Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/cRnK7exC_atfkFmOHLQT8TUHic8.roa
File:                     cRnK7exC_atfkFmOHLQT8TUHic8.roa (raw, json)
Hash identifier:          Aaozx023qIrfXzv6NCSwGecRrJ8dBR9RMb7TTNqAhj4=
Subject key identifier:   71:19:CA:ED:EC:42:FD:AB:5F:90:59:8E:1C:B4:13:F1:35:07:89:CF
Certificate issuer:       /CN=e3be07cb1fd4f1e3c922303b670a881b82e61491
Certificate serial:       018D9CC3A5A50DE941A31386CD2F1F6B0E83
Authority key identifier: E3:BE:07:CB:1F:D4:F1:E3:C9:22:30:3B:67:0A:88:1B:82:E6:14:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/cRnK7exC_atfkFmOHLQT8TUHic8.roa
Signing time:             Mon 12 Feb 2024 10:01:23 +0000
ROA not before:           Mon 12 Feb 2024 10:01:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43188
IP address blocks:        81.198.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:9c:c3:a5:a5:0d:e9:41:a3:13:86:cd:2f:1f:6b:0e:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3be07cb1fd4f1e3c922303b670a881b82e61491
        Validity
            Not Before: Feb 12 10:01:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7119caedec42fdab5f90598e1cb413f1350789cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:13:55:4c:c2:c8:6b:30:12:e3:f5:2f:b9:c3:
                    c7:86:51:23:76:a9:18:b4:12:37:59:a1:99:3b:3c:
                    fa:f0:cf:c1:1f:f1:2b:0d:3b:ce:d2:31:48:0a:08:
                    59:f3:71:ba:1b:82:8f:a6:cb:0d:e6:22:4a:1b:ff:
                    d1:23:58:5f:ee:d5:6e:a5:85:8c:1f:ed:08:d2:57:
                    1f:c6:8d:0d:52:ce:9e:06:0c:45:b6:e0:55:94:b3:
                    ce:33:4b:27:90:27:37:60:5f:0c:9b:00:45:60:86:
                    e9:fe:dc:b9:cf:ae:83:24:ac:53:70:a5:dd:d5:8f:
                    8b:81:80:be:5f:8d:d9:8c:a1:3a:01:b0:6a:e4:c5:
                    48:5e:d2:3c:fd:9e:37:a6:4d:b3:15:3e:89:ec:e5:
                    ec:74:4b:19:00:f0:d2:20:e0:a4:95:39:71:25:d7:
                    4e:e9:f8:ae:da:2a:b7:bc:34:e2:21:e4:7b:3b:a6:
                    9f:c6:ea:c1:d1:e4:05:e4:a4:8e:2c:4b:9b:bc:3a:
                    6c:be:98:c3:13:1f:94:8b:ab:a9:2b:ae:46:c4:cb:
                    68:5d:d7:ca:83:f1:40:de:93:0d:e9:b6:ee:cc:33:
                    1d:1c:e5:1c:50:a5:c0:19:70:19:12:2c:66:60:92:
                    db:c9:15:c0:b3:34:57:52:72:fa:05:55:c2:84:37:
                    0b:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:19:CA:ED:EC:42:FD:AB:5F:90:59:8E:1C:B4:13:F1:35:07:89:CF
            X509v3 Authority Key Identifier:
                keyid:E3:BE:07:CB:1F:D4:F1:E3:C9:22:30:3B:67:0A:88:1B:82:E6:14:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/cRnK7exC_atfkFmOHLQT8TUHic8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.198.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:a7:ec:8e:e7:ba:47:44:e2:4d:77:bc:e3:06:a3:2d:27:6a:
         e4:67:b9:77:7f:e8:e0:20:f1:0e:33:29:9c:9f:cf:a2:23:28:
         68:39:11:51:bb:11:51:60:a2:d7:b8:fa:a8:7a:ab:65:1d:99:
         0c:ed:c8:a6:7c:46:f0:97:a0:e0:10:5d:4d:92:41:cb:10:be:
         71:a3:4a:d7:0c:05:51:f6:d8:fc:eb:c5:7b:fe:b0:dd:ba:13:
         ea:7a:5c:fe:d9:5c:a6:bd:74:7d:16:ea:08:9e:85:53:0e:ca:
         28:08:8a:8e:30:b7:57:42:ed:32:4e:61:6d:6c:ec:8d:6b:66:
         45:b3:32:e8:42:f2:27:13:77:af:ca:b6:87:52:b4:f4:47:da:
         f8:15:83:92:9c:fc:76:fd:7d:0b:f0:2d:fe:e4:61:a0:6c:56:
         63:4d:23:83:af:48:df:05:3a:20:80:05:06:60:b4:3c:ff:7d:
         94:42:36:de:05:b8:82:67:89:42:c3:36:c4:42:39:e7:6f:a5:
         84:33:7a:72:1e:c9:a2:4e:29:57:66:dc:4b:c4:6f:55:44:e4:
         3d:fe:1e:41:64:6c:80:d0:5a:b6:a5:a4:41:8e:45:7e:2d:b8:
         d3:15:89:3d:3d:51:bd:d4:c1:61:99:44:c8:10:ec:da:fb:b4:
         e6:2f:0a:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2cw6WlDelBoxOGzS8faw6DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzYmUwN2NiMWZkNGYxZTNjOTIyMzAzYjY3MGE4ODFiODJl
NjE0OTEwHhcNMjQwMjEyMTAwMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTE5Y2FlZGVjNDJmZGFiNWY5MDU5OGUxY2I0MTNmMTM1MDc4OWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApBNVTMLIazAS4/UvucPHhlEjdqkY
tBI3WaGZOzz68M/BH/ErDTvO0jFICghZ83G6G4KPpssN5iJKG//RI1hf7tVupYWM
H+0I0lcfxo0NUs6eBgxFtuBVlLPOM0snkCc3YF8MmwBFYIbp/ty5z66DJKxTcKXd
1Y+LgYC+X43ZjKE6AbBq5MVIXtI8/Z43pk2zFT6J7OXsdEsZAPDSIOCklTlxJddO
6fiu2iq3vDTiIeR7O6afxurB0eQF5KSOLEubvDpsvpjDEx+Ui6upK65GxMtoXdfK
g/FA3pMN6bbuzDMdHOUcUKXAGXAZEixmYJLbyRXAszRXUnL6BVXChDcLDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHEZyu3sQv2rX5BZjhy0E/E1B4nPMB8GA1UdIwQY
MBaAFOO+B8sf1PHjySIwO2cKiBuC5hSRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDc0SHl4X1U4ZVBKSWpBN1p3cUlHNExtRkpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS84ZjVmYWUtZGE5MC00MzE0LWJmZmMt
ZDRlZTFkMzg5ZTBkLzEvY1JuSzdleENfYXRma0ZtT0hMUVQ4VFVIaWM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS84ZjVmYWUtZGE5MC00MzE0LWJmZmMtZDRlZTFkMzg5ZTBk
LzEvNDc0SHl4X1U4ZVBKSWpBN1p3cUlHNExtRkpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUcavMA0G
CSqGSIb3DQEBCwUAA4IBAQCWp+yO57pHROJNd7zjBqMtJ2rkZ7l3f+jgIPEOMymc
n8+iIyhoORFRuxFRYKLXuPqoeqtlHZkM7cimfEbwl6DgEF1NkkHLEL5xo0rXDAVR
9tj868V7/rDduhPqelz+2VymvXR9FuoInoVTDsooCIqOMLdXQu0yTmFtbOyNa2ZF
szLoQvInE3evyraHUrT0R9r4FYOSnPx2/X0L8C3+5GGgbFZjTSODr0jfBToggAUG
YLQ8/32UQjbeBbiCZ4lCwzbEQjnnb6WEM3pyHsmiTilXZtxLxG9VROQ9/h5BZGyA
0Fq2paRBjkV+LbjTFYk9PVG91MFhmUTIEOza+7TmLwrz
-----END CERTIFICATE-----