Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/C_ptDo_qiAOoOvo-8qAXY88vBfQ.roa
File:                     C_ptDo_qiAOoOvo-8qAXY88vBfQ.roa (raw, json)
Hash identifier:          1pTHKMzDAlMlQWVM+wYMeFKqdkUepdgj73yRGng1bLA=
Subject key identifier:   0B:FA:6D:0E:8F:EA:88:03:A8:3A:FA:3E:F2:A0:17:63:CF:2F:05:F4
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       0193443AE392B4634F63DDBCD74D0DDB6233
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/C_ptDo_qiAOoOvo-8qAXY88vBfQ.roa
Signing time:             Tue 19 Nov 2024 11:42:10 +0000
ROA not before:           Tue 19 Nov 2024 11:42:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        82.163.96.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:44:3a:e3:92:b4:63:4f:63:dd:bc:d7:4d:0d:db:62:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Nov 19 11:42:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0bfa6d0e8fea8803a83afa3ef2a01763cf2f05f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:5d:d0:e5:8e:9f:8a:42:98:8f:e7:78:79:e0:
                    04:4e:bc:71:3a:47:07:9c:33:60:56:65:bb:40:21:
                    29:61:b5:c6:80:e7:2d:c0:ff:4d:eb:2f:b0:7b:36:
                    b1:62:e1:cb:78:59:a4:13:17:76:66:b4:fc:df:63:
                    8a:7e:c4:9a:1f:8f:aa:7f:53:c7:ee:0e:7b:51:83:
                    22:e7:4a:52:c6:4f:be:6c:07:ea:2d:75:c0:d9:82:
                    df:06:20:27:94:96:7c:62:74:df:f1:c3:96:31:08:
                    71:f0:56:a8:a2:d4:b9:db:c4:66:2b:c9:3d:4c:9c:
                    7b:f5:57:c1:99:25:c1:f8:d2:9e:9a:ac:60:18:68:
                    b8:e1:6c:04:4a:af:38:73:bc:a3:65:9e:34:31:d5:
                    9e:39:ad:4f:33:0a:b8:cb:76:7c:d6:e7:5a:aa:c4:
                    a9:6c:f6:0a:bb:02:13:07:c1:b0:0a:0e:3c:01:f6:
                    fd:f7:7d:c7:b3:f5:50:9c:a2:64:ea:da:5c:4b:5d:
                    73:22:b1:b3:0e:f5:de:22:25:2b:c0:f2:64:b8:13:
                    a8:7a:d8:08:16:02:ad:6e:f3:f4:3a:e6:20:61:dd:
                    de:68:d8:c4:0a:6a:a4:de:12:08:80:ca:70:8d:a6:
                    4e:c0:c4:5d:4e:94:8d:da:95:54:fe:d6:13:64:58:
                    ad:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:FA:6D:0E:8F:EA:88:03:A8:3A:FA:3E:F2:A0:17:63:CF:2F:05:F4
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/C_ptDo_qiAOoOvo-8qAXY88vBfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.163.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         45:40:d5:d3:93:e8:20:8f:7a:14:8a:e4:4b:5d:a1:3e:1c:2a:
         a5:8d:44:d7:51:44:ef:98:f9:4f:d0:84:fa:a4:2a:7e:11:90:
         03:ba:7f:bd:a2:bd:5c:49:01:23:95:6e:a2:d8:06:fb:cf:32:
         22:d7:28:65:b1:93:da:3e:f4:9b:6b:f3:58:f2:bd:ec:ea:94:
         79:b2:30:98:bb:a8:f2:54:8e:10:93:ca:3e:34:70:e4:88:3b:
         7d:5b:b4:20:f3:f5:fb:24:77:79:56:fa:89:12:36:1b:37:0e:
         4c:3a:7f:bb:74:b2:da:dd:c7:7c:2c:54:cd:03:cf:ea:eb:b6:
         55:ab:61:98:e0:e7:2a:4c:1d:34:80:8a:48:41:66:a1:93:7e:
         22:2a:b3:d9:0e:1b:24:fb:52:35:23:fe:fb:e3:60:bb:ec:84:
         14:24:0c:73:c2:99:59:30:86:7b:bd:bd:26:3e:39:28:19:27:
         a4:02:4b:6d:70:4a:26:0f:61:74:29:63:89:23:c0:38:9b:80:
         f6:b2:71:98:f3:9b:01:4d:a1:19:88:96:23:14:1a:b8:d5:2c:
         ae:08:ec:32:98:37:f5:c3:ec:e4:50:e1:a2:9f:bf:82:72:8f:
         6e:53:9a:2d:a2:4a:95:8e:48:13:25:c8:a1:ae:5f:fc:da:f9:
         7d:cf:32:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNEOuOStGNPY928100N22IzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjQxMTE5MTE0MjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmZhNmQwZThmZWE4ODAzYTgzYWZhM2VmMmEwMTc2M2NmMmYwNWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvV3Q5Y6fikKYj+d4eeAETrxxOkcH
nDNgVmW7QCEpYbXGgOctwP9N6y+wezaxYuHLeFmkExd2ZrT832OKfsSaH4+qf1PH
7g57UYMi50pSxk++bAfqLXXA2YLfBiAnlJZ8YnTf8cOWMQhx8FaootS528RmK8k9
TJx79VfBmSXB+NKemqxgGGi44WwESq84c7yjZZ40MdWeOa1PMwq4y3Z81udaqsSp
bPYKuwITB8GwCg48Afb9933Hs/VQnKJk6tpcS11zIrGzDvXeIiUrwPJkuBOoetgI
FgKtbvP0OuYgYd3eaNjECmqk3hIIgMpwjaZOwMRdTpSN2pVU/tYTZFitEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAv6bQ6P6ogDqDr6PvKgF2PPLwX0MB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvQ19wdERvX3FpQU9vT3ZvLThxQVhZODh2QmZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDUqNgMA0G
CSqGSIb3DQEBCwUAA4IBAQBFQNXTk+ggj3oUiuRLXaE+HCqljUTXUUTvmPlP0IT6
pCp+EZADun+9or1cSQEjlW6i2Ab7zzIi1yhlsZPaPvSba/NY8r3s6pR5sjCYu6jy
VI4Qk8o+NHDkiDt9W7Qg8/X7JHd5VvqJEjYbNw5MOn+7dLLa3cd8LFTNA8/q67ZV
q2GY4OcqTB00gIpIQWahk34iKrPZDhsk+1I1I/7742C77IQUJAxzwplZMIZ7vb0m
PjkoGSekAkttcEomD2F0KWOJI8A4m4D2snGY85sBTaEZiJYjFBq41SyuCOwymDf1
w+zkUOGin7+Cco9uU5otokqVjkgTJcihrl/82vl9zzKB
-----END CERTIFICATE-----