Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/bc8b3a-db3d-42d6-91c0-af8cda25566a/1/81AF1S3UpYNOqHVCpHzD3-eLXso.roa
File:                     81AF1S3UpYNOqHVCpHzD3-eLXso.roa (raw, json)
Hash identifier:          8dkp1hQeQH4v5/6GzyUVvjnUf/bAxjzY0c4Ic5BOeSA=
Subject key identifier:   F3:50:05:D5:2D:D4:A5:83:4E:A8:75:42:A4:7C:C3:DF:E7:8B:5E:CA
Certificate issuer:       /CN=c96640eaef031cb24beb365ec0dabeb26173c421
Certificate serial:       018CC26D75A5180F738D3F91960C69453351
Authority key identifier: C9:66:40:EA:EF:03:1C:B2:4B:EB:36:5E:C0:DA:BE:B2:61:73:C4:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yWZA6u8DHLJL6zZewNq-smFzxCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/bc8b3a-db3d-42d6-91c0-af8cda25566a/1/81AF1S3UpYNOqHVCpHzD3-eLXso.roa
Signing time:             Mon 01 Jan 2024 00:30:02 +0000
ROA not before:           Mon 01 Jan 2024 00:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51191
IP address blocks:        185.108.216.0/22 maxlen: 22
                          2a06:4b00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/bc8b3a-db3d-42d6-91c0-af8cda25566a/1/yWZA6u8DHLJL6zZewNq-smFzxCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/bc8b3a-db3d-42d6-91c0-af8cda25566a/1/yWZA6u8DHLJL6zZewNq-smFzxCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yWZA6u8DHLJL6zZewNq-smFzxCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 07:02:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:75:a5:18:0f:73:8d:3f:91:96:0c:69:45:33:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c96640eaef031cb24beb365ec0dabeb26173c421
        Validity
            Not Before: Jan  1 00:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f35005d52dd4a5834ea87542a47cc3dfe78b5eca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:8c:fb:85:70:a8:ed:dc:ce:f6:77:8c:b5:eb:
                    43:34:56:99:01:cf:0c:8b:6f:20:1e:ab:03:9e:8e:
                    0a:51:31:a1:b0:d5:fb:f7:37:23:b7:c4:a9:72:48:
                    13:c1:3f:56:25:31:93:fe:7a:ae:7e:67:0b:0e:72:
                    b3:bc:6b:26:f1:82:b2:52:57:49:17:a2:59:25:bb:
                    bb:28:70:89:9b:10:a1:54:63:2c:29:fc:2f:bf:29:
                    1e:22:d1:a6:09:e9:58:52:e8:03:c5:85:7e:d0:87:
                    59:dc:07:0b:88:f4:04:39:74:25:89:53:d4:6d:91:
                    b6:fb:f6:4a:f9:b3:5b:d7:e5:eb:98:dc:bf:37:8d:
                    90:0e:36:fc:bf:13:41:c3:65:d8:eb:c5:7a:56:11:
                    1c:5e:63:dd:33:83:28:dd:f8:63:e0:27:75:1c:07:
                    25:a0:13:ec:05:a8:66:19:ef:be:77:ce:6f:fd:65:
                    33:fc:16:b7:0a:a9:42:40:d4:14:dd:ce:68:f0:b6:
                    57:c9:5b:52:09:22:63:c0:56:c5:08:2c:a5:94:37:
                    bb:97:f8:ec:ce:9a:e1:d0:6a:9f:30:a3:29:3c:c5:
                    67:37:76:98:b5:f9:24:7d:e9:f0:cf:5b:7a:09:15:
                    9b:c5:c1:23:86:df:e2:bf:24:c4:aa:6b:a0:61:06:
                    cb:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:50:05:D5:2D:D4:A5:83:4E:A8:75:42:A4:7C:C3:DF:E7:8B:5E:CA
            X509v3 Authority Key Identifier:
                keyid:C9:66:40:EA:EF:03:1C:B2:4B:EB:36:5E:C0:DA:BE:B2:61:73:C4:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yWZA6u8DHLJL6zZewNq-smFzxCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/bc8b3a-db3d-42d6-91c0-af8cda25566a/1/81AF1S3UpYNOqHVCpHzD3-eLXso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/bc8b3a-db3d-42d6-91c0-af8cda25566a/1/yWZA6u8DHLJL6zZewNq-smFzxCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.108.216.0/22
                IPv6:
                  2a06:4b00::/29

    Signature Algorithm: sha256WithRSAEncryption
         47:1b:78:6c:2e:5e:90:88:35:7d:5e:93:4c:01:52:ae:b3:9e:
         4a:9a:93:6d:1e:d6:c6:a6:07:95:01:31:d0:ea:b4:28:64:cf:
         67:d2:e8:29:a8:3f:9c:80:74:34:ff:44:98:26:31:a4:b6:66:
         23:0c:52:7d:c5:82:66:23:33:64:6e:ac:54:4c:01:8e:f8:5e:
         eb:35:04:28:9e:28:be:a5:df:aa:9d:24:cf:9d:7d:64:85:11:
         df:44:b7:92:61:bb:68:c1:84:eb:b8:d2:68:0f:1c:b7:c1:88:
         15:28:2d:64:d1:bb:d6:72:4f:3f:59:6e:91:f9:bb:20:a6:4c:
         84:77:e7:3c:e2:dd:ae:81:c1:5b:dd:23:38:79:7a:3b:3d:a5:
         57:25:2f:73:5f:b8:de:ad:9c:ec:4a:f9:ae:0c:09:e1:14:8d:
         81:8c:e3:c3:45:42:5f:98:0a:41:8c:1d:32:d3:26:2e:3c:fe:
         5f:9a:67:ec:51:4e:21:22:bd:76:77:32:6b:b6:1e:63:40:13:
         ac:a0:e3:40:24:bc:50:57:f7:f8:5b:8b:44:fb:d9:fa:9e:a2:
         59:d9:66:2c:eb:18:8d:35:40:08:cf:fb:36:76:ea:14:d5:b7:
         d3:fb:e3:08:ab:42:40:e9:70:fd:ed:3c:30:89:dc:bc:7b:cd:
         46:8a:c9:2a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzCbXWlGA9zjT+RlgxpRTNRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5NjY0MGVhZWYwMzFjYjI0YmViMzY1ZWMwZGFiZWIyNjE3
M2M0MjEwHhcNMjQwMTAxMDAzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzUwMDVkNTJkZDRhNTgzNGVhODc1NDJhNDdjYzNkZmU3OGI1ZWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkoz7hXCo7dzO9neMtetDNFaZAc8M
i28gHqsDno4KUTGhsNX79zcjt8SpckgTwT9WJTGT/nqufmcLDnKzvGsm8YKyUldJ
F6JZJbu7KHCJmxChVGMsKfwvvykeItGmCelYUugDxYV+0IdZ3AcLiPQEOXQliVPU
bZG2+/ZK+bNb1+XrmNy/N42QDjb8vxNBw2XY68V6VhEcXmPdM4Mo3fhj4Cd1HAcl
oBPsBahmGe++d85v/WUz/Ba3CqlCQNQU3c5o8LZXyVtSCSJjwFbFCCyllDe7l/js
zprh0GqfMKMpPMVnN3aYtfkkfenwz1t6CRWbxcEjht/ivyTEqmugYQbLDQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPNQBdUt1KWDTqh1QqR8w9/ni17KMB8GA1UdIwQY
MBaAFMlmQOrvAxyyS+s2XsDavrJhc8QhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVdaQTZ1OERITEpMNnpaZXdOcS1zbUZ6eENFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9iYzhiM2EtZGIzZC00MmQ2LTkxYzAt
YWY4Y2RhMjU1NjZhLzEvODFBRjFTM1VwWU5PcUhWQ3BIekQzLWVMWHNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9iYzhiM2EtZGIzZC00MmQ2LTkxYzAtYWY4Y2RhMjU1NjZh
LzEveVdaQTZ1OERITEpMNnpaZXdOcS1zbUZ6eENFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWzYMA0E
AgACMAcDBQMqBksAMA0GCSqGSIb3DQEBCwUAA4IBAQBHG3hsLl6QiDV9XpNMAVKu
s55KmpNtHtbGpgeVATHQ6rQoZM9n0ugpqD+cgHQ0/0SYJjGktmYjDFJ9xYJmIzNk
bqxUTAGO+F7rNQQonii+pd+qnSTPnX1khRHfRLeSYbtowYTruNJoDxy3wYgVKC1k
0bvWck8/WW6R+bsgpkyEd+c84t2ugcFb3SM4eXo7PaVXJS9zX7jerZzsSvmuDAnh
FI2BjOPDRUJfmApBjB0y0yYuPP5fmmfsUU4hIr12dzJrth5jQBOsoONAJLxQV/f4
W4tE+9n6nqJZ2WYs6xiNNUAIz/s2duoU1bfT++MIq0JA6XD97Twwidy8e81Giskq
-----END CERTIFICATE-----