Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/538194-7560-4456-b45c-ca26c22cfafd/1/5oHE6gz-tXIcQ4tFFNoAEOAmJRE.roa
File:                     5oHE6gz-tXIcQ4tFFNoAEOAmJRE.roa (raw, json)
Hash identifier:          F0klFMrO+y3ObCJEPHBWjuOzcMLBFlNRIodIVOhhxKM=
Subject key identifier:   E6:81:C4:EA:0C:FE:B5:72:1C:43:8B:45:14:DA:00:10:E0:26:25:11
Certificate issuer:       /CN=8a695b3aba1ea4e654788c51641458cc99578040
Certificate serial:       018CC6B79BBC0781B0751FE506A134FCF4DB
Authority key identifier: 8A:69:5B:3A:BA:1E:A4:E6:54:78:8C:51:64:14:58:CC:99:57:80:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/imlbOroepOZUeIxRZBRYzJlXgEA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/538194-7560-4456-b45c-ca26c22cfafd/1/5oHE6gz-tXIcQ4tFFNoAEOAmJRE.roa
Signing time:             Mon 01 Jan 2024 20:29:30 +0000
ROA not before:           Mon 01 Jan 2024 20:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42874
IP address blocks:        185.81.73.0/24 maxlen: 24
                          185.81.74.0/24 maxlen: 24
                          185.81.75.0/24 maxlen: 24
                          185.81.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/538194-7560-4456-b45c-ca26c22cfafd/1/imlbOroepOZUeIxRZBRYzJlXgEA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/538194-7560-4456-b45c-ca26c22cfafd/1/imlbOroepOZUeIxRZBRYzJlXgEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/imlbOroepOZUeIxRZBRYzJlXgEA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:9b:bc:07:81:b0:75:1f:e5:06:a1:34:fc:f4:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a695b3aba1ea4e654788c51641458cc99578040
        Validity
            Not Before: Jan  1 20:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e681c4ea0cfeb5721c438b4514da0010e0262511
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:cf:22:df:e1:59:57:c4:c6:91:7c:51:a7:9e:
                    80:ed:bd:13:c4:34:68:10:04:45:b2:fd:8f:fc:1c:
                    9e:5f:91:c9:47:bd:98:5f:22:ea:1e:66:79:94:4d:
                    7f:ec:6f:13:67:fb:89:d9:5d:65:e4:20:8a:e6:f1:
                    3a:b2:ab:6d:7e:15:3a:67:5f:88:ba:1a:ec:2a:86:
                    42:5d:24:b4:53:a3:6c:15:67:66:4f:ad:9c:5b:e7:
                    d2:9a:a1:c9:71:90:2b:5f:5a:7b:19:76:b5:cc:e7:
                    f9:43:95:71:d1:88:5e:67:a6:97:1d:ff:88:e1:e6:
                    ca:c6:06:eb:1d:2a:cf:50:32:18:4d:d0:5c:8a:e6:
                    3d:0d:02:54:f9:12:fd:b4:62:64:55:04:98:57:31:
                    b6:42:0c:f3:a0:3d:b7:99:66:63:42:dc:63:04:c7:
                    63:27:6f:7d:e6:ff:95:8c:05:48:92:db:ce:fa:2c:
                    b1:61:06:5b:0b:c0:0e:88:43:08:35:3a:ce:6d:9f:
                    a3:56:e6:18:96:dc:e9:2a:0f:a2:ef:63:13:88:2f:
                    37:27:a8:66:b4:6f:ca:b3:e2:92:ce:cd:6a:c2:4b:
                    6b:aa:6d:a9:94:48:1f:d7:2f:09:57:55:65:66:89:
                    31:02:f2:40:13:b7:97:af:f6:4c:66:c2:63:76:70:
                    a2:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:81:C4:EA:0C:FE:B5:72:1C:43:8B:45:14:DA:00:10:E0:26:25:11
            X509v3 Authority Key Identifier:
                keyid:8A:69:5B:3A:BA:1E:A4:E6:54:78:8C:51:64:14:58:CC:99:57:80:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/imlbOroepOZUeIxRZBRYzJlXgEA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/538194-7560-4456-b45c-ca26c22cfafd/1/5oHE6gz-tXIcQ4tFFNoAEOAmJRE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/538194-7560-4456-b45c-ca26c22cfafd/1/imlbOroepOZUeIxRZBRYzJlXgEA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.81.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0c:25:8b:ec:d5:92:a6:79:ae:3b:f0:05:3c:98:a6:9c:a2:05:
         c3:74:34:11:08:9e:28:c1:97:72:6c:c4:8d:d9:f3:1f:31:2d:
         95:1c:2b:60:38:6b:2d:bb:73:e2:6d:41:ff:84:e8:99:07:70:
         93:b4:19:9b:e1:24:19:bd:0c:67:7b:be:cb:a3:c7:91:08:9f:
         d9:b4:f2:80:cb:8b:80:a7:8c:a9:ad:6b:57:24:7d:f2:a7:fd:
         70:0c:56:e8:24:19:3d:64:3a:6c:2f:70:30:54:2b:f8:3c:4f:
         8f:59:8c:f9:f7:17:c0:a2:eb:9f:6b:53:58:5e:57:0b:73:96:
         3c:ab:7a:a7:d7:89:49:f8:87:cd:d7:e2:ff:b7:e0:53:2a:c9:
         3f:31:99:99:a1:06:40:e5:0e:b6:5a:4a:a3:6f:71:53:de:81:
         b4:66:14:e2:2f:c5:76:6c:32:49:06:66:5b:32:b9:88:19:eb:
         c7:82:ee:c4:ef:e7:20:bc:5e:87:4f:af:78:c7:1f:b5:5c:96:
         00:00:5d:4e:39:87:50:e8:32:89:84:80:dd:55:cc:01:38:66:
         40:bd:50:62:97:5c:cb:38:8d:6f:ce:c0:e0:34:06:85:2e:9e:
         f7:29:a6:b7:5d:3b:8c:66:68:3f:ea:f6:66:46:a6:18:5b:84:
         7e:54:24:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt5u8B4GwdR/lBqE0/PTbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhNjk1YjNhYmExZWE0ZTY1NDc4OGM1MTY0MTQ1OGNjOTk1
NzgwNDAwHhcNMjQwMTAxMjAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjgxYzRlYTBjZmViNTcyMWM0MzhiNDUxNGRhMDAxMGUwMjYyNTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAis8i3+FZV8TGkXxRp56A7b0TxDRo
EARFsv2P/ByeX5HJR72YXyLqHmZ5lE1/7G8TZ/uJ2V1l5CCK5vE6sqttfhU6Z1+I
uhrsKoZCXSS0U6NsFWdmT62cW+fSmqHJcZArX1p7GXa1zOf5Q5Vx0YheZ6aXHf+I
4ebKxgbrHSrPUDIYTdBciuY9DQJU+RL9tGJkVQSYVzG2QgzzoD23mWZjQtxjBMdj
J2995v+VjAVIktvO+iyxYQZbC8AOiEMINTrObZ+jVuYYltzpKg+i72MTiC83J6hm
tG/Ks+KSzs1qwktrqm2plEgf1y8JV1VlZokxAvJAE7eXr/ZMZsJjdnCivwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOaBxOoM/rVyHEOLRRTaABDgJiURMB8GA1UdIwQY
MBaAFIppWzq6HqTmVHiMUWQUWMyZV4BAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaW1sYk9yb2VwT1pVZUl4UlpCUll6SmxYZ0VBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC81MzgxOTQtNzU2MC00NDU2LWI0NWMt
Y2EyNmMyMmNmYWZkLzEvNW9IRTZnei10WEljUTR0RkZOb0FFT0FtSlJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC81MzgxOTQtNzU2MC00NDU2LWI0NWMtY2EyNmMyMmNmYWZk
LzEvaW1sYk9yb2VwT1pVZUl4UlpCUll6SmxYZ0VBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVFIMA0G
CSqGSIb3DQEBCwUAA4IBAQAMJYvs1ZKmea478AU8mKacogXDdDQRCJ4owZdybMSN
2fMfMS2VHCtgOGstu3PibUH/hOiZB3CTtBmb4SQZvQxne77Lo8eRCJ/ZtPKAy4uA
p4yprWtXJH3yp/1wDFboJBk9ZDpsL3AwVCv4PE+PWYz59xfAouufa1NYXlcLc5Y8
q3qn14lJ+IfN1+L/t+BTKsk/MZmZoQZA5Q62Wkqjb3FT3oG0ZhTiL8V2bDJJBmZb
MrmIGevHgu7E7+cgvF6HT694xx+1XJYAAF1OOYdQ6DKJhIDdVcwBOGZAvVBil1zL
OI1vzsDgNAaFLp73Kaa3XTuMZmg/6vZmRqYYW4R+VCT2
-----END CERTIFICATE-----