Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/E1rDxz-KB-clX6dnolqCgPpPAio.roa
File:                     E1rDxz-KB-clX6dnolqCgPpPAio.roa (raw, json)
Hash identifier:          mJIYzmlxCc+u7FBOTj9zAr7TY4ic9nlMsq9jHbtcivY=
Subject key identifier:   13:5A:C3:C7:3F:8A:07:E7:25:5F:A7:67:A2:5A:82:80:FA:4F:02:2A
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       018D596E561BAF635A4FAB0FF0A858831F9E
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/E1rDxz-KB-clX6dnolqCgPpPAio.roa
Signing time:             Tue 30 Jan 2024 08:13:39 +0000
ROA not before:           Tue 30 Jan 2024 08:13:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397630
IP address blocks:        81.22.140.0/24 maxlen: 24
                          89.185.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:59:6e:56:1b:af:63:5a:4f:ab:0f:f0:a8:58:83:1f:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Jan 30 08:13:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=135ac3c73f8a07e7255fa767a25a8280fa4f022a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:f8:cb:54:74:6d:30:13:fe:52:7e:50:10:f8:
                    e4:fe:59:f7:8c:6b:8a:d4:fb:24:f1:4f:fc:6e:58:
                    ec:af:f0:9b:85:c7:b0:0f:dc:76:9a:54:65:20:3f:
                    cb:80:d7:3f:f6:af:57:dd:87:28:9d:14:8a:08:05:
                    3f:95:f7:d7:af:1e:c3:dd:6d:45:b5:29:c9:24:d9:
                    c6:70:98:99:7d:2e:5e:b3:b1:42:e3:ba:bc:a1:77:
                    29:8a:d1:04:87:ab:22:00:d7:f2:dd:de:f7:14:11:
                    07:4b:f6:54:d2:c3:f5:63:78:a4:2d:3b:8d:a6:5d:
                    bd:40:74:04:a1:f2:b1:ed:c9:f6:7b:2e:52:74:3e:
                    b4:e4:2b:5e:66:05:9a:57:0d:fc:b6:b1:ed:1c:35:
                    bc:0c:cc:aa:4b:68:c3:e8:74:d9:08:1a:a5:9e:b8:
                    fa:c9:b5:82:54:7e:33:48:db:bc:23:f1:33:64:93:
                    57:d6:ad:58:a9:a9:42:bf:5a:1a:3a:12:82:ec:a8:
                    79:b9:31:d8:4c:28:35:ef:a7:42:4c:a6:84:2b:3a:
                    e6:2f:11:97:60:22:4c:14:49:8d:3f:70:bb:06:92:
                    51:32:92:59:dc:5e:73:d8:54:3d:bc:3f:80:f3:da:
                    ce:8f:ae:75:dc:65:bb:0c:14:24:89:03:a7:b6:3d:
                    61:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:5A:C3:C7:3F:8A:07:E7:25:5F:A7:67:A2:5A:82:80:FA:4F:02:2A
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/E1rDxz-KB-clX6dnolqCgPpPAio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.22.140.0/24
                  89.185.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:90:0b:26:9e:e8:b3:c5:77:ba:72:50:9f:40:1c:c8:20:de:
         7b:d4:06:1b:e0:70:29:16:a0:8b:64:b1:d6:b4:5f:5e:9b:07:
         a1:41:a7:56:8a:1d:10:fe:42:ca:2f:55:f4:b4:3b:76:09:d5:
         3c:f3:14:30:49:7c:69:ee:35:c1:93:82:5d:55:41:92:34:af:
         e6:4e:50:7e:46:54:4e:d8:ad:7e:a7:64:67:db:85:c5:5d:50:
         fa:ac:d9:22:5d:43:4a:ed:12:e8:35:d0:f4:63:6e:77:0e:e8:
         f2:1e:01:7e:72:db:48:95:d7:b2:44:07:95:eb:3d:b5:30:83:
         ee:6d:3d:b6:8c:66:f8:27:e3:16:e3:20:2f:2e:da:a1:5f:64:
         bd:c2:09:fb:e3:69:c8:93:b0:11:d6:55:4e:36:3d:3b:36:68:
         e6:b0:d2:f5:5f:b8:b5:81:4b:1a:bb:df:a9:fb:78:67:93:58:
         59:57:06:32:ef:6e:8f:cf:8a:59:bd:70:21:32:b4:c2:3d:f1:
         7a:4f:92:5f:70:59:a7:65:d4:db:07:8d:0f:c6:9e:de:38:d4:
         01:4e:3d:4c:5b:0a:48:6c:69:10:22:18:95:61:d9:cd:44:a1:
         a8:27:3a:ca:36:38:67:86:08:d1:fa:a7:a3:c3:55:a8:d7:0c:
         73:38:a2:4f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY1ZblYbr2NaT6sP8KhYgx+eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjQwMTMwMDgxMzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzVhYzNjNzNmOGEwN2U3MjU1ZmE3NjdhMjVhODI4MGZhNGYwMjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkvjLVHRtMBP+Un5QEPjk/ln3jGuK
1Psk8U/8bljsr/CbhcewD9x2mlRlID/LgNc/9q9X3YconRSKCAU/lffXrx7D3W1F
tSnJJNnGcJiZfS5es7FC47q8oXcpitEEh6siANfy3d73FBEHS/ZU0sP1Y3ikLTuN
pl29QHQEofKx7cn2ey5SdD605CteZgWaVw38trHtHDW8DMyqS2jD6HTZCBqlnrj6
ybWCVH4zSNu8I/EzZJNX1q1YqalCv1oaOhKC7Kh5uTHYTCg176dCTKaEKzrmLxGX
YCJMFEmNP3C7BpJRMpJZ3F5z2FQ9vD+A89rOj6513GW7DBQkiQOntj1hnQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBNaw8c/igfnJV+nZ6JagoD6TwIqMB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvRTFyRHh6LUtCLWNsWDZkbm9scUNnUHBQQWlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAURaMAwQA
WbkWMA0GCSqGSIb3DQEBCwUAA4IBAQBUkAsmnuizxXe6clCfQBzIIN571AYb4HAp
FqCLZLHWtF9emwehQadWih0Q/kLKL1X0tDt2CdU88xQwSXxp7jXBk4JdVUGSNK/m
TlB+RlRO2K1+p2Rn24XFXVD6rNkiXUNK7RLoNdD0Y253DujyHgF+cttIldeyRAeV
6z21MIPubT22jGb4J+MW4yAvLtqhX2S9wgn742nIk7AR1lVONj07NmjmsNL1X7i1
gUsau9+p+3hnk1hZVwYy726Pz4pZvXAhMrTCPfF6T5JfcFmnZdTbB40Pxp7eONQB
Tj1MWwpIbGkQIhiVYdnNRKGoJzrKNjhnhgjR+qejw1Wo1wxzOKJP
-----END CERTIFICATE-----