Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/F2uiCRKKDTADkC8Q8Abc8PJIIy8.roa
File:                     F2uiCRKKDTADkC8Q8Abc8PJIIy8.roa (raw, json)
Hash identifier:          bkbJqqtrYPUBoEzK0nCxLcSF5SfnJoHkmNbPM8Xeh3k=
Subject key identifier:   17:6B:A2:09:12:8A:0D:30:03:90:2F:10:F0:06:DC:F0:F2:48:23:2F
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018DC75962A4B9C91D296F83E8D459DC6105
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/F2uiCRKKDTADkC8Q8Abc8PJIIy8.roa
Signing time:             Tue 20 Feb 2024 16:29:00 +0000
ROA not before:           Tue 20 Feb 2024 16:29:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20860
IP address blocks:        81.161.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c7:59:62:a4:b9:c9:1d:29:6f:83:e8:d4:59:dc:61:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Feb 20 16:29:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=176ba209128a0d3003902f10f006dcf0f248232f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:9b:82:01:87:2d:9b:a3:18:47:f3:c0:28:34:
                    80:6f:b6:e5:fb:60:9f:be:53:5a:00:0d:bf:9a:86:
                    49:07:fa:4f:40:c9:ae:80:54:b9:04:5b:0e:67:a9:
                    8f:9a:89:a3:55:6b:bd:52:6c:d4:f5:66:62:0a:12:
                    a6:36:01:f3:8c:9b:f3:8b:b0:a3:1d:c9:ab:76:81:
                    a4:c4:8f:2e:60:ff:21:f3:89:cd:bb:84:33:91:11:
                    00:af:cc:25:60:00:60:d3:11:2a:b8:b1:ef:b6:cc:
                    43:1e:d9:e3:97:6f:6b:8e:26:29:24:7f:6e:ef:74:
                    70:a5:e9:c5:fc:0c:2f:30:97:a1:76:82:fd:ac:bf:
                    a9:2c:ae:03:60:3d:30:fd:c5:5a:36:6b:84:62:ee:
                    74:9a:fa:b2:ad:ec:88:63:f2:81:9b:92:fb:e5:fc:
                    f8:5d:2b:ed:d8:00:ec:e1:1f:c2:6d:55:90:df:96:
                    af:8a:75:af:ae:e5:fd:82:4f:06:f6:52:e1:a5:9e:
                    7f:a4:c3:e1:2b:52:a3:bb:66:7c:f8:2f:e4:3b:d8:
                    d5:06:fe:88:c8:33:91:a7:d4:94:23:c5:98:0a:bf:
                    87:8c:5a:69:f9:0f:e6:15:51:b2:de:5a:e5:d7:ec:
                    7e:1a:53:7c:61:82:f1:88:ae:f4:38:5b:04:d0:0a:
                    fd:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:6B:A2:09:12:8A:0D:30:03:90:2F:10:F0:06:DC:F0:F2:48:23:2F
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/F2uiCRKKDTADkC8Q8Abc8PJIIy8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.161.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:43:98:eb:0b:50:31:f1:d7:f9:f2:32:71:4e:7a:70:d0:b7:
         b0:33:94:68:df:c2:93:a8:71:94:42:56:d6:b4:92:51:cd:f3:
         ea:56:07:29:57:9a:5e:06:42:89:bf:ed:cb:60:ca:6d:fc:d6:
         2c:57:9e:56:78:7b:d9:cc:f3:dc:1f:4d:c7:4d:a0:a6:2b:02:
         f7:c3:5d:4a:0e:df:3a:47:66:89:61:a4:d6:72:36:c7:8c:ff:
         3c:4b:a1:82:32:74:13:a5:a9:c5:91:26:ac:25:73:1d:6c:c9:
         65:ac:a1:9b:2a:5e:f1:31:ff:e4:81:ff:79:94:2c:0f:f6:5d:
         66:af:c9:de:6d:95:3b:45:a1:54:5b:85:60:8a:96:53:02:ff:
         79:ed:e9:c0:9d:59:86:ec:84:5e:45:7b:4c:61:30:91:05:3d:
         46:59:6d:fe:5b:5a:b1:17:84:9a:d6:92:9f:b3:81:71:31:cd:
         33:07:34:58:63:3b:54:39:de:26:e8:7f:7f:69:84:aa:8b:a6:
         e8:1d:37:d6:fa:a1:4f:77:03:d7:72:9f:0f:1e:74:0e:b4:3c:
         44:f9:16:30:4d:bd:35:d8:5a:bd:53:11:e3:80:f5:f5:b0:3d:
         1e:e7:a2:c5:f1:a5:2e:76:29:ba:34:bc:80:43:01:ed:60:be:
         20:ac:76:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3HWWKkuckdKW+D6NRZ3GEFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMjIwMTYyOTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzZiYTIwOTEyOGEwZDMwMDM5MDJmMTBmMDA2ZGNmMGYyNDgyMzJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJuCAYctm6MYR/PAKDSAb7bl+2Cf
vlNaAA2/moZJB/pPQMmugFS5BFsOZ6mPmomjVWu9UmzU9WZiChKmNgHzjJvzi7Cj
HcmrdoGkxI8uYP8h84nNu4QzkREAr8wlYABg0xEquLHvtsxDHtnjl29rjiYpJH9u
73RwpenF/AwvMJehdoL9rL+pLK4DYD0w/cVaNmuEYu50mvqyreyIY/KBm5L75fz4
XSvt2ADs4R/CbVWQ35avinWvruX9gk8G9lLhpZ5/pMPhK1Kju2Z8+C/kO9jVBv6I
yDORp9SUI8WYCr+HjFpp+Q/mFVGy3lrl1+x+GlN8YYLxiK70OFsE0Ar9cQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBdrogkSig0wA5AvEPAG3PDySCMvMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvRjJ1aUNSS0tEVEFEa0M4UThBYmM4UEpJSXk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUaHlMA0G
CSqGSIb3DQEBCwUAA4IBAQBHQ5jrC1Ax8df58jJxTnpw0LewM5Ro38KTqHGUQlbW
tJJRzfPqVgcpV5peBkKJv+3LYMpt/NYsV55WeHvZzPPcH03HTaCmKwL3w11KDt86
R2aJYaTWcjbHjP88S6GCMnQTpanFkSasJXMdbMllrKGbKl7xMf/kgf95lCwP9l1m
r8nebZU7RaFUW4VgipZTAv957enAnVmG7IReRXtMYTCRBT1GWW3+W1qxF4Sa1pKf
s4FxMc0zBzRYYztUOd4m6H9/aYSqi6boHTfW+qFPdwPXcp8PHnQOtDxE+RYwTb01
2Fq9UxHjgPX1sD0e56LF8aUudim6NLyAQwHtYL4grHbw
-----END CERTIFICATE-----