Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/Q-Y1ZNDtu2Z5ZiXooLtg08Vs_bg.roa
File:                     Q-Y1ZNDtu2Z5ZiXooLtg08Vs_bg.roa (raw, json)
Hash identifier:          GXov3MZOWKn87Q3UdFr4SZXrB7X7crVXUjG2IMN1GpY=
Subject key identifier:   43:E6:35:64:D0:ED:BB:66:79:66:25:E8:A0:BB:60:D3:C5:6C:FD:B8
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       018CC64ADAB30ECA8A816415EEFDB3D8B05D
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/Q-Y1ZNDtu2Z5ZiXooLtg08Vs_bg.roa
Signing time:             Mon 01 Jan 2024 18:30:43 +0000
ROA not before:           Mon 01 Jan 2024 18:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16125
IP address blocks:        5.1.82.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:da:b3:0e:ca:8a:81:64:15:ee:fd:b3:d8:b0:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  1 18:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43e63564d0edbb66796625e8a0bb60d3c56cfdb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:8b:6e:f9:51:97:0b:1e:c7:88:42:24:ae:a9:
                    55:9c:20:91:8e:ba:90:5e:24:ad:c3:bd:9a:2d:2e:
                    5b:9b:84:b1:62:4b:42:44:be:30:c2:28:05:87:70:
                    2a:3c:6e:33:35:7f:61:89:27:44:5f:e1:46:84:5a:
                    d4:d2:9f:b1:da:22:c1:47:ee:3d:cf:a5:f3:c6:72:
                    ff:d6:e6:9c:da:70:37:d5:e2:57:09:8b:5f:9b:84:
                    08:61:4f:87:0d:5a:86:e9:b3:71:1f:74:f9:db:74:
                    41:ed:20:99:dc:06:90:54:91:a5:01:56:8c:b5:00:
                    5e:fd:df:3c:42:d7:6a:ff:ff:75:45:a6:23:76:e8:
                    05:9f:e8:89:85:5c:5f:2a:76:a7:ec:b1:a2:5c:95:
                    37:37:e6:8c:74:a1:f5:0f:95:86:61:83:e4:0a:71:
                    55:92:72:1a:72:a7:7f:14:6c:4c:1d:43:d8:aa:be:
                    f0:75:42:a2:ad:37:91:c1:63:19:d7:96:74:aa:23:
                    dc:b0:fc:db:75:53:d9:ac:4f:6c:f5:fb:dc:c2:de:
                    88:e6:3b:e7:c2:d8:19:ff:a1:96:56:64:a0:4e:31:
                    e4:f7:86:82:c9:d2:fd:86:f2:a5:c7:84:1a:a9:d8:
                    65:3d:1f:4b:06:ef:be:1f:8e:b5:f4:c2:5d:61:fa:
                    46:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:E6:35:64:D0:ED:BB:66:79:66:25:E8:A0:BB:60:D3:C5:6C:FD:B8
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/Q-Y1ZNDtu2Z5ZiXooLtg08Vs_bg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.1.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:80:d4:89:79:97:1b:ab:19:1c:20:75:aa:c4:fb:51:50:64:
         8c:41:c4:93:01:f9:bf:e9:b1:df:26:f4:f5:1d:31:1d:55:e0:
         6c:9f:ad:5f:a1:26:d2:56:de:2e:c1:b4:cd:a1:b6:fc:c4:de:
         29:3c:25:a6:8c:6a:da:18:cb:8b:47:35:4e:3c:b7:ce:18:02:
         48:dc:8c:ae:28:9e:f5:8b:7c:86:0e:fe:8c:49:c6:0e:e4:28:
         a5:c3:cf:f5:50:19:2a:ee:cc:e3:f8:c7:7c:8d:37:b8:fa:aa:
         80:29:e7:b2:e2:d9:f5:9a:8a:f5:0d:93:ae:3b:bc:c0:17:d4:
         81:00:29:c1:40:cf:2d:79:29:cd:60:b5:b3:04:cc:4d:b3:90:
         95:4c:25:41:c5:4e:ff:c8:e1:02:42:7d:36:fa:85:50:51:a7:
         de:8f:a0:f7:e3:98:ee:d3:ab:bd:18:1a:c6:55:32:0b:85:de:
         4c:ab:b0:da:1d:03:e4:f1:cf:da:ae:f1:09:a7:c8:2f:fe:0d:
         8b:85:b0:c2:80:94:d4:3e:51:4e:53:6d:26:be:a7:31:15:ec:
         c3:97:38:be:5d:01:8f:4b:a3:db:de:93:73:79:6c:6b:c0:59:
         60:62:aa:70:aa:4c:08:36:f5:cc:8e:be:eb:d0:8d:84:37:2f:
         33:f7:9c:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGStqzDsqKgWQV7v2z2LBdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjQwMTAxMTgzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2U2MzU2NGQwZWRiYjY2Nzk2NjI1ZThhMGJiNjBkM2M1NmNmZGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjYtu+VGXCx7HiEIkrqlVnCCRjrqQ
XiStw72aLS5bm4SxYktCRL4wwigFh3AqPG4zNX9hiSdEX+FGhFrU0p+x2iLBR+49
z6XzxnL/1uac2nA31eJXCYtfm4QIYU+HDVqG6bNxH3T523RB7SCZ3AaQVJGlAVaM
tQBe/d88Qtdq//91RaYjdugFn+iJhVxfKnan7LGiXJU3N+aMdKH1D5WGYYPkCnFV
knIacqd/FGxMHUPYqr7wdUKirTeRwWMZ15Z0qiPcsPzbdVPZrE9s9fvcwt6I5jvn
wtgZ/6GWVmSgTjHk94aCydL9hvKlx4QaqdhlPR9LBu++H4619MJdYfpGAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEPmNWTQ7btmeWYl6KC7YNPFbP24MB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvUS1ZMVpORHR1Mlo1WmlYb29MdGcwOFZzX2JnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABQFSMA0G
CSqGSIb3DQEBCwUAA4IBAQCIgNSJeZcbqxkcIHWqxPtRUGSMQcSTAfm/6bHfJvT1
HTEdVeBsn61foSbSVt4uwbTNobb8xN4pPCWmjGraGMuLRzVOPLfOGAJI3IyuKJ71
i3yGDv6MScYO5Cilw8/1UBkq7szj+Md8jTe4+qqAKeey4tn1mor1DZOuO7zAF9SB
ACnBQM8teSnNYLWzBMxNs5CVTCVBxU7/yOECQn02+oVQUafej6D345ju06u9GBrG
VTILhd5Mq7DaHQPk8c/arvEJp8gv/g2LhbDCgJTUPlFOU20mvqcxFezDlzi+XQGP
S6Pb3pNzeWxrwFlgYqpwqkwINvXMjr7r0I2ENy8z95zR
-----END CERTIFICATE-----