Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/aoDX9LH9DpIoUIZNA9RGH3s4uUs.roa
File:                     aoDX9LH9DpIoUIZNA9RGH3s4uUs.roa (raw, json)
Hash identifier:          15yVOXa8UpFhjhw4UFmQpYXcolR2sU+92/XVfTQK78Q=
Subject key identifier:   6A:80:D7:F4:B1:FD:0E:92:28:50:86:4D:03:D4:46:1F:7B:38:B9:4B
Certificate issuer:       /CN=4104a40821c4176cc42e255ef6c1727473c3f00a
Certificate serial:       018CC56EFF00CAE554444ECE6B0DBD047621
Authority key identifier: 41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/aoDX9LH9DpIoUIZNA9RGH3s4uUs.roa
Signing time:             Mon 01 Jan 2024 14:30:34 +0000
ROA not before:           Mon 01 Jan 2024 14:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39483
IP address blocks:        82.119.82.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:ff:00:ca:e5:54:44:4e:ce:6b:0d:bd:04:76:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4104a40821c4176cc42e255ef6c1727473c3f00a
        Validity
            Not Before: Jan  1 14:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a80d7f4b1fd0e922850864d03d4461f7b38b94b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:8c:ee:d7:fd:07:da:b2:dd:04:3e:e3:77:1d:
                    cd:cd:5d:8c:ff:83:76:47:82:2c:b9:23:2e:f6:8d:
                    79:f1:89:39:7e:1d:a3:6c:e2:25:13:87:76:6d:e0:
                    02:bf:f3:ee:a4:47:3b:7c:0f:89:63:db:b5:b2:68:
                    0e:f9:a0:d4:81:b1:00:d0:53:0d:0e:fd:ab:1d:72:
                    a1:03:fd:79:fa:e2:92:b1:2c:6c:98:bb:7f:17:34:
                    a2:cd:e5:ce:70:54:3f:96:2c:c5:51:8a:86:1a:93:
                    0c:4f:05:79:48:b4:6e:3d:bf:73:cd:51:2c:54:d5:
                    4a:35:85:9f:40:94:3c:c4:3b:02:10:fd:cd:bb:50:
                    f1:69:c9:8d:a9:14:84:bd:71:88:6f:97:c2:4d:6c:
                    46:34:2d:42:ad:eb:2f:36:d8:d8:bd:18:00:b6:da:
                    85:cf:b1:be:31:bb:42:7e:8b:60:bf:63:31:f5:09:
                    9a:98:31:09:d1:d8:a9:77:e9:75:4d:68:8c:8d:9a:
                    84:9c:1d:98:b1:7e:06:96:86:4a:65:39:53:0c:0f:
                    42:ac:ee:a3:32:bf:0d:a0:c5:9c:f6:b0:dc:89:d8:
                    92:ed:3a:ef:b9:2d:a4:dc:e3:aa:dc:2a:4c:e5:d2:
                    46:21:3d:5f:01:d0:2d:32:46:01:89:ba:18:92:92:
                    78:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:80:D7:F4:B1:FD:0E:92:28:50:86:4D:03:D4:46:1F:7B:38:B9:4B
            X509v3 Authority Key Identifier:
                keyid:41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/aoDX9LH9DpIoUIZNA9RGH3s4uUs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.119.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:70:7e:17:f3:c0:58:44:13:11:81:92:8a:75:2a:fc:5d:be:
         fa:58:fa:f6:a2:77:38:ce:de:55:f4:a0:b5:31:c6:4c:f1:1f:
         f4:bf:35:f6:e0:91:7d:18:23:b0:09:4e:f3:35:71:98:5c:be:
         ff:2c:ee:bc:4e:72:43:60:26:c3:8e:5c:60:0f:75:14:5d:db:
         75:ce:4d:03:f0:ec:b6:c8:ec:89:aa:41:c7:5b:2b:f7:98:5a:
         2b:c0:45:d9:0a:60:b5:27:12:50:32:51:64:0a:06:79:ee:4c:
         80:48:43:1d:32:d6:fa:9e:35:19:a9:c9:96:25:58:3c:b2:55:
         7f:c4:50:34:fe:53:2a:78:d1:15:58:ea:f2:31:7c:7d:fd:86:
         47:cb:ee:d7:d6:26:67:29:67:7e:1e:09:91:8c:a8:60:41:82:
         88:7d:14:15:8f:06:97:89:9a:a2:e1:5f:6b:07:2d:34:22:74:
         a2:5c:41:c3:a1:48:9a:a6:5c:d8:b5:cd:c6:90:87:de:a5:10:
         d1:fa:dc:22:7c:85:4a:3f:49:29:0a:20:8d:fd:5f:12:c2:bc:
         3c:81:a3:53:f2:f4:da:a9:ee:a3:bd:b4:5e:ba:45:bb:b3:8f:
         09:60:ab:ef:86:af:b9:10:fb:61:ad:ee:17:7f:e3:1b:be:49:
         93:a8:43:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbv8AyuVURE7Oaw29BHYhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMDRhNDA4MjFjNDE3NmNjNDJlMjU1ZWY2YzE3Mjc0NzNj
M2YwMGEwHhcNMjQwMTAxMTQzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTgwZDdmNGIxZmQwZTkyMjg1MDg2NGQwM2Q0NDYxZjdiMzhiOTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhozu1/0H2rLdBD7jdx3NzV2M/4N2
R4IsuSMu9o158Yk5fh2jbOIlE4d2beACv/PupEc7fA+JY9u1smgO+aDUgbEA0FMN
Dv2rHXKhA/15+uKSsSxsmLt/FzSizeXOcFQ/lizFUYqGGpMMTwV5SLRuPb9zzVEs
VNVKNYWfQJQ8xDsCEP3Nu1DxacmNqRSEvXGIb5fCTWxGNC1CresvNtjYvRgAttqF
z7G+MbtCfotgv2Mx9QmamDEJ0dipd+l1TWiMjZqEnB2YsX4GloZKZTlTDA9CrO6j
Mr8NoMWc9rDcidiS7TrvuS2k3OOq3CpM5dJGIT1fAdAtMkYBiboYkpJ4VQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGqA1/Sx/Q6SKFCGTQPURh97OLlLMB8GA1UdIwQY
MBaAFEEEpAghxBdsxC4lXvbBcnRzw/AKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMt
YjI3ZDZlMjc4ZTE4LzEvYW9EWDlMSDlEcElvVUlaTkE5UkdIM3M0dVVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMtYjI3ZDZlMjc4ZTE4
LzEvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUndSMA0G
CSqGSIb3DQEBCwUAA4IBAQBncH4X88BYRBMRgZKKdSr8Xb76WPr2onc4zt5V9KC1
McZM8R/0vzX24JF9GCOwCU7zNXGYXL7/LO68TnJDYCbDjlxgD3UUXdt1zk0D8Oy2
yOyJqkHHWyv3mForwEXZCmC1JxJQMlFkCgZ57kyASEMdMtb6njUZqcmWJVg8slV/
xFA0/lMqeNEVWOryMXx9/YZHy+7X1iZnKWd+HgmRjKhgQYKIfRQVjwaXiZqi4V9r
By00InSiXEHDoUiaplzYtc3GkIfepRDR+twifIVKP0kpCiCN/V8Swrw8gaNT8vTa
qe6jvbReukW7s48JYKvvhq+5EPthre4Xf+MbvkmTqEPC
-----END CERTIFICATE-----