Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/ssxi-YywhmNPxdJMp-MJJj7Cuzg.roa
File:                     ssxi-YywhmNPxdJMp-MJJj7Cuzg.roa (raw, json)
Hash identifier:          sptl4YjjRQbDgOS5aaKl1Ge9rghLlRMX88Jj9g+LKt0=
Subject key identifier:   B2:CC:62:F9:8C:B0:86:63:4F:C5:D2:4C:A7:E3:09:26:3E:C2:BB:38
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       018E2DB0CD094CA13351EEF2540B1F78A4E2
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/ssxi-YywhmNPxdJMp-MJJj7Cuzg.roa
Signing time:             Mon 11 Mar 2024 13:25:45 +0000
ROA not before:           Mon 11 Mar 2024 13:25:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397423
IP address blocks:        81.22.137.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:2d:b0:cd:09:4c:a1:33:51:ee:f2:54:0b:1f:78:a4:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Mar 11 13:25:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b2cc62f98cb086634fc5d24ca7e309263ec2bb38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:a8:69:9b:95:7d:a5:ca:f6:0d:2b:8a:a3:45:
                    f7:c5:00:4c:28:5e:b4:4a:bb:8e:5a:1d:ed:4c:96:
                    c7:57:62:e2:8a:e8:b6:e4:14:7e:fa:6a:4b:ef:00:
                    94:a7:88:b2:5c:31:1f:fb:50:39:ab:a4:1f:14:bc:
                    1e:20:28:a8:be:2a:83:00:74:6a:be:28:50:71:38:
                    38:34:23:f2:63:3d:cb:3e:af:fa:11:49:cf:d7:a9:
                    da:be:67:47:ec:2a:3b:d3:f6:4b:e0:2e:44:6b:66:
                    8b:a9:ee:5b:1e:21:e8:f2:dc:71:22:59:a9:e1:1f:
                    f8:bb:27:4c:58:0a:1d:3f:d9:69:1a:7e:c4:84:4a:
                    1a:6c:0d:c5:33:c1:d8:83:2e:63:56:be:f0:3a:08:
                    7a:c1:b1:6d:73:17:3c:5c:e6:c9:de:0f:ce:cc:85:
                    50:34:c7:0b:e3:5c:a4:18:24:62:73:ae:ee:d9:ac:
                    d1:d4:3a:6a:96:96:9e:72:b7:f6:59:ff:3c:b9:61:
                    2b:23:3c:b2:73:5f:2e:25:24:cf:3f:0c:cc:2f:0f:
                    76:12:3b:2e:0d:09:97:f9:b7:69:ec:71:c9:77:7a:
                    e3:12:c5:4f:dc:e3:b1:12:22:b6:c3:a0:d8:58:65:
                    d9:46:dd:c8:91:4e:18:6a:fb:1f:25:be:4f:24:fb:
                    06:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:CC:62:F9:8C:B0:86:63:4F:C5:D2:4C:A7:E3:09:26:3E:C2:BB:38
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/ssxi-YywhmNPxdJMp-MJJj7Cuzg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.22.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:44:00:c9:de:9a:1d:19:ea:b9:ed:ac:3a:e0:15:aa:e9:60:
         be:e2:1a:89:d8:d0:02:dd:49:65:01:15:f3:30:d1:4a:4b:5c:
         51:05:00:f6:82:c4:1a:95:1b:27:03:f8:6f:62:c6:31:69:f5:
         2b:c7:58:f4:b5:88:2c:39:20:f9:ae:f2:ed:e0:e0:4e:8c:49:
         c9:8f:b9:46:b5:1e:04:6b:36:a0:fd:cb:5f:c2:b9:2a:04:af:
         cc:ea:d2:a3:7f:09:47:c0:0f:9d:43:52:52:9c:d3:81:e2:99:
         8b:2f:a8:e4:4b:b7:2d:09:11:9c:9c:fb:12:c7:a6:88:f1:d0:
         db:91:2c:46:14:31:9c:bf:64:3d:54:fd:85:1c:57:de:27:76:
         5b:90:f9:68:06:8a:1e:18:5b:b4:e0:90:19:08:65:2d:4a:3d:
         a0:d7:e5:84:74:30:23:1c:60:4b:d4:17:05:bf:75:2f:b7:f4:
         f2:d2:51:88:8d:05:f7:2b:99:ba:ab:f3:3c:71:68:18:53:56:
         98:fd:21:9a:0f:f7:13:4b:ff:0d:23:90:5b:fc:1d:18:09:a2:
         8c:89:0d:72:4d:16:f1:76:02:62:9f:5f:62:26:be:0d:12:70:
         8f:c5:31:89:02:2e:36:f4:21:56:e0:e3:ee:29:e0:07:6d:33:
         43:d0:91:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4tsM0JTKEzUe7yVAsfeKTiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjQwMzExMTMyNTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmNjNjJmOThjYjA4NjYzNGZjNWQyNGNhN2UzMDkyNjNlYzJiYjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArqhpm5V9pcr2DSuKo0X3xQBMKF60
SruOWh3tTJbHV2Liiui25BR++mpL7wCUp4iyXDEf+1A5q6QfFLweICioviqDAHRq
vihQcTg4NCPyYz3LPq/6EUnP16navmdH7Co70/ZL4C5Ea2aLqe5bHiHo8txxIlmp
4R/4uydMWAodP9lpGn7EhEoabA3FM8HYgy5jVr7wOgh6wbFtcxc8XObJ3g/OzIVQ
NMcL41ykGCRic67u2azR1Dpqlpaecrf2Wf88uWErIzyyc18uJSTPPwzMLw92Ejsu
DQmX+bdp7HHJd3rjEsVP3OOxEiK2w6DYWGXZRt3IkU4YavsfJb5PJPsGIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLLMYvmMsIZjT8XSTKfjCSY+wrs4MB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvc3N4aS1ZeXdobU5QeGRKTXAtTUpKajdDdXpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURaJMA0G
CSqGSIb3DQEBCwUAA4IBAQBoRADJ3podGeq57aw64BWq6WC+4hqJ2NAC3UllARXz
MNFKS1xRBQD2gsQalRsnA/hvYsYxafUrx1j0tYgsOSD5rvLt4OBOjEnJj7lGtR4E
azag/ctfwrkqBK/M6tKjfwlHwA+dQ1JSnNOB4pmLL6jkS7ctCRGcnPsSx6aI8dDb
kSxGFDGcv2Q9VP2FHFfeJ3ZbkPloBooeGFu04JAZCGUtSj2g1+WEdDAjHGBL1BcF
v3Uvt/Ty0lGIjQX3K5m6q/M8cWgYU1aY/SGaD/cTS/8NI5Bb/B0YCaKMiQ1yTRbx
dgJin19iJr4NEnCPxTGJAi429CFW4OPuKeAHbTND0JEJ
-----END CERTIFICATE-----