Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/5d31cb-46c6-4b58-8279-d5aefccc9522/1/afAkZKEZgaQhRTkWOD6pS2TXBl0.roa
File:                     afAkZKEZgaQhRTkWOD6pS2TXBl0.roa (raw, json)
Hash identifier:          g6DBoi+cgQUCG4X5bHRHfLciglyweXwUoBhFsFCU6Wg=
Subject key identifier:   69:F0:24:64:A1:19:81:A4:21:45:39:16:38:3E:A9:4B:64:D7:06:5D
Certificate issuer:       /CN=90878c39624aede3929e17ccd95878c292b2f351
Certificate serial:       018F0B2B0E3F9040D891A1234182D4E6CE54
Authority key identifier: 90:87:8C:39:62:4A:ED:E3:92:9E:17:CC:D9:58:78:C2:92:B2:F3:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kIeMOWJK7eOSnhfM2Vh4wpKy81E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/5d31cb-46c6-4b58-8279-d5aefccc9522/1/afAkZKEZgaQhRTkWOD6pS2TXBl0.roa
Signing time:             Tue 23 Apr 2024 13:35:22 +0000
ROA not before:           Tue 23 Apr 2024 13:35:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41135
IP address blocks:        81.201.80.0/20 maxlen: 24
                          185.47.148.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/5d31cb-46c6-4b58-8279-d5aefccc9522/1/kIeMOWJK7eOSnhfM2Vh4wpKy81E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/5d31cb-46c6-4b58-8279-d5aefccc9522/1/kIeMOWJK7eOSnhfM2Vh4wpKy81E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kIeMOWJK7eOSnhfM2Vh4wpKy81E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0b:2b:0e:3f:90:40:d8:91:a1:23:41:82:d4:e6:ce:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90878c39624aede3929e17ccd95878c292b2f351
        Validity
            Not Before: Apr 23 13:35:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69f02464a11981a421453916383ea94b64d7065d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:12:87:54:44:b8:99:4c:c4:7c:09:ec:da:8d:
                    37:ea:77:9e:6d:03:51:fe:fe:ac:9a:00:e0:af:f1:
                    a2:37:d7:79:23:c1:e0:8f:61:d9:0e:7b:9e:a4:6f:
                    05:54:df:95:5b:65:4d:54:93:00:0c:9d:d9:37:94:
                    c9:50:33:48:7d:11:46:b5:85:8d:3f:8a:b5:76:c7:
                    8d:e2:01:00:d9:cb:d3:b5:40:37:a0:0e:9a:6c:e7:
                    06:52:2f:85:ab:61:c5:be:b6:99:69:77:f7:b4:08:
                    4c:e8:39:a2:1e:96:59:df:45:d8:c2:73:1a:f5:cd:
                    e7:23:39:5f:5c:54:8b:b8:df:0e:bf:2d:47:48:aa:
                    7d:24:7b:62:83:14:d5:3d:af:a0:59:59:38:6f:7c:
                    b3:77:b3:29:5c:1b:d2:7f:15:b0:ce:a0:3b:16:c3:
                    6b:67:17:48:98:a9:30:52:b2:57:23:bd:d8:3a:a8:
                    a0:08:5f:f9:cf:89:0a:01:0b:ee:1d:62:a1:a1:4e:
                    54:a7:1c:41:7b:7f:a4:bf:b3:07:30:3e:aa:d4:b4:
                    cd:36:5a:56:60:02:7d:5c:5e:e1:a9:7b:f1:eb:0a:
                    4b:44:a5:70:98:e2:c8:b5:32:a3:f6:5a:88:7b:43:
                    b7:0f:26:c7:93:86:84:f5:41:04:49:55:1d:db:aa:
                    3d:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:F0:24:64:A1:19:81:A4:21:45:39:16:38:3E:A9:4B:64:D7:06:5D
            X509v3 Authority Key Identifier:
                keyid:90:87:8C:39:62:4A:ED:E3:92:9E:17:CC:D9:58:78:C2:92:B2:F3:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kIeMOWJK7eOSnhfM2Vh4wpKy81E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/5d31cb-46c6-4b58-8279-d5aefccc9522/1/afAkZKEZgaQhRTkWOD6pS2TXBl0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/5d31cb-46c6-4b58-8279-d5aefccc9522/1/kIeMOWJK7eOSnhfM2Vh4wpKy81E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.201.80.0/20
                  185.47.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0c:d2:bc:04:86:78:52:10:98:04:d3:81:7f:6f:c4:cb:a9:2d:
         a0:c3:84:52:73:a7:3d:2a:b1:80:4c:af:af:a0:60:1c:a7:00:
         85:0b:40:92:c6:96:85:2a:da:4c:0d:39:fa:cb:d5:64:0c:c1:
         30:65:82:a8:4a:ad:88:97:a3:60:2d:41:7d:58:fb:8a:58:43:
         e3:ab:29:03:aa:f0:01:56:06:a9:d6:7e:91:68:1b:43:13:2b:
         56:48:c0:6b:f7:8c:f7:43:98:3d:9d:be:d0:a3:3b:73:52:07:
         69:74:1f:b7:ea:2e:b9:51:7b:61:cf:38:ed:13:2b:9d:bf:04:
         0b:28:18:da:bb:f8:a8:96:0b:ec:8e:d5:63:87:b7:b3:56:fb:
         55:4c:0f:d5:59:d3:ab:c3:69:c6:ef:9d:e9:2b:20:14:1b:87:
         8b:a7:81:9e:1a:8a:43:32:9d:f9:03:ed:1b:03:f0:5f:44:48:
         62:55:10:43:67:24:3e:76:03:f9:98:44:7c:d1:ef:f4:42:93:
         db:ce:68:6f:d1:14:d6:af:df:d7:17:b8:a8:01:53:da:c7:cd:
         f6:a9:c1:31:89:f5:9d:8a:9f:46:78:2f:1e:3a:7a:0f:3f:79:
         45:19:8c:1d:da:05:df:8e:bc:41:4e:e7:18:60:7b:a8:bd:3f:
         32:c9:d5:2c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY8LKw4/kEDYkaEjQYLU5s5UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwODc4YzM5NjI0YWVkZTM5MjllMTdjY2Q5NTg3OGMyOTJi
MmYzNTEwHhcNMjQwNDIzMTMzNTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWYwMjQ2NGExMTk4MWE0MjE0NTM5MTYzODNlYTk0YjY0ZDcwNjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgBKHVES4mUzEfAns2o036neebQNR
/v6smgDgr/GiN9d5I8Hgj2HZDnuepG8FVN+VW2VNVJMADJ3ZN5TJUDNIfRFGtYWN
P4q1dseN4gEA2cvTtUA3oA6abOcGUi+Fq2HFvraZaXf3tAhM6DmiHpZZ30XYwnMa
9c3nIzlfXFSLuN8Ovy1HSKp9JHtigxTVPa+gWVk4b3yzd7MpXBvSfxWwzqA7FsNr
ZxdImKkwUrJXI73YOqigCF/5z4kKAQvuHWKhoU5UpxxBe3+kv7MHMD6q1LTNNlpW
YAJ9XF7hqXvx6wpLRKVwmOLItTKj9lqIe0O3DybHk4aE9UEESVUd26o9QwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGnwJGShGYGkIUU5Fjg+qUtk1wZdMB8GA1UdIwQY
MBaAFJCHjDliSu3jkp4XzNlYeMKSsvNRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0llTU9XSks3ZU9TbmhmTTJWaDR3cEt5ODFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi81ZDMxY2ItNDZjNi00YjU4LTgyNzkt
ZDVhZWZjY2M5NTIyLzEvYWZBa1pLRVpnYVFoUlRrV09ENnBTMlRYQmwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi81ZDMxY2ItNDZjNi00YjU4LTgyNzktZDVhZWZjY2M5NTIy
LzEva0llTU9XSks3ZU9TbmhmTTJWaDR3cEt5ODFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEUclQAwQC
uS+UMA0GCSqGSIb3DQEBCwUAA4IBAQAM0rwEhnhSEJgE04F/b8TLqS2gw4RSc6c9
KrGATK+voGAcpwCFC0CSxpaFKtpMDTn6y9VkDMEwZYKoSq2Il6NgLUF9WPuKWEPj
qykDqvABVgap1n6RaBtDEytWSMBr94z3Q5g9nb7QoztzUgdpdB+36i65UXthzzjt
EyudvwQLKBjau/iolgvsjtVjh7ezVvtVTA/VWdOrw2nG753pKyAUG4eLp4GeGopD
Mp35A+0bA/BfREhiVRBDZyQ+dgP5mER80e/0QpPbzmhv0RTWr9/XF7ioAVPax832
qcExifWdip9GeC8eOnoPP3lFGYwd2gXfjrxBTucYYHuovT8yydUs
-----END CERTIFICATE-----