Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/f8cda4-c818-4dc0-b605-163247eb0e07/1/Acqnnd00TIzsA2D45mcVF8C2SLY.roa
File:                     Acqnnd00TIzsA2D45mcVF8C2SLY.roa (raw, json)
Hash identifier:          1yamboXtYyvNRrh9/fsF/L3JmTj/fAmtsr5iW8cPfdM=
Subject key identifier:   01:CA:A7:9D:DD:34:4C:8C:EC:03:60:F8:E6:67:15:17:C0:B6:48:B6
Certificate issuer:       /CN=22f35c611c29234bf4b40b35990ddfa293a537f9
Certificate serial:       018CC500D46FEF92161AF76549CC3BA525B5
Authority key identifier: 22:F3:5C:61:1C:29:23:4B:F4:B4:0B:35:99:0D:DF:A2:93:A5:37:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IvNcYRwpI0v0tAs1mQ3fopOlN_k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/f8cda4-c818-4dc0-b605-163247eb0e07/1/Acqnnd00TIzsA2D45mcVF8C2SLY.roa
Signing time:             Mon 01 Jan 2024 12:30:15 +0000
ROA not before:           Mon 01 Jan 2024 12:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41032
IP address blocks:        185.181.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/f8cda4-c818-4dc0-b605-163247eb0e07/1/IvNcYRwpI0v0tAs1mQ3fopOlN_k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/f8cda4-c818-4dc0-b605-163247eb0e07/1/IvNcYRwpI0v0tAs1mQ3fopOlN_k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IvNcYRwpI0v0tAs1mQ3fopOlN_k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:d4:6f:ef:92:16:1a:f7:65:49:cc:3b:a5:25:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22f35c611c29234bf4b40b35990ddfa293a537f9
        Validity
            Not Before: Jan  1 12:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01caa79ddd344c8cec0360f8e6671517c0b648b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:dd:fc:6b:1b:ef:f9:78:94:79:c6:43:d0:fc:
                    6f:1c:c5:e6:ff:7a:41:58:ee:a4:8f:5e:69:b0:77:
                    ee:d8:0a:53:6b:8e:14:4a:1a:ae:d6:3a:63:83:3c:
                    00:73:4f:99:33:22:0c:de:7f:bb:fa:1c:9a:1a:64:
                    36:98:3e:40:da:b9:7d:c5:f3:39:27:1e:09:d1:76:
                    36:f0:2b:c4:f1:5c:d7:5f:98:6f:78:41:49:62:51:
                    7c:86:95:f6:11:4b:31:35:6e:08:92:f4:b4:62:58:
                    9e:e6:de:e9:84:d4:b1:6b:ef:4a:73:04:15:d4:f5:
                    65:46:bd:93:fe:1b:19:e1:bd:1e:b5:07:75:e9:d4:
                    79:00:73:6f:f7:bc:5f:5b:1c:e8:08:c7:4f:ce:ad:
                    15:c6:3c:d7:66:e9:81:c2:63:f6:f0:79:09:8e:f5:
                    fa:0f:dc:28:13:bd:e3:92:49:60:8b:a3:9b:86:48:
                    84:ad:dc:de:7c:0c:05:6f:23:1b:c3:19:b2:ac:c1:
                    22:89:dd:54:98:d0:ca:91:a0:72:6f:74:e3:6d:1c:
                    e7:3a:ff:5b:d1:7c:97:3a:de:92:37:96:77:1d:ff:
                    46:4a:4e:11:d1:df:c5:f9:dd:63:e2:45:fe:a6:94:
                    70:ea:fc:0f:1f:69:ff:5f:06:d3:b1:74:43:04:94:
                    66:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:CA:A7:9D:DD:34:4C:8C:EC:03:60:F8:E6:67:15:17:C0:B6:48:B6
            X509v3 Authority Key Identifier:
                keyid:22:F3:5C:61:1C:29:23:4B:F4:B4:0B:35:99:0D:DF:A2:93:A5:37:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IvNcYRwpI0v0tAs1mQ3fopOlN_k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/f8cda4-c818-4dc0-b605-163247eb0e07/1/Acqnnd00TIzsA2D45mcVF8C2SLY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/f8cda4-c818-4dc0-b605-163247eb0e07/1/IvNcYRwpI0v0tAs1mQ3fopOlN_k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.181.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:54:5d:a6:e3:e2:6b:7c:36:15:68:89:da:62:63:eb:8b:92:
         65:92:82:1f:12:05:ff:3a:ce:45:e2:87:a1:3f:53:a8:f8:7c:
         a2:dd:ea:c8:91:8f:cb:80:bf:50:97:f9:cf:f7:ca:ce:06:29:
         0e:7b:28:2c:9f:8b:b3:4f:83:4d:95:a6:14:8c:d6:c9:58:01:
         99:31:53:64:99:a7:d0:f5:1d:5b:ee:49:07:32:28:f7:ea:b2:
         94:d9:12:b5:2e:f6:b5:b3:82:a3:32:62:9f:eb:53:75:15:76:
         d5:d1:67:6a:a7:b1:7d:63:b2:d7:46:95:fb:d1:4f:a7:71:08:
         fb:cf:e6:81:d2:f9:23:52:f5:f6:34:36:6d:9a:c0:4a:55:fc:
         ca:c7:dd:f7:1e:71:c3:62:61:de:b5:e5:6d:9f:43:a3:4d:08:
         82:ee:bb:76:66:42:38:b8:47:de:8c:47:93:ef:6e:eb:d6:69:
         51:59:ee:4c:27:31:8e:c6:68:dc:70:d8:64:ae:72:df:81:c5:
         bb:95:8a:75:2b:16:6b:b1:68:a5:c5:b9:15:60:80:ed:f6:4c:
         f2:ae:26:47:6b:fa:c0:f0:e4:2e:ea:19:1a:28:7e:18:96:13:
         94:d4:94:0f:9f:fb:4a:b5:60:3a:d5:6f:3a:f2:58:fe:fb:50:
         d4:e8:82:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFANRv75IWGvdlScw7pSW1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZjM1YzYxMWMyOTIzNGJmNGI0MGIzNTk5MGRkZmEyOTNh
NTM3ZjkwHhcNMjQwMTAxMTIzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWNhYTc5ZGRkMzQ0YzhjZWMwMzYwZjhlNjY3MTUxN2MwYjY0OGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2t38axvv+XiUecZD0PxvHMXm/3pB
WO6kj15psHfu2ApTa44UShqu1jpjgzwAc0+ZMyIM3n+7+hyaGmQ2mD5A2rl9xfM5
Jx4J0XY28CvE8VzXX5hveEFJYlF8hpX2EUsxNW4IkvS0Ylie5t7phNSxa+9KcwQV
1PVlRr2T/hsZ4b0etQd16dR5AHNv97xfWxzoCMdPzq0VxjzXZumBwmP28HkJjvX6
D9woE73jkklgi6ObhkiErdzefAwFbyMbwxmyrMEiid1UmNDKkaByb3TjbRznOv9b
0XyXOt6SN5Z3Hf9GSk4R0d/F+d1j4kX+ppRw6vwPH2n/XwbTsXRDBJRmXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAHKp53dNEyM7ANg+OZnFRfAtki2MB8GA1UdIwQY
MBaAFCLzXGEcKSNL9LQLNZkN36KTpTf5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXZOY1lSd3BJMHYwdEFzMW1RM2ZvcE9sTl9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9mOGNkYTQtYzgxOC00ZGMwLWI2MDUt
MTYzMjQ3ZWIwZTA3LzEvQWNxbm5kMDBUSXpzQTJENDVtY1ZGOEMyU0xZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9mOGNkYTQtYzgxOC00ZGMwLWI2MDUtMTYzMjQ3ZWIwZTA3
LzEvSXZOY1lSd3BJMHYwdEFzMW1RM2ZvcE9sTl9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubVtMA0G
CSqGSIb3DQEBCwUAA4IBAQCcVF2m4+JrfDYVaInaYmPri5JlkoIfEgX/Os5F4oeh
P1Oo+Hyi3erIkY/LgL9Ql/nP98rOBikOeygsn4uzT4NNlaYUjNbJWAGZMVNkmafQ
9R1b7kkHMij36rKU2RK1Lva1s4KjMmKf61N1FXbV0Wdqp7F9Y7LXRpX70U+ncQj7
z+aB0vkjUvX2NDZtmsBKVfzKx933HnHDYmHeteVtn0OjTQiC7rt2ZkI4uEfejEeT
727r1mlRWe5MJzGOxmjccNhkrnLfgcW7lYp1KxZrsWilxbkVYIDt9kzyriZHa/rA
8OQu6hkaKH4YlhOU1JQPn/tKtWA61W868lj++1DU6IKP
-----END CERTIFICATE-----