8/mcm5uf5L/7EKgEbBx1l
qy8f2kDkwu4VD5nE+2s31Kbpq2DTcIXe6kxsNNWKAWH/pat4lE6hi3A=
-----END CERTIFICATE-----