Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/G7oPoQNT9WOES6wngwHQQQgDKH4.roa
File:                     G7oPoQNT9WOES6wngwHQQQgDKH4.roa (raw, json)
Hash identifier:          DoCYVa5tb2evqgdas2zy++qY6RPopj7gXF5Qso3z2+Y=
Subject key identifier:   1B:BA:0F:A1:03:53:F5:63:84:4B:AC:27:83:01:D0:41:08:03:28:7E
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       018CC649CAF210350D9ABDB1D15A4C47CA56
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/G7oPoQNT9WOES6wngwHQQQgDKH4.roa
Signing time:             Mon 01 Jan 2024 18:29:34 +0000
ROA not before:           Mon 01 Jan 2024 18:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199058
IP address blocks:        81.22.132.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:ca:f2:10:35:0d:9a:bd:b1:d1:5a:4c:47:ca:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Jan  1 18:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1bba0fa10353f563844bac278301d0410803287e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:37:a0:3a:73:28:f8:d2:80:7a:3a:58:d2:45:
                    e9:eb:e2:2c:2b:83:97:7b:98:9a:08:23:3e:eb:01:
                    57:ee:cc:0d:05:10:c2:8d:0d:c1:72:3a:1c:b7:b6:
                    70:27:c6:dc:33:30:4a:48:d8:f3:c5:4a:ef:11:fa:
                    0d:64:4b:d7:00:dd:d7:03:37:30:47:4c:0b:50:28:
                    79:00:e2:ea:ab:bd:c1:40:fe:f8:45:46:3c:4c:cd:
                    7e:ab:94:aa:a9:16:a0:e1:c4:ae:e9:c2:37:fc:26:
                    d3:6f:28:4d:6d:69:0e:35:c6:5e:67:4d:de:4b:f3:
                    8f:9f:31:30:4e:2d:12:7d:61:ae:f0:14:63:69:34:
                    e5:64:dd:c3:ad:62:fe:93:45:38:3a:a6:a6:95:44:
                    2c:db:05:f5:31:98:f2:f0:aa:3d:b8:42:0d:03:5a:
                    49:bf:61:67:95:8c:a0:7f:b9:e5:83:82:9a:cb:92:
                    45:a1:13:06:fa:3d:9a:a8:f8:2c:cf:fc:b4:af:47:
                    a2:70:35:64:3a:ca:d2:bb:fa:01:a3:a8:36:fa:9f:
                    c9:87:f4:e6:b2:d6:6f:59:22:e2:9a:cf:18:26:18:
                    29:cd:bc:f8:11:ef:dc:d9:ba:0c:1d:d8:f5:ff:b5:
                    98:15:de:6e:47:eb:82:67:ad:86:f3:c7:ba:29:e4:
                    15:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:BA:0F:A1:03:53:F5:63:84:4B:AC:27:83:01:D0:41:08:03:28:7E
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/G7oPoQNT9WOES6wngwHQQQgDKH4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.22.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:65:a8:42:c2:7a:27:8e:e5:5d:16:69:bf:09:40:2b:9f:41:
         89:a1:0e:2e:a1:c0:19:a7:56:5b:16:0a:76:d1:21:5e:04:b7:
         f1:4c:6f:81:4e:ec:13:06:bb:80:bf:55:fc:5a:24:65:94:1b:
         85:59:00:56:cd:17:33:0c:c2:cc:97:6d:ac:ce:1d:c5:38:79:
         9a:1b:e0:fa:15:54:5b:fc:d9:60:8d:44:58:67:3c:d8:65:d6:
         92:ae:2e:fe:a7:93:da:2c:5c:8c:41:3b:2b:db:4f:b1:6c:09:
         3a:b2:ab:09:80:f3:b6:39:14:3f:81:f0:3a:86:47:20:cf:0e:
         63:82:9e:80:a0:ac:14:9f:56:c4:d0:7b:3d:24:88:84:7b:d0:
         80:76:ad:a2:5b:06:9c:1c:a4:75:d1:50:4e:f4:53:cd:1d:6c:
         f5:38:bb:e1:1d:4f:b0:52:f5:b5:3a:0c:a7:29:16:67:1e:bb:
         a7:ce:86:f2:8f:98:e6:77:15:83:2a:4a:57:08:29:25:bd:ea:
         79:96:45:92:bc:d6:b9:84:5a:05:60:b2:7f:2a:e9:bb:50:68:
         48:4e:9f:f1:e2:54:57:83:29:d5:ac:7a:0f:f0:ec:af:a7:1c:
         34:41:0f:46:9c:50:a6:46:fe:29:3c:47:52:0a:f8:b9:dd:8e:
         65:99:ea:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGScryEDUNmr2x0VpMR8pWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjQwMTAxMTgyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmJhMGZhMTAzNTNmNTYzODQ0YmFjMjc4MzAxZDA0MTA4MDMyODdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgjegOnMo+NKAejpY0kXp6+IsK4OX
e5iaCCM+6wFX7swNBRDCjQ3Bcjoct7ZwJ8bcMzBKSNjzxUrvEfoNZEvXAN3XAzcw
R0wLUCh5AOLqq73BQP74RUY8TM1+q5SqqRag4cSu6cI3/CbTbyhNbWkONcZeZ03e
S/OPnzEwTi0SfWGu8BRjaTTlZN3DrWL+k0U4OqamlUQs2wX1MZjy8Ko9uEINA1pJ
v2FnlYygf7nlg4Kay5JFoRMG+j2aqPgsz/y0r0eicDVkOsrSu/oBo6g2+p/Jh/Tm
stZvWSLims8YJhgpzbz4Ee/c2boMHdj1/7WYFd5uR+uCZ62G88e6KeQVGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBu6D6EDU/VjhEusJ4MB0EEIAyh+MB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvRzdvUG9RTlQ5V09FUzZ3bmd3SFFRUWdES0g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURaEMA0G
CSqGSIb3DQEBCwUAA4IBAQBmZahCwnonjuVdFmm/CUArn0GJoQ4uocAZp1ZbFgp2
0SFeBLfxTG+BTuwTBruAv1X8WiRllBuFWQBWzRczDMLMl22szh3FOHmaG+D6FVRb
/NlgjURYZzzYZdaSri7+p5PaLFyMQTsr20+xbAk6sqsJgPO2ORQ/gfA6hkcgzw5j
gp6AoKwUn1bE0Hs9JIiEe9CAdq2iWwacHKR10VBO9FPNHWz1OLvhHU+wUvW1Ogyn
KRZnHrunzobyj5jmdxWDKkpXCCklvep5lkWSvNa5hFoFYLJ/Kum7UGhITp/x4lRX
gynVrHoP8Oyvpxw0QQ9GnFCmRv4pPEdSCvi53Y5lmepO
-----END CERTIFICATE-----