Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/a4atPBjnhCc2E-dzbt1gbriagzY.roa
File:                     a4atPBjnhCc2E-dzbt1gbriagzY.roa (raw, json)
Hash identifier:          E8Uj4YMwXD5rhFxq6r3p2AuRXycaLLjoDHcCd49Gi34=
Subject key identifier:   6B:86:AD:3C:18:E7:84:27:36:13:E7:73:6E:DD:60:6E:B8:9A:83:36
Certificate issuer:       /CN=ba9d30e6035be8b8386061f271481c707e04ce2b
Certificate serial:       018CC56E92907E7133B99E02FC26E8D83F4B
Authority key identifier: BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/a4atPBjnhCc2E-dzbt1gbriagzY.roa
Signing time:             Mon 01 Jan 2024 14:30:07 +0000
ROA not before:           Mon 01 Jan 2024 14:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51174
IP address blocks:        82.222.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:92:90:7e:71:33:b9:9e:02:fc:26:e8:d8:3f:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba9d30e6035be8b8386061f271481c707e04ce2b
        Validity
            Not Before: Jan  1 14:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b86ad3c18e784273613e7736edd606eb89a8336
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:f0:e4:56:31:7b:b6:b1:dd:b4:7b:ef:52:3b:
                    b4:3d:c3:f7:3e:85:6c:15:f3:9c:80:52:e5:77:99:
                    d3:bc:08:78:ba:97:23:ad:9a:35:34:a6:08:41:94:
                    c6:7e:d4:88:61:8d:5e:21:78:3a:5a:98:2c:13:fa:
                    33:61:f9:0a:ae:e4:17:31:e7:75:5f:70:84:88:05:
                    86:39:0e:75:3c:63:90:34:3d:23:51:72:2c:aa:3a:
                    e1:a9:ac:a5:3e:31:e2:b7:4e:65:0f:63:b2:0d:09:
                    0e:77:07:a2:f2:f2:d2:5f:60:63:ee:ce:4d:59:7b:
                    ec:22:7d:30:8e:59:40:c7:69:ce:f1:74:71:33:87:
                    bb:98:c7:64:ee:eb:3d:4a:0f:20:c0:45:0a:14:38:
                    ed:c4:ef:d9:ee:b1:7a:ca:64:c1:10:fc:a9:9f:10:
                    02:84:21:ce:6a:1e:f3:60:c3:45:9a:e9:f4:87:0e:
                    69:e9:32:50:85:1f:29:60:c3:12:73:de:5c:ff:2f:
                    80:97:21:57:4a:67:5f:85:3a:4c:6f:24:34:97:bf:
                    b1:ac:dc:6c:13:fb:a8:d3:78:8f:41:04:6c:ce:3b:
                    27:6c:4a:e4:24:91:17:68:4a:2f:dc:4d:77:e3:b2:
                    9e:bb:b6:37:da:80:21:94:15:23:35:d7:d6:e5:8e:
                    f1:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:86:AD:3C:18:E7:84:27:36:13:E7:73:6E:DD:60:6E:B8:9A:83:36
            X509v3 Authority Key Identifier:
                keyid:BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/a4atPBjnhCc2E-dzbt1gbriagzY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.222.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:b7:07:6c:5a:45:1f:4e:60:77:b9:46:a1:e9:5f:2f:0c:cf:
         15:4b:4d:c0:bc:17:a5:da:90:c7:dc:d4:b9:09:58:48:36:c6:
         da:50:c1:c9:29:a9:5d:9a:ed:03:b8:94:d5:1b:fa:a1:e8:c9:
         3a:12:a4:92:a5:38:de:8d:39:a2:ee:82:cc:5a:c3:36:4b:b6:
         87:b9:1a:f0:ab:79:4e:bf:8a:ec:bf:bf:3f:b6:3c:c9:a8:19:
         85:0f:f9:3b:2a:40:c9:fb:ca:38:b2:69:a4:2d:e4:88:cd:ae:
         ca:c9:b6:ed:92:28:e7:5c:72:69:43:d7:48:4a:ec:b1:d1:25:
         4d:3a:93:d0:b5:12:ba:b0:f0:80:36:a6:5e:e6:8f:cd:40:c6:
         a1:7a:49:e6:51:3c:54:99:6f:5b:e3:a4:79:01:18:94:d3:dc:
         cb:b1:4a:9d:61:64:b8:29:90:61:78:ae:7c:80:52:90:d5:45:
         a1:68:c2:92:e4:01:dc:bb:f2:3a:7e:56:86:cb:43:68:0d:2b:
         36:98:70:4f:c7:94:69:23:40:85:17:48:7d:e2:df:6b:d2:62:
         a6:22:c2:7a:e2:fd:ac:ba:ea:05:72:d4:04:b2:a8:1e:fa:c3:
         ee:f2:cc:f5:fd:3f:87:40:92:4b:15:44:f0:5a:63:94:fd:b6:
         07:96:af:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbpKQfnEzuZ4C/Cbo2D9LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhOWQzMGU2MDM1YmU4YjgzODYwNjFmMjcxNDgxYzcwN2Uw
NGNlMmIwHhcNMjQwMTAxMTQzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Yjg2YWQzYzE4ZTc4NDI3MzYxM2U3NzM2ZWRkNjA2ZWI4OWE4MzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnPDkVjF7trHdtHvvUju0PcP3PoVs
FfOcgFLld5nTvAh4upcjrZo1NKYIQZTGftSIYY1eIXg6WpgsE/ozYfkKruQXMed1
X3CEiAWGOQ51PGOQND0jUXIsqjrhqaylPjHit05lD2OyDQkOdwei8vLSX2Bj7s5N
WXvsIn0wjllAx2nO8XRxM4e7mMdk7us9Sg8gwEUKFDjtxO/Z7rF6ymTBEPypnxAC
hCHOah7zYMNFmun0hw5p6TJQhR8pYMMSc95c/y+AlyFXSmdfhTpMbyQ0l7+xrNxs
E/uo03iPQQRszjsnbErkJJEXaEov3E1347Keu7Y32oAhlBUjNdfW5Y7xhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGuGrTwY54QnNhPnc27dYG64moM2MB8GA1UdIwQY
MBaAFLqdMOYDW+i4OGBh8nFIHHB+BM4rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgt
NWQ1ODRmYmM1ZDI3LzEvYTRhdFBCam5oQ2MyRS1kemJ0MWdicmlhZ3pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgtNWQ1ODRmYmM1ZDI3
LzEvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUt6AMA0G
CSqGSIb3DQEBCwUAA4IBAQBstwdsWkUfTmB3uUah6V8vDM8VS03AvBel2pDH3NS5
CVhINsbaUMHJKaldmu0DuJTVG/qh6Mk6EqSSpTjejTmi7oLMWsM2S7aHuRrwq3lO
v4rsv78/tjzJqBmFD/k7KkDJ+8o4smmkLeSIza7KybbtkijnXHJpQ9dISuyx0SVN
OpPQtRK6sPCANqZe5o/NQMaheknmUTxUmW9b46R5ARiU09zLsUqdYWS4KZBheK58
gFKQ1UWhaMKS5AHcu/I6flaGy0NoDSs2mHBPx5RpI0CFF0h94t9r0mKmIsJ64v2s
uuoFctQEsqge+sPu8sz1/T+HQJJLFUTwWmOU/bYHlq8p
-----END CERTIFICATE-----