Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/h4bVHmnZDLLGs010ipVJnEoHLjk.roa
File:                     h4bVHmnZDLLGs010ipVJnEoHLjk.roa (raw, json)
Hash identifier:          gOLaRsjjPCPPSpLn+cYFtbcyJW+TEK5wawF2e+Z7yj4=
Subject key identifier:   87:86:D5:1E:69:D9:0C:B2:C6:B3:4D:74:8A:95:49:9C:4A:07:2E:39
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       019228A891F849CA5E07ADD7C0D0CC9A9210
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/h4bVHmnZDLLGs010ipVJnEoHLjk.roa
Signing time:             Wed 25 Sep 2024 10:09:48 +0000
ROA not before:           Wed 25 Sep 2024 10:09:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213250
IP address blocks:        2a01:367:c204::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:28:a8:91:f8:49:ca:5e:07:ad:d7:c0:d0:cc:9a:92:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Sep 25 10:09:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8786d51e69d90cb2c6b34d748a95499c4a072e39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:77:66:62:8f:e4:bb:ee:80:80:eb:d0:d4:d5:
                    33:b9:aa:00:c2:5c:70:e8:d2:f4:f0:2d:bb:6c:66:
                    80:1d:0a:c3:36:ac:d4:62:f9:6b:23:84:e1:de:29:
                    3b:cc:2f:44:49:11:27:76:f5:e2:dc:1b:0e:7e:e2:
                    d0:89:c9:9f:44:5f:e1:3e:a9:a8:22:3f:f8:8c:85:
                    32:4b:df:3e:d5:8b:bf:ff:bb:c8:f7:83:96:e5:f7:
                    c6:06:58:f8:d8:fa:b3:3c:67:d6:60:91:25:3f:d4:
                    d2:72:5f:e0:c6:a0:7a:8c:97:62:af:95:0c:a9:92:
                    4c:5d:32:02:a5:9c:05:06:e3:32:22:37:74:ac:df:
                    b9:9b:68:1a:49:c1:c2:87:cd:93:56:1c:a5:4a:bc:
                    c7:9d:85:1d:28:27:53:9a:3e:73:33:a2:c1:53:ed:
                    b7:fc:d8:d7:a5:c3:c9:15:a1:58:81:9c:83:4a:ff:
                    f1:7c:47:cb:fc:62:e3:c2:4f:14:f9:09:0e:4c:f6:
                    ba:ee:ba:ba:43:e3:33:1f:96:f7:ae:67:3c:ff:1c:
                    09:b4:b5:c1:bd:75:a1:e7:39:bd:cf:66:16:13:1f:
                    d3:6a:3a:9c:3e:0b:79:dc:07:84:10:ed:98:ed:1a:
                    88:80:b3:c2:ad:be:de:38:4d:4f:0a:ad:70:60:69:
                    83:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:86:D5:1E:69:D9:0C:B2:C6:B3:4D:74:8A:95:49:9C:4A:07:2E:39
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/h4bVHmnZDLLGs010ipVJnEoHLjk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:367:c204::/48

    Signature Algorithm: sha256WithRSAEncryption
         36:f2:c4:6a:41:de:55:e2:2b:79:99:ed:cd:04:49:c1:d6:22:
         97:a0:88:74:cf:12:d1:66:71:a9:5c:13:fa:a4:57:b0:35:b5:
         08:4d:08:1d:2b:3e:b6:da:03:76:6b:fb:eb:ca:69:75:64:18:
         06:01:33:60:7d:11:b8:ff:db:85:54:f3:27:ae:c4:64:d7:c8:
         1a:3c:e5:9f:73:58:c6:f0:b4:82:cf:8e:ac:c8:4e:ed:a1:9b:
         90:03:97:7b:eb:4c:d9:49:ec:ef:47:13:42:50:12:b5:da:31:
         2e:7c:cc:a0:aa:08:35:f5:06:73:1d:e0:a2:da:23:71:f6:ab:
         60:86:f3:4e:6e:a2:34:73:01:46:ba:fb:dd:ce:6b:2d:bf:51:
         25:69:5e:40:5a:b8:64:08:3e:fa:1f:c6:a0:8f:11:28:fe:b4:
         d5:9e:84:9f:d4:4e:bf:a0:dd:19:69:af:42:5a:d4:98:47:4e:
         22:2c:be:dc:7d:f1:b9:e3:f2:fa:85:27:8d:90:97:56:5b:9c:
         79:d8:9d:58:ee:e2:00:5e:c6:85:c2:f9:11:36:de:21:a4:a2:
         fe:b2:d6:66:1a:05:8f:97:a4:51:bb:c8:39:28:c3:b3:d5:f3:
         ee:c0:88:8b:92:3e:95:cb:11:e8:ce:34:b0:a7:c3:cd:2f:22:
         7b:a4:11:b9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZIoqJH4ScpeB63XwNDMmpIQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjQwOTI1MTAwOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Nzg2ZDUxZTY5ZDkwY2IyYzZiMzRkNzQ4YTk1NDk5YzRhMDcyZTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlHdmYo/ku+6AgOvQ1NUzuaoAwlxw
6NL08C27bGaAHQrDNqzUYvlrI4Th3ik7zC9ESREndvXi3BsOfuLQicmfRF/hPqmo
Ij/4jIUyS98+1Yu//7vI94OW5ffGBlj42PqzPGfWYJElP9TScl/gxqB6jJdir5UM
qZJMXTICpZwFBuMyIjd0rN+5m2gaScHCh82TVhylSrzHnYUdKCdTmj5zM6LBU+23
/NjXpcPJFaFYgZyDSv/xfEfL/GLjwk8U+QkOTPa67rq6Q+MzH5b3rmc8/xwJtLXB
vXWh5zm9z2YWEx/TajqcPgt53AeEEO2Y7RqIgLPCrb7eOE1PCq1wYGmDiQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIeG1R5p2QyyxrNNdIqVSZxKBy45MB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvaDRiVkhtblpETExHczAxMGlwVkpuRW9ITGprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgEDZ8IE
MA0GCSqGSIb3DQEBCwUAA4IBAQA28sRqQd5V4it5me3NBEnB1iKXoIh0zxLRZnGp
XBP6pFewNbUITQgdKz622gN2a/vryml1ZBgGATNgfRG4/9uFVPMnrsRk18gaPOWf
c1jG8LSCz46syE7toZuQA5d760zZSezvRxNCUBK12jEufMygqgg19QZzHeCi2iNx
9qtghvNObqI0cwFGuvvdzmstv1ElaV5AWrhkCD76H8agjxEo/rTVnoSf1E6/oN0Z
aa9CWtSYR04iLL7cffG54/L6hSeNkJdWW5x52J1Y7uIAXsaFwvkRNt4hpKL+stZm
GgWPl6RRu8g5KMOz1fPuwIiLkj6VyxHozjSwp8PNLyJ7pBG5
-----END CERTIFICATE-----