Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/AAaiuRODfTGEUfrhe-gv2hsNgVA.roa
File:                     AAaiuRODfTGEUfrhe-gv2hsNgVA.roa (raw, json)
Hash identifier:          0Jq1ZeGDM3pEH+vp/o3v4eZIERfK5h1j5LaRjoQ2LM0=
Subject key identifier:   00:06:A2:B9:13:83:7D:31:84:51:FA:E1:7B:E8:2F:DA:1B:0D:81:50
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       018EE56073357D31A8896C7EA51A9C927B4A
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/AAaiuRODfTGEUfrhe-gv2hsNgVA.roa
Signing time:             Tue 16 Apr 2024 05:28:07 +0000
ROA not before:           Tue 16 Apr 2024 05:28:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        81.29.147.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e5:60:73:35:7d:31:a8:89:6c:7e:a5:1a:9c:92:7b:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: Apr 16 05:28:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0006a2b913837d318451fae17be82fda1b0d8150
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:52:24:24:4a:b1:06:a8:a9:1e:28:38:79:1f:
                    76:1b:bb:15:6d:49:78:69:b5:7c:6d:12:f1:f8:e3:
                    84:9e:1d:ec:1d:1c:af:4c:ee:c9:05:03:b9:ca:fc:
                    94:5f:5e:e9:00:50:fd:76:0c:ad:30:23:5e:13:50:
                    b5:05:95:f4:9e:59:64:e4:4f:1b:55:75:95:76:4e:
                    d7:63:b5:20:40:49:28:38:c0:14:c4:37:a1:40:37:
                    c6:b8:50:43:7b:3e:b0:4a:6a:f7:b7:18:09:07:fb:
                    b4:4e:6f:e7:03:fa:16:cc:d8:fb:87:62:67:94:02:
                    58:ab:e4:61:bb:b2:9b:00:73:45:93:f8:bc:66:01:
                    4c:92:e0:e2:bd:bd:38:c7:bd:fe:ba:9b:56:f7:b5:
                    94:16:bd:45:b6:ba:73:da:56:fa:89:d7:ac:10:1c:
                    f2:c6:9a:e9:1f:a1:82:e3:c8:26:9b:3f:5d:49:18:
                    24:74:72:dc:31:66:00:14:3e:9b:6b:ad:d9:d4:23:
                    96:c1:48:d3:1f:b2:58:8f:fa:ed:e4:16:a5:a3:d6:
                    44:ec:60:5b:cd:4e:28:c4:80:bb:96:42:9a:26:0c:
                    ea:9d:65:f9:28:bd:fe:33:72:52:a7:26:04:19:b2:
                    93:5f:88:24:78:f8:73:75:75:05:29:05:77:0b:41:
                    d9:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:06:A2:B9:13:83:7D:31:84:51:FA:E1:7B:E8:2F:DA:1B:0D:81:50
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/AAaiuRODfTGEUfrhe-gv2hsNgVA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.29.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:a5:82:5b:0d:99:bc:87:92:78:af:98:12:c5:b3:87:17:dd:
         60:e9:08:77:e1:45:c3:41:57:20:79:12:0b:54:af:54:fb:0f:
         a3:e6:57:77:9c:c9:d4:cc:2a:1c:f5:cb:d9:d0:0e:e2:bf:9d:
         14:ca:46:83:6f:7d:a1:06:fa:fa:91:17:a1:34:4a:55:84:4d:
         e9:42:ad:6b:75:c4:37:35:f9:9a:b0:40:7f:3e:bb:a1:5e:c5:
         1f:81:b4:fd:a3:2a:64:d6:3f:1d:82:64:09:db:20:b6:24:30:
         b1:9e:0c:ff:52:35:e3:78:f0:b0:3b:87:28:1f:37:96:63:36:
         49:d6:32:60:63:9d:6e:b9:2a:01:14:cf:c5:ae:16:5d:8e:8a:
         c7:f4:be:e9:6c:2f:e1:a4:08:2e:73:68:49:d9:d8:75:66:69:
         55:dc:06:b6:96:be:1e:4b:66:e1:18:44:39:fa:8d:e7:28:a9:
         6f:c4:69:4d:bd:45:47:54:ea:51:36:d9:b1:74:be:31:66:bf:
         de:ad:fc:4f:56:da:0d:37:27:6e:55:f7:c4:0f:92:b3:eb:54:
         56:f2:fd:a9:24:88:ef:35:7a:a6:61:a0:cf:c4:cc:d8:0c:25:
         87:34:23:1f:d5:2c:11:58:bc:f3:6b:d6:da:da:bf:96:36:48:
         e5:3a:26:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7lYHM1fTGoiWx+pRqckntKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjQwNDE2MDUyODA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDA2YTJiOTEzODM3ZDMxODQ1MWZhZTE3YmU4MmZkYTFiMGQ4MTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo1IkJEqxBqipHig4eR92G7sVbUl4
abV8bRLx+OOEnh3sHRyvTO7JBQO5yvyUX17pAFD9dgytMCNeE1C1BZX0nllk5E8b
VXWVdk7XY7UgQEkoOMAUxDehQDfGuFBDez6wSmr3txgJB/u0Tm/nA/oWzNj7h2Jn
lAJYq+Rhu7KbAHNFk/i8ZgFMkuDivb04x73+uptW97WUFr1Ftrpz2lb6idesEBzy
xprpH6GC48gmmz9dSRgkdHLcMWYAFD6ba63Z1COWwUjTH7JYj/rt5Balo9ZE7GBb
zU4oxIC7lkKaJgzqnWX5KL3+M3JSpyYEGbKTX4gkePhzdXUFKQV3C0HZJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAAGorkTg30xhFH64XvoL9obDYFQMB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEvQUFhaXVST0RmVEdFVWZyaGUtZ3YyaHNOZ1ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUR2TMA0G
CSqGSIb3DQEBCwUAA4IBAQA9pYJbDZm8h5J4r5gSxbOHF91g6Qh34UXDQVcgeRIL
VK9U+w+j5ld3nMnUzCoc9cvZ0A7iv50UykaDb32hBvr6kRehNEpVhE3pQq1rdcQ3
NfmasEB/PruhXsUfgbT9oypk1j8dgmQJ2yC2JDCxngz/UjXjePCwO4coHzeWYzZJ
1jJgY51uuSoBFM/FrhZdjorH9L7pbC/hpAguc2hJ2dh1ZmlV3Aa2lr4eS2bhGEQ5
+o3nKKlvxGlNvUVHVOpRNtmxdL4xZr/erfxPVtoNNyduVffED5Kz61RW8v2pJIjv
NXqmYaDPxMzYDCWHNCMf1SwRWLzza9ba2r+WNkjlOiZX
-----END CERTIFICATE-----