Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/8d6943-ca75-4372-b77f-5c6502bffa1f/1/4g84e6YQAmr9HXrOX5sNN_Tl2J4.roa
File:                     4g84e6YQAmr9HXrOX5sNN_Tl2J4.roa (raw, json)
Hash identifier:          f7tS/kBDTAK/wZ09NwSzn1wqx36ywFTtVeLDVO1FT/8=
Subject key identifier:   E2:0F:38:7B:A6:10:02:6A:FD:1D:7A:CE:5F:9B:0D:37:F4:E5:D8:9E
Certificate issuer:       /CN=c6d18653fbfb6fd5732dc940c1d65d77ab0bbfa3
Certificate serial:       018EBDC3153799E9B7DE981CDB0D6AE732DC
Authority key identifier: C6:D1:86:53:FB:FB:6F:D5:73:2D:C9:40:C1:D6:5D:77:AB:0B:BF:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xtGGU_v7b9VzLclAwdZdd6sLv6M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/8d6943-ca75-4372-b77f-5c6502bffa1f/1/4g84e6YQAmr9HXrOX5sNN_Tl2J4.roa
Signing time:             Mon 08 Apr 2024 12:51:02 +0000
ROA not before:           Mon 08 Apr 2024 12:51:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31042
IP address blocks:        185.81.60.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/8d6943-ca75-4372-b77f-5c6502bffa1f/1/xtGGU_v7b9VzLclAwdZdd6sLv6M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/8d6943-ca75-4372-b77f-5c6502bffa1f/1/xtGGU_v7b9VzLclAwdZdd6sLv6M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xtGGU_v7b9VzLclAwdZdd6sLv6M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:bd:c3:15:37:99:e9:b7:de:98:1c:db:0d:6a:e7:32:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6d18653fbfb6fd5732dc940c1d65d77ab0bbfa3
        Validity
            Not Before: Apr  8 12:51:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e20f387ba610026afd1d7ace5f9b0d37f4e5d89e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:a1:cb:6f:2a:e4:87:45:ca:03:55:61:98:3e:
                    42:0e:41:20:93:c4:ee:73:f4:a1:bc:3b:c8:5d:de:
                    fa:ec:c1:6c:d5:de:62:83:9e:2f:1d:b8:9f:e6:70:
                    ba:f0:40:62:76:c7:db:57:83:83:27:1c:94:cd:05:
                    69:58:e6:19:46:7f:0b:d0:d1:c0:9f:99:1d:5c:bf:
                    68:04:2f:c2:ce:c2:6f:49:46:65:43:ac:90:62:9c:
                    74:29:cb:f6:3b:ea:c9:25:84:91:d0:4f:99:44:c1:
                    10:a1:78:72:74:d1:fa:e1:f7:dd:39:0a:6d:f0:26:
                    9a:2e:78:5a:ff:31:bd:d0:cf:40:7c:eb:c1:f0:59:
                    ce:91:5b:1a:fa:6d:f9:75:4b:b4:0f:3a:bf:11:19:
                    2d:3d:03:e5:39:0b:37:1c:e5:93:fa:57:cf:2a:5e:
                    bc:4f:b2:a3:2b:b1:3b:e0:8f:97:75:19:6a:19:85:
                    96:3a:00:b9:c6:21:d1:6c:53:0a:ba:7f:07:75:0b:
                    10:d2:69:5b:70:55:c8:af:e9:b0:bc:a3:ce:4f:57:
                    21:82:b4:cc:79:e9:9d:eb:68:d6:07:2c:c2:ad:08:
                    8c:ee:5b:09:4b:44:84:68:17:0b:22:66:6a:fd:29:
                    86:c3:a1:db:2c:fd:12:41:1a:06:30:e3:05:90:b9:
                    2c:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:0F:38:7B:A6:10:02:6A:FD:1D:7A:CE:5F:9B:0D:37:F4:E5:D8:9E
            X509v3 Authority Key Identifier:
                keyid:C6:D1:86:53:FB:FB:6F:D5:73:2D:C9:40:C1:D6:5D:77:AB:0B:BF:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xtGGU_v7b9VzLclAwdZdd6sLv6M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/8d6943-ca75-4372-b77f-5c6502bffa1f/1/4g84e6YQAmr9HXrOX5sNN_Tl2J4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/8d6943-ca75-4372-b77f-5c6502bffa1f/1/xtGGU_v7b9VzLclAwdZdd6sLv6M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.81.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         16:da:07:d3:da:c1:bf:8a:ed:e4:f1:61:a1:95:c0:8c:5a:11:
         24:8d:ec:40:85:3d:9d:eb:db:97:98:95:ab:ed:8c:0d:3d:d8:
         72:c0:21:cd:99:18:49:49:70:20:1b:89:70:d2:a6:51:e6:f1:
         c9:c8:af:d3:23:98:54:e6:1a:4b:0b:52:2e:62:63:9c:05:f7:
         38:d2:01:14:6d:aa:32:46:4b:d9:ed:19:e6:8e:bd:87:7e:56:
         fb:ef:2c:62:da:4e:d7:cc:19:ae:52:30:e7:43:4c:8c:d0:e0:
         19:0d:bf:3f:19:8c:72:f6:e9:3e:74:b6:4f:79:a8:7a:60:b0:
         68:78:e5:b4:ec:81:ab:35:14:73:2c:c0:ad:c3:2c:df:33:76:
         bc:d4:60:b1:31:df:87:22:31:09:eb:42:e3:43:c3:2e:99:1e:
         fa:dd:2f:9d:91:01:11:14:f0:8d:98:eb:05:10:8e:52:1e:b0:
         ef:63:cd:da:49:ae:70:4e:36:cb:de:bd:be:30:77:d9:c6:66:
         de:3d:67:6d:b9:a6:a2:dd:b3:10:e4:21:25:10:3a:05:d3:e2:
         fa:52:41:86:97:62:78:c6:cd:5c:77:aa:60:1b:f0:8f:52:b1:
         e5:66:b3:9f:23:3e:37:88:6e:3b:9b:1e:39:26:40:4a:d7:70:
         1f:62:c4:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY69wxU3mem33pgc2w1q5zLcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2ZDE4NjUzZmJmYjZmZDU3MzJkYzk0MGMxZDY1ZDc3YWIw
YmJmYTMwHhcNMjQwNDA4MTI1MTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjBmMzg3YmE2MTAwMjZhZmQxZDdhY2U1ZjliMGQzN2Y0ZTVkODllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6HLbyrkh0XKA1VhmD5CDkEgk8Tu
c/ShvDvIXd767MFs1d5ig54vHbif5nC68EBidsfbV4ODJxyUzQVpWOYZRn8L0NHA
n5kdXL9oBC/CzsJvSUZlQ6yQYpx0Kcv2O+rJJYSR0E+ZRMEQoXhydNH64ffdOQpt
8CaaLnha/zG90M9AfOvB8FnOkVsa+m35dUu0Dzq/ERktPQPlOQs3HOWT+lfPKl68
T7KjK7E74I+XdRlqGYWWOgC5xiHRbFMKun8HdQsQ0mlbcFXIr+mwvKPOT1chgrTM
eemd62jWByzCrQiM7lsJS0SEaBcLImZq/SmGw6HbLP0SQRoGMOMFkLksqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOIPOHumEAJq/R16zl+bDTf05dieMB8GA1UdIwQY
MBaAFMbRhlP7+2/Vcy3JQMHWXXerC7+jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHRHR1VfdjdiOVZ6TGNsQXdkWmRkNnNMdjZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS84ZDY5NDMtY2E3NS00MzcyLWI3N2Yt
NWM2NTAyYmZmYTFmLzEvNGc4NGU2WVFBbXI5SFhyT1g1c05OX1RsMko0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS84ZDY5NDMtY2E3NS00MzcyLWI3N2YtNWM2NTAyYmZmYTFm
LzEveHRHR1VfdjdiOVZ6TGNsQXdkWmRkNnNMdjZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVE8MA0G
CSqGSIb3DQEBCwUAA4IBAQAW2gfT2sG/iu3k8WGhlcCMWhEkjexAhT2d69uXmJWr
7YwNPdhywCHNmRhJSXAgG4lw0qZR5vHJyK/TI5hU5hpLC1IuYmOcBfc40gEUbaoy
RkvZ7Rnmjr2Hflb77yxi2k7XzBmuUjDnQ0yM0OAZDb8/GYxy9uk+dLZPeah6YLBo
eOW07IGrNRRzLMCtwyzfM3a81GCxMd+HIjEJ60LjQ8MumR763S+dkQERFPCNmOsF
EI5SHrDvY83aSa5wTjbL3r2+MHfZxmbePWdtuaai3bMQ5CElEDoF0+L6UkGGl2J4
xs1cd6pgG/CPUrHlZrOfIz43iG47mx45JkBK13AfYsSx
-----END CERTIFICATE-----