Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/pvcwqnzdiC4AV-ozjQJAtGfuMmQ.roa
File:                     pvcwqnzdiC4AV-ozjQJAtGfuMmQ.roa (raw, json)
Hash identifier:          o807ObjOPHxZCFd1T0UTfe6NCGUm6oR8rZPhXRE7hMk=
Subject key identifier:   A6:F7:30:AA:7C:DD:88:2E:00:57:EA:33:8D:02:40:B4:67:EE:32:64
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       018DA8C776C3D13599543D5F74BA2D000C7A
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/pvcwqnzdiC4AV-ozjQJAtGfuMmQ.roa
Signing time:             Wed 14 Feb 2024 18:01:00 +0000
ROA not before:           Wed 14 Feb 2024 18:01:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     23470
IP address blocks:        81.22.141.0/24 maxlen: 24
                          109.72.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 20:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a8:c7:76:c3:d1:35:99:54:3d:5f:74:ba:2d:00:0c:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Feb 14 18:01:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a6f730aa7cdd882e0057ea338d0240b467ee3264
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:50:7b:5e:04:71:48:47:3f:6c:c1:75:86:4d:
                    0d:1b:67:1d:d9:30:3e:00:65:e5:bb:06:27:ee:2a:
                    b8:55:20:03:48:f6:6f:39:ba:c2:f7:fe:be:3f:74:
                    19:6f:d8:83:7c:f6:08:8b:d1:37:7d:a7:46:18:2d:
                    55:da:3b:06:ef:fb:35:a3:03:7a:49:c4:51:ad:02:
                    b4:76:1d:37:45:82:b1:ce:53:40:54:7d:a9:10:14:
                    8c:04:4f:0c:29:16:80:8f:f9:4d:04:17:8f:37:c1:
                    39:b0:f9:ad:ca:85:43:2c:04:7a:3e:cc:ec:09:7d:
                    38:ad:88:33:af:97:91:61:27:74:fa:b3:ec:a3:67:
                    33:19:37:51:f9:3f:89:c5:40:b2:67:4e:11:d1:e1:
                    d7:8f:55:22:1d:b7:aa:4f:42:92:4c:76:c8:f7:16:
                    73:ee:06:f8:0b:50:f5:8e:13:63:8a:5f:dc:8a:cd:
                    1c:83:1c:6c:2c:00:b2:7e:fd:d2:55:92:2c:06:a0:
                    cf:aa:d0:b6:26:18:f6:30:38:ae:0d:02:77:f0:da:
                    1a:6d:66:5b:1e:30:03:95:f2:11:e7:23:bb:9b:8c:
                    eb:64:0b:b5:c1:e6:0e:d2:5c:b8:c2:51:d8:af:36:
                    9d:65:55:a8:0e:bb:80:62:fd:f2:c9:51:79:4c:fc:
                    0e:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:F7:30:AA:7C:DD:88:2E:00:57:EA:33:8D:02:40:B4:67:EE:32:64
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/pvcwqnzdiC4AV-ozjQJAtGfuMmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.22.141.0/24
                  109.72.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:ed:20:7a:c8:ef:f0:18:0a:89:e6:a8:92:76:7b:48:fb:27:
         10:86:a9:2a:1a:61:3f:5a:85:6d:58:f6:74:c3:28:a9:61:6d:
         a3:04:04:60:2f:d1:d5:89:ac:c7:6c:d5:32:ec:bb:47:bf:e1:
         24:61:fe:60:33:00:1b:c4:80:3d:38:a2:9b:d9:53:aa:4c:8a:
         69:fa:bf:e8:90:cf:9e:9f:2d:ee:c6:ed:4b:a8:94:68:93:4e:
         a6:2d:fd:d1:dd:37:5b:c4:bd:fd:ba:d9:22:ae:f1:c3:04:8b:
         62:1d:62:e7:61:72:1b:05:60:27:b2:73:a8:56:f2:5c:c0:81:
         f9:03:f6:fc:05:91:d7:4d:3c:69:2a:3e:e5:0d:11:55:0e:0f:
         8f:97:86:0b:a4:b6:94:fb:d0:63:0a:82:3a:09:5f:b1:0b:12:
         72:ca:57:95:f1:5b:84:45:f9:b8:61:f7:f2:2e:09:51:f5:d2:
         61:a8:11:80:ea:ee:ba:07:74:b4:35:82:d7:44:78:45:ab:00:
         99:5c:4f:f2:e6:9f:a2:db:c6:bd:9f:c1:74:1c:7c:1d:d2:bd:
         16:0f:be:f4:fd:06:aa:80:61:74:bf:8e:83:e8:e5:bf:1e:49:
         35:d8:1a:7d:03:6e:ab:31:2a:45:b9:99:7d:c1:82:e1:4f:d2:
         82:c5:29:14
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY2ox3bD0TWZVD1fdLotAAx6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjQwMjE0MTgwMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmY3MzBhYTdjZGQ4ODJlMDA1N2VhMzM4ZDAyNDBiNDY3ZWUzMjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk1B7XgRxSEc/bMF1hk0NG2cd2TA+
AGXluwYn7iq4VSADSPZvObrC9/6+P3QZb9iDfPYIi9E3fadGGC1V2jsG7/s1owN6
ScRRrQK0dh03RYKxzlNAVH2pEBSMBE8MKRaAj/lNBBePN8E5sPmtyoVDLAR6Pszs
CX04rYgzr5eRYSd0+rPso2czGTdR+T+JxUCyZ04R0eHXj1UiHbeqT0KSTHbI9xZz
7gb4C1D1jhNjil/cis0cgxxsLACyfv3SVZIsBqDPqtC2Jhj2MDiuDQJ38NoabWZb
HjADlfIR5yO7m4zrZAu1weYO0ly4wlHYrzadZVWoDruAYv3yyVF5TPwOrwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKb3MKp83YguAFfqM40CQLRn7jJkMB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvcHZjd3FuemRpQzRBVi1vempRSkF0R2Z1TW1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAURaNAwQA
bUh3MA0GCSqGSIb3DQEBCwUAA4IBAQAZ7SB6yO/wGAqJ5qiSdntI+ycQhqkqGmE/
WoVtWPZ0wyipYW2jBARgL9HViazHbNUy7LtHv+EkYf5gMwAbxIA9OKKb2VOqTIpp
+r/okM+eny3uxu1LqJRok06mLf3R3TdbxL39utkirvHDBItiHWLnYXIbBWAnsnOo
VvJcwIH5A/b8BZHXTTxpKj7lDRFVDg+Pl4YLpLaU+9BjCoI6CV+xCxJyyleV8VuE
Rfm4YffyLglR9dJhqBGA6u66B3S0NYLXRHhFqwCZXE/y5p+i28a9n8F0HHwd0r0W
D770/QaqgGF0v46D6OW/Hkk12Bp9A26rMSpFuZl9wYLhT9KCxSkU
-----END CERTIFICATE-----