Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/fKat8HZKzDU8p17QhuFr-MX0h7A.roa
File:                     fKat8HZKzDU8p17QhuFr-MX0h7A.roa (raw, json)
Hash identifier:          u98JmjbLvByHVb7YRU/4/+MYUkwjMSfYHppj3o/z+uA=
Subject key identifier:   7C:A6:AD:F0:76:4A:CC:35:3C:A7:5E:D0:86:E1:6B:F8:C5:F4:87:B0
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       018CC3B7290F95296C4612B16DD7F4BDF3BE
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/fKat8HZKzDU8p17QhuFr-MX0h7A.roa
Signing time:             Mon 01 Jan 2024 06:30:09 +0000
ROA not before:           Mon 01 Jan 2024 06:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2300
IP address blocks:        81.52.185.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 19:51:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:29:0f:95:29:6c:46:12:b1:6d:d7:f4:bd:f3:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  1 06:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ca6adf0764acc353ca75ed086e16bf8c5f487b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:f8:79:65:b7:f0:cf:b0:68:a9:1c:b9:20:ef:
                    42:81:c5:16:f8:11:08:f1:3b:e2:f1:06:3a:4c:9d:
                    93:1d:78:13:e5:79:83:02:c5:5a:23:e2:26:59:ab:
                    6f:1f:a0:95:7c:cc:e5:1a:8e:68:0f:72:b7:51:c6:
                    6b:d6:d2:22:12:80:16:9e:be:85:58:49:6e:ce:91:
                    52:a3:f2:8e:92:f1:f2:15:56:22:e4:2a:52:36:bc:
                    7f:1d:e8:ff:c7:9b:cd:01:7a:6f:1b:d5:bb:6b:57:
                    2c:cc:42:1b:48:1a:37:4c:79:03:f1:76:d4:1e:16:
                    b7:c4:53:3f:d9:bd:a8:ef:2b:94:df:c9:85:69:44:
                    af:14:41:91:7c:31:99:e7:ce:db:d9:61:73:c7:94:
                    2a:8a:20:a5:e6:0a:fa:14:b4:29:54:9c:87:9c:60:
                    96:e2:76:ca:f3:ac:8e:ce:da:0f:ac:31:9f:d8:28:
                    ec:90:b8:c9:bf:df:eb:be:d8:99:0d:1a:24:3d:23:
                    97:6e:dd:40:1c:eb:62:21:77:64:e2:79:a3:86:c8:
                    17:29:25:de:98:49:85:bc:35:89:35:59:2e:ed:20:
                    d4:ec:50:f9:e1:fb:09:9d:e7:ce:16:50:d4:24:34:
                    c0:28:bc:6b:6c:35:29:e7:a9:7e:04:c8:4c:f5:13:
                    09:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:A6:AD:F0:76:4A:CC:35:3C:A7:5E:D0:86:E1:6B:F8:C5:F4:87:B0
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/fKat8HZKzDU8p17QhuFr-MX0h7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.52.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:9b:ed:3d:ea:aa:07:7b:4d:d6:3b:1f:87:e8:df:d8:d4:d4:
         8e:74:41:bb:26:6f:8e:a5:06:8d:73:a6:85:ad:8e:89:1f:aa:
         47:f0:5e:ad:dd:4c:81:d7:c2:01:87:4f:f5:3c:ad:3c:f2:a7:
         95:33:a8:23:d0:30:22:b4:aa:2a:fd:d9:44:06:3e:8f:f1:84:
         c3:3f:49:3c:b3:cf:79:2d:07:0b:df:05:76:15:b6:b8:15:c9:
         98:3d:4d:96:8c:c8:53:f9:74:0a:a5:8e:5f:cd:42:cf:5a:1b:
         36:17:8d:70:5a:bb:43:f8:10:99:3d:4f:b7:f1:dd:ba:11:54:
         bc:9b:5f:df:6a:c2:c4:08:3c:4b:f9:3f:18:f5:a8:5c:77:53:
         59:66:7a:a6:f7:29:04:13:52:ac:d2:bc:a3:67:ae:88:9f:48:
         5e:68:4d:78:be:4a:63:fc:68:34:31:2e:22:54:83:37:6b:fb:
         98:42:4b:8d:22:c7:f0:85:39:cf:6e:6b:97:77:41:21:8a:ca:
         90:11:79:7a:12:e3:00:12:7d:31:be:72:28:ee:87:42:86:0e:
         3a:81:d8:14:38:40:bd:a3:be:e5:30:7d:fd:26:ae:7c:a6:78:
         a1:d3:65:fd:c1:05:67:cc:81:f5:58:6e:80:6d:af:b2:d4:83:
         87:c4:24:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtykPlSlsRhKxbdf0vfO+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjQwMTAxMDYzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2E2YWRmMDc2NGFjYzM1M2NhNzVlZDA4NmUxNmJmOGM1ZjQ4N2IwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlPh5Zbfwz7BoqRy5IO9CgcUW+BEI
8Tvi8QY6TJ2THXgT5XmDAsVaI+ImWatvH6CVfMzlGo5oD3K3UcZr1tIiEoAWnr6F
WEluzpFSo/KOkvHyFVYi5CpSNrx/Hej/x5vNAXpvG9W7a1cszEIbSBo3THkD8XbU
Hha3xFM/2b2o7yuU38mFaUSvFEGRfDGZ587b2WFzx5QqiiCl5gr6FLQpVJyHnGCW
4nbK86yOztoPrDGf2CjskLjJv9/rvtiZDRokPSOXbt1AHOtiIXdk4nmjhsgXKSXe
mEmFvDWJNVku7SDU7FD54fsJnefOFlDUJDTAKLxrbDUp56l+BMhM9RMJrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHymrfB2Ssw1PKde0Ibha/jF9IewMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvZkthdDhIWkt6RFU4cDE3UWh1RnItTVgwaDdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUTS5MA0G
CSqGSIb3DQEBCwUAA4IBAQA8m+096qoHe03WOx+H6N/Y1NSOdEG7Jm+OpQaNc6aF
rY6JH6pH8F6t3UyB18IBh0/1PK088qeVM6gj0DAitKoq/dlEBj6P8YTDP0k8s895
LQcL3wV2Fba4FcmYPU2WjMhT+XQKpY5fzULPWhs2F41wWrtD+BCZPU+38d26EVS8
m1/fasLECDxL+T8Y9ahcd1NZZnqm9ykEE1Ks0ryjZ66In0heaE14vkpj/Gg0MS4i
VIM3a/uYQkuNIsfwhTnPbmuXd0EhisqQEXl6EuMAEn0xvnIo7odChg46gdgUOEC9
o77lMH39Jq58pnih02X9wQVnzIH1WG6Aba+y1IOHxCRw
-----END CERTIFICATE-----