Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/cT-sz-qb25ALGS25ufeJE7MlEfY.roa
File:                     cT-sz-qb25ALGS25ufeJE7MlEfY.roa (raw, json)
Hash identifier:          tLSNoQ1nIKwmaIAGHLjMfJ1rnCZ3wkBwPbq5F76ZZBo=
Subject key identifier:   71:3F:AC:CF:EA:9B:DB:90:0B:19:2D:B9:B9:F7:89:13:B3:25:11:F6
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       018E15A33559BD6B2E9D842764B898A1E849
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/cT-sz-qb25ALGS25ufeJE7MlEfY.roa
Signing time:             Wed 06 Mar 2024 21:20:01 +0000
ROA not before:           Wed 06 Mar 2024 21:20:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        81.22.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:15:a3:35:59:bd:6b:2e:9d:84:27:64:b8:98:a1:e8:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Mar  6 21:20:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=713faccfea9bdb900b192db9b9f78913b32511f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:dc:60:7f:65:c1:88:2c:d1:40:41:c9:b9:6a:
                    07:9d:bb:64:f3:1f:5d:eb:ce:4c:6b:1c:9b:b0:c1:
                    00:06:4e:62:44:a6:f5:c4:37:44:db:55:a3:72:f5:
                    f0:d1:e2:37:01:67:71:7d:37:2f:75:a5:bc:74:d0:
                    9e:c9:de:0d:03:51:ef:76:81:20:ff:fc:15:2d:ad:
                    48:af:5f:24:c4:56:16:af:9d:76:be:d7:39:91:13:
                    76:b7:ae:70:5c:f7:44:54:09:c4:d5:c8:91:f3:37:
                    fb:5e:a9:f0:6f:e5:fe:1e:40:32:15:ac:d2:cc:60:
                    40:9c:3c:ee:5a:21:1b:4d:57:f2:d1:35:c9:6e:59:
                    bd:fc:46:b6:04:86:ca:ca:7f:d7:f9:fa:55:ea:1d:
                    e3:5b:38:8e:29:85:1d:8d:6c:86:8d:94:79:b0:30:
                    16:7c:6e:f5:e3:ae:e4:13:82:7a:8b:66:d6:20:12:
                    9e:48:3b:87:e1:2c:ab:cc:c9:33:67:0c:84:05:a0:
                    8a:4f:13:80:24:09:3a:80:37:9d:3d:5f:43:08:77:
                    35:78:bd:91:83:f6:f0:3c:85:87:44:b6:a8:8a:b2:
                    83:6e:74:86:c0:f4:78:76:22:1e:f7:df:90:c7:79:
                    fd:63:b4:5f:64:60:a6:39:1d:11:8f:0c:97:37:7c:
                    39:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:3F:AC:CF:EA:9B:DB:90:0B:19:2D:B9:B9:F7:89:13:B3:25:11:F6
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/cT-sz-qb25ALGS25ufeJE7MlEfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.22.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:ed:97:27:91:92:27:02:94:3c:ec:d3:b9:8e:bf:d7:43:92:
         52:20:96:8a:33:ed:d2:d9:05:8d:7b:5b:ec:cc:8c:9b:7a:a6:
         78:42:8c:16:87:eb:d9:57:68:f9:08:16:3b:5e:51:8e:9f:8c:
         09:ea:56:ae:7e:1f:c2:72:8d:12:c5:0a:5e:e5:88:b7:ee:3a:
         99:45:89:9e:b5:0b:90:74:97:15:29:a4:a9:f8:6c:3b:87:ed:
         c2:5d:e2:6f:36:bb:9e:63:ec:96:22:72:8f:ac:bc:da:d6:2d:
         c4:cb:61:6e:99:c9:3b:5b:9e:bd:cd:1a:f2:a6:e8:1f:cd:31:
         2f:0b:71:7a:ca:ce:7a:d7:c0:91:24:be:23:96:57:d0:d8:73:
         e1:e2:2f:06:1a:41:60:ba:8f:69:87:b6:0a:43:15:e7:1f:bb:
         d0:2f:6f:36:5a:c3:2f:b5:97:ba:7f:bb:b9:72:55:74:ff:2f:
         87:a2:02:9f:70:a3:d4:89:d6:c7:d4:30:a5:35:fb:41:d9:ff:
         a4:d9:a4:42:94:7c:07:a8:ce:00:37:84:d8:0a:a4:87:dd:be:
         63:d7:9c:7a:4d:6d:c8:88:6e:9b:94:50:97:61:2b:2e:50:e5:
         bd:a8:da:f9:ac:84:3b:dd:a4:29:99:ed:33:0c:c7:3e:2a:50:
         16:3e:49:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4VozVZvWsunYQnZLiYoehJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjQwMzA2MjEyMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTNmYWNjZmVhOWJkYjkwMGIxOTJkYjliOWY3ODkxM2IzMjUxMWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmtxgf2XBiCzRQEHJuWoHnbtk8x9d
685MaxybsMEABk5iRKb1xDdE21WjcvXw0eI3AWdxfTcvdaW8dNCeyd4NA1HvdoEg
//wVLa1Ir18kxFYWr512vtc5kRN2t65wXPdEVAnE1ciR8zf7Xqnwb+X+HkAyFazS
zGBAnDzuWiEbTVfy0TXJblm9/Ea2BIbKyn/X+fpV6h3jWziOKYUdjWyGjZR5sDAW
fG71467kE4J6i2bWIBKeSDuH4SyrzMkzZwyEBaCKTxOAJAk6gDedPV9DCHc1eL2R
g/bwPIWHRLaoirKDbnSGwPR4diIe99+Qx3n9Y7RfZGCmOR0RjwyXN3w5cwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHE/rM/qm9uQCxktubn3iROzJRH2MB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvY1Qtc3otcWIyNUFMR1MyNXVmZUpFN01sRWZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURaAMA0G
CSqGSIb3DQEBCwUAA4IBAQCY7ZcnkZInApQ87NO5jr/XQ5JSIJaKM+3S2QWNe1vs
zIybeqZ4QowWh+vZV2j5CBY7XlGOn4wJ6laufh/Cco0SxQpe5Yi37jqZRYmetQuQ
dJcVKaSp+Gw7h+3CXeJvNrueY+yWInKPrLza1i3Ey2Fumck7W569zRrypugfzTEv
C3F6ys5618CRJL4jllfQ2HPh4i8GGkFguo9ph7YKQxXnH7vQL282WsMvtZe6f7u5
clV0/y+HogKfcKPUidbH1DClNftB2f+k2aRClHwHqM4AN4TYCqSH3b5j15x6TW3I
iG6blFCXYSsuUOW9qNr5rIQ73aQpme0zDMc+KlAWPkkO
-----END CERTIFICATE-----