Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/rKrQAk-c57o6_PJu7O5PscgOvXs.roa
File:                     rKrQAk-c57o6_PJu7O5PscgOvXs.roa (raw, json)
Hash identifier:          /2RWJV9CevbTBtSH/4G/jy3LXBLFUFF/xNLgpIbTUlo=
Subject key identifier:   AC:AA:D0:02:4F:9C:E7:BA:3A:FC:F2:6E:EC:EE:4F:B1:C8:0E:BD:7B
Certificate issuer:       /CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
Certificate serial:       018CC8DF2D0F91DF4926F0AB4B326BEE2266
Authority key identifier: 21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/rKrQAk-c57o6_PJu7O5PscgOvXs.roa
Signing time:             Tue 02 Jan 2024 06:31:58 +0000
ROA not before:           Tue 02 Jan 2024 06:31:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49391
IP address blocks:        194.90.84.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 06:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:2d:0f:91:df:49:26:f0:ab:4b:32:6b:ee:22:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
        Validity
            Not Before: Jan  2 06:31:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=acaad0024f9ce7ba3afcf26eecee4fb1c80ebd7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:d8:95:a6:41:17:61:37:dc:77:ac:3a:29:f5:
                    9a:a4:9c:0b:2d:5a:a6:38:b1:e4:32:d2:56:0b:f1:
                    86:4f:9c:6f:bc:87:ca:ff:af:ac:0a:c9:15:01:ca:
                    5a:ca:c1:af:94:24:b2:c1:a9:d0:af:c1:a0:3a:aa:
                    67:fa:0a:11:9c:98:88:f3:08:63:f4:cb:73:4e:0a:
                    d3:45:48:79:b0:01:63:af:fc:f3:02:ef:6d:1c:58:
                    b0:af:3e:17:06:5f:d3:4e:66:c5:25:e5:7d:13:99:
                    8d:b7:0c:e8:34:ce:98:ea:b7:c4:a3:67:e8:b1:ef:
                    5c:9e:8d:c2:12:ff:de:ef:c1:2e:58:d5:bd:a2:34:
                    c0:c7:34:36:a2:65:83:a1:59:bb:c1:2e:13:b1:75:
                    d9:41:a6:47:4b:b4:48:41:3b:14:f0:80:13:c3:f6:
                    4f:ab:07:79:6f:35:5f:e1:89:3f:03:1f:de:ef:56:
                    02:97:2f:68:d5:cb:6f:65:9f:f0:8c:88:bd:59:33:
                    6d:a3:5c:c0:c6:1b:c2:05:12:21:d6:b5:ee:6a:8f:
                    1c:87:a2:b1:e3:f2:6a:50:7b:b8:b4:f6:58:72:7d:
                    38:75:04:10:0e:74:5a:a2:68:a0:bc:45:66:fc:11:
                    ba:83:3a:9e:3c:24:90:0c:28:8b:1a:eb:26:9f:4d:
                    9b:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:AA:D0:02:4F:9C:E7:BA:3A:FC:F2:6E:EC:EE:4F:B1:C8:0E:BD:7B
            X509v3 Authority Key Identifier:
                keyid:21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/rKrQAk-c57o6_PJu7O5PscgOvXs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.90.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         52:8a:8f:1b:38:50:12:c5:8c:84:3e:72:1f:48:0a:64:c0:06:
         b4:cc:01:41:12:9d:0a:5f:84:40:7a:8a:00:d6:f2:62:a8:ea:
         3d:75:14:69:50:fa:75:1e:af:e2:5c:e9:b9:ec:2c:52:b3:ce:
         7f:b3:7f:fe:0a:03:d7:f0:95:81:6e:2c:95:48:09:2b:b8:7f:
         75:a5:c8:a9:4a:06:4f:c1:2a:7c:4a:87:a9:08:35:bb:e4:3f:
         db:bf:dc:8f:d7:a7:76:8f:67:ea:a2:e4:e6:95:90:e1:e0:c0:
         fd:71:1d:0e:d4:07:30:5d:cc:dc:7c:87:ba:c6:18:b6:f9:94:
         cb:0a:15:50:61:bf:87:0e:14:d2:f3:e0:96:47:3c:15:4e:6c:
         a2:43:61:ee:b3:73:e4:b2:e5:7b:8e:6f:07:0c:03:56:a9:3e:
         16:26:3f:a7:d5:bd:85:6e:d3:75:0f:a1:42:a8:79:89:6d:27:
         16:1a:f0:89:a1:6c:e7:c1:8d:ff:c9:df:c0:12:34:1f:09:57:
         73:aa:be:02:93:d7:1b:d5:f6:d0:6c:9c:51:46:2e:b3:f2:c3:
         43:bb:6b:3e:bc:73:c0:af:e1:75:6d:0e:59:ac:4d:4e:de:2b:
         75:fc:7d:60:c1:36:13:11:36:aa:c2:9c:3b:7e:a3:62:2d:20:
         b0:f2:2c:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3y0Pkd9JJvCrSzJr7iJmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYmFkNzRlN2Y2YzA5NDlhMjczNmE1NzQ3ODQ5NmQ3ZDhi
NDUwZTYwHhcNMjQwMTAyMDYzMTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2FhZDAwMjRmOWNlN2JhM2FmY2YyNmVlY2VlNGZiMWM4MGViZDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj9iVpkEXYTfcd6w6KfWapJwLLVqm
OLHkMtJWC/GGT5xvvIfK/6+sCskVAcpaysGvlCSywanQr8GgOqpn+goRnJiI8whj
9MtzTgrTRUh5sAFjr/zzAu9tHFiwrz4XBl/TTmbFJeV9E5mNtwzoNM6Y6rfEo2fo
se9cno3CEv/e78EuWNW9ojTAxzQ2omWDoVm7wS4TsXXZQaZHS7RIQTsU8IATw/ZP
qwd5bzVf4Yk/Ax/e71YCly9o1ctvZZ/wjIi9WTNto1zAxhvCBRIh1rXuao8ch6Kx
4/JqUHu4tPZYcn04dQQQDnRaomigvEVm/BG6gzqePCSQDCiLGusmn02biQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKyq0AJPnOe6OvzybuzuT7HIDr17MB8GA1UdIwQY
MBaAFCG6105/bAlJonNqV0eEltfYtFDmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQt
NDQzMzIyOWE4NDczLzEvcktyUUFrLWM1N282X1BKdTdPNVBzY2dPdlhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQtNDQzMzIyOWE4NDcz
LzEvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwlpUMA0G
CSqGSIb3DQEBCwUAA4IBAQBSio8bOFASxYyEPnIfSApkwAa0zAFBEp0KX4RAeooA
1vJiqOo9dRRpUPp1Hq/iXOm57CxSs85/s3/+CgPX8JWBbiyVSAkruH91pcipSgZP
wSp8SoepCDW75D/bv9yP16d2j2fqouTmlZDh4MD9cR0O1AcwXczcfIe6xhi2+ZTL
ChVQYb+HDhTS8+CWRzwVTmyiQ2Hus3PksuV7jm8HDANWqT4WJj+n1b2FbtN1D6FC
qHmJbScWGvCJoWznwY3/yd/AEjQfCVdzqr4Ck9cb1fbQbJxRRi6z8sNDu2s+vHPA
r+F1bQ5ZrE1O3it1/H1gwTYTETaqwpw7fqNiLSCw8iyW
-----END CERTIFICATE-----