Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/1zu8HPFtIDmKvPLz3iS0xli5HPI.roa
File:                     1zu8HPFtIDmKvPLz3iS0xli5HPI.roa (raw, json)
Hash identifier:          jRshAkiGSlad8DbCSTEwQtu2VCyyEf8r14A45Qvzy7U=
Subject key identifier:   D7:3B:BC:1C:F1:6D:20:39:8A:BC:F2:F3:DE:24:B4:C6:58:B9:1C:F2
Certificate issuer:       /CN=746365355b665564a210c358c68a0117b7fbeb9a
Certificate serial:       018CC5DCC05D6D947990CCEFA680913BC3A2
Authority key identifier: 74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/1zu8HPFtIDmKvPLz3iS0xli5HPI.roa
Signing time:             Mon 01 Jan 2024 16:30:27 +0000
ROA not before:           Mon 01 Jan 2024 16:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52194
IP address blocks:        212.22.81.0/24 maxlen: 24
                          212.22.87.0/24 maxlen: 24
                          212.22.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 May 2024 14:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:c0:5d:6d:94:79:90:cc:ef:a6:80:91:3b:c3:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746365355b665564a210c358c68a0117b7fbeb9a
        Validity
            Not Before: Jan  1 16:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d73bbc1cf16d20398abcf2f3de24b4c658b91cf2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:7e:4b:e4:3f:2e:2b:d2:52:64:e5:94:4f:f3:
                    5d:41:bf:99:5f:97:ed:af:4d:41:df:a5:65:62:80:
                    0c:7e:ec:cf:21:0b:41:ea:5c:76:9f:45:b9:b3:f1:
                    67:30:09:53:c7:e2:93:fd:7a:7f:6e:1c:06:26:e0:
                    64:fa:84:2b:c7:06:f3:d2:29:37:a5:80:48:5b:d7:
                    1b:76:dd:9b:11:67:31:58:10:09:8c:1d:d5:51:d2:
                    b9:dd:06:2f:7c:b1:47:96:fe:9f:ba:02:fd:40:a3:
                    5f:8e:69:e2:52:3f:c9:88:70:bf:b4:45:e6:6a:08:
                    20:90:b9:ce:8f:1d:7d:f4:f5:2a:94:cb:83:a2:c7:
                    c4:3f:49:57:38:b4:09:b9:1a:f0:c6:73:6d:ba:d3:
                    f7:33:6d:66:50:1b:c7:32:ad:30:4a:45:69:2a:05:
                    29:fb:0f:c7:8b:b3:ec:2d:9b:00:cc:4f:bf:77:15:
                    12:9a:1a:6a:5d:86:63:9a:af:bc:94:ac:cc:97:51:
                    5e:f3:2b:b4:d5:bb:0f:17:bc:0e:b5:bc:f8:a2:5b:
                    77:4f:4c:9f:64:35:30:f0:1f:92:23:b6:70:b1:2f:
                    bb:dd:11:b7:52:97:56:35:ca:58:85:6d:cd:67:68:
                    1f:ca:ad:09:02:a2:37:e7:b8:d5:c4:c0:f2:83:1f:
                    64:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:3B:BC:1C:F1:6D:20:39:8A:BC:F2:F3:DE:24:B4:C6:58:B9:1C:F2
            X509v3 Authority Key Identifier:
                keyid:74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/1zu8HPFtIDmKvPLz3iS0xli5HPI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.22.81.0/24
                  212.22.87.0/24
                  212.22.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:de:71:b1:70:97:b6:a3:82:b6:09:c9:4c:7c:ea:fd:4a:3c:
         97:7f:b9:0b:da:9d:76:32:62:92:92:27:54:85:f1:45:b6:08:
         c9:9f:0b:a7:02:57:c5:45:a7:89:df:ae:8c:7a:b8:83:93:23:
         93:b4:ee:b1:f6:73:b7:36:39:39:65:f9:d2:8a:52:c1:58:32:
         a1:ad:09:dc:9e:7f:ec:ce:f5:30:d7:18:3d:87:25:12:bc:3d:
         9a:40:be:3b:d1:0e:50:00:53:17:c1:34:ec:92:f1:ff:24:26:
         0a:6d:f5:74:80:80:61:a7:28:9b:fd:72:4c:ed:e8:94:02:4b:
         c5:56:19:cd:7f:1b:4d:35:e8:25:35:12:6d:03:4c:7f:23:d1:
         f1:41:69:ab:58:37:60:c3:6f:65:7f:6a:4a:3d:3a:99:d8:4f:
         81:02:87:da:04:bc:09:e5:78:92:04:a0:a0:db:e3:c6:19:a3:
         1a:45:e9:d4:20:8f:fe:53:6f:7b:84:24:95:8a:69:03:de:44:
         c8:eb:45:32:23:bb:67:fb:01:1c:bb:bb:a3:a1:62:3d:ac:72:
         00:fc:b2:56:91:d1:cd:11:c6:fe:4b:b3:bb:7d:82:dc:12:b1:
         ed:37:0f:36:65:c3:61:bb:5e:1a:c7:58:91:72:76:a8:d3:11:
         6c:8e:3c:44
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzF3MBdbZR5kMzvpoCRO8OiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM2NTM1NWI2NjU1NjRhMjEwYzM1OGM2OGEwMTE3Yjdm
YmViOWEwHhcNMjQwMTAxMTYzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzNiYmMxY2YxNmQyMDM5OGFiY2YyZjNkZTI0YjRjNjU4YjkxY2YyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtX5L5D8uK9JSZOWUT/NdQb+ZX5ft
r01B36VlYoAMfuzPIQtB6lx2n0W5s/FnMAlTx+KT/Xp/bhwGJuBk+oQrxwbz0ik3
pYBIW9cbdt2bEWcxWBAJjB3VUdK53QYvfLFHlv6fugL9QKNfjmniUj/JiHC/tEXm
agggkLnOjx199PUqlMuDosfEP0lXOLQJuRrwxnNtutP3M21mUBvHMq0wSkVpKgUp
+w/Hi7PsLZsAzE+/dxUSmhpqXYZjmq+8lKzMl1Fe8yu01bsPF7wOtbz4olt3T0yf
ZDUw8B+SI7ZwsS+73RG3UpdWNcpYhW3NZ2gfyq0JAqI357jVxMDygx9kkQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNc7vBzxbSA5irzy894ktMZYuRzyMB8GA1UdIwQY
MBaAFHRjZTVbZlVkohDDWMaKARe3++uaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGIt
NmE0ZWNhZjhiM2IxLzEvMXp1OEhQRnRJRG1LdlBMejNpUzB4bGk1SFBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGItNmE0ZWNhZjhiM2Ix
LzEvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQA1BZRAwQA
1BZXAwQA1BZfMA0GCSqGSIb3DQEBCwUAA4IBAQCK3nGxcJe2o4K2CclMfOr9SjyX
f7kL2p12MmKSkidUhfFFtgjJnwunAlfFRaeJ366MeriDkyOTtO6x9nO3Njk5ZfnS
ilLBWDKhrQncnn/szvUw1xg9hyUSvD2aQL470Q5QAFMXwTTskvH/JCYKbfV0gIBh
pyib/XJM7eiUAkvFVhnNfxtNNeglNRJtA0x/I9HxQWmrWDdgw29lf2pKPTqZ2E+B
AofaBLwJ5XiSBKCg2+PGGaMaRenUII/+U297hCSVimkD3kTI60UyI7tn+wEcu7uj
oWI9rHIA/LJWkdHNEcb+S7O7fYLcErHtNw82ZcNhu14ax1iRcnao0xFsjjxE
-----END CERTIFICATE-----