Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/51cd94-a055-43ee-a09b-472b0d072e83/1/Vs5z73F5hVQ4c8vmJjhICqBkO0c.roa
File:                     Vs5z73F5hVQ4c8vmJjhICqBkO0c.roa (raw, json)
Hash identifier:          n/74rh921tFVWUdvCbykFVAx72urvJ3WCgZAwVCSUiU=
Subject key identifier:   56:CE:73:EF:71:79:85:54:38:73:CB:E6:26:38:48:0A:A0:64:3B:47
Certificate issuer:       /CN=16ea37a8e73e7679a933d70f7b9c872081024455
Certificate serial:       018F35BB474645B72823B0111B4FBD54077C
Authority key identifier: 16:EA:37:A8:E7:3E:76:79:A9:33:D7:0F:7B:9C:87:20:81:02:44:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fuo3qOc-dnmpM9cPe5yHIIECRFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/51cd94-a055-43ee-a09b-472b0d072e83/1/Vs5z73F5hVQ4c8vmJjhICqBkO0c.roa
Signing time:             Wed 01 May 2024 19:56:56 +0000
ROA not before:           Wed 01 May 2024 19:56:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216383
IP address blocks:        185.81.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/51cd94-a055-43ee-a09b-472b0d072e83/1/Fuo3qOc-dnmpM9cPe5yHIIECRFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/51cd94-a055-43ee-a09b-472b0d072e83/1/Fuo3qOc-dnmpM9cPe5yHIIECRFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fuo3qOc-dnmpM9cPe5yHIIECRFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 01:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:35:bb:47:46:45:b7:28:23:b0:11:1b:4f:bd:54:07:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16ea37a8e73e7679a933d70f7b9c872081024455
        Validity
            Not Before: May  1 19:56:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=56ce73ef717985543873cbe62638480aa0643b47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:1c:72:88:76:ef:22:5a:ea:65:72:00:86:76:
                    76:98:0c:ea:15:93:4a:df:9c:f3:58:41:77:5e:f9:
                    a2:22:f3:f9:44:9e:19:a7:9f:92:3f:5b:53:1c:5d:
                    c9:0c:38:12:e0:16:75:c9:25:35:30:19:cd:66:b3:
                    b4:88:39:d2:14:16:3f:88:2c:b8:a3:ea:33:8a:d1:
                    59:c2:e2:85:5f:21:aa:79:91:3a:f1:f9:62:41:fc:
                    5a:a7:13:d6:16:29:93:1f:87:62:f6:7c:e2:d5:81:
                    8e:47:c8:41:c1:11:62:46:00:34:6f:c1:de:1c:3f:
                    57:25:b6:a7:f8:cf:17:e7:4e:9e:c7:84:1f:52:5f:
                    05:1e:db:f5:b0:8c:3e:ec:8e:3e:ae:17:ad:b2:ac:
                    1a:63:d9:ce:11:94:b8:ac:a6:58:ac:bf:46:ae:d0:
                    7f:e7:bb:46:e2:23:92:9f:fc:47:d4:a4:d7:f2:28:
                    f0:0a:4b:7e:da:fa:46:45:01:9b:87:6f:ba:37:07:
                    1c:25:d2:05:af:a5:57:9b:e1:76:c5:34:bd:c6:1b:
                    e5:7f:12:f5:05:1e:bd:79:de:d2:1e:74:34:09:f8:
                    ee:c6:45:87:99:2a:b0:16:37:b6:d2:76:a5:35:68:
                    ac:0e:fd:d8:70:1f:4f:2a:89:a4:cd:62:8f:87:2b:
                    6f:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:CE:73:EF:71:79:85:54:38:73:CB:E6:26:38:48:0A:A0:64:3B:47
            X509v3 Authority Key Identifier:
                keyid:16:EA:37:A8:E7:3E:76:79:A9:33:D7:0F:7B:9C:87:20:81:02:44:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fuo3qOc-dnmpM9cPe5yHIIECRFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/51cd94-a055-43ee-a09b-472b0d072e83/1/Vs5z73F5hVQ4c8vmJjhICqBkO0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/51cd94-a055-43ee-a09b-472b0d072e83/1/Fuo3qOc-dnmpM9cPe5yHIIECRFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.81.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:95:9a:74:53:45:02:81:21:c8:a7:4a:13:60:41:cc:1e:fb:
         d7:d6:ef:82:1c:8f:6a:70:ec:cd:7d:3b:4f:55:c9:d2:58:ce:
         ed:40:40:c8:f9:7c:f2:ea:08:0a:18:03:22:c6:22:06:64:2e:
         a7:9b:0c:e2:03:6e:9e:0d:19:bc:37:17:e3:ff:5c:5b:d3:7a:
         fe:8c:30:6d:55:ba:49:26:91:e3:f6:18:8a:7d:7b:ac:a9:98:
         da:5c:0e:17:1b:7a:78:2b:b1:2a:2b:78:3d:00:ff:1c:41:e9:
         41:6f:8d:ac:ed:fd:c0:e4:bb:5c:07:13:52:25:2b:a1:25:2d:
         b3:7d:ed:08:a7:7e:55:c8:7f:9e:e9:bd:53:49:95:cc:1b:6c:
         55:7f:f0:a1:86:d0:b1:47:d5:9a:dd:b6:48:a7:ff:b0:47:54:
         cc:c1:87:9b:a8:08:fa:a9:8c:c1:4a:57:b2:86:06:71:73:7f:
         f9:7b:14:99:de:4a:4c:2d:7f:22:a4:f5:00:b5:0b:33:60:b4:
         b1:dc:3e:25:28:08:49:8e:ee:fb:06:6e:b0:74:8a:f4:08:3e:
         fd:c7:28:3e:6f:84:49:f9:04:2c:33:e6:35:9b:e8:74:2c:e9:
         07:36:9e:96:c6:80:6d:24:e3:69:4d:b0:69:d5:30:65:e9:27:
         ea:28:37:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY81u0dGRbcoI7ARG0+9VAd8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2ZWEzN2E4ZTczZTc2NzlhOTMzZDcwZjdiOWM4NzIwODEw
MjQ0NTUwHhcNMjQwNTAxMTk1NjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmNlNzNlZjcxNzk4NTU0Mzg3M2NiZTYyNjM4NDgwYWEwNjQzYjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBxyiHbvIlrqZXIAhnZ2mAzqFZNK
35zzWEF3XvmiIvP5RJ4Zp5+SP1tTHF3JDDgS4BZ1ySU1MBnNZrO0iDnSFBY/iCy4
o+ozitFZwuKFXyGqeZE68fliQfxapxPWFimTH4di9nzi1YGOR8hBwRFiRgA0b8He
HD9XJban+M8X506ex4QfUl8FHtv1sIw+7I4+rhetsqwaY9nOEZS4rKZYrL9GrtB/
57tG4iOSn/xH1KTX8ijwCkt+2vpGRQGbh2+6NwccJdIFr6VXm+F2xTS9xhvlfxL1
BR69ed7SHnQ0CfjuxkWHmSqwFje20nalNWisDv3YcB9PKomkzWKPhytv+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFbOc+9xeYVUOHPL5iY4SAqgZDtHMB8GA1UdIwQY
MBaAFBbqN6jnPnZ5qTPXD3uchyCBAkRVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnVvM3FPYy1kbm1wTTljUGU1eUhJSUVDUkZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My81MWNkOTQtYTA1NS00M2VlLWEwOWIt
NDcyYjBkMDcyZTgzLzEvVnM1ejczRjVoVlE0Yzh2bUpqaElDcUJrTzBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My81MWNkOTQtYTA1NS00M2VlLWEwOWItNDcyYjBkMDcyZTgz
LzEvRnVvM3FPYy1kbm1wTTljUGU1eUhJSUVDUkZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVFiMA0G
CSqGSIb3DQEBCwUAA4IBAQBAlZp0U0UCgSHIp0oTYEHMHvvX1u+CHI9qcOzNfTtP
VcnSWM7tQEDI+Xzy6ggKGAMixiIGZC6nmwziA26eDRm8Nxfj/1xb03r+jDBtVbpJ
JpHj9hiKfXusqZjaXA4XG3p4K7EqK3g9AP8cQelBb42s7f3A5LtcBxNSJSuhJS2z
fe0Ip35VyH+e6b1TSZXMG2xVf/ChhtCxR9Wa3bZIp/+wR1TMwYebqAj6qYzBSley
hgZxc3/5exSZ3kpMLX8ipPUAtQszYLSx3D4lKAhJju77Bm6wdIr0CD79xyg+b4RJ
+QQsM+Y1m+h0LOkHNp6WxoBtJONpTbBp1TBl6SfqKDcZ
-----END CERTIFICATE-----