Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/G1QkwSQuVmm9JuNPjqy723eIUpw.roa
File:                     G1QkwSQuVmm9JuNPjqy723eIUpw.roa (raw, json)
Hash identifier:          goNo4nOm9vDoYxmM+ZQcv80J3Jh1mU2uwxvxCImhZGg=
Subject key identifier:   1B:54:24:C1:24:2E:56:69:BD:26:E3:4F:8E:AC:BB:DB:77:88:52:9C
Certificate issuer:       /CN=aeb66ec5e8f2405f6f8d486e73fb82b8de0dee0f
Certificate serial:       018CC348EE2D7CF770797036A676E64BDB48
Authority key identifier: AE:B6:6E:C5:E8:F2:40:5F:6F:8D:48:6E:73:FB:82:B8:DE:0D:EE:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rrZuxejyQF9vjUhuc_uCuN4N7g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/G1QkwSQuVmm9JuNPjqy723eIUpw.roa
Signing time:             Mon 01 Jan 2024 04:29:45 +0000
ROA not before:           Mon 01 Jan 2024 04:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60507
IP address blocks:        81.94.220.0/23 maxlen: 24
                          81.94.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/rrZuxejyQF9vjUhuc_uCuN4N7g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/rrZuxejyQF9vjUhuc_uCuN4N7g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rrZuxejyQF9vjUhuc_uCuN4N7g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 17:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ee:2d:7c:f7:70:79:70:36:a6:76:e6:4b:db:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aeb66ec5e8f2405f6f8d486e73fb82b8de0dee0f
        Validity
            Not Before: Jan  1 04:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b5424c1242e5669bd26e34f8eacbbdb7788529c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:da:80:fe:63:56:5a:85:f4:92:34:88:38:2c:
                    8e:f0:d0:c1:2a:da:f2:69:3c:a4:68:eb:9b:31:1f:
                    ab:01:32:fd:08:7a:b1:09:d4:5d:fa:99:6d:70:11:
                    31:4a:67:01:d5:a6:9c:a1:24:d7:92:96:11:e3:b5:
                    89:46:e4:a6:06:0c:f5:76:d9:c5:28:a7:b3:48:84:
                    e8:f5:f6:71:4b:33:7b:61:a0:33:fc:6f:66:ee:b0:
                    ec:ad:27:53:6a:8a:71:7b:0c:68:04:d2:0a:aa:d4:
                    77:82:c1:e3:7c:a6:43:0d:62:4e:14:5b:1e:ca:cb:
                    dc:d7:5e:9b:66:44:7e:b0:c7:0f:ca:8d:76:e1:8a:
                    b0:39:a5:11:a4:39:ee:02:28:32:ff:d2:92:0d:ff:
                    eb:31:b9:16:c7:57:63:72:a7:3b:63:6b:83:52:f9:
                    00:9f:08:28:7c:ec:0a:0f:6d:b8:25:3f:d9:6c:e3:
                    76:34:05:1e:df:88:2b:0d:59:8e:51:c2:ed:88:ff:
                    f2:67:92:57:c9:2d:fa:8c:c4:89:59:5a:a6:f3:59:
                    17:f2:12:28:e9:d2:18:80:03:71:0d:7d:d8:f9:1c:
                    d8:63:37:8f:c9:73:2d:05:dc:45:05:8d:1a:9a:7d:
                    56:0f:9f:44:0c:ed:89:0a:d1:bd:f1:a6:3f:0d:de:
                    74:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:54:24:C1:24:2E:56:69:BD:26:E3:4F:8E:AC:BB:DB:77:88:52:9C
            X509v3 Authority Key Identifier:
                keyid:AE:B6:6E:C5:E8:F2:40:5F:6F:8D:48:6E:73:FB:82:B8:DE:0D:EE:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rrZuxejyQF9vjUhuc_uCuN4N7g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/G1QkwSQuVmm9JuNPjqy723eIUpw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/rrZuxejyQF9vjUhuc_uCuN4N7g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.94.220.0/23
                  81.94.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:df:a5:cb:84:a2:c4:18:d6:72:58:53:8e:c2:b7:c0:31:aa:
         7c:f0:e5:02:84:2c:ed:68:4f:62:75:b1:eb:77:8f:0d:3e:41:
         42:a8:91:92:bf:e2:8a:8f:a6:3d:b8:2e:3f:bd:03:2d:84:3c:
         fa:b7:56:30:e8:67:67:c1:f7:4b:9f:5d:3c:50:47:3c:12:b0:
         16:ce:44:3f:8e:51:60:68:70:72:ef:51:8e:7d:94:e6:54:f3:
         e5:a0:5e:c2:11:a0:c1:60:b2:58:03:fe:13:6d:c1:3e:20:01:
         93:ea:2a:70:99:40:e2:e8:0f:c0:f5:2b:1c:00:4f:b4:30:fb:
         40:22:92:e0:ee:e4:42:bb:b1:f1:61:52:6a:79:63:a3:f6:e7:
         04:60:2c:35:4c:0f:08:15:aa:11:c1:6a:9d:ea:4d:40:2f:eb:
         e3:84:c7:23:09:e8:7b:90:6f:23:59:40:d0:d4:e7:d0:23:23:
         da:86:6b:04:45:f9:b3:f6:67:95:8f:26:cd:92:06:4e:ff:70:
         c2:9b:81:3e:70:cd:2d:c2:2d:2a:05:46:ea:c5:30:94:71:b2:
         98:93:cc:69:54:31:86:56:44:98:da:8e:04:b5:00:77:5b:8c:
         bb:0c:74:f9:10:13:34:0e:ae:4d:3a:29:c7:c4:c9:e6:77:74:
         47:bb:04:d1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSO4tfPdweXA2pnbmS9tIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlYjY2ZWM1ZThmMjQwNWY2ZjhkNDg2ZTczZmI4MmI4ZGUw
ZGVlMGYwHhcNMjQwMTAxMDQyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjU0MjRjMTI0MmU1NjY5YmQyNmUzNGY4ZWFjYmJkYjc3ODg1MjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjtqA/mNWWoX0kjSIOCyO8NDBKtry
aTykaOubMR+rATL9CHqxCdRd+pltcBExSmcB1aacoSTXkpYR47WJRuSmBgz1dtnF
KKezSITo9fZxSzN7YaAz/G9m7rDsrSdTaopxewxoBNIKqtR3gsHjfKZDDWJOFFse
ysvc116bZkR+sMcPyo124YqwOaURpDnuAigy/9KSDf/rMbkWx1djcqc7Y2uDUvkA
nwgofOwKD224JT/ZbON2NAUe34grDVmOUcLtiP/yZ5JXyS36jMSJWVqm81kX8hIo
6dIYgANxDX3Y+RzYYzePyXMtBdxFBY0amn1WD59EDO2JCtG98aY/Dd50OQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBtUJMEkLlZpvSbjT46su9t3iFKcMB8GA1UdIwQY
MBaAFK62bsXo8kBfb41IbnP7grjeDe4PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnJadXhlanlRRjl2alVodWNfdUN1TjRON2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi8xNTM3ODgtMTRiNy00NTUxLTlhZGUt
NmFlYTkwNTdjODAwLzEvRzFRa3dTUXVWbW05SnVOUGpxeTcyM2VJVXB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi8xNTM3ODgtMTRiNy00NTUxLTlhZGUtNmFlYTkwNTdjODAw
LzEvcnJadXhlanlRRjl2alVodWNfdUN1TjRON2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBUV7cAwQA
UV7fMA0GCSqGSIb3DQEBCwUAA4IBAQCN36XLhKLEGNZyWFOOwrfAMap88OUChCzt
aE9idbHrd48NPkFCqJGSv+KKj6Y9uC4/vQMthDz6t1Yw6GdnwfdLn108UEc8ErAW
zkQ/jlFgaHBy71GOfZTmVPPloF7CEaDBYLJYA/4TbcE+IAGT6ipwmUDi6A/A9Ssc
AE+0MPtAIpLg7uRCu7HxYVJqeWOj9ucEYCw1TA8IFaoRwWqd6k1AL+vjhMcjCeh7
kG8jWUDQ1OfQIyPahmsERfmz9meVjybNkgZO/3DCm4E+cM0twi0qBUbqxTCUcbKY
k8xpVDGGVkSY2o4EtQB3W4y7DHT5EBM0Dq5NOinHxMnmd3RHuwTR
-----END CERTIFICATE-----