Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/EXx1RCTyJO3IhBDNHaCcSPLI_rw.roa
File:                     EXx1RCTyJO3IhBDNHaCcSPLI_rw.roa (raw, json)
Hash identifier:          9OJE//NWDya9BBk9gO0Ef/aQ+teWcDXOJU7/4veW4+E=
Subject key identifier:   11:7C:75:44:24:F2:24:ED:C8:84:10:CD:1D:A0:9C:48:F2:C8:FE:BC
Certificate issuer:       /CN=9799140b42db6cb6bf8c6dd413747fcf4a6fd9b5
Certificate serial:       018D70F53B80C079C58538BF8D4E8D46ACBB
Authority key identifier: 97:99:14:0B:42:DB:6C:B6:BF:8C:6D:D4:13:74:7F:CF:4A:6F:D9:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/EXx1RCTyJO3IhBDNHaCcSPLI_rw.roa
Signing time:             Sat 03 Feb 2024 21:52:16 +0000
ROA not before:           Sat 03 Feb 2024 21:52:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21106
IP address blocks:        82.206.16.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:70:f5:3b:80:c0:79:c5:85:38:bf:8d:4e:8d:46:ac:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9799140b42db6cb6bf8c6dd413747fcf4a6fd9b5
        Validity
            Not Before: Feb  3 21:52:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=117c754424f224edc88410cd1da09c48f2c8febc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:5c:06:be:d4:7f:77:53:03:d9:d0:c6:3f:90:
                    ed:12:c5:c6:c5:3c:3a:ad:23:72:76:61:d8:11:56:
                    eb:84:2f:6c:5c:2a:73:53:de:72:69:bd:08:3f:80:
                    94:aa:4d:c7:0c:94:e3:17:0f:6b:2b:2f:d0:ac:09:
                    32:f4:48:be:fb:f7:4d:de:2a:59:1c:53:67:a7:2a:
                    a2:19:b5:19:e3:b4:24:96:ca:ec:aa:1b:96:03:b8:
                    59:e6:4b:a8:bf:a5:93:3b:ee:fa:41:99:55:7f:64:
                    29:2c:be:df:dc:9a:f8:59:de:d5:e4:44:4b:ec:9c:
                    05:2f:fb:94:1b:3e:e1:fe:ef:bc:4c:0c:91:e3:8a:
                    e4:f6:0b:3b:e2:bd:3a:c0:e9:e2:7a:62:74:f3:6a:
                    9b:ef:5b:fa:0f:bc:07:a5:23:e8:2a:e5:4c:0a:bc:
                    c9:47:dc:a1:b2:96:41:5a:b9:30:5e:55:1b:fc:83:
                    6d:d1:5d:85:6c:a0:62:01:cd:1b:f0:55:ae:f5:da:
                    d3:b1:ce:42:d8:0c:d7:ec:ca:01:10:c7:65:53:94:
                    68:70:21:5e:23:59:69:42:51:43:1f:81:0e:e7:84:
                    fc:96:e2:8a:0a:de:ad:ae:cf:de:0f:0f:5b:5a:27:
                    d5:5d:e6:bd:d0:db:44:69:27:79:8a:91:d5:a0:82:
                    47:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:7C:75:44:24:F2:24:ED:C8:84:10:CD:1D:A0:9C:48:F2:C8:FE:BC
            X509v3 Authority Key Identifier:
                keyid:97:99:14:0B:42:DB:6C:B6:BF:8C:6D:D4:13:74:7F:CF:4A:6F:D9:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/EXx1RCTyJO3IhBDNHaCcSPLI_rw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.206.16.0/21

    Signature Algorithm: sha256WithRSAEncryption
         65:2b:c7:33:cc:f7:82:c1:68:ad:e0:4e:a7:46:63:24:ca:09:
         e6:b7:e6:fc:78:40:10:90:bd:22:14:13:6f:ff:be:5d:70:b8:
         a2:15:61:f6:54:77:7d:c0:bb:e5:54:14:74:f7:49:91:8a:9b:
         a3:d2:51:8e:42:c7:e0:0c:f2:75:26:98:f1:b1:52:6e:1d:01:
         97:7a:0c:de:c2:60:35:56:36:70:6a:3e:42:a7:dc:8a:50:eb:
         10:80:60:3c:2a:81:cc:de:97:39:6c:c0:c4:81:b0:c0:f6:e1:
         77:5c:d1:b0:a5:66:8a:a0:f1:e4:fc:e8:29:af:0f:a9:a5:5b:
         91:5b:c5:0b:02:88:ab:44:d9:27:03:55:50:03:22:76:32:37:
         51:d3:3f:82:94:f3:a1:5e:c1:f3:57:68:eb:04:d5:07:96:29:
         92:1c:f3:65:5e:7f:1e:d1:ce:2a:48:1b:a8:02:08:e7:aa:ce:
         6b:93:0a:c8:88:e3:52:73:01:2a:3d:38:20:61:d0:5b:cb:8c:
         9e:e6:13:bb:02:e0:f7:b0:e7:2e:11:f5:78:2b:40:62:2f:fb:
         18:6d:2b:a0:20:ba:e5:bc:58:55:43:76:7f:a1:15:a0:bc:ed:
         f6:fb:27:e2:c3:84:b6:30:a1:30:b4:7f:68:ca:0f:74:8c:97:
         ef:a1:15:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1w9TuAwHnFhTi/jU6NRqy7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3OTkxNDBiNDJkYjZjYjZiZjhjNmRkNDEzNzQ3ZmNmNGE2
ZmQ5YjUwHhcNMjQwMjAzMjE1MjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTdjNzU0NDI0ZjIyNGVkYzg4NDEwY2QxZGEwOWM0OGYyYzhmZWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVwGvtR/d1MD2dDGP5DtEsXGxTw6
rSNydmHYEVbrhC9sXCpzU95yab0IP4CUqk3HDJTjFw9rKy/QrAky9Ei++/dN3ipZ
HFNnpyqiGbUZ47QklsrsqhuWA7hZ5kuov6WTO+76QZlVf2QpLL7f3Jr4Wd7V5ERL
7JwFL/uUGz7h/u+8TAyR44rk9gs74r06wOniemJ082qb71v6D7wHpSPoKuVMCrzJ
R9yhspZBWrkwXlUb/INt0V2FbKBiAc0b8FWu9drTsc5C2AzX7MoBEMdlU5RocCFe
I1lpQlFDH4EO54T8luKKCt6trs/eDw9bWifVXea90NtEaSd5ipHVoIJH9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBF8dUQk8iTtyIQQzR2gnEjyyP68MB8GA1UdIwQY
MBaAFJeZFAtC22y2v4xt1BN0f89Kb9m1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDVrVUMwTGJiTGFfakczVUUzUl96MHB2MmJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS80ZWVmMDMtOTFmZS00NDVhLWE3Y2Qt
NTk1OTE5YmUwZjUyLzEvRVh4MVJDVHlKTzNJaEJETkhhQ2NTUExJX3J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS80ZWVmMDMtOTFmZS00NDVhLWE3Y2QtNTk1OTE5YmUwZjUy
LzEvbDVrVUMwTGJiTGFfakczVUUzUl96MHB2MmJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDUs4QMA0G
CSqGSIb3DQEBCwUAA4IBAQBlK8czzPeCwWit4E6nRmMkygnmt+b8eEAQkL0iFBNv
/75dcLiiFWH2VHd9wLvlVBR090mRipuj0lGOQsfgDPJ1JpjxsVJuHQGXegzewmA1
VjZwaj5Cp9yKUOsQgGA8KoHM3pc5bMDEgbDA9uF3XNGwpWaKoPHk/Ogprw+ppVuR
W8ULAoirRNknA1VQAyJ2MjdR0z+ClPOhXsHzV2jrBNUHlimSHPNlXn8e0c4qSBuo
Agjnqs5rkwrIiONScwEqPTggYdBby4ye5hO7AuD3sOcuEfV4K0BiL/sYbSugILrl
vFhVQ3Z/oRWgvO32+yfiw4S2MKEwtH9oyg90jJfvoRWd
-----END CERTIFICATE-----