Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/_cktXOvLE7Sfsdzvui_X-kq4TcI.roa
File:                     _cktXOvLE7Sfsdzvui_X-kq4TcI.roa (raw, json)
Hash identifier:          Gd9dvTt64iZyvi9flKzLoaN3bwqkmhChRbv4aC0fCRo=
Subject key identifier:   FD:C9:2D:5C:EB:CB:13:B4:9F:B1:DC:EF:BA:2F:D7:FA:4A:B8:4D:C2
Certificate issuer:       /CN=9799140b42db6cb6bf8c6dd413747fcf4a6fd9b5
Certificate serial:       018EA90051FBCF96948F59ECB22481067F9E
Authority key identifier: 97:99:14:0B:42:DB:6C:B6:BF:8C:6D:D4:13:74:7F:CF:4A:6F:D9:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/_cktXOvLE7Sfsdzvui_X-kq4TcI.roa
Signing time:             Thu 04 Apr 2024 12:05:54 +0000
ROA not before:           Thu 04 Apr 2024 12:05:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        82.206.4.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a9:00:51:fb:cf:96:94:8f:59:ec:b2:24:81:06:7f:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9799140b42db6cb6bf8c6dd413747fcf4a6fd9b5
        Validity
            Not Before: Apr  4 12:05:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fdc92d5cebcb13b49fb1dcefba2fd7fa4ab84dc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:59:d3:3d:91:4b:a1:ce:67:71:c3:fe:49:11:
                    37:fa:08:67:78:03:e0:cb:d6:08:7e:44:41:76:d8:
                    b5:35:9e:a6:f2:a7:ad:f2:e3:87:45:1d:7e:42:eb:
                    2e:67:62:38:49:88:19:6e:16:ae:40:01:3f:a7:1c:
                    a0:92:70:6d:14:84:c0:f2:d2:64:06:3b:fd:4c:10:
                    a1:3e:42:0a:19:96:ef:bc:ef:c6:b7:fb:d7:e8:3a:
                    ae:da:66:9d:49:98:d9:da:b9:8f:f4:1b:e3:2a:a1:
                    95:a5:99:a7:b4:e2:45:f6:7b:f7:af:f1:40:a3:a0:
                    4b:6a:4d:f9:df:57:47:8e:47:17:ef:3b:86:b0:30:
                    7d:79:4e:21:b7:4a:c5:55:b2:78:76:8f:da:b6:0e:
                    55:df:b3:1b:84:ca:16:1c:14:14:20:d2:e9:bc:6b:
                    c2:8b:83:d8:a6:bb:58:7c:1b:67:87:6b:0f:33:d8:
                    e3:f5:4f:57:be:8d:5a:5f:f2:6e:c5:f5:26:91:1b:
                    bc:be:fa:23:a4:6f:7d:69:06:b7:f2:b6:aa:ac:66:
                    26:9a:a2:10:82:2e:09:ed:54:5b:22:5d:a5:a8:5f:
                    c3:18:92:59:0e:5d:59:fa:4f:aa:32:03:92:d2:6c:
                    4b:70:66:46:80:dc:f3:ba:f2:55:b6:cb:34:94:35:
                    d2:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:C9:2D:5C:EB:CB:13:B4:9F:B1:DC:EF:BA:2F:D7:FA:4A:B8:4D:C2
            X509v3 Authority Key Identifier:
                keyid:97:99:14:0B:42:DB:6C:B6:BF:8C:6D:D4:13:74:7F:CF:4A:6F:D9:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/_cktXOvLE7Sfsdzvui_X-kq4TcI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.206.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8b:c2:c4:10:6b:28:9b:42:2c:7e:19:5a:48:4d:a9:6a:0e:7a:
         5f:07:1a:a9:8c:5b:8a:60:f6:78:bf:90:2a:db:d8:5e:0d:c9:
         e8:1a:93:64:94:fe:7c:23:8d:c4:05:3d:fd:bd:71:a8:cc:fd:
         ce:a9:f4:c7:75:60:99:4d:76:57:a9:b5:6f:47:46:a3:a9:26:
         44:d3:74:bd:90:20:43:a0:d4:d0:97:16:90:4d:be:a2:2c:2b:
         89:4d:27:93:73:39:cf:30:74:c9:67:67:49:84:03:ba:00:88:
         14:50:c4:1b:7f:50:f9:43:9e:3f:24:54:a4:8c:91:45:d7:e1:
         ef:09:d0:25:f5:d6:47:df:7c:bc:3e:75:36:ec:b9:74:60:38:
         85:61:1c:74:1b:b6:a9:45:d2:98:01:b0:c3:6b:6f:c4:9d:35:
         54:c9:db:97:36:df:17:42:f3:57:d7:4a:19:b9:1d:68:e8:e7:
         e5:c1:ba:c4:19:a3:0b:20:9a:53:62:26:6a:fa:3e:af:cd:52:
         4e:94:cb:f8:d4:92:be:eb:7e:0b:e3:d5:64:ca:91:e3:ff:be:
         3c:f8:08:cf:be:85:ee:e7:ed:5c:12:c9:77:5e:2e:a7:66:f4:
         8f:40:34:0b:e8:d8:62:04:83:a4:1c:6c:7a:0d:88:7c:52:b8:
         80:60:43:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6pAFH7z5aUj1nssiSBBn+eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3OTkxNDBiNDJkYjZjYjZiZjhjNmRkNDEzNzQ3ZmNmNGE2
ZmQ5YjUwHhcNMjQwNDA0MTIwNTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGM5MmQ1Y2ViY2IxM2I0OWZiMWRjZWZiYTJmZDdmYTRhYjg0ZGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkFnTPZFLoc5nccP+SRE3+ghneAPg
y9YIfkRBdti1NZ6m8qet8uOHRR1+QusuZ2I4SYgZbhauQAE/pxygknBtFITA8tJk
Bjv9TBChPkIKGZbvvO/Gt/vX6Dqu2madSZjZ2rmP9BvjKqGVpZmntOJF9nv3r/FA
o6BLak3531dHjkcX7zuGsDB9eU4ht0rFVbJ4do/atg5V37MbhMoWHBQUINLpvGvC
i4PYprtYfBtnh2sPM9jj9U9Xvo1aX/JuxfUmkRu8vvojpG99aQa38raqrGYmmqIQ
gi4J7VRbIl2lqF/DGJJZDl1Z+k+qMgOS0mxLcGZGgNzzuvJVtss0lDXSUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP3JLVzryxO0n7Hc77ov1/pKuE3CMB8GA1UdIwQY
MBaAFJeZFAtC22y2v4xt1BN0f89Kb9m1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDVrVUMwTGJiTGFfakczVUUzUl96MHB2MmJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS80ZWVmMDMtOTFmZS00NDVhLWE3Y2Qt
NTk1OTE5YmUwZjUyLzEvX2NrdFhPdkxFN1Nmc2R6dnVpX1gta3E0VGNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS80ZWVmMDMtOTFmZS00NDVhLWE3Y2QtNTk1OTE5YmUwZjUy
LzEvbDVrVUMwTGJiTGFfakczVUUzUl96MHB2MmJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUs4EMA0G
CSqGSIb3DQEBCwUAA4IBAQCLwsQQayibQix+GVpITalqDnpfBxqpjFuKYPZ4v5Aq
29heDcnoGpNklP58I43EBT39vXGozP3OqfTHdWCZTXZXqbVvR0ajqSZE03S9kCBD
oNTQlxaQTb6iLCuJTSeTcznPMHTJZ2dJhAO6AIgUUMQbf1D5Q54/JFSkjJFF1+Hv
CdAl9dZH33y8PnU27Ll0YDiFYRx0G7apRdKYAbDDa2/EnTVUyduXNt8XQvNX10oZ
uR1o6OflwbrEGaMLIJpTYiZq+j6vzVJOlMv41JK+634L49VkypHj/748+AjPvoXu
5+1cEsl3Xi6nZvSPQDQL6NhiBIOkHGx6DYh8UriAYEPx
-----END CERTIFICATE-----