Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/a8df58-eabc-45d4-9437-b57616136ab6/1/cPArGeeqFzqZ4H61YW3gVUndln4.roa
File:                     cPArGeeqFzqZ4H61YW3gVUndln4.roa (raw, json)
Hash identifier:          8e7RKCuo2ZIJu9Rds0fDBAIFQE0SMq/5kh3xKKyZHa8=
Subject key identifier:   70:F0:2B:19:E7:AA:17:3A:99:E0:7E:B5:61:6D:E0:55:49:DD:96:7E
Certificate issuer:       /CN=83fd967c6c19a31b7e38e9e5c9ca8fa0de3d6149
Certificate serial:       018CC794C1AFFFC57FB53A2B840230D4A577
Authority key identifier: 83:FD:96:7C:6C:19:A3:1B:7E:38:E9:E5:C9:CA:8F:A0:DE:3D:61:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g_2WfGwZoxt-OOnlycqPoN49YUk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/a8df58-eabc-45d4-9437-b57616136ab6/1/cPArGeeqFzqZ4H61YW3gVUndln4.roa
Signing time:             Tue 02 Jan 2024 00:31:04 +0000
ROA not before:           Tue 02 Jan 2024 00:31:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39620
IP address blocks:        81.29.48.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/a8df58-eabc-45d4-9437-b57616136ab6/1/g_2WfGwZoxt-OOnlycqPoN49YUk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/a8df58-eabc-45d4-9437-b57616136ab6/1/g_2WfGwZoxt-OOnlycqPoN49YUk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g_2WfGwZoxt-OOnlycqPoN49YUk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:c1:af:ff:c5:7f:b5:3a:2b:84:02:30:d4:a5:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83fd967c6c19a31b7e38e9e5c9ca8fa0de3d6149
        Validity
            Not Before: Jan  2 00:31:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=70f02b19e7aa173a99e07eb5616de05549dd967e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:79:2b:6b:a4:3a:e0:18:c8:5c:f8:f9:d5:38:
                    2f:82:d0:7f:a5:96:24:48:66:7c:08:d6:a4:a9:c4:
                    f0:81:0c:9f:e3:3b:0f:b9:59:b9:e5:98:8f:13:04:
                    84:d1:7c:5c:9b:86:35:e0:55:46:cc:0b:c0:48:3d:
                    a7:dc:50:5c:ed:c2:c7:87:44:48:f4:00:5f:0b:86:
                    97:33:52:b4:73:1a:02:0f:a7:99:49:89:e3:ba:18:
                    b3:a9:81:52:ae:79:78:92:ad:a6:be:9c:fd:96:4a:
                    ca:4b:89:0f:9c:61:00:da:10:1b:f5:f4:a9:21:8f:
                    3e:29:88:f0:7f:fa:8b:86:29:59:9b:4a:7b:36:2d:
                    bc:ef:c4:53:c7:51:3e:60:48:3e:5a:3f:b5:1c:7c:
                    fb:eb:bb:7d:62:fe:d7:4f:90:21:39:61:af:a4:06:
                    cd:e1:c7:84:9c:4b:c8:1f:47:06:6a:c3:3a:30:ff:
                    1f:e2:91:ff:93:24:b4:17:68:6d:a1:c5:e7:cb:eb:
                    95:22:34:f1:bd:92:fb:bc:d6:85:ea:22:78:5e:06:
                    6b:95:cf:e9:ac:5f:0a:fb:03:a9:a0:15:a8:f1:6e:
                    c1:ed:d2:a2:4a:41:c5:27:33:05:ab:9d:aa:ae:cb:
                    cc:f7:a7:30:ce:e2:24:92:b1:1e:79:62:34:18:5f:
                    52:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:F0:2B:19:E7:AA:17:3A:99:E0:7E:B5:61:6D:E0:55:49:DD:96:7E
            X509v3 Authority Key Identifier:
                keyid:83:FD:96:7C:6C:19:A3:1B:7E:38:E9:E5:C9:CA:8F:A0:DE:3D:61:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g_2WfGwZoxt-OOnlycqPoN49YUk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/a8df58-eabc-45d4-9437-b57616136ab6/1/cPArGeeqFzqZ4H61YW3gVUndln4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/a8df58-eabc-45d4-9437-b57616136ab6/1/g_2WfGwZoxt-OOnlycqPoN49YUk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.29.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         11:14:21:8f:cf:cc:f7:70:eb:37:9d:93:6a:f6:97:42:b0:0b:
         1c:4f:79:0a:4e:7d:dc:e7:8d:db:a9:39:63:a6:27:86:58:69:
         1b:4f:3b:9a:fc:04:f2:16:c0:9a:9d:6f:3a:7f:6e:5f:f9:6e:
         28:9a:1f:30:3f:9a:29:96:89:5d:5f:9b:64:36:24:a0:22:06:
         6e:45:b9:11:79:48:8b:dd:02:2d:12:8c:34:2f:76:1e:7b:d9:
         5a:61:53:74:e9:0a:57:05:55:90:7d:fb:b0:61:3d:dd:9a:28:
         44:00:e4:a0:5f:6f:a0:d7:c3:f9:e2:71:18:7c:8c:51:3f:13:
         35:97:2d:c2:2e:e3:0b:0e:75:cf:45:10:e4:14:66:b2:5e:a2:
         fc:d7:d8:d2:4e:b1:50:7c:b9:42:a8:28:2a:78:80:07:0d:75:
         54:24:12:e8:d3:8e:56:97:e7:88:a8:90:27:fe:36:37:d7:aa:
         9c:b0:49:73:c6:66:91:66:dc:f0:3d:a8:9e:1e:03:b0:cf:4e:
         01:a4:d9:1b:1a:30:6f:da:c8:8d:8a:29:3e:68:dd:5e:f8:6f:
         45:70:a8:87:92:38:44:66:10:e5:95:df:c4:6d:64:4e:ec:e3:
         2f:55:bc:e7:e1:54:20:95:0e:34:2c:f0:f5:6e:35:77:ad:e6:
         f5:6c:30:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlMGv/8V/tTorhAIw1KV3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzZmQ5NjdjNmMxOWEzMWI3ZTM4ZTllNWM5Y2E4ZmEwZGUz
ZDYxNDkwHhcNMjQwMTAyMDAzMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGYwMmIxOWU3YWExNzNhOTllMDdlYjU2MTZkZTA1NTQ5ZGQ5NjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9Hkra6Q64BjIXPj51TgvgtB/pZYk
SGZ8CNakqcTwgQyf4zsPuVm55ZiPEwSE0Xxcm4Y14FVGzAvASD2n3FBc7cLHh0RI
9ABfC4aXM1K0cxoCD6eZSYnjuhizqYFSrnl4kq2mvpz9lkrKS4kPnGEA2hAb9fSp
IY8+KYjwf/qLhilZm0p7Ni2878RTx1E+YEg+Wj+1HHz767t9Yv7XT5AhOWGvpAbN
4ceEnEvIH0cGasM6MP8f4pH/kyS0F2htocXny+uVIjTxvZL7vNaF6iJ4XgZrlc/p
rF8K+wOpoBWo8W7B7dKiSkHFJzMFq52qrsvM96cwzuIkkrEeeWI0GF9SGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHDwKxnnqhc6meB+tWFt4FVJ3ZZ+MB8GA1UdIwQY
MBaAFIP9lnxsGaMbfjjp5cnKj6DePWFJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ18yV2ZHd1pveHQtT09ubHljcVBvTjQ5WVVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi9hOGRmNTgtZWFiYy00NWQ0LTk0Mzct
YjU3NjE2MTM2YWI2LzEvY1BBckdlZXFGenFaNEg2MVlXM2dWVW5kbG40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi9hOGRmNTgtZWFiYy00NWQ0LTk0MzctYjU3NjE2MTM2YWI2
LzEvZ18yV2ZHd1pveHQtT09ubHljcVBvTjQ5WVVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEUR0wMA0G
CSqGSIb3DQEBCwUAA4IBAQARFCGPz8z3cOs3nZNq9pdCsAscT3kKTn3c543bqTlj
pieGWGkbTzua/ATyFsCanW86f25f+W4omh8wP5oploldX5tkNiSgIgZuRbkReUiL
3QItEow0L3Yee9laYVN06QpXBVWQffuwYT3dmihEAOSgX2+g18P54nEYfIxRPxM1
ly3CLuMLDnXPRRDkFGayXqL819jSTrFQfLlCqCgqeIAHDXVUJBLo045Wl+eIqJAn
/jY316qcsElzxmaRZtzwPaieHgOwz04BpNkbGjBv2siNiik+aN1e+G9FcKiHkjhE
ZhDlld/EbWRO7OMvVbzn4VQglQ40LPD1bjV3reb1bDAd
-----END CERTIFICATE-----