Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/ADYNtl4GbPmYMdB4WwfHvOAGFAo.roa
File:                     ADYNtl4GbPmYMdB4WwfHvOAGFAo.roa (raw, json)
Hash identifier:          lFWJZToKAOwt8/wBlzbvnOG1w7G2KOyUoREL++0fq3s=
Subject key identifier:   00:36:0D:B6:5E:06:6C:F9:98:31:D0:78:5B:07:C7:BC:E0:06:14:0A
Certificate issuer:       /CN=e7f881401abacc88c941fdf740f1ab1536f05dba
Certificate serial:       018CCA2BB45081984E93C0471CB93AC7E590
Authority key identifier: E7:F8:81:40:1A:BA:CC:88:C9:41:FD:F7:40:F1:AB:15:36:F0:5D:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5_iBQBq6zIjJQf33QPGrFTbwXbo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/ADYNtl4GbPmYMdB4WwfHvOAGFAo.roa
Signing time:             Tue 02 Jan 2024 12:35:10 +0000
ROA not before:           Tue 02 Jan 2024 12:35:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34462
IP address blocks:        82.119.228.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/5_iBQBq6zIjJQf33QPGrFTbwXbo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/5_iBQBq6zIjJQf33QPGrFTbwXbo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5_iBQBq6zIjJQf33QPGrFTbwXbo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 01:03:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:b4:50:81:98:4e:93:c0:47:1c:b9:3a:c7:e5:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7f881401abacc88c941fdf740f1ab1536f05dba
        Validity
            Not Before: Jan  2 12:35:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=00360db65e066cf99831d0785b07c7bce006140a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:15:d9:7b:b8:79:82:db:75:af:c1:81:22:b2:
                    d8:cb:30:74:75:45:5a:22:6e:fd:89:02:77:2c:3b:
                    67:61:7b:b5:59:e8:8e:5d:ef:56:dd:75:43:16:a8:
                    d8:46:4d:88:c6:b7:66:cb:96:e2:67:78:f2:fc:a7:
                    4b:1e:97:b7:b3:be:38:88:6e:fb:98:e7:f9:9f:6d:
                    3b:45:41:7c:7d:47:74:ef:a0:4d:a0:0f:d5:c6:d2:
                    5d:39:8e:be:bd:b5:9b:cc:14:ee:bd:5d:a1:ab:61:
                    ae:bc:56:30:85:0e:04:71:c4:02:82:de:66:d2:03:
                    38:cf:aa:c5:ac:36:46:3f:e6:cd:63:3b:57:a3:99:
                    84:bc:88:80:5b:c1:e6:79:65:fe:04:e7:fa:61:65:
                    b5:9b:84:8d:a5:05:89:b7:a5:e1:ab:53:65:a9:63:
                    50:2e:04:67:38:8a:ab:16:e0:2c:9c:df:d4:36:87:
                    68:53:26:34:58:f4:64:a3:3d:5e:08:7f:2d:8c:df:
                    5c:39:25:4b:47:8a:37:4c:03:40:d1:d8:48:f5:e6:
                    e5:d9:f5:9e:30:cc:e6:ee:e0:04:35:df:27:26:c1:
                    4c:c1:e8:0a:0b:d2:05:61:a3:bd:c8:d3:cf:d5:bb:
                    40:17:ca:6d:32:78:73:d5:ec:07:ba:a6:12:74:9c:
                    75:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:36:0D:B6:5E:06:6C:F9:98:31:D0:78:5B:07:C7:BC:E0:06:14:0A
            X509v3 Authority Key Identifier:
                keyid:E7:F8:81:40:1A:BA:CC:88:C9:41:FD:F7:40:F1:AB:15:36:F0:5D:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5_iBQBq6zIjJQf33QPGrFTbwXbo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/ADYNtl4GbPmYMdB4WwfHvOAGFAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/5_iBQBq6zIjJQf33QPGrFTbwXbo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.119.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         17:13:ab:cc:4a:03:31:4e:34:e4:2e:10:f9:50:05:06:39:5a:
         4e:be:87:c0:a0:70:99:80:4c:86:00:4f:f0:74:bf:c8:04:32:
         e3:f6:a1:b8:0e:eb:4a:02:38:70:b1:7b:a8:de:8e:9d:5f:2e:
         8a:75:24:90:fa:db:1a:6b:6b:0d:05:0e:6d:b4:6b:b5:52:ca:
         fc:1d:b1:f6:00:3b:ee:ce:da:1a:04:68:f7:c4:8e:1e:ce:3f:
         bc:c2:2f:25:89:91:92:e8:48:4c:8e:af:a7:9f:c1:de:a6:13:
         9a:d2:49:54:c4:c9:b1:5b:ba:e0:65:a9:9d:fb:46:00:43:32:
         f5:9a:59:43:8b:ed:0c:8e:19:5c:78:55:bc:de:ab:17:0b:05:
         cd:ff:24:1e:0c:a2:5b:fd:7b:09:2d:59:f8:21:f5:e2:6c:e7:
         ab:db:87:9d:63:a7:ac:68:b2:95:03:64:81:4b:43:da:fb:19:
         81:4c:fc:6f:76:01:6b:67:25:e0:f4:8b:75:8a:46:af:06:23:
         ae:35:80:da:f0:54:f7:87:4e:56:04:9b:11:52:48:cc:c6:ca:
         7b:3b:13:d9:de:65:14:2a:91:20:3d:92:c3:b1:b8:b7:68:45:
         14:ef:d9:6f:3e:90:dd:97:b2:99:1d:6f:2b:06:cd:00:f9:b3:
         d0:f2:d3:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK7RQgZhOk8BHHLk6x+WQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3Zjg4MTQwMWFiYWNjODhjOTQxZmRmNzQwZjFhYjE1MzZm
MDVkYmEwHhcNMjQwMTAyMTIzNTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDM2MGRiNjVlMDY2Y2Y5OTgzMWQwNzg1YjA3YzdiY2UwMDYxNDBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmxXZe7h5gtt1r8GBIrLYyzB0dUVa
Im79iQJ3LDtnYXu1WeiOXe9W3XVDFqjYRk2Ixrdmy5biZ3jy/KdLHpe3s744iG77
mOf5n207RUF8fUd076BNoA/VxtJdOY6+vbWbzBTuvV2hq2GuvFYwhQ4EccQCgt5m
0gM4z6rFrDZGP+bNYztXo5mEvIiAW8HmeWX+BOf6YWW1m4SNpQWJt6Xhq1NlqWNQ
LgRnOIqrFuAsnN/UNodoUyY0WPRkoz1eCH8tjN9cOSVLR4o3TANA0dhI9ebl2fWe
MMzm7uAENd8nJsFMwegKC9IFYaO9yNPP1btAF8ptMnhz1ewHuqYSdJx18QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAA2DbZeBmz5mDHQeFsHx7zgBhQKMB8GA1UdIwQY
MBaAFOf4gUAausyIyUH990DxqxU28F26MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNV9pQlFCcTZ6SWpKUWYzM1FQR3JGVGJ3WGJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS9mNTUzNGEtYTYxMy00N2JlLWI0MmIt
ZTJmYmMzYTY4ODAwLzEvQURZTnRsNEdiUG1ZTWRCNFd3Zkh2T0FHRkFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS9mNTUzNGEtYTYxMy00N2JlLWI0MmItZTJmYmMzYTY4ODAw
LzEvNV9pQlFCcTZ6SWpKUWYzM1FQR3JGVGJ3WGJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUnfkMA0G
CSqGSIb3DQEBCwUAA4IBAQAXE6vMSgMxTjTkLhD5UAUGOVpOvofAoHCZgEyGAE/w
dL/IBDLj9qG4DutKAjhwsXuo3o6dXy6KdSSQ+tsaa2sNBQ5ttGu1Usr8HbH2ADvu
ztoaBGj3xI4ezj+8wi8liZGS6EhMjq+nn8HephOa0klUxMmxW7rgZamd+0YAQzL1
mllDi+0MjhlceFW83qsXCwXN/yQeDKJb/XsJLVn4IfXibOer24edY6esaLKVA2SB
S0Pa+xmBTPxvdgFrZyXg9It1ikavBiOuNYDa8FT3h05WBJsRUkjMxsp7OxPZ3mUU
KpEgPZLDsbi3aEUU79lvPpDdl7KZHW8rBs0A+bPQ8tOz
-----END CERTIFICATE-----