Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/hleFd0fnnkliZ3Im5v-3GF4bkVQ.roa
File:                     hleFd0fnnkliZ3Im5v-3GF4bkVQ.roa (raw, json)
Hash identifier:          Yo7K+m+8q4B3zD+wDdH/7iNC7tJEZiugxZa9mkFxlpw=
Subject key identifier:   86:57:85:77:47:E7:9E:49:62:67:72:26:E6:FF:B7:18:5E:1B:91:54
Certificate issuer:       /CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
Certificate serial:       018CC9BC91DC4B8B3BBA2FD39D57D2A01ECD
Authority key identifier: 4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/hleFd0fnnkliZ3Im5v-3GF4bkVQ.roa
Signing time:             Tue 02 Jan 2024 10:33:47 +0000
ROA not before:           Tue 02 Jan 2024 10:33:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49607
IP address blocks:        83.217.232.0/24 maxlen: 24
                          81.19.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:91:dc:4b:8b:3b:ba:2f:d3:9d:57:d2:a0:1e:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
        Validity
            Not Before: Jan  2 10:33:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8657857747e79e4962677226e6ffb7185e1b9154
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:2e:32:81:19:04:36:00:64:46:7a:63:87:b6:
                    b2:ae:d2:89:ef:c8:9b:96:ad:dd:18:de:38:14:e7:
                    7c:e4:f9:d2:1e:82:62:3b:67:4a:49:70:8b:31:fc:
                    a2:28:64:c0:2f:7f:90:d7:f9:27:58:09:6e:df:ac:
                    21:73:6a:f6:ec:3b:56:36:24:ca:2a:36:c6:3e:3b:
                    8a:0d:a0:ab:ff:17:bc:29:9e:5a:cb:df:c6:c4:a3:
                    70:b3:3c:2c:c6:37:8d:c5:35:3c:2c:8b:fb:e6:c1:
                    83:7d:4d:f7:13:d5:00:03:01:f1:44:84:4f:a2:22:
                    e4:d3:2e:c5:90:34:41:aa:d4:59:24:89:48:75:5b:
                    b8:43:15:d8:90:c6:fb:ae:61:3b:19:82:98:6f:39:
                    2c:97:e3:d5:6b:b3:0f:4b:a1:b7:a6:92:3a:e4:60:
                    6f:1f:9c:81:0d:ad:65:eb:3b:2e:9c:7b:c3:d4:7e:
                    ce:d6:2a:87:51:54:bd:e6:8f:80:d7:f9:db:01:f4:
                    93:96:82:78:ed:c3:98:f4:f3:f4:d6:74:48:f1:41:
                    f0:9a:c9:74:f5:a7:94:10:49:45:ba:9a:23:25:fe:
                    86:03:81:4d:94:bb:b9:ec:2e:7f:3d:b6:4d:23:9d:
                    c9:27:98:45:06:21:e5:8d:a1:bc:db:ad:90:be:26:
                    15:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:57:85:77:47:E7:9E:49:62:67:72:26:E6:FF:B7:18:5E:1B:91:54
            X509v3 Authority Key Identifier:
                keyid:4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/hleFd0fnnkliZ3Im5v-3GF4bkVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.111.0/24
                  83.217.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:94:a6:af:67:33:61:06:9c:a4:fb:1b:3a:28:8f:90:fa:f8:
         ac:d6:8f:ef:04:37:b5:90:bc:71:6c:54:f9:3f:2d:f9:7b:2c:
         09:33:99:46:69:b9:aa:2d:8d:e7:22:27:a8:ff:92:2d:31:76:
         b0:ae:a3:66:c6:4d:46:33:ae:5b:7c:ac:e0:40:9c:6e:62:d5:
         1d:30:f1:fb:43:13:b2:66:e9:be:86:c4:d6:03:23:b7:2c:b1:
         c9:43:14:cf:e5:38:b6:48:40:a6:73:b9:87:42:ff:a8:63:3a:
         56:17:c8:9b:cb:57:48:70:ee:ae:09:d6:05:a5:5f:51:87:57:
         31:d3:eb:51:43:7d:0e:90:b9:31:f1:2e:e0:54:5f:64:30:3d:
         c6:3b:5c:a7:af:74:4e:4a:fd:95:58:92:b2:99:a0:91:8b:8f:
         b7:97:cb:47:5d:bf:bb:58:b7:98:95:14:7f:65:3c:33:27:ea:
         e6:d3:67:2d:2f:dc:8c:ff:5e:05:de:ab:33:38:c5:c0:15:2c:
         4a:0b:b4:d2:fc:03:5c:36:77:04:37:7b:7a:dc:7b:40:a7:24:
         40:8b:42:0b:62:c3:2d:38:a7:3f:19:9d:fb:6f:b5:a6:26:9e:
         a8:b3:da:83:0f:11:73:1c:84:c2:cd:4c:16:54:b1:ba:4f:9a:
         ca:74:2c:23
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJvJHcS4s7ui/TnVfSoB7NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNWEyOTIxZmJlYjhhNDQ4ZTdhZTFlYzVhMTFiOGFiODk4
ZDIyZmQwHhcNMjQwMTAyMTAzMzQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjU3ODU3NzQ3ZTc5ZTQ5NjI2NzcyMjZlNmZmYjcxODVlMWI5MTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4S4ygRkENgBkRnpjh7ayrtKJ78ib
lq3dGN44FOd85PnSHoJiO2dKSXCLMfyiKGTAL3+Q1/knWAlu36whc2r27DtWNiTK
KjbGPjuKDaCr/xe8KZ5ay9/GxKNwszwsxjeNxTU8LIv75sGDfU33E9UAAwHxRIRP
oiLk0y7FkDRBqtRZJIlIdVu4QxXYkMb7rmE7GYKYbzksl+PVa7MPS6G3ppI65GBv
H5yBDa1l6zsunHvD1H7O1iqHUVS95o+A1/nbAfSTloJ47cOY9PP01nRI8UHwmsl0
9aeUEElFupojJf6GA4FNlLu57C5/PbZNI53JJ5hFBiHljaG8262QviYVOwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIZXhXdH555JYmdyJub/txheG5FUMB8GA1UdIwQY
MBaAFE1aKSH764pEjnrh7FoRuKuJjSL9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUt
NzgwYTI1Y2QwZGQ5LzEvaGxlRmQwZm5ua2xpWjNJbTV2LTNHRjRia1ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUtNzgwYTI1Y2QwZGQ5
LzEvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAURNvAwQA
U9noMA0GCSqGSIb3DQEBCwUAA4IBAQA3lKavZzNhBpyk+xs6KI+Q+vis1o/vBDe1
kLxxbFT5Py35eywJM5lGabmqLY3nIieo/5ItMXawrqNmxk1GM65bfKzgQJxuYtUd
MPH7QxOyZum+hsTWAyO3LLHJQxTP5Ti2SECmc7mHQv+oYzpWF8iby1dIcO6uCdYF
pV9Rh1cx0+tRQ30OkLkx8S7gVF9kMD3GO1ynr3ROSv2VWJKymaCRi4+3l8tHXb+7
WLeYlRR/ZTwzJ+rm02ctL9yM/14F3qszOMXAFSxKC7TS/ANcNncEN3t63HtApyRA
i0ILYsMtOKc/GZ37b7WmJp6os9qDDxFzHITCzUwWVLG6T5rKdCwj
-----END CERTIFICATE-----