Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/SsYtDTKxeEKrtS9wy5V-oV19884.roa
File:                     SsYtDTKxeEKrtS9wy5V-oV19884.roa (raw, json)
Hash identifier:          kTLpHxwJo+3LOqnzqXeNJSXb77lVD/puq/AXIWJeKmo=
Subject key identifier:   4A:C6:2D:0D:32:B1:78:42:AB:B5:2F:70:CB:95:7E:A1:5D:7D:F3:CE
Certificate issuer:       /CN=50182bee9aa010c1ffd2d804f6aa7b14bddb91f7
Certificate serial:       018CC94E37F0F7C1EF5AA663F27446EA8A69
Authority key identifier: 50:18:2B:EE:9A:A0:10:C1:FF:D2:D8:04:F6:AA:7B:14:BD:DB:91:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UBgr7pqgEMH_0tgE9qp7FL3bkfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/SsYtDTKxeEKrtS9wy5V-oV19884.roa
Signing time:             Tue 02 Jan 2024 08:33:15 +0000
ROA not before:           Tue 02 Jan 2024 08:33:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204528
IP address blocks:        81.199.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/UBgr7pqgEMH_0tgE9qp7FL3bkfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/UBgr7pqgEMH_0tgE9qp7FL3bkfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UBgr7pqgEMH_0tgE9qp7FL3bkfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 01:03:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:37:f0:f7:c1:ef:5a:a6:63:f2:74:46:ea:8a:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50182bee9aa010c1ffd2d804f6aa7b14bddb91f7
        Validity
            Not Before: Jan  2 08:33:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ac62d0d32b17842abb52f70cb957ea15d7df3ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:af:b6:bb:ba:9a:95:26:46:68:c2:d6:95:3d:
                    68:a8:f7:88:be:26:a9:5b:fe:be:09:89:24:bc:14:
                    5c:ec:7e:52:1f:c8:4c:53:d7:99:a9:72:f3:2f:b2:
                    fb:a2:60:66:a4:57:95:d0:fd:25:af:59:fc:66:95:
                    df:a3:02:18:dd:f4:40:9a:03:da:57:e7:e2:68:ef:
                    d7:88:38:0a:10:07:85:09:e8:cc:b5:53:8f:af:3e:
                    d1:f2:89:66:24:bf:7d:e9:3b:a2:47:1a:38:0a:f1:
                    b7:89:3d:94:f5:0d:ba:ae:17:c1:b9:b7:5f:5a:f5:
                    65:11:3e:27:0f:93:db:9a:d3:9d:6c:e7:76:91:ff:
                    e6:30:c4:04:fa:92:f6:0a:06:3a:fb:0f:50:7d:5c:
                    d2:c5:98:e9:ca:98:f0:f3:8f:17:d9:a9:a4:f6:43:
                    e8:60:0f:57:58:f6:72:33:6b:6d:38:f9:99:26:c4:
                    42:2b:ae:d6:6a:c8:07:86:69:b6:c3:ec:fa:b8:89:
                    e4:a0:19:4f:1d:ee:1d:23:ba:fa:4e:85:34:da:e4:
                    79:9d:80:19:05:3e:16:b1:41:c8:0b:e0:55:96:72:
                    7d:a0:6f:49:cb:5e:ea:5a:04:98:bc:9a:83:47:b7:
                    40:c2:fa:db:b9:17:39:4b:a6:84:86:6c:41:87:82:
                    64:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:C6:2D:0D:32:B1:78:42:AB:B5:2F:70:CB:95:7E:A1:5D:7D:F3:CE
            X509v3 Authority Key Identifier:
                keyid:50:18:2B:EE:9A:A0:10:C1:FF:D2:D8:04:F6:AA:7B:14:BD:DB:91:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UBgr7pqgEMH_0tgE9qp7FL3bkfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/SsYtDTKxeEKrtS9wy5V-oV19884.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/UBgr7pqgEMH_0tgE9qp7FL3bkfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.199.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:83:e2:b7:8e:ce:db:e3:41:b7:44:2f:95:c8:35:92:b6:51:
         29:06:ed:fe:e0:e7:b4:fe:bb:cf:86:0a:79:6e:20:76:1f:8c:
         4b:aa:5a:55:fc:d5:a1:b3:4f:bd:8b:97:fa:4d:23:99:97:b5:
         f6:0c:d6:d2:42:cd:b1:ab:44:77:d1:66:e5:a4:4d:16:f1:0c:
         ff:c4:a8:25:24:f2:50:1b:cd:ac:15:bd:eb:01:06:8f:77:1c:
         2e:6d:8b:9c:7a:f8:d6:10:00:65:1a:7a:f7:a2:b2:3b:2e:fa:
         88:74:41:fd:56:ea:93:cc:17:50:2c:e4:77:d1:f3:9e:1e:15:
         21:59:01:d2:ee:47:24:45:54:dc:d6:99:86:0b:16:69:38:16:
         88:f5:b4:cb:10:44:22:d2:0f:fc:14:cb:c5:bd:dc:d7:15:82:
         a4:b4:66:d8:2f:56:c1:05:03:86:93:1e:b3:b8:0b:3e:68:db:
         7e:1e:f1:a9:71:b2:c8:16:c9:03:71:78:35:24:92:5f:fa:ca:
         76:d6:1d:7c:94:ef:26:df:5c:7c:5b:bf:17:1d:46:67:f3:b8:
         86:3f:e3:01:6c:ef:35:6f:0c:02:6a:d0:eb:a8:49:04:44:50:
         3e:ff:f0:1f:c6:6b:41:47:a0:f6:9b:44:c1:15:77:d4:8f:2c:
         80:8f:ce:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTjfw98HvWqZj8nRG6oppMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwMTgyYmVlOWFhMDEwYzFmZmQyZDgwNGY2YWE3YjE0YmRk
YjkxZjcwHhcNMjQwMTAyMDgzMzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWM2MmQwZDMyYjE3ODQyYWJiNTJmNzBjYjk1N2VhMTVkN2RmM2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6+2u7qalSZGaMLWlT1oqPeIviap
W/6+CYkkvBRc7H5SH8hMU9eZqXLzL7L7omBmpFeV0P0lr1n8ZpXfowIY3fRAmgPa
V+fiaO/XiDgKEAeFCejMtVOPrz7R8olmJL996TuiRxo4CvG3iT2U9Q26rhfBubdf
WvVlET4nD5PbmtOdbOd2kf/mMMQE+pL2CgY6+w9QfVzSxZjpypjw848X2amk9kPo
YA9XWPZyM2ttOPmZJsRCK67WasgHhmm2w+z6uInkoBlPHe4dI7r6ToU02uR5nYAZ
BT4WsUHIC+BVlnJ9oG9Jy17qWgSYvJqDR7dAwvrbuRc5S6aEhmxBh4JkVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFErGLQ0ysXhCq7UvcMuVfqFdffPOMB8GA1UdIwQY
MBaAFFAYK+6aoBDB/9LYBPaqexS925H3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUJncjdwcWdFTUhfMHRnRTlxcDdGTDNia2ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC9iZDQ1NjYtYWMyNy00NmY4LTk0Zjkt
MTlkMWJiNjFkOWE3LzEvU3NZdERUS3hlRUtydFM5d3k1Vi1vVjE5ODg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC9iZDQ1NjYtYWMyNy00NmY4LTk0ZjktMTlkMWJiNjFkOWE3
LzEvVUJncjdwcWdFTUhfMHRnRTlxcDdGTDNia2ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUcdeMA0G
CSqGSIb3DQEBCwUAA4IBAQBLg+K3js7b40G3RC+VyDWStlEpBu3+4Oe0/rvPhgp5
biB2H4xLqlpV/NWhs0+9i5f6TSOZl7X2DNbSQs2xq0R30WblpE0W8Qz/xKglJPJQ
G82sFb3rAQaPdxwubYucevjWEABlGnr3orI7LvqIdEH9VuqTzBdQLOR30fOeHhUh
WQHS7kckRVTc1pmGCxZpOBaI9bTLEEQi0g/8FMvFvdzXFYKktGbYL1bBBQOGkx6z
uAs+aNt+HvGpcbLIFskDcXg1JJJf+sp21h18lO8m31x8W78XHUZn87iGP+MBbO81
bwwCatDrqEkERFA+//AfxmtBR6D2m0TBFXfUjyyAj84o
-----END CERTIFICATE-----