Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/zA8L3Jvv9SEACC4CD6D8SPMP2Sk.roa
File:                     zA8L3Jvv9SEACC4CD6D8SPMP2Sk.roa (raw, json)
Hash identifier:          Tngvw9PMaTEzEGc2VaqgRFM8azKZIG82ga5hio7GHN8=
Subject key identifier:   CC:0F:0B:DC:9B:EF:F5:21:00:08:2E:02:0F:A0:FC:48:F3:0F:D9:29
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       019422FC15A0ADD7A374982EA98B91232D9B
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/zA8L3Jvv9SEACC4CD6D8SPMP2Sk.roa
Signing time:             Wed 01 Jan 2025 17:48:53 +0000
ROA not before:           Wed 01 Jan 2025 17:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     397423
IP address blocks:        81.22.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:15:a0:ad:d7:a3:74:98:2e:a9:8b:91:23:2d:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Jan  1 17:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cc0f0bdc9beff52100082e020fa0fc48f30fd929
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:c3:c2:8b:0b:59:f4:14:f0:e6:99:f2:3e:45:
                    fb:db:0d:1e:eb:6c:9a:d5:08:17:00:d8:9b:a3:29:
                    00:cb:10:41:83:7e:74:33:83:37:e3:37:44:b4:fd:
                    51:5c:76:ff:c3:51:17:95:cc:e7:bd:32:ae:11:d3:
                    b1:67:06:17:b0:9a:3f:ed:c9:3a:a4:e2:f2:f3:c8:
                    ed:a8:2e:54:43:08:ce:6e:3d:b9:f9:b9:f8:03:80:
                    25:34:52:f8:f4:0d:7c:a6:47:16:55:43:86:3f:db:
                    40:d3:86:02:2c:82:f0:35:6e:8a:ec:5b:1b:63:3f:
                    be:87:62:45:cb:9c:54:9b:fc:a4:62:36:0d:f8:27:
                    f4:3c:3a:df:1c:99:ba:63:85:03:a2:58:58:49:af:
                    92:d6:9c:84:c6:28:90:b8:33:67:9a:52:75:0a:78:
                    d7:6a:2a:c2:51:54:69:7d:58:ee:89:c4:ee:43:17:
                    a5:8e:d3:a3:d4:6e:14:d1:ba:53:8b:41:79:e2:39:
                    d4:be:32:f3:1c:5b:a6:a5:46:dd:72:69:8c:d4:86:
                    3b:e4:c2:ea:58:5b:b1:fc:e0:22:9c:f3:a3:c6:91:
                    cb:a0:9d:79:31:77:d3:99:29:d3:2b:d8:1c:d2:da:
                    87:31:9c:93:20:cc:44:24:3d:e7:08:12:97:5e:f7:
                    0d:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:0F:0B:DC:9B:EF:F5:21:00:08:2E:02:0F:A0:FC:48:F3:0F:D9:29
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/zA8L3Jvv9SEACC4CD6D8SPMP2Sk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.22.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:fb:a2:3a:4e:1a:2e:13:5a:62:9f:35:6c:3b:e0:ba:03:e0:
         af:86:75:81:88:8d:37:77:3e:05:b7:46:d3:9b:27:41:86:d2:
         34:19:d9:73:09:04:86:bc:87:ed:ba:e7:16:14:e4:13:c6:7e:
         e9:ec:03:07:f6:50:02:a1:f8:04:a9:f3:7b:f6:10:a1:a7:19:
         21:ca:0f:aa:65:f5:03:6c:1e:14:33:0f:50:be:1a:98:c7:ba:
         ed:d3:cf:20:89:fa:7a:40:cb:99:cf:7e:c6:4d:d5:9a:00:a4:
         1b:a6:0a:81:87:d6:e3:dc:28:b9:72:35:db:3b:0b:52:f1:d9:
         16:6b:b6:5f:e8:ce:05:c8:73:c0:ce:9c:9b:45:3b:99:40:0b:
         6c:c8:e0:df:d4:ab:a4:e7:5e:e2:33:f6:75:f4:27:3a:0c:af:
         d7:53:c9:70:bf:99:70:ef:43:cf:b8:bb:a2:f6:43:ad:2e:56:
         db:bf:94:34:b8:b5:cc:89:9f:b8:a9:74:f6:c8:d7:91:dd:2b:
         22:8c:0d:26:3e:58:5d:d8:74:00:c5:f4:45:9d:32:ba:85:35:
         5b:1b:b7:ba:41:b2:51:f9:b6:f3:c8:9a:77:f1:8a:8c:84:20:
         69:31:1f:89:8b:cb:ac:6e:76:6f:86:ab:d6:bd:4f:d1:09:d8:
         6e:66:7d:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/BWgrdejdJguqYuRIy2bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjUwMTAxMTc0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzBmMGJkYzliZWZmNTIxMDAwODJlMDIwZmEwZmM0OGYzMGZkOTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkMPCiwtZ9BTw5pnyPkX72w0e62ya
1QgXANiboykAyxBBg350M4M34zdEtP1RXHb/w1EXlcznvTKuEdOxZwYXsJo/7ck6
pOLy88jtqC5UQwjObj25+bn4A4AlNFL49A18pkcWVUOGP9tA04YCLILwNW6K7Fsb
Yz++h2JFy5xUm/ykYjYN+Cf0PDrfHJm6Y4UDolhYSa+S1pyExiiQuDNnmlJ1CnjX
airCUVRpfVjuicTuQxeljtOj1G4U0bpTi0F54jnUvjLzHFumpUbdcmmM1IY75MLq
WFux/OAinPOjxpHLoJ15MXfTmSnTK9gc0tqHMZyTIMxEJD3nCBKXXvcNdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMwPC9yb7/UhAAguAg+g/EjzD9kpMB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvekE4TDNKdnY5U0VBQ0M0Q0Q2RDhTUE1QMlNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURaJMA0G
CSqGSIb3DQEBCwUAA4IBAQAa+6I6ThouE1pinzVsO+C6A+CvhnWBiI03dz4Ft0bT
mydBhtI0GdlzCQSGvIftuucWFOQTxn7p7AMH9lACofgEqfN79hChpxkhyg+qZfUD
bB4UMw9QvhqYx7rt088gifp6QMuZz37GTdWaAKQbpgqBh9bj3Ci5cjXbOwtS8dkW
a7Zf6M4FyHPAzpybRTuZQAtsyODf1Kuk517iM/Z19Cc6DK/XU8lwv5lw70PPuLui
9kOtLlbbv5Q0uLXMiZ+4qXT2yNeR3SsijA0mPlhd2HQAxfRFnTK6hTVbG7e6QbJR
+bbzyJp38YqMhCBpMR+Ji8usbnZvhqvWvU/RCdhuZn0t
-----END CERTIFICATE-----