Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/azBHaCOORnvYpwva69P-1gHHBJo.roa
File:                     azBHaCOORnvYpwva69P-1gHHBJo.roa (raw, json)
Hash identifier:          pqW8K3K4Xk6JSDTIwAdRLyfEPelWj+U64SNpbUZgZRw=
Subject key identifier:   6B:30:47:68:23:8E:46:7B:D8:A7:0B:DA:EB:D3:FE:D6:01:C7:04:9A
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       018CC64AE52A8AAE4814A46B0A7AE2398B88
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/azBHaCOORnvYpwva69P-1gHHBJo.roa
Signing time:             Mon 01 Jan 2024 18:30:46 +0000
ROA not before:           Mon 01 Jan 2024 18:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41496
IP address blocks:        85.122.88.0/21 maxlen: 21
                          85.122.136.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:e5:2a:8a:ae:48:14:a4:6b:0a:7a:e2:39:8b:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 18:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b304768238e467bd8a70bdaebd3fed601c7049a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:3c:9e:ff:7d:70:5b:33:20:33:3e:ae:76:80:
                    e8:7a:66:7a:b9:63:f1:03:10:47:ae:e0:9b:c9:5f:
                    fb:30:a9:a4:99:ab:d4:d8:68:ad:e6:17:cf:04:57:
                    f9:46:f2:ca:24:92:85:f0:ec:68:3d:9c:02:6c:9a:
                    8f:8b:cd:d7:7d:55:ea:5e:40:23:ff:44:e1:8c:9d:
                    85:dc:a0:49:4c:09:f8:22:0b:d4:4a:2f:45:cc:d8:
                    b0:ea:4d:c4:74:d1:37:db:02:90:a3:96:47:56:a7:
                    e6:95:8d:d7:b2:da:f9:8c:1b:ea:12:e7:d6:74:87:
                    4d:d9:d6:8f:5c:71:47:ea:0a:6b:12:a7:a7:8c:88:
                    3a:c2:0d:46:f8:95:b4:96:37:d0:74:3a:57:26:40:
                    e4:8e:4f:14:b4:4e:95:bd:a3:f1:8c:21:27:ae:ea:
                    0a:51:6e:ac:06:b0:9f:ef:a5:81:90:41:7f:0d:f9:
                    00:b9:23:d4:8d:fb:b1:b5:67:17:76:69:7b:f3:11:
                    ba:ab:21:9f:8b:27:9e:f7:c9:fd:29:65:34:a1:0e:
                    17:da:f7:98:57:c2:21:b4:a1:81:56:e9:ba:d5:cb:
                    a5:5a:a1:95:99:46:c3:2e:b8:6d:22:43:b9:f3:ce:
                    0c:89:1f:1a:bb:22:6a:22:ee:c5:a0:0f:77:75:f2:
                    f7:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:30:47:68:23:8E:46:7B:D8:A7:0B:DA:EB:D3:FE:D6:01:C7:04:9A
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/azBHaCOORnvYpwva69P-1gHHBJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.122.88.0/21
                  85.122.136.0/21

    Signature Algorithm: sha256WithRSAEncryption
         4d:c8:c7:9f:48:f9:f7:fe:f0:32:42:22:b1:9a:ed:ee:23:cd:
         17:2a:32:7e:b8:0f:e7:99:b8:28:8b:d7:64:7a:f4:23:fe:81:
         40:f5:ba:2d:78:f3:ed:f1:0e:50:f5:20:a5:cb:8f:ba:a3:39:
         01:62:27:83:d7:66:f0:12:cd:3f:bd:ad:c2:45:d2:08:30:e5:
         89:8d:37:72:68:b2:e3:2c:69:ac:39:5e:69:93:ce:9f:fd:c0:
         81:9f:0c:0b:48:ad:42:1c:95:36:18:1d:d3:8f:5e:43:22:57:
         77:ed:fa:15:54:cb:91:02:d8:1c:4a:8b:c1:68:7d:fb:d8:39:
         34:08:b7:4d:40:ed:75:67:3f:02:19:cc:e4:ba:28:50:e8:35:
         2f:32:37:85:be:df:1c:de:b4:a8:e7:28:ac:11:db:06:fb:8d:
         e1:40:50:4f:f9:c7:12:03:f1:1b:88:05:86:f0:17:65:ca:03:
         51:59:04:45:ba:83:a7:7b:44:ec:20:3b:70:3d:14:8d:62:82:
         08:8f:5f:3f:ef:e0:1e:c0:8c:ce:19:d9:f1:96:0c:88:2e:c9:
         e5:b6:19:b7:dc:4d:51:b2:52:76:92:3d:4b:21:48:3c:d2:e8:
         8f:9a:49:53:c5:31:ab:7f:d9:2f:71:fd:1f:69:fa:ca:54:a3:
         46:62:40:6e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGSuUqiq5IFKRrCnriOYuIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjQwMTAxMTgzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjMwNDc2ODIzOGU0NjdiZDhhNzBiZGFlYmQzZmVkNjAxYzcwNDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlDye/31wWzMgMz6udoDoemZ6uWPx
AxBHruCbyV/7MKmkmavU2Git5hfPBFf5RvLKJJKF8OxoPZwCbJqPi83XfVXqXkAj
/0ThjJ2F3KBJTAn4IgvUSi9FzNiw6k3EdNE32wKQo5ZHVqfmlY3Xstr5jBvqEufW
dIdN2daPXHFH6gprEqenjIg6wg1G+JW0ljfQdDpXJkDkjk8UtE6VvaPxjCEnruoK
UW6sBrCf76WBkEF/DfkAuSPUjfuxtWcXdml78xG6qyGfiyee98n9KWU0oQ4X2veY
V8IhtKGBVum61culWqGVmUbDLrhtIkO5884MiR8auyJqIu7FoA93dfL3zwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGswR2gjjkZ72KcL2uvT/tYBxwSaMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvYXpCSGFDT09SbnZZcHd2YTY5UC0xZ0hIQkpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDVXpYAwQD
VXqIMA0GCSqGSIb3DQEBCwUAA4IBAQBNyMefSPn3/vAyQiKxmu3uI80XKjJ+uA/n
mbgoi9dkevQj/oFA9botePPt8Q5Q9SCly4+6ozkBYieD12bwEs0/va3CRdIIMOWJ
jTdyaLLjLGmsOV5pk86f/cCBnwwLSK1CHJU2GB3Tj15DIld37foVVMuRAtgcSovB
aH372Dk0CLdNQO11Zz8CGczkuihQ6DUvMjeFvt8c3rSo5yisEdsG+43hQFBP+ccS
A/EbiAWG8BdlygNRWQRFuoOne0TsIDtwPRSNYoIIj18/7+AewIzOGdnxlgyILsnl
thm33E1RslJ2kj1LIUg80uiPmklTxTGrf9kvcf0fafrKVKNGYkBu
-----END CERTIFICATE-----