Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/81w95Tq6fecz9hsTXkJAiLOmMy8.roa
File:                     81w95Tq6fecz9hsTXkJAiLOmMy8.roa (raw, json)
Hash identifier:          LpV/bLZ8sIXDAjnTtnd6i2+dn7R9PFMQYW5mvLonS3A=
Subject key identifier:   F3:5C:3D:E5:3A:BA:7D:E7:33:F6:1B:13:5E:42:40:88:B3:A6:33:2F
Certificate issuer:       /CN=746365355b665564a210c358c68a0117b7fbeb9a
Certificate serial:       019227E591C25C244313F5155A78F850934A
Authority key identifier: 74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/81w95Tq6fecz9hsTXkJAiLOmMy8.roa
Signing time:             Wed 25 Sep 2024 06:36:49 +0000
ROA not before:           Wed 25 Sep 2024 06:36:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208397
IP address blocks:        212.22.68.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:27:e5:91:c2:5c:24:43:13:f5:15:5a:78:f8:50:93:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746365355b665564a210c358c68a0117b7fbeb9a
        Validity
            Not Before: Sep 25 06:36:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f35c3de53aba7de733f61b135e424088b3a6332f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:d7:4b:f1:a0:0c:12:03:6c:42:4f:25:9b:20:
                    dc:1a:a8:80:43:de:9f:9b:fe:25:d5:02:b5:d7:bc:
                    18:a3:0f:e9:af:f3:f9:a8:d0:c6:65:47:0f:13:29:
                    aa:93:9c:84:c1:e0:de:47:76:65:3c:64:25:9e:59:
                    2c:8f:38:c2:76:ea:95:52:ab:e3:c2:cb:c5:3b:d7:
                    72:20:b7:cd:da:b1:ce:e7:29:44:03:18:3e:a5:14:
                    cd:2c:e5:67:a0:71:98:1b:7a:f7:81:ba:34:48:77:
                    80:f6:22:7e:7c:9c:d2:9f:ea:98:7e:8e:73:5e:9c:
                    95:c6:c2:96:15:c7:74:28:d4:69:cb:c1:1a:ab:71:
                    69:65:9c:f7:b8:0d:10:c6:7c:b2:5f:c3:3a:a0:9a:
                    39:44:ad:d6:1d:6a:d6:b0:09:54:45:ae:be:38:b6:
                    46:49:8b:9a:9a:5f:0d:d3:78:98:30:c1:d8:9c:1d:
                    6e:77:40:25:6d:15:0c:e1:61:42:bc:e0:3d:ec:b0:
                    b2:80:fc:25:e2:af:87:02:7d:fe:b9:5a:2a:35:8d:
                    56:6a:30:36:b1:1b:db:5a:8a:44:e3:e2:70:f2:2b:
                    7c:0a:09:8a:9e:c8:b1:26:f7:70:8c:33:a1:1e:e7:
                    f8:12:83:2c:02:bc:b2:30:16:14:cd:aa:02:d4:25:
                    2d:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:5C:3D:E5:3A:BA:7D:E7:33:F6:1B:13:5E:42:40:88:B3:A6:33:2F
            X509v3 Authority Key Identifier:
                keyid:74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/81w95Tq6fecz9hsTXkJAiLOmMy8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.22.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:f3:1f:8b:a7:9a:c5:2a:ea:57:8d:96:70:7f:01:71:53:4d:
         41:57:11:12:da:0f:75:d3:6d:e9:4f:ef:89:74:f5:d8:de:b5:
         54:2a:39:b2:ec:1b:7b:6b:59:cd:72:17:fe:3b:4f:ed:90:8a:
         10:23:fe:86:c2:e3:f2:e7:ad:38:80:64:a5:0a:ef:ff:63:06:
         7c:08:ae:72:cc:fd:c9:10:31:b1:03:d1:51:0e:8c:55:9e:a0:
         54:44:b7:4e:fd:e1:eb:7e:f7:6e:d5:79:80:2f:43:9a:1d:a7:
         4f:2d:52:f2:b0:eb:44:4e:f1:0b:ed:73:63:46:e8:ae:80:37:
         59:7e:a8:c8:c6:9b:61:d9:00:d3:58:f5:73:65:70:ec:c8:16:
         b9:ed:b1:b7:87:bf:49:46:41:ae:3f:63:c5:3a:06:e2:85:9f:
         d7:aa:9b:25:83:10:e2:1f:76:91:d9:bb:24:15:65:fe:a0:54:
         90:93:6e:b4:29:be:18:75:e5:07:42:cd:1b:2f:be:80:49:e2:
         b2:54:4e:50:d3:1b:2d:13:a0:cf:05:27:5d:9e:38:74:01:02:
         54:87:04:b6:f4:0a:e4:bc:18:18:2a:a0:73:5f:38:b5:c2:51:
         c5:11:0f:8d:89:a1:14:3c:d8:1d:31:5f:33:ef:38:cc:c4:de:
         37:87:5c:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIn5ZHCXCRDE/UVWnj4UJNKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM2NTM1NWI2NjU1NjRhMjEwYzM1OGM2OGEwMTE3Yjdm
YmViOWEwHhcNMjQwOTI1MDYzNjQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzVjM2RlNTNhYmE3ZGU3MzNmNjFiMTM1ZTQyNDA4OGIzYTYzMzJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9dL8aAMEgNsQk8lmyDcGqiAQ96f
m/4l1QK117wYow/pr/P5qNDGZUcPEymqk5yEweDeR3ZlPGQlnlksjzjCduqVUqvj
wsvFO9dyILfN2rHO5ylEAxg+pRTNLOVnoHGYG3r3gbo0SHeA9iJ+fJzSn+qYfo5z
XpyVxsKWFcd0KNRpy8Eaq3FpZZz3uA0QxnyyX8M6oJo5RK3WHWrWsAlURa6+OLZG
SYuaml8N03iYMMHYnB1ud0AlbRUM4WFCvOA97LCygPwl4q+HAn3+uVoqNY1WajA2
sRvbWopE4+Jw8it8CgmKnsixJvdwjDOhHuf4EoMsAryyMBYUzaoC1CUtjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPNcPeU6un3nM/YbE15CQIizpjMvMB8GA1UdIwQY
MBaAFHRjZTVbZlVkohDDWMaKARe3++uaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGIt
NmE0ZWNhZjhiM2IxLzEvODF3OTVUcTZmZWN6OWhzVFhrSkFpTE9tTXk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGItNmE0ZWNhZjhiM2Ix
LzEvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BZEMA0G
CSqGSIb3DQEBCwUAA4IBAQAe8x+Lp5rFKupXjZZwfwFxU01BVxES2g91023pT++J
dPXY3rVUKjmy7Bt7a1nNchf+O0/tkIoQI/6GwuPy5604gGSlCu//YwZ8CK5yzP3J
EDGxA9FRDoxVnqBURLdO/eHrfvdu1XmAL0OaHadPLVLysOtETvEL7XNjRuiugDdZ
fqjIxpth2QDTWPVzZXDsyBa57bG3h79JRkGuP2PFOgbihZ/XqpslgxDiH3aR2bsk
FWX+oFSQk260Kb4YdeUHQs0bL76ASeKyVE5Q0xstE6DPBSddnjh0AQJUhwS29Ark
vBgYKqBzXzi1wlHFEQ+NiaEUPNgdMV8z7zjMxN43h1y0
-----END CERTIFICATE-----