Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/VKlCH2ez4UDV8j9wT0_A5odd8RE.roa
File:                     VKlCH2ez4UDV8j9wT0_A5odd8RE.roa (raw, json)
Hash identifier:          6WNGW99frvdv/s334eHPbT+ouszvIt7eldNChh6bAkA=
Subject key identifier:   54:A9:42:1F:67:B3:E1:40:D5:F2:3F:70:4F:4F:C0:E6:87:5D:F1:11
Certificate issuer:       /CN=4104a40821c4176cc42e255ef6c1727473c3f00a
Certificate serial:       018CC56F0528D56987F9BE784038A292ED4E
Authority key identifier: 41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/VKlCH2ez4UDV8j9wT0_A5odd8RE.roa
Signing time:             Mon 01 Jan 2024 14:30:36 +0000
ROA not before:           Mon 01 Jan 2024 14:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197741
IP address blocks:        82.119.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6f:05:28:d5:69:87:f9:be:78:40:38:a2:92:ed:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4104a40821c4176cc42e255ef6c1727473c3f00a
        Validity
            Not Before: Jan  1 14:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=54a9421f67b3e140d5f23f704f4fc0e6875df111
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:49:7a:e2:98:54:48:33:a6:7b:9f:02:87:52:
                    4d:eb:8c:fa:d9:c7:1b:d1:88:6d:69:06:78:87:59:
                    ad:25:81:6b:db:b6:f2:6d:13:51:d7:d7:ef:61:fe:
                    a9:73:1a:ba:07:bc:18:8a:fd:c5:6b:a2:0d:d9:64:
                    01:1a:b2:ac:a5:a7:14:6d:f5:40:90:c8:1d:21:39:
                    e5:b5:13:e1:ec:98:ea:95:88:14:b3:55:c8:62:82:
                    b4:8f:cf:3b:61:c0:ba:7b:b5:15:c0:e2:c6:fb:ca:
                    76:5c:bf:98:cf:23:c9:57:7d:1f:a1:1d:80:21:94:
                    ac:ab:9f:62:ba:cd:80:f7:09:54:49:8f:52:28:cb:
                    67:b2:38:48:7c:26:51:1f:cd:97:ae:c0:4a:6b:14:
                    89:74:7d:4f:e2:ea:d2:5b:09:a8:9d:04:bd:87:45:
                    38:00:c7:91:82:24:04:a9:16:bd:31:2a:75:45:ac:
                    f3:3d:9a:50:f7:3a:bb:ea:98:17:dc:9d:72:d7:c6:
                    ed:d9:a5:26:3b:08:3c:08:50:21:ca:b8:dc:90:eb:
                    d9:1a:16:da:5f:83:ee:13:0a:62:c1:d5:e7:ef:3c:
                    59:44:51:10:28:90:7e:66:93:b4:bd:fd:22:b2:21:
                    6f:a2:fa:b4:d2:56:9f:18:c5:3b:37:bd:33:b4:d1:
                    4d:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:A9:42:1F:67:B3:E1:40:D5:F2:3F:70:4F:4F:C0:E6:87:5D:F1:11
            X509v3 Authority Key Identifier:
                keyid:41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/VKlCH2ez4UDV8j9wT0_A5odd8RE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.119.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:37:e3:cb:93:c6:30:33:db:65:39:22:f0:7e:01:82:d3:cc:
         d4:29:07:20:c2:17:74:ab:3d:91:98:c2:c3:15:7e:a6:86:4a:
         e2:ad:7d:24:b5:d8:87:e0:7d:70:7f:ab:93:24:c7:ce:4a:36:
         71:f1:05:e0:2f:ec:11:cb:1b:94:50:c1:b4:f5:45:4c:15:b0:
         c6:46:e3:f1:6d:e7:b3:23:c5:47:41:bb:aa:78:52:7f:4e:bb:
         9c:52:4d:a3:29:87:68:dd:6a:7b:0a:9e:2e:69:a1:96:10:49:
         af:a7:64:40:b4:44:3f:a8:93:fb:8d:ba:a3:3b:8e:f7:05:1f:
         e9:e9:5f:ee:10:39:a8:70:e5:9d:25:d3:e5:a5:52:06:eb:b1:
         78:c0:f8:cc:20:af:b6:d1:02:1e:40:07:02:b2:13:a8:62:17:
         e2:aa:86:e1:f7:b0:a4:6b:90:44:a7:58:e3:40:78:28:38:ea:
         f5:f4:b7:6a:3d:b8:d8:91:70:05:5f:ca:76:25:ab:d8:39:39:
         a3:38:71:39:49:90:49:a2:f8:1c:b1:4d:99:77:4b:bb:a2:0b:
         51:e0:5a:64:51:93:ca:7b:0b:ef:29:ca:f2:b5:9c:c0:68:f1:
         b5:28:ef:ba:89:61:9b:bd:13:bd:31:9f:6a:aa:bf:8c:56:0e:
         29:4b:25:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbwUo1WmH+b54QDiiku1OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMDRhNDA4MjFjNDE3NmNjNDJlMjU1ZWY2YzE3Mjc0NzNj
M2YwMGEwHhcNMjQwMTAxMTQzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGE5NDIxZjY3YjNlMTQwZDVmMjNmNzA0ZjRmYzBlNjg3NWRmMTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEl64phUSDOme58Ch1JN64z62ccb
0YhtaQZ4h1mtJYFr27bybRNR19fvYf6pcxq6B7wYiv3Fa6IN2WQBGrKspacUbfVA
kMgdITnltRPh7JjqlYgUs1XIYoK0j887YcC6e7UVwOLG+8p2XL+YzyPJV30foR2A
IZSsq59ius2A9wlUSY9SKMtnsjhIfCZRH82XrsBKaxSJdH1P4urSWwmonQS9h0U4
AMeRgiQEqRa9MSp1RazzPZpQ9zq76pgX3J1y18bt2aUmOwg8CFAhyrjckOvZGhba
X4PuEwpiwdXn7zxZRFEQKJB+ZpO0vf0isiFvovq00lafGMU7N70ztNFNOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFSpQh9ns+FA1fI/cE9PwOaHXfERMB8GA1UdIwQY
MBaAFEEEpAghxBdsxC4lXvbBcnRzw/AKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMt
YjI3ZDZlMjc4ZTE4LzEvVktsQ0gyZXo0VURWOGo5d1QwX0E1b2RkOFJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMtYjI3ZDZlMjc4ZTE4
LzEvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUndRMA0G
CSqGSIb3DQEBCwUAA4IBAQCbN+PLk8YwM9tlOSLwfgGC08zUKQcgwhd0qz2RmMLD
FX6mhkrirX0ktdiH4H1wf6uTJMfOSjZx8QXgL+wRyxuUUMG09UVMFbDGRuPxbeez
I8VHQbuqeFJ/TrucUk2jKYdo3Wp7Cp4uaaGWEEmvp2RAtEQ/qJP7jbqjO473BR/p
6V/uEDmocOWdJdPlpVIG67F4wPjMIK+20QIeQAcCshOoYhfiqobh97Cka5BEp1jj
QHgoOOr19LdqPbjYkXAFX8p2JavYOTmjOHE5SZBJovgcsU2Zd0u7ogtR4FpkUZPK
ewvvKcrytZzAaPG1KO+6iWGbvRO9MZ9qqr+MVg4pSyVs
-----END CERTIFICATE-----