Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/LOKrZEDDVhVnSlJWlOLgQ5nPcM0.roa
File:                     LOKrZEDDVhVnSlJWlOLgQ5nPcM0.roa (raw, json)
Hash identifier:          2CeUB6HU9O6IboYshEwLG/p+jYhiKQ64ZtA5Y3idzrs=
Subject key identifier:   2C:E2:AB:64:40:C3:56:15:67:4A:52:56:94:E2:E0:43:99:CF:70:CD
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       019422FC0D4DF78FB4850DAC68EB94A408AD
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/LOKrZEDDVhVnSlJWlOLgQ5nPcM0.roa
Signing time:             Wed 01 Jan 2025 17:48:51 +0000
ROA not before:           Wed 01 Jan 2025 17:48:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49981
IP address blocks:        81.22.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:0d:4d:f7:8f:b4:85:0d:ac:68:eb:94:a4:08:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Jan  1 17:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2ce2ab6440c35615674a525694e2e04399cf70cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:21:c8:ba:2b:18:f3:39:ab:1a:11:0e:7c:9d:
                    d3:7c:b7:10:5a:01:43:62:66:90:fa:bd:58:27:33:
                    15:7f:80:52:80:00:da:c2:2a:50:eb:7b:af:9d:33:
                    41:ce:fd:4e:73:ad:31:25:01:c2:e8:d4:aa:e7:77:
                    15:26:4b:83:79:9e:76:c3:7a:81:9f:4c:74:76:c2:
                    a0:b9:1c:8e:2e:f1:f3:7d:d3:ff:c4:b8:e5:72:a3:
                    73:a9:43:e3:61:cd:1d:1b:18:60:35:57:c4:a8:8e:
                    38:8d:00:50:cc:ae:2b:76:81:58:50:76:1a:0a:75:
                    33:ac:55:fd:e7:2b:f4:39:ff:74:1b:c1:e8:c0:1f:
                    68:80:eb:ae:0f:69:e2:88:ca:d0:96:a7:ac:74:75:
                    15:52:24:04:a1:84:bc:b2:ea:06:20:c4:9b:ca:7f:
                    7f:5e:a1:8c:87:23:c9:c5:52:8b:ce:7e:93:52:45:
                    71:0e:ce:bc:95:0e:29:28:aa:95:ac:d6:5a:58:d4:
                    82:a8:03:bc:df:b7:8c:9b:f6:54:47:66:60:cc:f0:
                    e5:0b:ee:2e:46:da:c6:f0:af:2e:30:2a:ce:94:c0:
                    0f:cd:be:d5:fe:ca:28:49:46:9a:7c:d0:e5:2b:4a:
                    7a:16:d9:d5:f8:e4:b7:0f:cb:b1:7e:a9:9b:23:ca:
                    1e:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:E2:AB:64:40:C3:56:15:67:4A:52:56:94:E2:E0:43:99:CF:70:CD
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/LOKrZEDDVhVnSlJWlOLgQ5nPcM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.22.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:da:93:bc:d0:fe:66:e6:a0:77:c7:01:9c:c7:a7:5d:e4:0c:
         fb:ee:86:fd:c7:83:6a:25:d6:89:f7:79:80:fa:e8:85:0b:9a:
         6c:44:cd:b2:82:1a:93:e6:48:53:82:8f:5a:65:4c:f7:cb:e1:
         21:41:37:e0:d1:b5:7d:45:49:6c:1a:e3:19:f7:d9:64:51:48:
         18:d4:f0:da:84:6b:df:e8:7c:b0:ef:86:27:95:96:5b:b1:7b:
         43:01:02:ef:03:e5:1d:74:95:a1:07:d0:ea:3b:fc:19:7f:b3:
         b5:25:be:42:2f:ab:e6:48:07:c2:1b:65:3e:40:e5:a2:25:34:
         76:e4:86:04:c9:c7:df:50:be:54:2b:23:72:e5:df:aa:37:5d:
         e1:08:b5:33:2a:a6:cb:4b:b4:96:b2:7b:da:87:0d:40:de:ce:
         94:80:4a:59:5d:6a:3f:16:c4:47:d1:70:d5:14:11:dc:42:89:
         ce:02:89:9a:1a:0d:92:e1:e4:70:4d:e6:e1:a9:94:06:6a:82:
         d6:00:9e:f3:a2:75:24:35:23:30:42:6b:bb:ab:14:c8:8a:8d:
         34:13:a1:75:a9:10:d7:32:81:7a:39:f2:c8:cf:11:f2:b1:0f:
         34:86:ae:46:49:8a:a7:3f:37:36:ae:62:95:8d:a1:9a:f9:82:
         51:16:e6:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/A1N94+0hQ2saOuUpAitMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjUwMTAxMTc0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2UyYWI2NDQwYzM1NjE1Njc0YTUyNTY5NGUyZTA0Mzk5Y2Y3MGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1yHIuisY8zmrGhEOfJ3TfLcQWgFD
YmaQ+r1YJzMVf4BSgADawipQ63uvnTNBzv1Oc60xJQHC6NSq53cVJkuDeZ52w3qB
n0x0dsKguRyOLvHzfdP/xLjlcqNzqUPjYc0dGxhgNVfEqI44jQBQzK4rdoFYUHYa
CnUzrFX95yv0Of90G8HowB9ogOuuD2niiMrQlqesdHUVUiQEoYS8suoGIMSbyn9/
XqGMhyPJxVKLzn6TUkVxDs68lQ4pKKqVrNZaWNSCqAO837eMm/ZUR2ZgzPDlC+4u
RtrG8K8uMCrOlMAPzb7V/sooSUaafNDlK0p6FtnV+OS3D8uxfqmbI8oeaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCziq2RAw1YVZ0pSVpTi4EOZz3DNMB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvTE9LclpFRERWaFZuU2xKV2xPTGdRNW5QY00wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURaGMA0G
CSqGSIb3DQEBCwUAA4IBAQA92pO80P5m5qB3xwGcx6dd5Az77ob9x4NqJdaJ93mA
+uiFC5psRM2yghqT5khTgo9aZUz3y+EhQTfg0bV9RUlsGuMZ99lkUUgY1PDahGvf
6Hyw74YnlZZbsXtDAQLvA+UddJWhB9DqO/wZf7O1Jb5CL6vmSAfCG2U+QOWiJTR2
5IYEycffUL5UKyNy5d+qN13hCLUzKqbLS7SWsnvahw1A3s6UgEpZXWo/FsRH0XDV
FBHcQonOAomaGg2S4eRwTebhqZQGaoLWAJ7zonUkNSMwQmu7qxTIio00E6F1qRDX
MoF6OfLIzxHysQ80hq5GSYqnPzc2rmKVjaGa+YJRFuas
-----END CERTIFICATE-----