Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/CAvJylchuzxETeaidnvyINe-4R4.roa
File:                     CAvJylchuzxETeaidnvyINe-4R4.roa (raw, json)
Hash identifier:          6GITbBmR4xvGo6pbIorQpqEBByysV5e1XSAH0xYH13k=
Subject key identifier:   08:0B:C9:CA:57:21:BB:3C:44:4D:E6:A2:76:7B:F2:20:D7:BE:E1:1E
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC5011FA760CC83BE03847D87586CEC52
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/CAvJylchuzxETeaidnvyINe-4R4.roa
Signing time:             Mon 01 Jan 2024 12:30:34 +0000
ROA not before:           Mon 01 Jan 2024 12:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198949
IP address blocks:        171.22.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:1f:a7:60:cc:83:be:03:84:7d:87:58:6c:ec:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=080bc9ca5721bb3c444de6a2767bf220d7bee11e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:f8:55:3e:f1:e6:ed:57:6a:d9:ad:51:14:c9:
                    df:9c:c8:31:e6:e8:ab:57:95:18:66:2f:d8:59:8f:
                    2d:ad:03:95:d9:8d:9f:cf:65:b3:00:5d:fb:83:e8:
                    59:b2:4f:29:a2:6c:d2:76:3f:f2:81:70:41:d1:51:
                    8e:e0:19:9f:28:2c:d4:b2:57:ff:e4:9f:e7:83:56:
                    34:44:8e:af:1a:09:4a:df:70:cd:0f:6e:a3:43:b4:
                    8a:8d:17:40:a4:7f:9f:2d:4f:a2:ed:f2:90:9c:73:
                    9e:04:83:8c:db:45:bf:1b:cf:dd:58:38:1e:99:a9:
                    fe:bb:0e:4d:91:46:ba:6d:70:88:6a:a8:4d:9e:2b:
                    80:71:95:1c:c0:d9:a5:b5:df:b3:3b:e9:04:6b:43:
                    d7:24:ba:b1:9e:3b:88:8e:ca:fd:49:50:bd:f4:3c:
                    83:de:cd:d2:12:21:f7:c5:78:00:da:4e:e5:65:52:
                    2f:70:c9:bc:3c:1d:81:09:82:05:dc:26:bc:e2:af:
                    69:f6:dc:c2:90:49:c1:68:b7:c2:8d:79:5e:cb:86:
                    1d:8d:60:df:de:a2:46:ef:c8:14:5f:cc:11:ab:60:
                    05:10:ae:ea:8b:62:b9:77:59:27:f5:bf:10:b8:54:
                    0d:df:cd:95:92:b8:c6:e2:04:b9:97:3e:d4:10:ed:
                    26:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:0B:C9:CA:57:21:BB:3C:44:4D:E6:A2:76:7B:F2:20:D7:BE:E1:1E
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/CAvJylchuzxETeaidnvyINe-4R4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:38:f0:96:3f:5f:2e:15:9a:1e:6a:93:09:3c:1c:3f:6d:3b:
         69:51:21:e6:69:17:fc:06:2f:3a:81:e1:82:c8:97:af:6d:67:
         bd:74:03:85:c7:7f:7a:ec:07:35:c9:39:c8:cb:56:b7:ff:03:
         32:eb:84:9b:20:d4:53:2b:be:96:ce:94:d6:b6:29:1c:3f:18:
         a2:e8:82:88:7b:09:1b:e1:05:87:c3:a0:8b:60:80:49:11:46:
         57:1a:d5:57:58:54:17:66:df:c5:32:e1:b8:b2:77:a5:8c:85:
         b7:ff:09:c7:28:63:25:26:f7:d2:46:61:49:64:a5:cd:74:b5:
         1b:2f:6e:23:7d:78:99:06:ff:2f:91:82:ff:1e:5e:f7:64:cb:
         70:00:e1:27:92:95:38:30:eb:9d:c1:2e:40:e7:e1:be:3c:69:
         29:bc:bb:f8:43:cd:75:ae:3a:49:61:b6:c8:18:ec:7d:e7:1e:
         5a:29:a4:6f:be:5d:71:4e:78:ce:76:ce:d6:14:e1:3c:1f:13:
         68:cc:31:23:c3:d9:fd:90:11:70:3c:47:0f:17:f6:20:ba:a9:
         61:1d:5b:b0:a9:a0:fe:57:48:61:4d:90:33:9b:ad:ef:e7:10:
         ec:35:51:5b:18:95:2c:fd:7b:f4:c3:e5:ab:57:8d:fc:2e:b9:
         6c:82:c4:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAR+nYMyDvgOEfYdYbOxSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODBiYzljYTU3MjFiYjNjNDQ0ZGU2YTI3NjdiZjIyMGQ3YmVlMTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgvhVPvHm7Vdq2a1RFMnfnMgx5uir
V5UYZi/YWY8trQOV2Y2fz2WzAF37g+hZsk8pomzSdj/ygXBB0VGO4BmfKCzUslf/
5J/ng1Y0RI6vGglK33DND26jQ7SKjRdApH+fLU+i7fKQnHOeBIOM20W/G8/dWDge
man+uw5NkUa6bXCIaqhNniuAcZUcwNmltd+zO+kEa0PXJLqxnjuIjsr9SVC99DyD
3s3SEiH3xXgA2k7lZVIvcMm8PB2BCYIF3Ca84q9p9tzCkEnBaLfCjXley4YdjWDf
3qJG78gUX8wRq2AFEK7qi2K5d1kn9b8QuFQN382VkrjG4gS5lz7UEO0mwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAgLycpXIbs8RE3monZ78iDXvuEeMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvQ0F2SnlsY2h1enhFVGVhaWRudnlJTmUtNFI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqxZlMA0G
CSqGSIb3DQEBCwUAA4IBAQBZOPCWP18uFZoeapMJPBw/bTtpUSHmaRf8Bi86geGC
yJevbWe9dAOFx3967Ac1yTnIy1a3/wMy64SbINRTK76WzpTWtikcPxii6IKIewkb
4QWHw6CLYIBJEUZXGtVXWFQXZt/FMuG4sneljIW3/wnHKGMlJvfSRmFJZKXNdLUb
L24jfXiZBv8vkYL/Hl73ZMtwAOEnkpU4MOudwS5A5+G+PGkpvLv4Q811rjpJYbbI
GOx95x5aKaRvvl1xTnjOds7WFOE8HxNozDEjw9n9kBFwPEcPF/YguqlhHVuwqaD+
V0hhTZAzm63v5xDsNVFbGJUs/Xv0w+WrV438LrlsgsR6
-----END CERTIFICATE-----