Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/MtAvQ3z7TVD3NNN96IA-Ml7X4uk.roa
File:                     MtAvQ3z7TVD3NNN96IA-Ml7X4uk.roa (raw, json)
Hash identifier:          sQ6iS27NqVv/m8dterdjHZUVz4J3Xb872xxjdUq74wE=
Subject key identifier:   32:D0:2F:43:7C:FB:4D:50:F7:34:D3:7D:E8:80:3E:32:5E:D7:E2:E9
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       018DC6BA4970E3E680DC6747DAAEEA876258
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/MtAvQ3z7TVD3NNN96IA-Ml7X4uk.roa
Signing time:             Tue 20 Feb 2024 13:35:13 +0000
ROA not before:           Tue 20 Feb 2024 13:35:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        81.22.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c6:ba:49:70:e3:e6:80:dc:67:47:da:ae:ea:87:62:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Feb 20 13:35:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=32d02f437cfb4d50f734d37de8803e325ed7e2e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:2b:5b:e4:95:e3:15:27:ef:33:9f:27:97:4d:
                    bb:bb:8e:aa:be:05:84:e9:95:ec:22:e0:e6:66:75:
                    7f:73:fd:b7:a0:60:a8:4b:94:6f:d2:92:33:00:e2:
                    24:7a:33:30:d9:bc:d9:f9:c3:67:29:37:b4:72:e9:
                    fc:44:75:cf:17:0b:05:90:2f:f1:75:d7:26:d4:5f:
                    b7:41:ba:85:a9:3f:8d:3d:1f:82:dc:a2:09:b6:76:
                    f7:ae:5f:41:9f:02:d5:65:c0:a0:26:5d:70:a7:08:
                    fb:74:e9:26:7c:32:9c:73:68:94:f1:84:1b:cb:a0:
                    48:01:93:70:d0:bf:99:27:61:38:d2:d5:b3:6f:be:
                    1b:0c:fa:25:40:97:8f:dc:7d:40:93:f5:d7:22:78:
                    b7:fd:74:42:d5:49:a3:9d:ba:6d:41:ac:34:d8:5d:
                    05:13:37:88:71:b5:7c:d3:aa:4c:91:93:0d:d5:5f:
                    88:99:0a:75:9f:9a:51:e5:a4:e1:47:d0:69:ce:fe:
                    41:3b:d8:f2:74:46:29:4a:3b:ff:d2:52:cb:8d:07:
                    ce:d2:a2:2f:ea:43:80:d1:0f:0c:c9:ea:3e:c9:88:
                    d1:db:f4:7c:b8:13:46:1d:c9:21:40:60:d7:c6:8f:
                    f6:9b:d5:bc:8a:81:58:1c:62:1a:94:1e:e0:10:6d:
                    15:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:D0:2F:43:7C:FB:4D:50:F7:34:D3:7D:E8:80:3E:32:5E:D7:E2:E9
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/MtAvQ3z7TVD3NNN96IA-Ml7X4uk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.22.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:98:6b:ac:c0:d3:8b:12:b7:c7:1a:c2:27:c3:45:6b:fb:f6:
         6c:4d:dd:68:b1:16:75:da:9e:17:5f:77:ac:4d:87:0b:4e:ec:
         cb:f2:ce:2e:8e:54:ff:52:f4:25:88:97:80:6d:9f:8b:a2:42:
         30:61:bb:91:fe:42:cb:24:f3:46:75:49:29:58:46:bf:14:e1:
         53:c7:8f:79:3d:cc:34:5e:1f:c6:f1:b5:b2:e3:5a:f9:2c:b8:
         9c:0e:32:54:6a:01:01:52:e2:dd:b5:ba:45:ff:2e:64:07:71:
         08:ad:79:ac:8d:ef:df:06:9c:17:4e:57:24:37:25:c7:27:f5:
         dc:73:ac:bb:8f:f1:ef:fa:6c:81:df:42:ea:8e:db:11:0d:2e:
         73:f3:5c:49:6b:10:35:ae:d5:10:69:a6:55:38:6f:bc:39:b7:
         34:a2:f7:72:8f:32:34:17:51:3e:c9:d1:d9:0a:c9:a1:6a:cf:
         74:2b:f4:92:77:24:6d:77:ee:5c:9d:95:b8:60:5b:70:fd:67:
         25:e0:6d:60:0b:37:ba:fa:cc:0e:ad:75:6a:23:5c:cb:6b:6b:
         5a:cb:fa:42:79:13:e9:01:91:77:c2:1d:be:89:a5:ed:fc:46:
         6a:9d:0a:08:4a:ef:54:cd:93:51:58:5f:51:bf:68:c5:2e:a6:
         95:f8:42:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3Guklw4+aA3GdH2q7qh2JYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjQwMjIwMTMzNTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmQwMmY0MzdjZmI0ZDUwZjczNGQzN2RlODgwM2UzMjVlZDdlMmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiCtb5JXjFSfvM58nl027u46qvgWE
6ZXsIuDmZnV/c/23oGCoS5Rv0pIzAOIkejMw2bzZ+cNnKTe0cun8RHXPFwsFkC/x
ddcm1F+3QbqFqT+NPR+C3KIJtnb3rl9BnwLVZcCgJl1wpwj7dOkmfDKcc2iU8YQb
y6BIAZNw0L+ZJ2E40tWzb74bDPolQJeP3H1Ak/XXIni3/XRC1UmjnbptQaw02F0F
EzeIcbV806pMkZMN1V+ImQp1n5pR5aThR9Bpzv5BO9jydEYpSjv/0lLLjQfO0qIv
6kOA0Q8Myeo+yYjR2/R8uBNGHckhQGDXxo/2m9W8ioFYHGIalB7gEG0VTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDLQL0N8+01Q9zTTfeiAPjJe1+LpMB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvTXRBdlEzejdUVkQzTk5OOTZJQS1NbDdYNHVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURaLMA0G
CSqGSIb3DQEBCwUAA4IBAQBdmGuswNOLErfHGsInw0Vr+/ZsTd1osRZ12p4XX3es
TYcLTuzL8s4ujlT/UvQliJeAbZ+LokIwYbuR/kLLJPNGdUkpWEa/FOFTx495Pcw0
Xh/G8bWy41r5LLicDjJUagEBUuLdtbpF/y5kB3EIrXmsje/fBpwXTlckNyXHJ/Xc
c6y7j/Hv+myB30LqjtsRDS5z81xJaxA1rtUQaaZVOG+8Obc0ovdyjzI0F1E+ydHZ
Csmhas90K/SSdyRtd+5cnZW4YFtw/Wcl4G1gCze6+swOrXVqI1zLa2tay/pCeRPp
AZF3wh2+iaXt/EZqnQoISu9UzZNRWF9Rv2jFLqaV+EJX
-----END CERTIFICATE-----