Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/b929ce-ec17-4d50-a6ae-79d934e4a99a/1/ouK5Dp2H6EeB1Tg1182oEw_e4ig.roa
File:                     ouK5Dp2H6EeB1Tg1182oEw_e4ig.roa (raw, json)
Hash identifier:          Z4zOMsCIxmt+bmLJkQ9pRd4m9OMVGysXGeLWEWAcTRs=
Subject key identifier:   A2:E2:B9:0E:9D:87:E8:47:81:D5:38:35:D7:CD:A8:13:0F:DE:E2:28
Certificate issuer:       /CN=5353a9a85fa11fc4bf156fab4d8d84a08e5d66f9
Certificate serial:       018CC7274E56ADF8024DCE458BD57023E283
Authority key identifier: 53:53:A9:A8:5F:A1:1F:C4:BF:15:6F:AB:4D:8D:84:A0:8E:5D:66:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U1OpqF-hH8S_FW-rTY2EoI5dZvk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/b929ce-ec17-4d50-a6ae-79d934e4a99a/1/ouK5Dp2H6EeB1Tg1182oEw_e4ig.roa
Signing time:             Mon 01 Jan 2024 22:31:31 +0000
ROA not before:           Mon 01 Jan 2024 22:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24642
IP address blocks:        185.70.212.0/22 maxlen: 23
                          81.18.160.0/20 maxlen: 20
                          2001:1aa8::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/b929ce-ec17-4d50-a6ae-79d934e4a99a/1/U1OpqF-hH8S_FW-rTY2EoI5dZvk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/b929ce-ec17-4d50-a6ae-79d934e4a99a/1/U1OpqF-hH8S_FW-rTY2EoI5dZvk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U1OpqF-hH8S_FW-rTY2EoI5dZvk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:4e:56:ad:f8:02:4d:ce:45:8b:d5:70:23:e2:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5353a9a85fa11fc4bf156fab4d8d84a08e5d66f9
        Validity
            Not Before: Jan  1 22:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2e2b90e9d87e84781d53835d7cda8130fdee228
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:0b:cb:f5:26:1a:7f:f3:f2:69:82:8f:55:46:
                    09:bc:26:86:3f:9a:36:29:10:aa:d7:1f:e9:62:45:
                    4d:24:8c:ab:6b:a0:9b:3e:0c:04:b2:2e:f0:bc:27:
                    2e:4e:20:8b:dc:d1:db:66:81:b5:91:0b:b0:78:9a:
                    68:ca:60:70:d2:d9:f0:c3:18:b3:3e:fb:99:20:59:
                    44:1f:46:eb:1e:ad:fb:3f:3a:ad:19:f9:42:b5:66:
                    2a:e7:97:d4:1a:b7:5f:87:1e:60:16:74:ee:bb:85:
                    5e:58:2a:c6:cd:c2:c7:4e:d4:b7:df:5b:07:71:9b:
                    45:79:c3:98:25:2d:90:b1:9d:3d:5b:3a:98:c1:d1:
                    73:11:12:ff:c7:d4:12:a4:27:bb:1c:40:8c:4d:13:
                    cd:11:67:34:31:a2:2c:2d:58:df:2a:68:f2:60:b5:
                    a2:e4:ed:07:63:95:b0:51:48:af:2c:76:00:1f:52:
                    5e:a8:e3:f8:1a:5a:4d:24:b9:36:c2:32:98:19:25:
                    ed:b6:70:03:f8:f7:db:20:50:2a:59:fa:0d:e9:93:
                    a5:bc:0f:04:99:fa:8e:44:36:7f:98:82:6a:9c:30:
                    a1:e8:c4:9a:17:7b:0c:b0:02:0f:3a:e8:cb:dd:47:
                    24:3c:fc:19:2a:63:04:80:b4:f7:e1:df:5b:bf:24:
                    3d:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:E2:B9:0E:9D:87:E8:47:81:D5:38:35:D7:CD:A8:13:0F:DE:E2:28
            X509v3 Authority Key Identifier:
                keyid:53:53:A9:A8:5F:A1:1F:C4:BF:15:6F:AB:4D:8D:84:A0:8E:5D:66:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U1OpqF-hH8S_FW-rTY2EoI5dZvk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/b929ce-ec17-4d50-a6ae-79d934e4a99a/1/ouK5Dp2H6EeB1Tg1182oEw_e4ig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/b929ce-ec17-4d50-a6ae-79d934e4a99a/1/U1OpqF-hH8S_FW-rTY2EoI5dZvk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.18.160.0/20
                  185.70.212.0/22
                IPv6:
                  2001:1aa8::/32

    Signature Algorithm: sha256WithRSAEncryption
         75:61:29:a1:fc:9b:ce:5f:0f:79:a6:c1:a3:17:2f:1e:8e:74:
         60:5a:82:4c:5a:0a:63:9f:60:19:77:db:94:48:f6:db:eb:20:
         c9:30:76:22:12:0f:b3:af:de:d6:2b:47:0e:8a:1d:bc:27:51:
         1f:65:4b:96:29:7d:d4:ae:96:d6:72:e0:f6:dd:69:93:52:8f:
         22:e3:2b:e3:6b:5c:74:60:f4:62:d7:01:34:eb:45:44:2a:86:
         ae:4a:d9:fd:ae:25:d1:d7:36:ce:cc:32:5b:b8:be:56:70:44:
         c6:ed:d9:3c:49:22:65:a4:85:16:71:b2:ef:3d:27:77:1c:76:
         75:9b:cc:8b:2a:f3:66:b8:b8:a0:b6:d3:31:85:64:74:d9:be:
         07:9f:a6:a9:da:dc:28:76:92:5f:dd:91:66:3c:79:95:76:8f:
         3b:30:3c:00:51:ec:98:cd:f3:d9:ad:60:38:89:14:e2:dd:8e:
         83:b4:f6:86:91:60:2e:9a:1c:ba:5a:6f:f0:04:52:9b:8e:00:
         40:fb:cb:9f:b6:67:71:08:00:c8:89:95:60:64:a4:5e:f4:9a:
         76:0e:c4:1e:c1:1e:76:4e:57:55:85:4b:f6:bf:87:97:77:43:
         20:0e:85:e8:f9:91:73:c9:31:b4:3b:dd:5c:44:0e:ab:5e:35:
         34:5c:82:67
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzHJ05WrfgCTc5Fi9VwI+KDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzNTNhOWE4NWZhMTFmYzRiZjE1NmZhYjRkOGQ4NGEwOGU1
ZDY2ZjkwHhcNMjQwMTAxMjIzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmUyYjkwZTlkODdlODQ3ODFkNTM4MzVkN2NkYTgxMzBmZGVlMjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlQvL9SYaf/PyaYKPVUYJvCaGP5o2
KRCq1x/pYkVNJIyra6CbPgwEsi7wvCcuTiCL3NHbZoG1kQuweJpoymBw0tnwwxiz
PvuZIFlEH0brHq37PzqtGflCtWYq55fUGrdfhx5gFnTuu4VeWCrGzcLHTtS331sH
cZtFecOYJS2QsZ09WzqYwdFzERL/x9QSpCe7HECMTRPNEWc0MaIsLVjfKmjyYLWi
5O0HY5WwUUivLHYAH1JeqOP4GlpNJLk2wjKYGSXttnAD+PfbIFAqWfoN6ZOlvA8E
mfqORDZ/mIJqnDCh6MSaF3sMsAIPOujL3UckPPwZKmMEgLT34d9bvyQ9swIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKLiuQ6dh+hHgdU4NdfNqBMP3uIoMB8GA1UdIwQY
MBaAFFNTqahfoR/EvxVvq02NhKCOXWb5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTFPcHFGLWhIOFNfRlctclRZMkVvSTVkWnZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9iOTI5Y2UtZWMxNy00ZDUwLWE2YWUt
NzlkOTM0ZTRhOTlhLzEvb3VLNURwMkg2RWVCMVRnMTE4Mm9Fd19lNGlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9iOTI5Y2UtZWMxNy00ZDUwLWE2YWUtNzlkOTM0ZTRhOTlh
LzEvVTFPcHFGLWhIOFNfRlctclRZMkVvSTVkWnZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEURKgAwQC
uUbUMA0EAgACMAcDBQAgARqoMA0GCSqGSIb3DQEBCwUAA4IBAQB1YSmh/JvOXw95
psGjFy8ejnRgWoJMWgpjn2AZd9uUSPbb6yDJMHYiEg+zr97WK0cOih28J1EfZUuW
KX3UrpbWcuD23WmTUo8i4yvja1x0YPRi1wE060VEKoauStn9riXR1zbOzDJbuL5W
cETG7dk8SSJlpIUWcbLvPSd3HHZ1m8yLKvNmuLigttMxhWR02b4Hn6ap2twodpJf
3ZFmPHmVdo87MDwAUeyYzfPZrWA4iRTi3Y6DtPaGkWAumhy6Wm/wBFKbjgBA+8uf
tmdxCADIiZVgZKRe9Jp2DsQewR52TldVhUv2v4eXd0MgDoXo+ZFzyTG0O91cRA6r
XjU0XIJn
-----END CERTIFICATE-----