Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/4772q1PlRGLfeIkiQ5iGMWxTTYo.roa
File:                     4772q1PlRGLfeIkiQ5iGMWxTTYo.roa (raw, json)
Hash identifier:          hhbo0fKKEuL5jxZX8R4EpzlP+JeFepAy50ZV2bHZ1LM=
Subject key identifier:   E3:BE:F6:AB:53:E5:44:62:DF:78:89:22:43:98:86:31:6C:53:4D:8A
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       018CEDDEF43C327EA5D9F721D19B534C65BC
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/4772q1PlRGLfeIkiQ5iGMWxTTYo.roa
Signing time:             Tue 09 Jan 2024 10:57:40 +0000
ROA not before:           Tue 09 Jan 2024 10:57:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215955
IP address blocks:        81.22.136.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 18:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ed:de:f4:3c:32:7e:a5:d9:f7:21:d1:9b:53:4c:65:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Jan  9 10:57:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3bef6ab53e54462df788922439886316c534d8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:50:a2:dc:28:39:a1:83:1d:25:eb:c2:46:ef:
                    e0:2b:0b:aa:0a:fd:23:a5:56:94:4e:3d:61:fc:6c:
                    9d:b2:22:3a:f4:1d:a5:05:64:58:a4:93:6c:e8:14:
                    bc:5f:3d:ee:27:5f:bd:ff:19:5f:65:f3:3e:3f:fc:
                    57:5e:54:11:99:a1:11:1b:9d:68:19:97:8d:67:db:
                    e4:19:c4:e8:fd:2a:b6:90:13:73:b5:de:04:4d:3e:
                    67:da:92:fa:af:2e:9b:c6:a1:41:48:39:5b:34:68:
                    fb:2c:16:74:b8:67:90:c6:00:d4:aa:39:dd:46:00:
                    55:ec:ac:fc:3c:b1:af:eb:66:0d:94:c2:bb:a0:2c:
                    19:eb:22:62:0e:c6:92:1a:4d:83:28:21:40:54:35:
                    72:a9:35:23:ad:9e:f5:57:45:3a:53:7e:b4:eb:c8:
                    bc:ac:13:1f:70:3f:44:47:d1:05:be:e4:ce:df:3a:
                    b4:ef:23:e2:d7:e4:15:b7:f6:c4:63:2f:81:4a:23:
                    c6:78:94:95:b9:89:6c:6b:2f:76:73:63:2f:20:c6:
                    bd:8a:8c:0b:ca:c4:cb:7e:01:f7:8b:d9:b1:b2:fe:
                    ed:bf:1b:97:ec:b7:9f:e8:7b:03:9d:e0:bc:45:bd:
                    e5:68:d6:37:df:6a:6d:0e:ff:76:28:6e:bb:8a:7a:
                    c0:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:BE:F6:AB:53:E5:44:62:DF:78:89:22:43:98:86:31:6C:53:4D:8A
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/4772q1PlRGLfeIkiQ5iGMWxTTYo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.22.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:d7:2b:e0:92:b6:e8:0d:eb:82:2e:23:0b:4e:d7:1f:66:a8:
         6b:d2:7d:6b:1d:71:22:57:25:64:2c:eb:31:24:37:17:0b:94:
         aa:66:44:7c:aa:39:d6:90:3c:bb:0f:25:13:24:ad:64:d9:6e:
         17:5d:3f:3d:03:3e:27:58:40:1d:bd:12:24:5b:7e:13:77:a7:
         f4:fa:5a:25:c8:6b:0e:0c:59:cc:1c:d0:0d:3f:2f:87:2c:cf:
         34:36:a0:94:13:1a:06:0b:99:10:12:19:d4:6c:3c:1c:26:12:
         b7:f2:42:ab:d3:b9:08:0b:f3:c2:d9:0a:92:3a:0a:ff:d6:4e:
         96:a4:5b:83:ca:ed:ef:07:b7:c8:21:88:47:dc:d5:f7:9f:91:
         8b:9b:c0:6a:f1:57:9e:a1:c0:2b:c7:96:92:10:4f:6e:e3:bc:
         07:2c:81:a9:39:9b:3c:84:c6:66:f5:fb:19:10:2f:d2:aa:8f:
         23:01:de:75:66:91:79:cd:8e:e8:3c:84:21:05:de:1a:bc:d8:
         37:a1:6b:99:38:4e:af:70:87:63:1d:6b:87:4d:f0:da:b2:8f:
         63:17:dd:e4:88:29:27:04:bb:75:6b:1c:a3:34:c7:fc:64:c5:
         f1:80:cc:29:a7:fd:67:cf:aa:7f:c1:3a:a8:c8:05:31:ef:25:
         87:68:0b:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzt3vQ8Mn6l2fch0ZtTTGW8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjQwMTA5MTA1NzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2JlZjZhYjUzZTU0NDYyZGY3ODg5MjI0Mzk4ODYzMTZjNTM0ZDhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiVCi3Cg5oYMdJevCRu/gKwuqCv0j
pVaUTj1h/GydsiI69B2lBWRYpJNs6BS8Xz3uJ1+9/xlfZfM+P/xXXlQRmaERG51o
GZeNZ9vkGcTo/Sq2kBNztd4ETT5n2pL6ry6bxqFBSDlbNGj7LBZ0uGeQxgDUqjnd
RgBV7Kz8PLGv62YNlMK7oCwZ6yJiDsaSGk2DKCFAVDVyqTUjrZ71V0U6U36068i8
rBMfcD9ER9EFvuTO3zq07yPi1+QVt/bEYy+BSiPGeJSVuYlsay92c2MvIMa9iowL
ysTLfgH3i9mxsv7tvxuX7Lef6HsDneC8Rb3laNY332ptDv92KG67inrAZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOO+9qtT5URi33iJIkOYhjFsU02KMB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvNDc3MnExUGxSR0xmZUlraVE1aUdNV3hUVFlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURaIMA0G
CSqGSIb3DQEBCwUAA4IBAQAA1yvgkrboDeuCLiMLTtcfZqhr0n1rHXEiVyVkLOsx
JDcXC5SqZkR8qjnWkDy7DyUTJK1k2W4XXT89Az4nWEAdvRIkW34Td6f0+lolyGsO
DFnMHNANPy+HLM80NqCUExoGC5kQEhnUbDwcJhK38kKr07kIC/PC2QqSOgr/1k6W
pFuDyu3vB7fIIYhH3NX3n5GLm8Bq8VeeocArx5aSEE9u47wHLIGpOZs8hMZm9fsZ
EC/Sqo8jAd51ZpF5zY7oPIQhBd4avNg3oWuZOE6vcIdjHWuHTfDaso9jF93kiCkn
BLt1axyjNMf8ZMXxgMwpp/1nz6p/wTqoyAUx7yWHaAuW
-----END CERTIFICATE-----