Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/owD2F5PTIfIuOH1ResHlD6bHqfw.roa
File:                     owD2F5PTIfIuOH1ResHlD6bHqfw.roa (raw, json)
Hash identifier:          FwwD5nwDxuakINFZYh01TzvwO9abW6HL7q42RgazHtQ=
Subject key identifier:   A3:00:F6:17:93:D3:21:F2:2E:38:7D:51:7A:C1:E5:0F:A6:C7:A9:FC
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       019422FC0A6A3E338ADA8D111B041678005B
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/owD2F5PTIfIuOH1ResHlD6bHqfw.roa
Signing time:             Wed 01 Jan 2025 17:48:50 +0000
ROA not before:           Wed 01 Jan 2025 17:48:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        81.22.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 22:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:0a:6a:3e:33:8a:da:8d:11:1b:04:16:78:00:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Jan  1 17:48:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a300f61793d321f22e387d517ac1e50fa6c7a9fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:75:f9:d9:6c:1e:a3:5b:3d:89:fc:04:58:0f:
                    3e:c0:b6:fe:b5:41:3f:7d:74:2d:16:84:50:4a:e2:
                    63:f2:69:0b:2d:c1:b2:7b:65:f2:dc:bc:b4:b2:84:
                    7c:a9:55:df:1b:c1:07:d4:81:d2:41:e8:66:9e:0e:
                    c4:d5:58:99:b5:c9:54:f8:fd:00:6f:0c:a3:f5:5d:
                    22:3a:4b:65:7f:72:d6:1c:ba:41:c4:28:76:68:35:
                    fd:2c:d0:6a:b9:2f:9e:e6:8b:bb:1a:7d:03:d6:c0:
                    84:77:6d:34:69:d5:4d:b5:85:1b:58:b8:9f:a4:2c:
                    33:7a:ef:08:b7:ed:3a:80:88:cc:fd:7f:69:7a:89:
                    91:19:51:d0:13:a4:9f:fc:4e:f2:08:66:ea:af:4e:
                    3a:35:7c:e2:5a:2b:48:c4:b1:3e:ea:06:bd:ac:1e:
                    90:42:89:1e:a6:89:61:5a:ab:c6:45:a8:05:0c:be:
                    5b:df:3a:97:12:9b:39:6d:99:de:2c:68:16:b4:f8:
                    7d:f1:58:16:3a:82:df:f0:3a:2b:86:4f:b5:3e:bb:
                    2e:0f:43:a5:c0:d2:b0:51:76:2f:8c:ca:5f:7f:12:
                    68:08:6d:20:a1:b9:3a:40:bd:5e:25:68:1d:ab:ab:
                    c4:da:de:b4:eb:ba:62:a0:35:92:0e:e2:68:31:db:
                    45:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:00:F6:17:93:D3:21:F2:2E:38:7D:51:7A:C1:E5:0F:A6:C7:A9:FC
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/owD2F5PTIfIuOH1ResHlD6bHqfw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.22.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:62:91:0c:50:a4:ed:20:d2:80:18:65:47:0a:56:dd:1a:99:
         05:86:36:48:de:0f:e8:49:00:71:82:42:c3:4d:92:e0:ff:a0:
         2b:bf:49:5d:41:d1:0f:28:02:ad:25:27:51:c6:4e:de:af:bc:
         a9:a1:c9:06:6f:ee:8a:f5:e5:33:14:04:14:40:44:73:cb:0f:
         f6:ff:67:8c:92:1e:e4:a8:95:26:93:31:5c:cf:aa:1c:48:ad:
         7b:f9:92:27:9a:55:a2:21:5c:62:c3:a8:56:88:4a:7e:20:d8:
         3a:b2:ea:d3:4f:22:2e:a2:33:b6:41:59:ef:35:f8:5a:e0:44:
         81:84:fc:04:40:97:13:b1:10:ed:77:69:dc:9e:64:8c:07:3a:
         04:22:c2:5b:e2:7f:03:92:8e:ee:83:1a:2d:fe:18:fa:59:f6:
         87:cd:c5:22:45:d2:ce:0d:c8:51:96:55:7f:06:a9:fe:fc:5a:
         3a:33:19:59:57:eb:1c:f5:e6:34:b3:52:c2:a8:58:fa:9e:a6:
         dd:19:f7:bc:5c:81:6c:59:7a:d2:5b:a5:11:75:a0:3f:74:6d:
         15:36:8b:27:e0:04:99:3e:fc:26:40:4a:f1:bf:f1:7b:af:db:
         ad:db:d8:13:2d:ed:bc:00:33:5b:49:19:ac:a9:68:b9:13:d5:
         76:55:e3:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/ApqPjOK2o0RGwQWeABbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjUwMTAxMTc0ODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzAwZjYxNzkzZDMyMWYyMmUzODdkNTE3YWMxZTUwZmE2YzdhOWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxnX52Wweo1s9ifwEWA8+wLb+tUE/
fXQtFoRQSuJj8mkLLcGye2Xy3Ly0soR8qVXfG8EH1IHSQehmng7E1ViZtclU+P0A
bwyj9V0iOktlf3LWHLpBxCh2aDX9LNBquS+e5ou7Gn0D1sCEd200adVNtYUbWLif
pCwzeu8It+06gIjM/X9peomRGVHQE6Sf/E7yCGbqr046NXziWitIxLE+6ga9rB6Q
QokepolhWqvGRagFDL5b3zqXEps5bZneLGgWtPh98VgWOoLf8Dorhk+1PrsuD0Ol
wNKwUXYvjMpffxJoCG0gobk6QL1eJWgdq6vE2t6067pioDWSDuJoMdtFaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKMA9heT0yHyLjh9UXrB5Q+mx6n8MB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvb3dEMkY1UFRJZkl1T0gxUmVzSGxENmJIcWZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURaAMA0G
CSqGSIb3DQEBCwUAA4IBAQBOYpEMUKTtINKAGGVHClbdGpkFhjZI3g/oSQBxgkLD
TZLg/6Arv0ldQdEPKAKtJSdRxk7er7ypockGb+6K9eUzFAQUQERzyw/2/2eMkh7k
qJUmkzFcz6ocSK17+ZInmlWiIVxiw6hWiEp+INg6surTTyIuojO2QVnvNfha4ESB
hPwEQJcTsRDtd2ncnmSMBzoEIsJb4n8Dko7ugxot/hj6WfaHzcUiRdLODchRllV/
Bqn+/Fo6MxlZV+sc9eY0s1LCqFj6nqbdGfe8XIFsWXrSW6URdaA/dG0VNosn4ASZ
PvwmQErxv/F7r9ut29gTLe28ADNbSRmsqWi5E9V2VePA
-----END CERTIFICATE-----