Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/89ff3b-1263-4cdd-9cad-23df8dddf978/1/2N6urlOD0Xl64IaC4GaCBKvvuio.roa
File:                     2N6urlOD0Xl64IaC4GaCBKvvuio.roa (raw, json)
Hash identifier:          eGojIwzSmaJ45ysVGACMJ7wLajdu1hwCMuQoBMqID5M=
Subject key identifier:   D8:DE:AE:AE:53:83:D1:79:7A:E0:86:82:E0:66:82:04:AB:EF:BA:2A
Certificate issuer:       /CN=4f152900b0d323d36d94510ab0b01c93f4517c89
Certificate serial:       018CC3B71EE6CE3568ADD7E7253F7B17DB37
Authority key identifier: 4F:15:29:00:B0:D3:23:D3:6D:94:51:0A:B0:B0:1C:93:F4:51:7C:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxUpALDTI9NtlFEKsLAck_RRfIk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/89ff3b-1263-4cdd-9cad-23df8dddf978/1/2N6urlOD0Xl64IaC4GaCBKvvuio.roa
Signing time:             Mon 01 Jan 2024 06:30:07 +0000
ROA not before:           Mon 01 Jan 2024 06:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203736
IP address blocks:        185.102.32.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/89ff3b-1263-4cdd-9cad-23df8dddf978/1/TxUpALDTI9NtlFEKsLAck_RRfIk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/89ff3b-1263-4cdd-9cad-23df8dddf978/1/TxUpALDTI9NtlFEKsLAck_RRfIk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxUpALDTI9NtlFEKsLAck_RRfIk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:1e:e6:ce:35:68:ad:d7:e7:25:3f:7b:17:db:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f152900b0d323d36d94510ab0b01c93f4517c89
        Validity
            Not Before: Jan  1 06:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d8deaeae5383d1797ae08682e0668204abefba2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:6e:d5:f5:2d:9c:88:64:cd:86:ce:cb:c6:10:
                    d5:62:23:34:b9:c7:c4:27:76:f7:dd:85:b2:49:28:
                    59:28:a8:3f:2c:ee:2f:94:ad:dc:04:86:7b:65:5f:
                    3c:da:bf:99:71:06:f7:b9:46:15:73:00:e9:e9:f6:
                    5d:85:ea:9f:d6:16:ac:21:c3:36:0c:e5:da:67:21:
                    7b:05:fe:b6:f8:60:34:fa:5d:0f:5e:b8:ec:89:1b:
                    16:ec:39:48:77:4c:86:6b:78:cf:dd:fd:88:86:81:
                    4e:26:f0:99:cd:fd:a2:a6:51:a2:19:f8:c5:eb:58:
                    c0:d2:31:5d:18:6e:a2:14:0a:1a:52:b8:62:d1:30:
                    13:52:f4:42:66:d6:5a:3f:11:9e:c0:cb:58:39:41:
                    d5:24:71:2b:ab:1c:bc:b1:9b:ac:fe:56:ea:2c:42:
                    43:43:35:c1:91:11:31:7a:cd:99:9e:85:5e:cf:f7:
                    e3:81:4d:d4:4e:8e:6c:95:06:78:b3:7b:cd:ea:b2:
                    49:f5:7e:e6:69:8c:5b:5f:47:9c:37:9c:d7:2c:37:
                    75:85:0a:ee:c3:db:b8:3d:f1:32:fa:3b:a2:ac:7f:
                    5a:67:f4:3d:f5:7b:dc:21:b3:18:4a:98:32:35:16:
                    c1:ae:56:af:49:cb:67:7f:e4:ea:31:3c:b3:03:37:
                    e2:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:DE:AE:AE:53:83:D1:79:7A:E0:86:82:E0:66:82:04:AB:EF:BA:2A
            X509v3 Authority Key Identifier:
                keyid:4F:15:29:00:B0:D3:23:D3:6D:94:51:0A:B0:B0:1C:93:F4:51:7C:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxUpALDTI9NtlFEKsLAck_RRfIk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/89ff3b-1263-4cdd-9cad-23df8dddf978/1/2N6urlOD0Xl64IaC4GaCBKvvuio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/89ff3b-1263-4cdd-9cad-23df8dddf978/1/TxUpALDTI9NtlFEKsLAck_RRfIk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.102.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         58:6c:43:e9:d8:46:62:b4:7a:b4:f2:f0:06:da:66:93:81:1a:
         dd:46:15:ba:69:11:ce:81:7a:ef:72:7f:db:01:f0:a6:5f:1a:
         3a:b5:c0:02:7a:3b:a8:cc:38:89:c1:99:85:02:f9:62:6e:ab:
         2d:e8:e0:f2:8b:e6:2a:12:3f:b3:bc:e9:41:10:71:0e:21:c5:
         35:56:b2:54:57:10:31:46:1b:24:11:5f:a7:cd:d1:f8:b9:13:
         28:a0:b8:fd:cd:af:f6:fd:71:00:c2:f8:4b:e2:62:fe:08:ba:
         cc:4b:6f:22:d5:83:fd:50:a3:b1:6c:f1:17:ec:7c:ff:5f:dc:
         2a:2e:0b:fb:81:40:db:f1:ff:90:65:79:07:ba:95:ab:38:79:
         4a:0e:5c:cd:79:e7:d5:ba:2a:9f:b1:25:40:f9:2a:94:01:70:
         81:ec:a6:26:02:9f:c6:f9:1f:3d:a4:01:34:82:64:23:1e:1d:
         60:90:bb:9b:90:24:e3:8b:34:17:3f:e6:9f:9d:65:fb:db:a6:
         a3:b0:35:d0:03:0c:74:52:5e:21:2b:ea:8a:26:94:ff:b2:35:
         2c:95:dc:8e:4a:82:c5:4a:d9:f9:fd:0e:66:c6:a4:6c:25:e6:
         fd:e8:68:f6:83:c2:8e:71:53:53:f4:df:58:c9:5f:41:b2:b3:
         26:90:5d:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtx7mzjVordfnJT97F9s3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTUyOTAwYjBkMzIzZDM2ZDk0NTEwYWIwYjAxYzkzZjQ1
MTdjODkwHhcNMjQwMTAxMDYzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGRlYWVhZTUzODNkMTc5N2FlMDg2ODJlMDY2ODIwNGFiZWZiYTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAim7V9S2ciGTNhs7LxhDVYiM0ucfE
J3b33YWySShZKKg/LO4vlK3cBIZ7ZV882r+ZcQb3uUYVcwDp6fZdheqf1hasIcM2
DOXaZyF7Bf62+GA0+l0PXrjsiRsW7DlId0yGa3jP3f2IhoFOJvCZzf2iplGiGfjF
61jA0jFdGG6iFAoaUrhi0TATUvRCZtZaPxGewMtYOUHVJHErqxy8sZus/lbqLEJD
QzXBkRExes2ZnoVez/fjgU3UTo5slQZ4s3vN6rJJ9X7maYxbX0ecN5zXLDd1hQru
w9u4PfEy+juirH9aZ/Q99XvcIbMYSpgyNRbBrlavSctnf+TqMTyzAzfi1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNjerq5Tg9F5euCGguBmggSr77oqMB8GA1UdIwQY
MBaAFE8VKQCw0yPTbZRRCrCwHJP0UXyJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhVcEFMRFRJOU50bEZFS3NMQWNrX1JSZklrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC84OWZmM2ItMTI2My00Y2RkLTljYWQt
MjNkZjhkZGRmOTc4LzEvMk42dXJsT0QwWGw2NElhQzRHYUNCS3Z2dWlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC84OWZmM2ItMTI2My00Y2RkLTljYWQtMjNkZjhkZGRmOTc4
LzEvVHhVcEFMRFRJOU50bEZFS3NMQWNrX1JSZklrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWYgMA0G
CSqGSIb3DQEBCwUAA4IBAQBYbEPp2EZitHq08vAG2maTgRrdRhW6aRHOgXrvcn/b
AfCmXxo6tcACejuozDiJwZmFAvlibqst6ODyi+YqEj+zvOlBEHEOIcU1VrJUVxAx
RhskEV+nzdH4uRMooLj9za/2/XEAwvhL4mL+CLrMS28i1YP9UKOxbPEX7Hz/X9wq
Lgv7gUDb8f+QZXkHupWrOHlKDlzNeefVuiqfsSVA+SqUAXCB7KYmAp/G+R89pAE0
gmQjHh1gkLubkCTjizQXP+afnWX726ajsDXQAwx0Ul4hK+qKJpT/sjUsldyOSoLF
Stn5/Q5mxqRsJeb96Gj2g8KOcVNT9N9YyV9BsrMmkF0S
-----END CERTIFICATE-----