Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/ilatJaOQanuH236kCBA16WvHFME.roa
File:                     ilatJaOQanuH236kCBA16WvHFME.roa (raw, json)
Hash identifier:          2OMQzZNr6nNXTx0LdHoktq/m3hqjVRmzowvREHDz2lU=
Subject key identifier:   8A:56:AD:25:A3:90:6A:7B:87:DB:7E:A4:08:10:35:E9:6B:C7:14:C1
Certificate issuer:       /CN=81fa48f40bc84540c46bd23be9b90897aa184f4d
Certificate serial:       018CC801558E54C9DECD8B9282FC4D2428D4
Authority key identifier: 81:FA:48:F4:0B:C8:45:40:C4:6B:D2:3B:E9:B9:08:97:AA:18:4F:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gfpI9AvIRUDEa9I76bkIl6oYT00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/ilatJaOQanuH236kCBA16WvHFME.roa
Signing time:             Tue 02 Jan 2024 02:29:39 +0000
ROA not before:           Tue 02 Jan 2024 02:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     45043
IP address blocks:        195.64.244.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/gfpI9AvIRUDEa9I76bkIl6oYT00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/gfpI9AvIRUDEa9I76bkIl6oYT00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gfpI9AvIRUDEa9I76bkIl6oYT00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:55:8e:54:c9:de:cd:8b:92:82:fc:4d:24:28:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81fa48f40bc84540c46bd23be9b90897aa184f4d
        Validity
            Not Before: Jan  2 02:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a56ad25a3906a7b87db7ea4081035e96bc714c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:a6:60:3d:22:fb:68:79:c6:7d:9a:50:ab:7d:
                    e9:44:2b:7b:78:8b:c6:d2:a2:39:f2:06:75:ab:2c:
                    57:07:93:72:de:9c:60:09:58:a6:88:01:43:b2:55:
                    24:34:eb:82:4d:b3:ba:74:b4:98:58:e8:58:4d:0e:
                    94:a0:11:4f:ac:91:80:96:ce:0b:27:ea:c3:e9:18:
                    bf:61:c7:cf:79:d5:ac:74:43:b1:81:59:f6:bd:01:
                    42:a2:b9:cc:0b:c6:62:90:10:fe:0e:e6:c7:07:03:
                    a4:b6:14:87:72:31:23:ae:11:a7:9d:b3:1c:44:af:
                    fe:70:e9:a4:56:3a:2d:9a:66:2f:bb:39:2c:ed:aa:
                    c4:9f:c4:63:8b:be:a1:ce:22:a8:73:0f:f3:18:18:
                    b9:13:16:e5:b8:8d:f6:62:3a:37:3d:1c:d3:91:c3:
                    56:7d:55:fe:12:52:e7:03:81:04:95:60:66:79:9b:
                    be:6d:76:e7:dc:e0:fa:10:c7:eb:ca:0d:94:df:70:
                    8a:3b:ad:fa:ef:c4:be:82:5e:76:7e:cf:b8:a2:f7:
                    ae:98:84:79:84:2c:b5:37:60:b1:41:1d:34:b0:5a:
                    a0:3a:2d:ab:55:73:66:fb:a9:e8:84:20:e3:ce:3c:
                    4a:47:14:85:52:00:74:d1:2b:b0:4b:31:f1:7b:0b:
                    e5:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:56:AD:25:A3:90:6A:7B:87:DB:7E:A4:08:10:35:E9:6B:C7:14:C1
            X509v3 Authority Key Identifier:
                keyid:81:FA:48:F4:0B:C8:45:40:C4:6B:D2:3B:E9:B9:08:97:AA:18:4F:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gfpI9AvIRUDEa9I76bkIl6oYT00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/ilatJaOQanuH236kCBA16WvHFME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/gfpI9AvIRUDEa9I76bkIl6oYT00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.64.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         63:11:56:c0:f9:4a:27:18:7f:a6:6d:2a:e9:ba:3d:26:3c:75:
         96:75:e5:17:6a:58:70:6f:b3:71:1b:02:29:5c:13:18:af:4e:
         a1:a5:ef:01:90:db:bb:45:96:f8:77:a4:5d:5e:15:77:2e:45:
         e9:e1:15:08:4f:2d:4c:28:b3:95:7f:25:ca:1a:96:36:7b:ff:
         9d:12:01:dd:b9:79:8d:ec:e1:31:a4:9f:3f:92:49:b6:62:5c:
         7f:03:e2:d6:42:72:22:ca:a1:1f:d6:f5:47:ab:06:34:e1:2c:
         59:e8:9e:7a:12:6f:1d:02:7d:95:c2:aa:29:ae:3f:25:df:20:
         76:9d:b2:9a:ff:8f:5c:8b:1e:04:77:cd:f2:69:9c:4d:13:6e:
         65:b9:a7:2e:30:29:4b:e4:44:63:0d:95:0b:68:10:7e:e7:44:
         55:3b:cc:21:14:97:ca:70:52:5a:77:cc:06:c9:7d:f9:b3:4e:
         fe:72:55:c8:0a:c9:b7:6e:a3:01:0a:55:49:6d:9d:9a:cf:b4:
         8f:38:8d:29:32:03:81:96:4c:30:33:84:56:7d:df:e0:dd:12:
         2e:d1:66:40:8c:ab:98:94:f9:3f:3b:d1:ec:b2:1f:da:7d:d0:
         1b:be:76:d5:ac:2b:6f:59:96:bb:ad:0b:19:31:92:0f:94:8a:
         e9:eb:1c:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAVWOVMnezYuSgvxNJCjUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxZmE0OGY0MGJjODQ1NDBjNDZiZDIzYmU5YjkwODk3YWEx
ODRmNGQwHhcNMjQwMTAyMDIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTU2YWQyNWEzOTA2YTdiODdkYjdlYTQwODEwMzVlOTZiYzcxNGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhqZgPSL7aHnGfZpQq33pRCt7eIvG
0qI58gZ1qyxXB5Ny3pxgCVimiAFDslUkNOuCTbO6dLSYWOhYTQ6UoBFPrJGAls4L
J+rD6Ri/YcfPedWsdEOxgVn2vQFCornMC8ZikBD+DubHBwOkthSHcjEjrhGnnbMc
RK/+cOmkVjotmmYvuzks7arEn8Rji76hziKocw/zGBi5ExbluI32Yjo3PRzTkcNW
fVX+ElLnA4EElWBmeZu+bXbn3OD6EMfryg2U33CKO63678S+gl52fs+4oveumIR5
hCy1N2CxQR00sFqgOi2rVXNm+6nohCDjzjxKRxSFUgB00SuwSzHxewvljwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIpWrSWjkGp7h9t+pAgQNelrxxTBMB8GA1UdIwQY
MBaAFIH6SPQLyEVAxGvSO+m5CJeqGE9NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2ZwSTlBdklSVURFYTlJNzZia0lsNm9ZVDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My8xNDYwNzgtZjliMi00MTYzLWFmMWEt
OGU5M2NiNWM1MzU1LzEvaWxhdEphT1FhbnVIMjM2a0NCQTE2V3ZIRk1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My8xNDYwNzgtZjliMi00MTYzLWFmMWEtOGU5M2NiNWM1MzU1
LzEvZ2ZwSTlBdklSVURFYTlJNzZia0lsNm9ZVDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw0D0MA0G
CSqGSIb3DQEBCwUAA4IBAQBjEVbA+UonGH+mbSrpuj0mPHWWdeUXalhwb7NxGwIp
XBMYr06hpe8BkNu7RZb4d6RdXhV3LkXp4RUITy1MKLOVfyXKGpY2e/+dEgHduXmN
7OExpJ8/kkm2Ylx/A+LWQnIiyqEf1vVHqwY04SxZ6J56Em8dAn2Vwqoprj8l3yB2
nbKa/49cix4Ed83yaZxNE25luacuMClL5ERjDZULaBB+50RVO8whFJfKcFJad8wG
yX35s07+clXICsm3bqMBClVJbZ2az7SPOI0pMgOBlkwwM4RWfd/g3RIu0WZAjKuY
lPk/O9Hssh/afdAbvnbVrCtvWZa7rQsZMZIPlIrp6xxC
-----END CERTIFICATE-----