Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/pKS-YHtni1fWkfpO-N8hV2b3dxg.roa
File:                     pKS-YHtni1fWkfpO-N8hV2b3dxg.roa (raw, json)
Hash identifier:          i8tViT/JLHYLa5nP+7wMRdZkG0rq79RX78wW1v5nAos=
Subject key identifier:   A4:A4:BE:60:7B:67:8B:57:D6:91:FA:4E:F8:DF:21:57:66:F7:77:18
Certificate issuer:       /CN=57182aab5ad9efa380a6c6f06c016e158be977bc
Certificate serial:       018CC64B4CFC0D4CB4BD34DFA4E7FB5149BE
Authority key identifier: 57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/pKS-YHtni1fWkfpO-N8hV2b3dxg.roa
Signing time:             Mon 01 Jan 2024 18:31:12 +0000
ROA not before:           Mon 01 Jan 2024 18:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213238
IP address blocks:        193.30.81.0/24 maxlen: 24
                          2a02:1161:800::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:4c:fc:0d:4c:b4:bd:34:df:a4:e7:fb:51:49:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57182aab5ad9efa380a6c6f06c016e158be977bc
        Validity
            Not Before: Jan  1 18:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4a4be607b678b57d691fa4ef8df215766f77718
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:62:f1:d7:b0:41:bd:d4:7e:2a:8a:19:4f:1d:
                    ba:2e:96:82:9f:bb:44:68:04:20:d5:0f:b6:58:4d:
                    ce:c5:ef:ed:c5:2b:26:fa:c8:07:b0:94:c9:c5:49:
                    01:84:2c:bd:79:c8:1e:f0:cf:9a:ad:eb:80:92:3d:
                    d4:d7:d7:57:86:ce:88:f1:5c:ac:25:c5:d5:8a:85:
                    52:2e:29:fc:4c:4c:e4:69:7a:5e:a2:99:f4:54:10:
                    d3:a4:7d:47:b5:58:49:5c:1e:da:23:03:bf:4e:a1:
                    45:e2:0e:08:0d:6d:ff:2d:55:9c:53:f3:1b:4f:1c:
                    4e:21:b5:c8:41:f4:51:90:48:c4:dd:12:1a:ff:52:
                    4d:61:e7:76:74:5b:ef:a9:cc:93:78:9b:04:0b:77:
                    82:9d:3c:7b:a1:f7:3a:48:80:95:3a:22:b3:3f:f9:
                    c3:45:49:98:28:6c:68:34:4b:06:c2:f0:7a:e0:d9:
                    7a:ba:dc:18:76:ec:19:1d:16:03:22:e1:df:d7:2f:
                    e8:15:51:49:1d:3e:66:04:15:97:29:b7:7b:cb:0f:
                    d8:d9:aa:f4:23:ab:2b:78:e9:8a:73:c2:22:ec:7d:
                    f3:59:79:5b:11:85:40:78:7a:fa:f6:06:4d:ee:a9:
                    54:e0:29:20:d9:18:67:43:2a:54:ff:28:f3:01:8e:
                    32:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:A4:BE:60:7B:67:8B:57:D6:91:FA:4E:F8:DF:21:57:66:F7:77:18
            X509v3 Authority Key Identifier:
                keyid:57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/pKS-YHtni1fWkfpO-N8hV2b3dxg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.30.81.0/24
                IPv6:
                  2a02:1161:800::/40

    Signature Algorithm: sha256WithRSAEncryption
         1e:76:12:69:44:54:9a:fd:4a:0b:1c:54:a1:d1:fc:9e:55:50:
         77:0d:64:2f:9b:f2:a6:c3:62:80:d6:4c:ab:06:c1:78:1c:14:
         e6:a6:bf:0d:bd:a5:04:13:29:f2:32:06:e5:be:a5:99:e2:a5:
         ec:a2:9c:f3:7b:2e:60:3e:87:1e:3d:8c:da:df:38:dc:cd:59:
         4c:bf:04:f4:2d:bb:b5:35:84:23:c9:1c:ba:ed:81:89:57:91:
         cb:81:00:ca:31:58:10:36:92:e1:9e:f0:08:5e:e4:8f:55:4e:
         69:57:9a:bf:c0:8a:f8:c1:00:0c:81:3f:d5:ee:d0:5c:d7:03:
         e2:3b:e1:2d:a9:b6:f6:49:11:47:fb:20:df:c9:f5:fc:03:db:
         a5:33:4f:ed:90:2d:6e:e5:c1:86:de:de:83:93:49:87:c3:b8:
         be:f7:ce:3d:40:3a:72:cd:92:d6:3d:92:c8:85:36:98:89:c3:
         5e:9a:0b:c7:5b:e6:18:59:e0:9a:4a:de:2f:4f:79:3e:75:a9:
         49:13:42:a0:69:1c:8e:76:e1:36:d8:68:7a:df:60:84:d2:ba:
         29:2a:d3:7a:3c:0f:90:90:69:92:5e:84:93:18:e5:2b:99:7b:
         3d:5b:1f:ab:8b:5d:f1:6d:92:10:a0:da:a0:75:39:51:e2:da:
         1d:57:16:82
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzGS0z8DUy0vTTfpOf7UUm+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MTgyYWFiNWFkOWVmYTM4MGE2YzZmMDZjMDE2ZTE1OGJl
OTc3YmMwHhcNMjQwMTAxMTgzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGE0YmU2MDdiNjc4YjU3ZDY5MWZhNGVmOGRmMjE1NzY2Zjc3NzE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh2Lx17BBvdR+KooZTx26LpaCn7tE
aAQg1Q+2WE3Oxe/txSsm+sgHsJTJxUkBhCy9ecge8M+areuAkj3U19dXhs6I8Vys
JcXVioVSLin8TEzkaXpeopn0VBDTpH1HtVhJXB7aIwO/TqFF4g4IDW3/LVWcU/Mb
TxxOIbXIQfRRkEjE3RIa/1JNYed2dFvvqcyTeJsEC3eCnTx7ofc6SICVOiKzP/nD
RUmYKGxoNEsGwvB64Nl6utwYduwZHRYDIuHf1y/oFVFJHT5mBBWXKbd7yw/Y2ar0
I6sreOmKc8Ii7H3zWXlbEYVAeHr69gZN7qlU4Ckg2RhnQypU/yjzAY4yYwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFKSkvmB7Z4tX1pH6TvjfIVdm93cYMB8GA1UdIwQY
MBaAFFcYKqta2e+jgKbG8GwBbhWL6Xe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnhncXExclo3Nk9BcHNid2JBRnVGWXZwZDd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni84YzUxY2ItYTNiZC00NzZkLTg4MGYt
YTk2YzYyNjZhYmRiLzEvcEtTLVlIdG5pMWZXa2ZwTy1OOGhWMmIzZHhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni84YzUxY2ItYTNiZC00NzZkLTg4MGYtYTk2YzYyNjZhYmRi
LzEvVnhncXExclo3Nk9BcHNid2JBRnVGWXZwZDd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAwR5RMA4E
AgACMAgDBgAqAhFhCDANBgkqhkiG9w0BAQsFAAOCAQEAHnYSaURUmv1KCxxUodH8
nlVQdw1kL5vypsNigNZMqwbBeBwU5qa/Db2lBBMp8jIG5b6lmeKl7KKc83suYD6H
Hj2M2t843M1ZTL8E9C27tTWEI8kcuu2BiVeRy4EAyjFYEDaS4Z7wCF7kj1VOaVea
v8CK+MEADIE/1e7QXNcD4jvhLam29kkRR/sg38n1/APbpTNP7ZAtbuXBht7eg5NJ
h8O4vvfOPUA6cs2S1j2SyIU2mInDXpoLx1vmGFngmkreL095PnWpSRNCoGkcjnbh
Nthoet9ghNK6KSrTejwPkJBpkl6EkxjlK5l7PVsfq4td8W2SEKDaoHU5UeLaHVcW
gg==
-----END CERTIFICATE-----