Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/4641f6-87c0-4d17-a58a-6163564d9704/1/82-kOASz8EvNtkqFiSkz1FewZGc.roa
File:                     82-kOASz8EvNtkqFiSkz1FewZGc.roa (raw, json)
Hash identifier:          KVeutrGO2qA6T8VJ2ufYVAyel5VxxBL12Qs4+U80gmI=
Subject key identifier:   F3:6F:A4:38:04:B3:F0:4B:CD:B6:4A:85:89:29:33:D4:57:B0:64:67
Certificate issuer:       /CN=0e51516767d9a8508c6e14d58deeffbfab8080dd
Certificate serial:       018CC64B0A3A071BB471F688000AEF7BA5BF
Authority key identifier: 0E:51:51:67:67:D9:A8:50:8C:6E:14:D5:8D:EE:FF:BF:AB:80:80:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DlFRZ2fZqFCMbhTVje7_v6uAgN0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/4641f6-87c0-4d17-a58a-6163564d9704/1/82-kOASz8EvNtkqFiSkz1FewZGc.roa
Signing time:             Mon 01 Jan 2024 18:30:55 +0000
ROA not before:           Mon 01 Jan 2024 18:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     38930
IP address blocks:        91.224.122.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/4641f6-87c0-4d17-a58a-6163564d9704/1/DlFRZ2fZqFCMbhTVje7_v6uAgN0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/4641f6-87c0-4d17-a58a-6163564d9704/1/DlFRZ2fZqFCMbhTVje7_v6uAgN0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DlFRZ2fZqFCMbhTVje7_v6uAgN0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:0a:3a:07:1b:b4:71:f6:88:00:0a:ef:7b:a5:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e51516767d9a8508c6e14d58deeffbfab8080dd
        Validity
            Not Before: Jan  1 18:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f36fa43804b3f04bcdb64a85892933d457b06467
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:43:97:ab:59:4f:97:47:6c:96:ad:fb:75:cc:
                    29:02:6f:c2:7b:0b:62:09:97:40:c5:54:f2:73:99:
                    6f:14:99:90:62:27:67:0e:c2:9b:9a:70:2c:21:2e:
                    da:6b:2d:46:3f:c5:4c:92:a1:77:81:b3:87:fd:d6:
                    19:47:a7:55:6f:02:b6:cc:61:f6:1e:d7:6b:8c:c8:
                    25:b4:09:63:7f:02:d5:64:36:b6:0d:cc:b4:54:d2:
                    a5:6c:36:6a:e7:20:d6:93:c8:0a:8a:af:d4:e9:6c:
                    e2:2c:8d:1c:52:56:02:43:b4:2f:3a:da:fc:04:24:
                    d7:7c:78:20:50:59:11:b1:6d:fa:bc:b2:f6:51:fd:
                    26:ae:51:03:eb:26:b1:22:bb:aa:ec:22:e6:d1:07:
                    72:5d:68:ba:55:cb:7e:29:f4:01:33:0a:a6:43:ef:
                    8c:bc:e1:2f:7a:62:d7:55:f3:a7:16:92:38:08:b4:
                    17:34:73:5f:4d:ce:0a:92:80:9d:8c:b1:c8:43:14:
                    90:78:b8:b6:9e:88:e5:39:1f:a0:94:ee:69:22:ab:
                    1d:be:83:c2:bc:c0:82:bd:44:6a:c4:fb:65:64:60:
                    0a:3f:c8:b4:74:c4:ed:5e:fb:d8:54:78:a9:dd:83:
                    b1:61:ed:f8:53:48:f9:39:c0:f3:32:8c:59:31:ae:
                    89:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:6F:A4:38:04:B3:F0:4B:CD:B6:4A:85:89:29:33:D4:57:B0:64:67
            X509v3 Authority Key Identifier:
                keyid:0E:51:51:67:67:D9:A8:50:8C:6E:14:D5:8D:EE:FF:BF:AB:80:80:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DlFRZ2fZqFCMbhTVje7_v6uAgN0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/4641f6-87c0-4d17-a58a-6163564d9704/1/82-kOASz8EvNtkqFiSkz1FewZGc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/4641f6-87c0-4d17-a58a-6163564d9704/1/DlFRZ2fZqFCMbhTVje7_v6uAgN0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:33:82:8a:05:24:47:f8:c9:a4:e7:c9:9a:6e:2e:08:ba:71:
         13:ba:9d:ba:6a:83:31:f1:50:63:87:06:53:e6:7c:ad:d8:5a:
         39:b1:4c:2e:b9:aa:23:f1:4d:84:21:95:da:3a:86:9a:f9:4d:
         20:e9:3d:b8:fb:af:16:b6:fd:a9:d9:71:1b:74:71:9b:bb:f3:
         42:8a:e5:d5:6d:2c:09:bf:d5:07:46:4f:50:15:a8:69:e0:a4:
         24:e6:21:16:31:1f:eb:29:e0:53:0a:4c:c7:92:dd:ff:2d:1d:
         e5:b0:55:b0:be:18:cc:eb:f0:8f:92:15:74:58:e1:44:56:8f:
         4d:b1:ce:6c:d0:55:71:9e:d3:27:91:86:cc:b9:a2:64:56:94:
         88:27:38:41:1d:4c:15:0e:32:d2:f5:b7:44:69:49:df:7c:a9:
         be:c2:6a:77:55:78:0b:11:da:aa:1d:ad:06:f7:1a:1e:da:81:
         06:66:84:9c:29:33:02:14:4c:44:f9:4a:bf:1f:8b:16:8c:e4:
         8e:08:58:53:e7:42:33:52:37:3d:4f:7a:0c:52:86:28:5b:23:
         39:cc:1b:8f:88:fe:ba:b8:25:24:f1:d9:e7:40:64:7b:31:45:
         26:a3:ff:3d:0b:f1:6c:a0:27:34:90:62:5b:41:74:04:03:6e:
         a7:e7:93:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSwo6Bxu0cfaIAArve6W/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlNTE1MTY3NjdkOWE4NTA4YzZlMTRkNThkZWVmZmJmYWI4
MDgwZGQwHhcNMjQwMTAxMTgzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzZmYTQzODA0YjNmMDRiY2RiNjRhODU4OTI5MzNkNDU3YjA2NDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhEOXq1lPl0dslq37dcwpAm/Cewti
CZdAxVTyc5lvFJmQYidnDsKbmnAsIS7aay1GP8VMkqF3gbOH/dYZR6dVbwK2zGH2
HtdrjMgltAljfwLVZDa2Dcy0VNKlbDZq5yDWk8gKiq/U6WziLI0cUlYCQ7QvOtr8
BCTXfHggUFkRsW36vLL2Uf0mrlED6yaxIruq7CLm0QdyXWi6Vct+KfQBMwqmQ++M
vOEvemLXVfOnFpI4CLQXNHNfTc4KkoCdjLHIQxSQeLi2nojlOR+glO5pIqsdvoPC
vMCCvURqxPtlZGAKP8i0dMTtXvvYVHip3YOxYe34U0j5OcDzMoxZMa6J0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPNvpDgEs/BLzbZKhYkpM9RXsGRnMB8GA1UdIwQY
MBaAFA5RUWdn2ahQjG4U1Y3u/7+rgIDdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGxGUloyZlpxRkNNYmhUVmplN192NnVBZ04wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny80NjQxZjYtODdjMC00ZDE3LWE1OGEt
NjE2MzU2NGQ5NzA0LzEvODIta09BU3o4RXZOdGtxRmlTa3oxRmV3WkdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny80NjQxZjYtODdjMC00ZDE3LWE1OGEtNjE2MzU2NGQ5NzA0
LzEvRGxGUloyZlpxRkNNYmhUVmplN192NnVBZ04wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+B6MA0G
CSqGSIb3DQEBCwUAA4IBAQAOM4KKBSRH+Mmk58mabi4IunETup26aoMx8VBjhwZT
5nyt2Fo5sUwuuaoj8U2EIZXaOoaa+U0g6T24+68Wtv2p2XEbdHGbu/NCiuXVbSwJ
v9UHRk9QFahp4KQk5iEWMR/rKeBTCkzHkt3/LR3lsFWwvhjM6/CPkhV0WOFEVo9N
sc5s0FVxntMnkYbMuaJkVpSIJzhBHUwVDjLS9bdEaUnffKm+wmp3VXgLEdqqHa0G
9xoe2oEGZoScKTMCFExE+Uq/H4sWjOSOCFhT50IzUjc9T3oMUoYoWyM5zBuPiP66
uCUk8dnnQGR7MUUmo/89C/FsoCc0kGJbQXQEA26n55Ph
-----END CERTIFICATE-----