Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/9ff9c7-d329-45a6-898a-9d959abce526/1/AR0LVtLdCQIJTW9T-XT6lr-oP2U.roa
File:                     AR0LVtLdCQIJTW9T-XT6lr-oP2U.roa (raw, json)
Hash identifier:          VIQKN9ulT2tzTdO3c9RhhoZVqDk/xsxyEqG6KQuFwSo=
Subject key identifier:   01:1D:0B:56:D2:DD:09:02:09:4D:6F:53:F9:74:FA:96:BF:A8:3F:65
Certificate issuer:       /CN=9d3ebba9fa2cad286ac91276575745f615e8fa71
Certificate serial:       01902B8D89F3102D68C6BB35E5F6A93B498E
Authority key identifier: 9D:3E:BB:A9:FA:2C:AD:28:6A:C9:12:76:57:57:45:F6:15:E8:FA:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nT67qfosrShqyRJ2V1dF9hXo-nE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/9ff9c7-d329-45a6-898a-9d959abce526/1/AR0LVtLdCQIJTW9T-XT6lr-oP2U.roa
Signing time:             Tue 18 Jun 2024 13:33:34 +0000
ROA not before:           Tue 18 Jun 2024 13:33:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199996
IP address blocks:        81.30.100.0/24 maxlen: 24
                          185.35.176.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/9ff9c7-d329-45a6-898a-9d959abce526/1/nT67qfosrShqyRJ2V1dF9hXo-nE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/9ff9c7-d329-45a6-898a-9d959abce526/1/nT67qfosrShqyRJ2V1dF9hXo-nE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nT67qfosrShqyRJ2V1dF9hXo-nE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 04:01:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:2b:8d:89:f3:10:2d:68:c6:bb:35:e5:f6:a9:3b:49:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d3ebba9fa2cad286ac91276575745f615e8fa71
        Validity
            Not Before: Jun 18 13:33:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=011d0b56d2dd0902094d6f53f974fa96bfa83f65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:ca:41:25:35:a4:68:3d:7d:ab:f6:4b:46:a6:
                    0b:94:2d:d7:cc:71:10:f7:2a:b4:0e:40:5f:00:94:
                    01:09:8a:69:ef:d1:bc:f1:f8:6b:59:4f:bf:71:7d:
                    5d:d0:77:21:13:0d:8a:7c:c1:9a:0e:07:52:58:eb:
                    b8:bb:61:ec:e9:3c:46:3f:ec:48:99:b4:bd:9b:02:
                    0e:d1:4b:ae:a8:3b:ca:15:46:e0:ab:56:36:ec:8b:
                    1f:1f:7d:8d:4c:3e:b2:fd:d7:94:47:45:48:f1:27:
                    fd:3c:26:3e:58:e3:f7:00:61:d2:84:ff:2a:c7:43:
                    57:06:09:0d:57:3b:2a:a6:11:b8:6c:51:a5:8f:62:
                    1d:c7:53:f4:49:94:2a:f7:5c:46:70:cd:d1:a0:3b:
                    40:43:d4:e0:68:b4:75:30:d3:1c:26:8f:77:53:40:
                    2b:03:2b:85:9f:95:4a:48:e7:2c:93:e4:fc:37:52:
                    ca:d1:12:eb:83:e0:f8:8f:8c:fd:a7:79:d8:11:b8:
                    f9:ae:be:b1:e2:b6:c6:0f:7e:bc:4a:ca:ba:f4:10:
                    cd:62:ca:e4:3b:4c:90:61:01:a0:91:e1:8e:44:62:
                    ba:89:bd:ef:23:7b:3e:42:42:69:84:b5:00:13:ad:
                    c9:bd:88:8e:bf:8c:f6:08:4e:cd:8c:1f:6f:07:b5:
                    5a:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:1D:0B:56:D2:DD:09:02:09:4D:6F:53:F9:74:FA:96:BF:A8:3F:65
            X509v3 Authority Key Identifier:
                keyid:9D:3E:BB:A9:FA:2C:AD:28:6A:C9:12:76:57:57:45:F6:15:E8:FA:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nT67qfosrShqyRJ2V1dF9hXo-nE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/9ff9c7-d329-45a6-898a-9d959abce526/1/AR0LVtLdCQIJTW9T-XT6lr-oP2U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/9ff9c7-d329-45a6-898a-9d959abce526/1/nT67qfosrShqyRJ2V1dF9hXo-nE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.30.100.0/24
                  185.35.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b8:0d:9a:a7:6f:0d:22:c6:53:c8:e7:7c:cc:1a:11:9e:1a:e7:
         bc:08:c4:c0:7c:dc:8a:12:5f:56:ad:50:af:d2:a7:19:43:e7:
         5c:0b:ad:3a:01:05:04:8e:ea:c4:51:f7:6c:fb:b1:ec:3a:4f:
         24:60:6c:33:6b:cd:34:68:99:49:cf:75:cd:19:02:a9:05:57:
         9b:8b:84:32:a4:19:f4:b5:bb:8f:c3:bd:b6:e1:02:7c:34:ec:
         b2:26:c0:f0:66:fa:69:63:e2:ae:a2:a6:e9:ca:b1:b9:f0:6e:
         07:88:13:00:3f:94:61:13:3a:82:a0:eb:5a:6f:57:35:dd:92:
         02:d6:4a:95:fb:44:63:46:77:fa:0a:1f:db:f2:62:f8:3d:8e:
         33:96:45:ab:08:aa:73:fb:54:58:8c:4a:b6:24:37:65:de:90:
         30:2d:95:77:51:02:7c:b7:95:1a:a7:47:8c:4d:4d:8f:2c:54:
         95:e0:84:5d:ac:99:0c:e2:8f:e8:b4:6e:dd:cd:f9:4f:11:02:
         80:9a:d3:36:41:31:11:fe:35:0b:7d:5a:cd:6a:90:16:44:ee:
         37:e9:8d:d7:55:f4:f6:be:11:91:f7:ac:41:55:5a:a9:07:02:
         2b:a9:67:99:e7:f0:16:b4:3f:85:ac:2a:08:ab:f9:ad:5f:d2:
         fd:83:81:5d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZArjYnzEC1oxrs15fapO0mOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkM2ViYmE5ZmEyY2FkMjg2YWM5MTI3NjU3NTc0NWY2MTVl
OGZhNzEwHhcNMjQwNjE4MTMzMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTFkMGI1NmQyZGQwOTAyMDk0ZDZmNTNmOTc0ZmE5NmJmYTgzZjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMpBJTWkaD19q/ZLRqYLlC3XzHEQ
9yq0DkBfAJQBCYpp79G88fhrWU+/cX1d0HchEw2KfMGaDgdSWOu4u2Hs6TxGP+xI
mbS9mwIO0UuuqDvKFUbgq1Y27IsfH32NTD6y/deUR0VI8Sf9PCY+WOP3AGHShP8q
x0NXBgkNVzsqphG4bFGlj2Idx1P0SZQq91xGcM3RoDtAQ9TgaLR1MNMcJo93U0Ar
AyuFn5VKSOcsk+T8N1LK0RLrg+D4j4z9p3nYEbj5rr6x4rbGD368Ssq69BDNYsrk
O0yQYQGgkeGORGK6ib3vI3s+QkJphLUAE63JvYiOv4z2CE7NjB9vB7VaBQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAEdC1bS3QkCCU1vU/l0+pa/qD9lMB8GA1UdIwQY
MBaAFJ0+u6n6LK0oaskSdldXRfYV6PpxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblQ2N3Fmb3NyU2hxeVJKMlYxZEY5aFhvLW5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi85ZmY5YzctZDMyOS00NWE2LTg5OGEt
OWQ5NTlhYmNlNTI2LzEvQVIwTFZ0TGRDUUlKVFc5VC1YVDZsci1vUDJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi85ZmY5YzctZDMyOS00NWE2LTg5OGEtOWQ5NTlhYmNlNTI2
LzEvblQ2N3Fmb3NyU2hxeVJKMlYxZEY5aFhvLW5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUR5kAwQC
uSOwMA0GCSqGSIb3DQEBCwUAA4IBAQC4DZqnbw0ixlPI53zMGhGeGue8CMTAfNyK
El9WrVCv0qcZQ+dcC606AQUEjurEUfds+7HsOk8kYGwza800aJlJz3XNGQKpBVeb
i4QypBn0tbuPw7224QJ8NOyyJsDwZvppY+KuoqbpyrG58G4HiBMAP5RhEzqCoOta
b1c13ZIC1kqV+0RjRnf6Ch/b8mL4PY4zlkWrCKpz+1RYjEq2JDdl3pAwLZV3UQJ8
t5Uap0eMTU2PLFSV4IRdrJkM4o/otG7dzflPEQKAmtM2QTER/jULfVrNapAWRO43
6Y3XVfT2vhGR96xBVVqpBwIrqWeZ5/AWtD+FrCoIq/mtX9L9g4Fd
-----END CERTIFICATE-----