Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/p8C-36t2-13ujSPkMbq3VQVLS8s.roa
File:                     p8C-36t2-13ujSPkMbq3VQVLS8s.roa (raw, json)
Hash identifier:          vi0ZgSJa0aE2ZVnU9wRkt0Y8yW2kP4S9qGUlcsofzO4=
Subject key identifier:   A7:C0:BE:DF:AB:76:FB:5D:EE:8D:23:E4:31:BA:B7:55:05:4B:4B:CB
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       018DA9209781E2DDB875096C5118A2CC6A8E
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/p8C-36t2-13ujSPkMbq3VQVLS8s.roa
Signing time:             Wed 14 Feb 2024 19:38:21 +0000
ROA not before:           Wed 14 Feb 2024 19:38:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57043
IP address blocks:        81.22.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 18:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a9:20:97:81:e2:dd:b8:75:09:6c:51:18:a2:cc:6a:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Feb 14 19:38:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a7c0bedfab76fb5dee8d23e431bab755054b4bcb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:eb:63:e7:d8:c0:69:4a:3b:fc:ad:03:ea:44:
                    d7:93:41:03:a2:e5:86:0a:4d:1c:c6:8a:8d:64:bc:
                    b8:32:ba:47:0c:3d:2b:0b:f0:fd:77:7a:a9:38:45:
                    dd:01:9a:ab:e1:0a:33:54:14:cb:78:3a:9c:47:83:
                    80:7a:bd:e8:b2:55:06:18:04:fe:f2:91:3f:f5:2d:
                    83:70:f0:c4:23:69:c4:0a:d5:f3:f2:ab:67:69:78:
                    04:6a:ad:ee:7b:3e:54:6c:7c:eb:2d:d6:b6:19:57:
                    20:ad:cb:2c:67:d7:6f:ae:5b:62:e8:88:28:e0:0e:
                    e6:09:b0:78:41:83:76:a5:82:dc:52:a1:55:86:37:
                    fb:a7:51:fb:ae:93:98:a2:b3:d6:f3:b4:f1:ad:dd:
                    d5:9c:0e:48:cd:b5:3e:64:cc:d1:5d:8f:9f:f1:8e:
                    57:d6:fd:3c:7a:24:a8:46:1c:b0:f7:7b:c9:cb:d8:
                    5a:df:5b:ef:03:20:16:f7:74:20:7c:19:ac:b2:ec:
                    88:de:78:9b:35:b7:ed:d4:16:e3:ef:a9:0a:e3:4f:
                    82:23:e9:19:48:38:e8:e5:2a:c9:f9:dc:19:3d:09:
                    6f:73:c3:85:bb:35:f5:d7:fc:26:a0:56:2f:d1:0d:
                    3f:27:55:5d:c9:ae:78:0c:4d:8a:cc:c7:ef:48:52:
                    39:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:C0:BE:DF:AB:76:FB:5D:EE:8D:23:E4:31:BA:B7:55:05:4B:4B:CB
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/p8C-36t2-13ujSPkMbq3VQVLS8s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.22.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:bc:64:a4:8e:f2:b2:bf:71:c2:08:08:8b:5a:af:6c:37:fc:
         e7:38:ab:3e:49:09:60:13:06:ea:b9:0a:1c:c6:90:0f:39:b5:
         6f:54:c4:6d:b1:80:f8:1b:00:59:27:bd:3a:58:b8:0f:04:1d:
         f4:2b:94:d4:10:fb:4e:ac:38:39:63:3e:ea:be:63:15:93:1d:
         d9:ef:fc:21:43:7d:10:38:e8:ef:19:e8:ef:a1:92:4b:25:7c:
         b3:09:cf:69:7f:4e:14:c2:bb:a1:7b:c2:65:ab:12:40:d0:bf:
         8f:fb:20:20:be:2f:ea:03:37:68:65:9e:12:a7:d1:eb:81:21:
         5b:cb:ee:f2:90:4a:4a:0f:04:c5:21:f5:81:62:3d:83:58:47:
         8b:a3:f4:0b:29:8e:b7:25:66:c4:0b:86:ee:98:05:37:50:b4:
         df:29:fb:7a:cb:e8:2e:b7:40:1a:88:ef:e6:54:d5:cd:b6:55:
         7f:22:b9:0f:fe:6e:b9:dd:3a:58:6b:a4:65:23:7c:66:30:b5:
         4b:ee:64:2a:c9:30:e5:d2:15:3d:90:d3:d1:2e:ea:89:9a:40:
         59:ef:1f:c2:de:21:24:1d:19:0b:7e:ad:95:99:f3:c4:6e:51:
         1a:f9:fe:12:b8:a0:55:5e:68:3b:5e:1d:10:62:ae:e6:6a:ad:
         22:3c:db:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2pIJeB4t24dQlsURiizGqOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjQwMjE0MTkzODIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2MwYmVkZmFiNzZmYjVkZWU4ZDIzZTQzMWJhYjc1NTA1NGI0YmNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArutj59jAaUo7/K0D6kTXk0EDouWG
Ck0cxoqNZLy4MrpHDD0rC/D9d3qpOEXdAZqr4QozVBTLeDqcR4OAer3oslUGGAT+
8pE/9S2DcPDEI2nECtXz8qtnaXgEaq3uez5UbHzrLda2GVcgrcssZ9dvrlti6Igo
4A7mCbB4QYN2pYLcUqFVhjf7p1H7rpOYorPW87Txrd3VnA5IzbU+ZMzRXY+f8Y5X
1v08eiSoRhyw93vJy9ha31vvAyAW93QgfBmssuyI3nibNbft1Bbj76kK40+CI+kZ
SDjo5SrJ+dwZPQlvc8OFuzX11/wmoFYv0Q0/J1Vdya54DE2KzMfvSFI5ywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKfAvt+rdvtd7o0j5DG6t1UFS0vLMB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvcDhDLTM2dDItMTN1alNQa01icTNWUVZMUzhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURaGMA0G
CSqGSIb3DQEBCwUAA4IBAQALvGSkjvKyv3HCCAiLWq9sN/znOKs+SQlgEwbquQoc
xpAPObVvVMRtsYD4GwBZJ706WLgPBB30K5TUEPtOrDg5Yz7qvmMVkx3Z7/whQ30Q
OOjvGejvoZJLJXyzCc9pf04Uwruhe8JlqxJA0L+P+yAgvi/qAzdoZZ4Sp9HrgSFb
y+7ykEpKDwTFIfWBYj2DWEeLo/QLKY63JWbEC4bumAU3ULTfKft6y+gut0AaiO/m
VNXNtlV/IrkP/m653TpYa6RlI3xmMLVL7mQqyTDl0hU9kNPRLuqJmkBZ7x/C3iEk
HRkLfq2VmfPEblEa+f4SuKBVXmg7Xh0QYq7maq0iPNtj
-----END CERTIFICATE-----