Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/xsdseOIgGugPAuX_phakggp7Prs.roa
File:                     xsdseOIgGugPAuX_phakggp7Prs.roa (raw, json)
Hash identifier:          aV2aHboo9nlM2sfg4MV604ci7uc1wUpQqEgYLdlw0ug=
Subject key identifier:   C6:C7:6C:78:E2:20:1A:E8:0F:02:E5:FF:A6:16:A4:82:0A:7B:3E:BB
Certificate issuer:       /CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
Certificate serial:       018CC9BC9316E898F66929B48075232CF3D7
Authority key identifier: 4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/xsdseOIgGugPAuX_phakggp7Prs.roa
Signing time:             Tue 02 Jan 2024 10:33:48 +0000
ROA not before:           Tue 02 Jan 2024 10:33:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198461
IP address blocks:        81.93.219.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 07:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:93:16:e8:98:f6:69:29:b4:80:75:23:2c:f3:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
        Validity
            Not Before: Jan  2 10:33:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c6c76c78e2201ae80f02e5ffa616a4820a7b3ebb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:71:f9:f9:56:32:d6:1a:24:2e:b1:a5:f5:72:
                    85:34:ed:5b:ae:8e:02:87:07:30:c3:f2:e9:c9:e2:
                    81:82:60:67:17:5f:dc:7e:96:1e:7e:ce:90:23:7b:
                    db:c5:af:8e:ea:fd:9d:88:77:f8:d8:c8:bb:a3:28:
                    8c:7d:de:eb:cb:b3:1e:48:00:5a:51:c0:a7:37:45:
                    d5:a7:3e:8b:c4:d2:19:39:5c:f0:6c:9e:0e:86:65:
                    5e:14:ba:54:d7:99:82:19:36:c4:2d:06:9c:80:b8:
                    b9:cd:49:0b:58:c2:4f:06:90:4e:76:4a:33:ad:03:
                    f9:3f:78:9d:4a:5f:84:80:ac:10:ec:70:b3:c3:85:
                    36:d0:db:d5:1c:00:c6:91:28:be:d5:c8:80:86:1b:
                    38:5f:f7:e5:65:35:46:09:27:4b:ae:84:84:0c:c3:
                    73:46:bb:99:7a:c5:71:78:20:dd:92:06:31:50:b8:
                    1f:0a:0a:53:5f:58:b2:58:e9:b2:29:d6:1c:a5:a8:
                    b7:fd:09:54:5d:90:34:ee:c8:9e:5b:43:1d:eb:33:
                    58:0e:74:a2:0f:1e:75:b9:db:84:a2:be:b1:d9:07:
                    af:e5:95:7d:e1:86:31:73:89:35:5c:e1:42:23:fe:
                    7a:16:aa:5f:7e:26:f1:a2:6c:9c:ca:82:3b:78:2c:
                    60:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:C7:6C:78:E2:20:1A:E8:0F:02:E5:FF:A6:16:A4:82:0A:7B:3E:BB
            X509v3 Authority Key Identifier:
                keyid:4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/xsdseOIgGugPAuX_phakggp7Prs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.93.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:1e:b3:3c:d8:53:77:05:58:ce:13:7e:8b:ec:24:6e:cf:44:
         62:3f:8b:ed:12:eb:b5:80:7e:62:d1:a3:4e:f3:d2:6a:ac:c4:
         b0:a4:43:5e:1d:8f:70:1c:c2:0a:25:fa:f1:9c:6b:da:9c:b0:
         38:7c:29:52:30:67:df:c4:63:70:ef:b5:3e:fa:f5:d5:18:f5:
         68:77:59:43:74:b6:6b:aa:75:cd:57:1e:d2:b8:6d:93:a2:f8:
         44:d2:a6:fe:3f:41:ea:5c:f1:ce:59:87:3e:30:03:d0:5e:cf:
         f4:b1:c8:15:1c:a5:99:5a:08:fb:c6:3c:e7:8b:fd:0f:65:c3:
         88:e5:6f:5e:d6:d9:0f:3c:68:2b:08:fe:70:f8:b0:01:b9:f0:
         43:36:b0:9e:64:58:c4:8d:05:05:20:7c:5b:93:b9:38:be:d4:
         2b:29:4e:0a:b7:9d:eb:52:14:39:30:d9:ed:86:84:f2:57:99:
         03:a8:a8:6c:20:13:c4:8e:4c:43:09:8d:7f:8d:9d:1b:28:09:
         73:d2:ec:c8:61:84:db:f8:34:a0:70:b0:ad:c8:aa:19:48:96:
         d6:79:4b:d3:ab:38:50:21:6e:99:ff:b9:2a:b8:3b:0e:c8:27:
         68:e3:ea:18:6a:46:99:c8:fa:93:ba:1f:4b:a4:c4:e8:69:21:
         25:1b:a9:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvJMW6Jj2aSm0gHUjLPPXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNWEyOTIxZmJlYjhhNDQ4ZTdhZTFlYzVhMTFiOGFiODk4
ZDIyZmQwHhcNMjQwMTAyMTAzMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmM3NmM3OGUyMjAxYWU4MGYwMmU1ZmZhNjE2YTQ4MjBhN2IzZWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlHH5+VYy1hokLrGl9XKFNO1bro4C
hwcww/LpyeKBgmBnF1/cfpYefs6QI3vbxa+O6v2diHf42Mi7oyiMfd7ry7MeSABa
UcCnN0XVpz6LxNIZOVzwbJ4OhmVeFLpU15mCGTbELQacgLi5zUkLWMJPBpBOdkoz
rQP5P3idSl+EgKwQ7HCzw4U20NvVHADGkSi+1ciAhhs4X/flZTVGCSdLroSEDMNz
RruZesVxeCDdkgYxULgfCgpTX1iyWOmyKdYcpai3/QlUXZA07sieW0Md6zNYDnSi
Dx51uduEor6x2Qev5ZV94YYxc4k1XOFCI/56FqpffibxomycyoI7eCxgewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMbHbHjiIBroDwLl/6YWpIIKez67MB8GA1UdIwQY
MBaAFE1aKSH764pEjnrh7FoRuKuJjSL9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUt
NzgwYTI1Y2QwZGQ5LzEveHNkc2VPSWdHdWdQQXVYX3BoYWtnZ3A3UHJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUtNzgwYTI1Y2QwZGQ5
LzEvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUV3bMA0G
CSqGSIb3DQEBCwUAA4IBAQCoHrM82FN3BVjOE36L7CRuz0RiP4vtEuu1gH5i0aNO
89JqrMSwpENeHY9wHMIKJfrxnGvanLA4fClSMGffxGNw77U++vXVGPVod1lDdLZr
qnXNVx7SuG2TovhE0qb+P0HqXPHOWYc+MAPQXs/0scgVHKWZWgj7xjzni/0PZcOI
5W9e1tkPPGgrCP5w+LABufBDNrCeZFjEjQUFIHxbk7k4vtQrKU4Kt53rUhQ5MNnt
hoTyV5kDqKhsIBPEjkxDCY1/jZ0bKAlz0uzIYYTb+DSgcLCtyKoZSJbWeUvTqzhQ
IW6Z/7kquDsOyCdo4+oYakaZyPqTuh9LpMToaSElG6k1
-----END CERTIFICATE-----