Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/cZNp-mWnaOJj0VK_DBRNsldPbmI.roa
File:                     cZNp-mWnaOJj0VK_DBRNsldPbmI.roa (raw, json)
Hash identifier:          skY4r7k3ZRKeDJpeYwVFrRqTMNWXjFF1SHWPeZdkC1Q=
Subject key identifier:   71:93:69:FA:65:A7:68:E2:63:D1:52:BF:0C:14:4D:B2:57:4F:6E:62
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       018F30162418EE5AAAAB603CC6D9824CC147
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/cZNp-mWnaOJj0VK_DBRNsldPbmI.roa
Signing time:             Tue 30 Apr 2024 17:38:28 +0000
ROA not before:           Tue 30 Apr 2024 17:38:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207781
IP address blocks:        2a09:e1c1:efc0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 13:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:30:16:24:18:ee:5a:aa:ab:60:3c:c6:d9:82:4c:c1:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Apr 30 17:38:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=719369fa65a768e263d152bf0c144db2574f6e62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:2f:92:63:8f:b0:d5:0f:a3:ad:4a:36:cb:d4:
                    49:dc:4c:a4:70:ee:83:69:95:dd:34:aa:4b:7e:c3:
                    da:02:a6:c4:65:d4:f7:b8:73:c0:6a:c0:63:3a:d4:
                    6c:33:20:2b:55:56:55:da:39:a8:1e:a2:7b:93:50:
                    3b:c5:23:16:46:cd:cd:19:8b:b8:0c:8c:d3:98:cb:
                    0e:45:e6:2e:a0:31:de:d2:65:9d:14:6e:6d:85:39:
                    bb:c6:eb:99:ec:fa:9a:b5:be:c4:04:99:77:43:f1:
                    14:47:f7:60:2a:5d:58:7a:75:ad:d9:52:bd:51:c1:
                    8e:b4:75:21:65:d3:e9:bc:80:af:af:c9:df:56:eb:
                    af:d6:58:49:c7:9d:1d:7b:c6:d9:08:65:d0:4d:6a:
                    28:a2:24:f1:e4:ca:67:f1:8b:b3:ba:1e:b8:dc:13:
                    1a:9b:9b:80:31:77:c9:bd:79:f4:de:38:1d:ac:92:
                    f2:fd:b6:ea:a2:13:34:da:04:ed:53:14:89:b6:86:
                    d7:fd:b1:0e:b4:5e:b1:a8:a4:bd:33:31:d9:4c:f2:
                    b1:52:48:29:48:67:b3:9d:50:ff:48:a1:15:fc:ea:
                    7f:e2:b7:79:b8:17:d3:a6:38:24:7d:73:36:d6:62:
                    f4:30:3c:88:05:cb:0e:0a:6c:60:8a:43:f5:16:0c:
                    75:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:93:69:FA:65:A7:68:E2:63:D1:52:BF:0C:14:4D:B2:57:4F:6E:62
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/cZNp-mWnaOJj0VK_DBRNsldPbmI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:e1c1:efc0::/44

    Signature Algorithm: sha256WithRSAEncryption
         04:7b:32:69:b7:60:54:01:37:19:85:e6:20:ef:80:f3:2e:71:
         2b:03:ae:66:29:27:34:3c:7e:b5:03:c4:5c:63:54:36:de:77:
         d8:54:7f:03:61:45:f4:22:65:0c:45:bf:99:98:b8:34:0d:59:
         bb:69:72:3b:4a:11:4d:88:19:4f:e4:cf:3d:3f:68:6c:f4:7b:
         76:55:59:16:46:d7:22:6e:31:00:8d:ea:64:7a:ca:d0:61:34:
         6e:26:8f:06:b5:81:92:c1:bb:87:cf:f2:6d:9f:78:68:19:d1:
         bb:64:c0:b2:78:82:4e:5d:6f:04:4e:9f:e2:c4:42:fe:fb:24:
         c5:00:fb:ae:4f:c8:43:67:b9:29:ca:10:5f:2d:74:e3:20:39:
         09:3d:60:dc:ec:2c:02:3e:58:93:d3:cc:c4:e6:c3:9b:40:2c:
         8e:61:36:d9:ad:de:79:fd:18:73:2b:cf:68:42:fc:37:cc:80:
         f3:fc:46:eb:af:3f:e8:d2:e7:c9:b2:7f:42:44:21:8c:ee:65:
         b2:8c:af:aa:17:57:35:42:94:0b:a9:2b:39:74:62:c1:59:7c:
         ee:bf:f7:07:2b:14:29:76:ec:e0:24:fd:b9:d8:26:1b:3f:e0:
         67:74:cc:2d:07:37:4d:ca:60:8f:f5:05:d7:ad:da:17:8e:88:
         8c:ae:0e:c9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY8wFiQY7lqqq2A8xtmCTMFHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjQwNDMwMTczODI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTkzNjlmYTY1YTc2OGUyNjNkMTUyYmYwYzE0NGRiMjU3NGY2ZTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwC+SY4+w1Q+jrUo2y9RJ3EykcO6D
aZXdNKpLfsPaAqbEZdT3uHPAasBjOtRsMyArVVZV2jmoHqJ7k1A7xSMWRs3NGYu4
DIzTmMsOReYuoDHe0mWdFG5thTm7xuuZ7Pqatb7EBJl3Q/EUR/dgKl1YenWt2VK9
UcGOtHUhZdPpvICvr8nfVuuv1lhJx50de8bZCGXQTWoooiTx5Mpn8Yuzuh643BMa
m5uAMXfJvXn03jgdrJLy/bbqohM02gTtUxSJtobX/bEOtF6xqKS9MzHZTPKxUkgp
SGeznVD/SKEV/Op/4rd5uBfTpjgkfXM21mL0MDyIBcsOCmxgikP1Fgx1kQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHGTafplp2jiY9FSvwwUTbJXT25iMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvY1pOcC1tV25hT0pqMFZLX0RCUk5zbGRQYm1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgnhwe/A
MA0GCSqGSIb3DQEBCwUAA4IBAQAEezJpt2BUATcZheYg74DzLnErA65mKSc0PH61
A8RcY1Q23nfYVH8DYUX0ImUMRb+ZmLg0DVm7aXI7ShFNiBlP5M89P2hs9Ht2VVkW
RtcibjEAjepkesrQYTRuJo8GtYGSwbuHz/Jtn3hoGdG7ZMCyeIJOXW8ETp/ixEL+
+yTFAPuuT8hDZ7kpyhBfLXTjIDkJPWDc7CwCPliT08zE5sObQCyOYTbZrd55/Rhz
K89oQvw3zIDz/Ebrrz/o0ufJsn9CRCGM7mWyjK+qF1c1QpQLqSs5dGLBWXzuv/cH
KxQpduzgJP252CYbP+BndMwtBzdNymCP9QXXrdoXjoiMrg7J
-----END CERTIFICATE-----