Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/sjH4ILM-K4rcTpINgAeSg94iqHc.roa
File:                     sjH4ILM-K4rcTpINgAeSg94iqHc.roa (raw, json)
Hash identifier:          Dt08l8pn0C+nKTO85bDxjJl/DCJDJAm3ySkz0aRPrUs=
Subject key identifier:   B2:31:F8:20:B3:3E:2B:8A:DC:4E:92:0D:80:07:92:83:DE:22:A8:77
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       018D6E109350C3FE7EF732082F11B07B7B76
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/sjH4ILM-K4rcTpINgAeSg94iqHc.roa
Signing time:             Sat 03 Feb 2024 08:23:16 +0000
ROA not before:           Sat 03 Feb 2024 08:23:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49981
IP address blocks:        81.22.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:6e:10:93:50:c3:fe:7e:f7:32:08:2f:11:b0:7b:7b:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Feb  3 08:23:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b231f820b33e2b8adc4e920d80079283de22a877
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:6a:d9:00:72:60:0b:ae:01:bc:3e:e0:87:60:
                    03:c7:1c:77:ed:4b:1b:e6:71:94:52:ad:5f:3c:af:
                    9b:51:22:8d:79:e2:32:47:0c:7b:b6:01:61:7e:a4:
                    1d:c3:0c:f5:b9:86:ab:8d:a0:8d:82:d5:00:2b:b8:
                    8d:d7:17:38:80:9a:b5:d7:f9:fb:38:61:5f:b7:29:
                    63:c4:c0:32:0f:23:74:da:e5:d5:6d:14:27:6d:25:
                    1c:5c:10:71:13:79:c2:4c:66:a1:e7:6c:d2:91:1f:
                    eb:67:f6:a9:58:e8:ed:21:e6:c3:d0:2a:93:dc:0c:
                    1c:d7:f2:bf:e7:a5:30:f0:d6:3e:c6:c7:c2:98:0b:
                    17:7c:46:ea:7f:07:53:d8:5d:8f:c8:19:cd:99:8e:
                    98:a7:87:a8:2c:c1:56:e2:e8:69:3a:d9:92:ec:aa:
                    0d:1d:18:55:0d:c1:2f:06:3f:f3:6a:1a:b5:eb:c5:
                    c7:0b:98:51:14:55:2d:82:ed:83:56:b7:a1:d8:cb:
                    e3:9c:55:6e:65:69:b9:a7:f7:07:f1:bd:ef:6a:d4:
                    f1:cc:05:f8:12:f4:36:63:d3:b9:2f:df:cb:d0:fb:
                    05:84:04:c3:a7:ae:85:d0:af:8e:cf:ad:fc:68:41:
                    a4:4d:bb:55:59:9f:5d:3c:3d:82:27:20:75:d0:a0:
                    da:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:31:F8:20:B3:3E:2B:8A:DC:4E:92:0D:80:07:92:83:DE:22:A8:77
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/sjH4ILM-K4rcTpINgAeSg94iqHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.22.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:8d:00:32:d9:62:fd:b6:69:74:3a:cf:e5:aa:55:1c:a0:97:
         c1:23:28:38:ee:fe:95:87:50:bf:5d:63:b4:f6:84:e4:0f:09:
         c9:93:81:d4:25:79:0a:07:66:94:b5:9b:11:31:03:00:2c:4d:
         17:a5:7d:36:7a:c6:66:90:7d:54:b2:a1:cb:3e:3c:2a:3f:c0:
         48:e1:cc:16:de:06:0d:62:39:e1:0c:fe:7c:6c:ff:ae:d1:5d:
         c3:13:35:44:7d:c4:49:7d:d4:de:d2:6e:4b:36:08:c1:92:97:
         2f:02:a8:20:b2:bf:dc:e1:06:72:b9:8e:df:d5:20:1f:e2:de:
         18:ef:3b:b2:c7:0f:ed:a0:9e:d8:1a:26:07:07:16:ea:a6:8b:
         a9:7c:45:f9:df:78:cb:5a:c9:05:ca:53:86:7d:d9:d8:c9:ba:
         6e:42:35:fa:bc:c0:d4:70:5b:c6:8b:07:1b:e6:08:86:9d:8a:
         8b:29:05:17:8d:1b:df:b5:f1:68:09:8f:13:a1:b6:1a:1c:31:
         5f:b8:3a:3c:32:fb:9c:c1:d3:34:54:ff:ff:28:09:c9:50:2b:
         bf:9c:e8:92:0f:c0:3a:43:a0:09:0d:fb:86:62:a1:a6:63:0c:
         3b:0c:37:e7:a9:40:a5:48:82:58:8f:0d:14:d1:6d:79:b7:65:
         c1:81:89:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1uEJNQw/5+9zIILxGwe3t2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjQwMjAzMDgyMzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjMxZjgyMGIzM2UyYjhhZGM0ZTkyMGQ4MDA3OTI4M2RlMjJhODc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjmrZAHJgC64BvD7gh2ADxxx37Usb
5nGUUq1fPK+bUSKNeeIyRwx7tgFhfqQdwwz1uYarjaCNgtUAK7iN1xc4gJq11/n7
OGFftyljxMAyDyN02uXVbRQnbSUcXBBxE3nCTGah52zSkR/rZ/apWOjtIebD0CqT
3Awc1/K/56Uw8NY+xsfCmAsXfEbqfwdT2F2PyBnNmY6Yp4eoLMFW4uhpOtmS7KoN
HRhVDcEvBj/zahq168XHC5hRFFUtgu2DVreh2MvjnFVuZWm5p/cH8b3vatTxzAX4
EvQ2Y9O5L9/L0PsFhATDp66F0K+Oz638aEGkTbtVWZ9dPD2CJyB10KDaTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLIx+CCzPiuK3E6SDYAHkoPeIqh3MB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvc2pINElMTS1LNHJjVHBJTmdBZVNnOTRpcUhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURaGMA0G
CSqGSIb3DQEBCwUAA4IBAQATjQAy2WL9tml0Os/lqlUcoJfBIyg47v6Vh1C/XWO0
9oTkDwnJk4HUJXkKB2aUtZsRMQMALE0XpX02esZmkH1UsqHLPjwqP8BI4cwW3gYN
YjnhDP58bP+u0V3DEzVEfcRJfdTe0m5LNgjBkpcvAqggsr/c4QZyuY7f1SAf4t4Y
7zuyxw/toJ7YGiYHBxbqpoupfEX533jLWskFylOGfdnYybpuQjX6vMDUcFvGiwcb
5giGnYqLKQUXjRvftfFoCY8TobYaHDFfuDo8MvucwdM0VP//KAnJUCu/nOiSD8A6
Q6AJDfuGYqGmYww7DDfnqUClSIJYjw0U0W15t2XBgYnT
-----END CERTIFICATE-----