Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/16b02c-833a-48f0-ba56-ad6f0bf88438/1/rqylFlUJd9cRuvK_H0q4fFlCngA.roa
File:                     rqylFlUJd9cRuvK_H0q4fFlCngA.roa (raw, json)
Hash identifier:          nUJDRGzDhzSazHwEJv1AYUALdzJGTOIJL7R27pXkptw=
Subject key identifier:   AE:AC:A5:16:55:09:77:D7:11:BA:F2:BF:1F:4A:B8:7C:59:42:9E:00
Certificate issuer:       /CN=12c889964b35b51ba8e5e679a15b19a31f133578
Certificate serial:       018CC726DC7AC3AB4DF216F5CE499A79B57F
Authority key identifier: 12:C8:89:96:4B:35:B5:1B:A8:E5:E6:79:A1:5B:19:A3:1F:13:35:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsiJlks1tRuo5eZ5oVsZox8TNXg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/16b02c-833a-48f0-ba56-ad6f0bf88438/1/rqylFlUJd9cRuvK_H0q4fFlCngA.roa
Signing time:             Mon 01 Jan 2024 22:31:01 +0000
ROA not before:           Mon 01 Jan 2024 22:31:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28958
IP address blocks:        82.146.186.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/16b02c-833a-48f0-ba56-ad6f0bf88438/1/EsiJlks1tRuo5eZ5oVsZox8TNXg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/16b02c-833a-48f0-ba56-ad6f0bf88438/1/EsiJlks1tRuo5eZ5oVsZox8TNXg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsiJlks1tRuo5eZ5oVsZox8TNXg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:dc:7a:c3:ab:4d:f2:16:f5:ce:49:9a:79:b5:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c889964b35b51ba8e5e679a15b19a31f133578
        Validity
            Not Before: Jan  1 22:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aeaca516550977d711baf2bf1f4ab87c59429e00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:c4:2f:64:97:99:da:04:86:a3:4e:3c:5c:24:
                    9c:65:2e:9a:11:ec:9a:82:57:16:1d:34:d6:43:66:
                    e9:ee:b6:2c:68:e5:cf:63:7a:b9:e9:0b:eb:98:87:
                    0e:c7:df:2a:22:6d:1a:d3:1f:e9:ed:1c:70:73:13:
                    79:40:85:5c:8f:d7:63:db:f1:65:a6:50:dc:95:5e:
                    16:bd:af:22:ef:5d:d2:3f:13:8d:a8:39:e8:56:fe:
                    76:96:bf:73:61:87:e1:87:de:f7:07:8a:04:20:81:
                    47:e7:76:25:0c:45:c2:cc:1c:b2:4c:f4:97:b0:53:
                    f5:2e:91:10:7d:ac:f1:ff:a8:87:66:93:64:90:f3:
                    40:bb:45:4c:d6:e6:47:cc:7e:8d:27:e0:5b:1d:93:
                    e1:48:0f:ee:d1:a4:f5:23:20:29:fe:dc:2c:8e:7a:
                    1c:af:50:ae:50:a7:d0:1c:5a:b8:f8:e0:fc:6d:d2:
                    75:25:1f:d2:8a:fd:a0:96:36:91:32:04:ff:6f:62:
                    d2:0a:45:b6:93:7f:d5:ed:58:8c:45:88:7c:65:db:
                    fa:85:91:e8:f6:c5:70:6a:4e:ee:53:47:88:0f:3a:
                    bc:3f:8e:65:3c:40:3c:24:30:e5:f2:cb:c0:8e:c4:
                    c6:d3:7a:ca:da:2a:4f:f5:e0:be:28:5f:da:e0:fd:
                    8a:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:AC:A5:16:55:09:77:D7:11:BA:F2:BF:1F:4A:B8:7C:59:42:9E:00
            X509v3 Authority Key Identifier:
                keyid:12:C8:89:96:4B:35:B5:1B:A8:E5:E6:79:A1:5B:19:A3:1F:13:35:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsiJlks1tRuo5eZ5oVsZox8TNXg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/16b02c-833a-48f0-ba56-ad6f0bf88438/1/rqylFlUJd9cRuvK_H0q4fFlCngA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/16b02c-833a-48f0-ba56-ad6f0bf88438/1/EsiJlks1tRuo5eZ5oVsZox8TNXg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.146.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:ab:eb:54:33:aa:97:a2:d1:73:c7:ca:80:1a:4b:70:f3:96:
         80:ee:45:b7:63:a2:f9:9e:4a:0c:2e:6c:1c:b7:0c:77:d0:8f:
         51:24:36:a0:55:ca:7b:5f:77:09:1d:04:34:0a:c4:bb:39:ed:
         cf:4f:f2:ff:46:56:ad:bc:34:bb:9f:5a:83:f7:1c:4e:d1:c8:
         3c:f8:6e:9b:f8:8c:38:7d:43:63:35:7d:a8:f8:ac:d5:28:64:
         d3:a5:a5:ff:bd:3e:9d:8e:79:ae:ef:cd:30:9f:ca:fb:bc:b7:
         83:5f:48:40:49:9c:01:80:73:d2:83:3d:a3:ba:55:8a:e8:b1:
         b7:1e:2e:49:61:ec:4f:52:59:6f:d3:7a:5f:6c:32:79:6e:e8:
         6c:43:38:5f:5a:f9:7b:9a:6a:12:d4:60:38:5e:1a:f7:d6:ac:
         fe:00:0f:c7:d4:f7:ac:e9:23:35:e4:7f:76:af:73:79:d3:ae:
         68:04:7b:de:64:0a:25:8b:ce:cc:20:90:c6:72:eb:b8:6d:fe:
         5a:48:fa:f4:5e:9d:67:16:0b:4c:8b:b2:5b:e4:96:dc:56:c7:
         80:56:16:c1:3c:25:20:39:46:b1:cd:a0:cc:d0:ac:3a:b1:44:
         88:5a:31:6b:9f:f7:88:67:af:0b:3c:13:f7:72:af:21:62:62:
         cd:60:17:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJtx6w6tN8hb1zkmaebV/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYzg4OTk2NGIzNWI1MWJhOGU1ZTY3OWExNWIxOWEzMWYx
MzM1NzgwHhcNMjQwMTAxMjIzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWFjYTUxNjU1MDk3N2Q3MTFiYWYyYmYxZjRhYjg3YzU5NDI5ZTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhMQvZJeZ2gSGo048XCScZS6aEeya
glcWHTTWQ2bp7rYsaOXPY3q56QvrmIcOx98qIm0a0x/p7RxwcxN5QIVcj9dj2/Fl
plDclV4Wva8i713SPxONqDnoVv52lr9zYYfhh973B4oEIIFH53YlDEXCzByyTPSX
sFP1LpEQfazx/6iHZpNkkPNAu0VM1uZHzH6NJ+BbHZPhSA/u0aT1IyAp/twsjnoc
r1CuUKfQHFq4+OD8bdJ1JR/Siv2gljaRMgT/b2LSCkW2k3/V7ViMRYh8Zdv6hZHo
9sVwak7uU0eIDzq8P45lPEA8JDDl8svAjsTG03rK2ipP9eC+KF/a4P2KMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK6spRZVCXfXEbryvx9KuHxZQp4AMB8GA1UdIwQY
MBaAFBLIiZZLNbUbqOXmeaFbGaMfEzV4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXNpSmxrczF0UnVvNWVaNW9Wc1pveDhUTlhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8xNmIwMmMtODMzYS00OGYwLWJhNTYt
YWQ2ZjBiZjg4NDM4LzEvcnF5bEZsVUpkOWNSdXZLX0gwcTRmRmxDbmdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8xNmIwMmMtODMzYS00OGYwLWJhNTYtYWQ2ZjBiZjg4NDM4
LzEvRXNpSmxrczF0UnVvNWVaNW9Wc1pveDhUTlhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpK6MA0G
CSqGSIb3DQEBCwUAA4IBAQAhq+tUM6qXotFzx8qAGktw85aA7kW3Y6L5nkoMLmwc
twx30I9RJDagVcp7X3cJHQQ0CsS7Oe3PT/L/RlatvDS7n1qD9xxO0cg8+G6b+Iw4
fUNjNX2o+KzVKGTTpaX/vT6djnmu780wn8r7vLeDX0hASZwBgHPSgz2julWK6LG3
Hi5JYexPUllv03pfbDJ5buhsQzhfWvl7mmoS1GA4Xhr31qz+AA/H1Pes6SM15H92
r3N5065oBHveZAoli87MIJDGcuu4bf5aSPr0Xp1nFgtMi7Jb5JbcVseAVhbBPCUg
OUaxzaDM0Kw6sUSIWjFrn/eIZ68LPBP3cq8hYmLNYBfv
-----END CERTIFICATE-----