Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/16b02c-833a-48f0-ba56-ad6f0bf88438/1/b4LB5YpY236VmMRn3fqEo3vnpzM.roa
File:                     b4LB5YpY236VmMRn3fqEo3vnpzM.roa (raw, json)
Hash identifier:          mQ5d/CyWxuBmLGxb/xGBvkGIrSOz2OpN7WZRItX2aIE=
Subject key identifier:   6F:82:C1:E5:8A:58:DB:7E:95:98:C4:67:DD:FA:84:A3:7B:E7:A7:33
Certificate issuer:       /CN=12c889964b35b51ba8e5e679a15b19a31f133578
Certificate serial:       018CC726DDA6FD4D2B0E585199354939E2D6
Authority key identifier: 12:C8:89:96:4B:35:B5:1B:A8:E5:E6:79:A1:5B:19:A3:1F:13:35:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsiJlks1tRuo5eZ5oVsZox8TNXg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/16b02c-833a-48f0-ba56-ad6f0bf88438/1/b4LB5YpY236VmMRn3fqEo3vnpzM.roa
Signing time:             Mon 01 Jan 2024 22:31:02 +0000
ROA not before:           Mon 01 Jan 2024 22:31:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61113
IP address blocks:        82.146.186.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/16b02c-833a-48f0-ba56-ad6f0bf88438/1/EsiJlks1tRuo5eZ5oVsZox8TNXg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/16b02c-833a-48f0-ba56-ad6f0bf88438/1/EsiJlks1tRuo5eZ5oVsZox8TNXg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsiJlks1tRuo5eZ5oVsZox8TNXg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:dd:a6:fd:4d:2b:0e:58:51:99:35:49:39:e2:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c889964b35b51ba8e5e679a15b19a31f133578
        Validity
            Not Before: Jan  1 22:31:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f82c1e58a58db7e9598c467ddfa84a37be7a733
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:f0:91:db:13:67:3a:99:61:c6:52:9d:01:d4:
                    50:24:14:e1:6e:b8:56:20:c0:37:bb:2e:11:5a:a1:
                    c2:af:d7:b8:c9:52:65:51:56:08:73:64:cd:49:d7:
                    a9:43:e5:ff:be:7b:f4:16:14:ac:cb:fd:44:7d:a9:
                    0c:9b:fe:36:37:8c:e3:08:79:6b:86:9e:96:ea:85:
                    c7:64:49:b9:45:cf:58:5f:e8:98:61:bf:3f:71:0f:
                    01:c7:c7:3b:0e:77:30:e5:a5:84:5a:c4:98:2f:63:
                    45:0a:f3:1c:52:6c:d2:32:ba:a1:e2:ca:81:b6:f1:
                    b3:df:5d:4b:d5:3b:9b:c2:14:e8:92:5f:18:83:9c:
                    57:cb:ca:bf:e2:a1:22:cb:79:76:13:39:a9:1f:0f:
                    b2:6b:0b:46:be:a8:34:5d:c9:40:81:c4:ec:36:6e:
                    67:89:c1:4e:8a:08:8c:76:b7:41:d3:f6:8f:2b:34:
                    9e:5d:96:6e:65:bd:20:58:2f:ff:d1:68:12:05:10:
                    44:ca:e6:f5:2c:73:3b:09:1c:e2:5c:c7:27:6d:ed:
                    bf:33:69:67:fe:f7:01:e2:05:2e:a7:0b:87:bc:b3:
                    9b:79:53:4a:ef:68:c6:a2:a5:bc:e7:4a:9a:2c:f4:
                    15:61:c8:37:4b:bd:45:24:a0:cd:73:fb:ea:00:7a:
                    e8:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:82:C1:E5:8A:58:DB:7E:95:98:C4:67:DD:FA:84:A3:7B:E7:A7:33
            X509v3 Authority Key Identifier:
                keyid:12:C8:89:96:4B:35:B5:1B:A8:E5:E6:79:A1:5B:19:A3:1F:13:35:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsiJlks1tRuo5eZ5oVsZox8TNXg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/16b02c-833a-48f0-ba56-ad6f0bf88438/1/b4LB5YpY236VmMRn3fqEo3vnpzM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/16b02c-833a-48f0-ba56-ad6f0bf88438/1/EsiJlks1tRuo5eZ5oVsZox8TNXg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.146.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:a9:d0:5f:db:d2:45:ee:28:00:ca:08:27:2a:ee:92:62:19:
         d4:c1:cf:47:28:f7:0a:ed:1b:0a:c2:d7:b7:94:ce:fa:72:f9:
         cf:57:72:ca:db:e9:00:09:0a:95:6f:c1:8f:25:e8:eb:03:ca:
         a2:2c:76:ae:29:1c:63:ca:26:0a:1d:78:dd:d2:4f:15:b5:f8:
         ce:5b:ce:52:c9:68:9f:84:64:b9:03:27:91:d7:b0:31:f2:1c:
         8c:e8:49:b1:b3:ff:43:61:a4:66:f7:53:0a:9e:ab:24:a4:d1:
         5a:8e:aa:e2:db:5a:3f:9a:85:37:94:42:ba:cb:78:38:e7:84:
         a8:71:9f:35:f9:5b:1b:df:09:d4:f5:8a:84:27:44:6f:36:af:
         c7:dc:09:ec:ca:15:3c:29:15:1b:ce:0c:04:e6:bd:81:26:0e:
         3b:94:be:f3:47:4d:d5:c8:68:15:46:ff:35:4f:25:f3:02:66:
         aa:da:dd:93:9d:d4:a3:9e:aa:4e:84:db:b9:b7:ce:1b:a4:87:
         9d:99:9d:ac:41:c5:e0:0b:35:e3:c4:91:08:ae:4d:69:e9:93:
         1b:b9:62:9e:52:7a:12:60:5a:fa:8d:3f:3f:1b:8d:66:1f:80:
         26:a8:b8:4d:bc:89:80:d7:7b:30:0f:ec:ae:00:11:bd:fb:a2:
         2e:91:05:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJt2m/U0rDlhRmTVJOeLWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYzg4OTk2NGIzNWI1MWJhOGU1ZTY3OWExNWIxOWEzMWYx
MzM1NzgwHhcNMjQwMTAxMjIzMTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjgyYzFlNThhNThkYjdlOTU5OGM0NjdkZGZhODRhMzdiZTdhNzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj/CR2xNnOplhxlKdAdRQJBThbrhW
IMA3uy4RWqHCr9e4yVJlUVYIc2TNSdepQ+X/vnv0FhSsy/1EfakMm/42N4zjCHlr
hp6W6oXHZEm5Rc9YX+iYYb8/cQ8Bx8c7Dncw5aWEWsSYL2NFCvMcUmzSMrqh4sqB
tvGz311L1TubwhTokl8Yg5xXy8q/4qEiy3l2EzmpHw+yawtGvqg0XclAgcTsNm5n
icFOigiMdrdB0/aPKzSeXZZuZb0gWC//0WgSBRBEyub1LHM7CRziXMcnbe2/M2ln
/vcB4gUupwuHvLObeVNK72jGoqW850qaLPQVYcg3S71FJKDNc/vqAHroIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG+CweWKWNt+lZjEZ936hKN756czMB8GA1UdIwQY
MBaAFBLIiZZLNbUbqOXmeaFbGaMfEzV4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXNpSmxrczF0UnVvNWVaNW9Wc1pveDhUTlhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8xNmIwMmMtODMzYS00OGYwLWJhNTYt
YWQ2ZjBiZjg4NDM4LzEvYjRMQjVZcFkyMzZWbU1SbjNmcUVvM3ZucHpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8xNmIwMmMtODMzYS00OGYwLWJhNTYtYWQ2ZjBiZjg4NDM4
LzEvRXNpSmxrczF0UnVvNWVaNW9Wc1pveDhUTlhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpK6MA0G
CSqGSIb3DQEBCwUAA4IBAQBWqdBf29JF7igAyggnKu6SYhnUwc9HKPcK7RsKwte3
lM76cvnPV3LK2+kACQqVb8GPJejrA8qiLHauKRxjyiYKHXjd0k8VtfjOW85SyWif
hGS5AyeR17Ax8hyM6Emxs/9DYaRm91MKnqskpNFajqri21o/moU3lEK6y3g454So
cZ81+Vsb3wnU9YqEJ0RvNq/H3AnsyhU8KRUbzgwE5r2BJg47lL7zR03VyGgVRv81
TyXzAmaq2t2TndSjnqpOhNu5t84bpIedmZ2sQcXgCzXjxJEIrk1p6ZMbuWKeUnoS
YFr6jT8/G41mH4AmqLhNvImA13swD+yuABG9+6IukQX0
-----END CERTIFICATE-----