Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/6a2aa9-0ea1-40d6-b8a7-651b717f8a9a/1/t75SWtp_QWHBabvDRb8ItDWsKcw.roa
File:                     t75SWtp_QWHBabvDRb8ItDWsKcw.roa (raw, json)
Hash identifier:          hoJXfQpLwtCOfQvQDWRZmv4RfC1kXW0rCspGdGp5q5U=
Subject key identifier:   B7:BE:52:5A:DA:7F:41:61:C1:69:BB:C3:45:BF:08:B4:35:AC:29:CC
Certificate issuer:       /CN=96a28ccc30915b5c731280a8c1ca67fe600954ee
Certificate serial:       018CC4935D7BC0C0984EC05AE74F57C3E82B
Authority key identifier: 96:A2:8C:CC:30:91:5B:5C:73:12:80:A8:C1:CA:67:FE:60:09:54:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lqKMzDCRW1xzEoCowcpn_mAJVO4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/6a2aa9-0ea1-40d6-b8a7-651b717f8a9a/1/t75SWtp_QWHBabvDRb8ItDWsKcw.roa
Signing time:             Mon 01 Jan 2024 10:30:41 +0000
ROA not before:           Mon 01 Jan 2024 10:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198293
IP address blocks:        81.162.64.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/6a2aa9-0ea1-40d6-b8a7-651b717f8a9a/1/lqKMzDCRW1xzEoCowcpn_mAJVO4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/6a2aa9-0ea1-40d6-b8a7-651b717f8a9a/1/lqKMzDCRW1xzEoCowcpn_mAJVO4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lqKMzDCRW1xzEoCowcpn_mAJVO4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:03:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:5d:7b:c0:c0:98:4e:c0:5a:e7:4f:57:c3:e8:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96a28ccc30915b5c731280a8c1ca67fe600954ee
        Validity
            Not Before: Jan  1 10:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b7be525ada7f4161c169bbc345bf08b435ac29cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:56:57:d3:66:86:3b:da:f9:d9:98:71:a6:d1:
                    53:38:dc:20:98:9e:d0:d0:c0:40:3e:2e:b4:89:c3:
                    7a:7e:3f:96:7c:8d:0e:22:8d:c7:70:fb:6f:65:93:
                    18:f9:40:69:62:1d:44:3a:4b:d3:0c:93:aa:f8:4a:
                    00:38:95:67:59:d1:c3:77:da:1c:7d:b7:c1:33:53:
                    19:2b:14:38:39:30:73:dd:39:d1:05:97:49:1c:15:
                    6d:de:62:86:95:00:36:b8:b0:f7:2e:44:2d:60:67:
                    5f:de:08:6f:df:44:fa:94:73:10:80:94:1d:7d:bb:
                    ff:f3:24:87:c5:e8:b5:1f:0b:a8:ea:6d:11:1f:84:
                    ed:39:ad:03:e2:cf:75:0f:ec:93:9a:12:dc:55:46:
                    04:c1:ec:89:0e:74:48:80:9d:ed:6f:2b:7c:84:c4:
                    ae:b7:d6:3c:79:99:85:60:fe:c3:e4:7d:1b:4b:a0:
                    09:21:d5:56:45:66:0a:85:76:9d:e6:ba:8f:d8:c4:
                    e3:0f:97:6d:23:cd:45:7d:4d:96:a2:cf:a3:68:8d:
                    4b:72:45:f1:35:cc:ff:b2:22:5e:05:c9:92:5d:16:
                    b7:44:cd:00:04:b3:f0:67:a4:b7:ff:5d:4e:30:3c:
                    6e:8c:14:2d:3a:ad:90:6a:8d:99:e0:48:42:89:d4:
                    2d:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:BE:52:5A:DA:7F:41:61:C1:69:BB:C3:45:BF:08:B4:35:AC:29:CC
            X509v3 Authority Key Identifier:
                keyid:96:A2:8C:CC:30:91:5B:5C:73:12:80:A8:C1:CA:67:FE:60:09:54:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lqKMzDCRW1xzEoCowcpn_mAJVO4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/6a2aa9-0ea1-40d6-b8a7-651b717f8a9a/1/t75SWtp_QWHBabvDRb8ItDWsKcw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/6a2aa9-0ea1-40d6-b8a7-651b717f8a9a/1/lqKMzDCRW1xzEoCowcpn_mAJVO4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.162.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         47:e4:26:a7:e7:e0:94:af:16:6e:10:4a:8f:bd:c7:4a:e2:99:
         4f:67:f5:7b:be:56:b0:4f:6a:1f:8c:80:fa:67:17:8f:ff:ff:
         8b:ab:1a:1f:d3:49:97:c1:e9:e7:eb:db:7f:01:5d:c7:25:b4:
         90:c6:66:5b:18:3c:47:da:7f:37:fb:06:56:0c:a2:f8:bb:28:
         ff:e6:6c:67:f6:96:7a:4f:be:33:e2:30:a1:74:f0:6a:0a:95:
         96:00:5c:7d:b0:ec:60:61:fc:e5:80:ca:05:85:3b:a4:75:68:
         09:46:d9:81:83:ed:99:8e:aa:eb:89:23:eb:29:c8:cb:4a:a5:
         3e:f9:18:96:62:db:bc:ab:0a:94:05:20:b6:b5:43:ef:f5:6b:
         cc:7b:7a:82:9c:41:41:33:5c:b1:a7:4d:2a:8d:fd:13:6b:32:
         3a:e2:82:94:91:f1:34:4b:40:ad:4e:dc:06:81:81:5a:66:e8:
         44:24:f0:4f:01:b7:0c:3d:e7:51:a0:8d:16:9b:71:71:13:21:
         ac:8b:22:9a:92:18:a9:67:be:2c:45:fe:72:d2:e3:34:db:e6:
         1a:c0:22:89:28:ad:d2:43:6e:74:1b:58:19:92:b9:16:5f:46:
         68:1e:c5:51:36:4a:b8:ac:c9:2c:65:3f:9a:d9:ea:6e:b2:d8:
         12:5f:66:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk117wMCYTsBa509Xw+grMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2YTI4Y2NjMzA5MTViNWM3MzEyODBhOGMxY2E2N2ZlNjAw
OTU0ZWUwHhcNMjQwMTAxMTAzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2JlNTI1YWRhN2Y0MTYxYzE2OWJiYzM0NWJmMDhiNDM1YWMyOWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh1ZX02aGO9r52ZhxptFTONwgmJ7Q
0MBAPi60icN6fj+WfI0OIo3HcPtvZZMY+UBpYh1EOkvTDJOq+EoAOJVnWdHDd9oc
fbfBM1MZKxQ4OTBz3TnRBZdJHBVt3mKGlQA2uLD3LkQtYGdf3ghv30T6lHMQgJQd
fbv/8ySHxei1Hwuo6m0RH4TtOa0D4s91D+yTmhLcVUYEweyJDnRIgJ3tbyt8hMSu
t9Y8eZmFYP7D5H0bS6AJIdVWRWYKhXad5rqP2MTjD5dtI81FfU2Wos+jaI1LckXx
Ncz/siJeBcmSXRa3RM0ABLPwZ6S3/11OMDxujBQtOq2Qao2Z4EhCidQtbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLe+Ulraf0FhwWm7w0W/CLQ1rCnMMB8GA1UdIwQY
MBaAFJaijMwwkVtccxKAqMHKZ/5gCVTuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHFLTXpEQ1JXMXh6RW9Db3djcG5fbUFKVk80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS82YTJhYTktMGVhMS00MGQ2LWI4YTct
NjUxYjcxN2Y4YTlhLzEvdDc1U1d0cF9RV0hCYWJ2RFJiOEl0RFdzS2N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS82YTJhYTktMGVhMS00MGQ2LWI4YTctNjUxYjcxN2Y4YTlh
LzEvbHFLTXpEQ1JXMXh6RW9Db3djcG5fbUFKVk80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEUaJAMA0G
CSqGSIb3DQEBCwUAA4IBAQBH5Can5+CUrxZuEEqPvcdK4plPZ/V7vlawT2ofjID6
ZxeP//+Lqxof00mXwenn69t/AV3HJbSQxmZbGDxH2n83+wZWDKL4uyj/5mxn9pZ6
T74z4jChdPBqCpWWAFx9sOxgYfzlgMoFhTukdWgJRtmBg+2ZjqrriSPrKcjLSqU+
+RiWYtu8qwqUBSC2tUPv9WvMe3qCnEFBM1yxp00qjf0TazI64oKUkfE0S0CtTtwG
gYFaZuhEJPBPAbcMPedRoI0Wm3FxEyGsiyKakhipZ74sRf5y0uM02+YawCKJKK3S
Q250G1gZkrkWX0ZoHsVRNkq4rMksZT+a2epustgSX2Yh
-----END CERTIFICATE-----