Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/81e242-e7d3-491f-ba65-57d15843f7f0/1/_oAzIxgkVqxpK9tujnwuia-mGG4.roa
File:                     _oAzIxgkVqxpK9tujnwuia-mGG4.roa (raw, json)
Hash identifier:          iiOkfjbpabKRKNUjgfTJVsacIPAyNFg64wlhWyAhisw=
Subject key identifier:   FE:80:33:23:18:24:56:AC:69:2B:DB:6E:8E:7C:2E:89:AF:A6:18:6E
Certificate issuer:       /CN=9514d5a840049d442df377445394df719201a773
Certificate serial:       01900C0E7CF709D824BC9E337561013EF834
Authority key identifier: 95:14:D5:A8:40:04:9D:44:2D:F3:77:44:53:94:DF:71:92:01:A7:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lRTVqEAEnUQt83dEU5TfcZIBp3M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/81e242-e7d3-491f-ba65-57d15843f7f0/1/_oAzIxgkVqxpK9tujnwuia-mGG4.roa
Signing time:             Wed 12 Jun 2024 10:46:34 +0000
ROA not before:           Wed 12 Jun 2024 10:46:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51636
IP address blocks:        178.213.160.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/81e242-e7d3-491f-ba65-57d15843f7f0/1/lRTVqEAEnUQt83dEU5TfcZIBp3M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/81e242-e7d3-491f-ba65-57d15843f7f0/1/lRTVqEAEnUQt83dEU5TfcZIBp3M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lRTVqEAEnUQt83dEU5TfcZIBp3M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 16:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:0c:0e:7c:f7:09:d8:24:bc:9e:33:75:61:01:3e:f8:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9514d5a840049d442df377445394df719201a773
        Validity
            Not Before: Jun 12 10:46:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fe803323182456ac692bdb6e8e7c2e89afa6186e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:fa:f5:4b:7d:21:1e:69:41:5f:8c:c0:89:2b:
                    26:8a:2e:09:4b:10:47:71:45:f9:88:7a:b6:0c:67:
                    c5:96:9e:5c:15:b0:5c:ef:32:b4:7a:76:8d:46:fb:
                    78:99:3c:95:aa:f7:6b:33:fe:ab:18:8c:c3:04:41:
                    c2:1f:b2:52:a5:ab:dd:9d:9e:cd:74:79:2e:a7:3a:
                    59:51:c1:f7:5e:62:e3:a5:93:2d:42:41:bc:93:78:
                    3b:d3:64:69:39:27:67:53:99:05:6d:4a:0a:40:1e:
                    ed:68:d8:2b:f3:fc:d2:5f:ff:6f:99:1a:7b:d9:73:
                    f8:43:44:e5:1e:04:3a:a2:79:d8:e3:6f:6c:bc:e5:
                    02:e8:92:00:d8:85:6d:49:35:c3:ad:2f:6a:b4:88:
                    72:86:18:90:c1:1e:84:ce:c4:4d:97:77:0f:0b:c3:
                    10:96:bd:90:ec:e7:b8:4d:85:a8:a0:0e:4e:14:1f:
                    55:54:05:6d:58:1b:72:40:51:b5:49:ce:23:86:cb:
                    e0:56:fa:3e:d7:70:42:9b:9f:64:b7:5a:2d:8f:1b:
                    ca:4c:f1:82:71:10:f2:75:7f:86:77:1f:7b:3e:b0:
                    7f:5f:3e:85:90:8f:8b:00:79:03:60:ad:79:3c:ae:
                    da:38:26:e1:be:82:cd:72:91:f9:6d:7b:e9:c7:25:
                    be:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:80:33:23:18:24:56:AC:69:2B:DB:6E:8E:7C:2E:89:AF:A6:18:6E
            X509v3 Authority Key Identifier:
                keyid:95:14:D5:A8:40:04:9D:44:2D:F3:77:44:53:94:DF:71:92:01:A7:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lRTVqEAEnUQt83dEU5TfcZIBp3M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/81e242-e7d3-491f-ba65-57d15843f7f0/1/_oAzIxgkVqxpK9tujnwuia-mGG4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/81e242-e7d3-491f-ba65-57d15843f7f0/1/lRTVqEAEnUQt83dEU5TfcZIBp3M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.213.160.0/21

    Signature Algorithm: sha256WithRSAEncryption
         73:0c:fb:4a:80:58:29:3b:74:bc:24:04:fe:36:05:40:e0:06:
         13:cd:6e:85:4b:41:c5:66:ae:6d:13:b4:d8:12:08:68:97:a5:
         9d:65:cb:6d:07:1e:85:5a:6d:4c:a2:ee:9d:7a:3b:ce:e3:b4:
         96:71:30:81:38:d0:ff:58:43:2c:d0:24:0d:48:bd:1c:ac:6a:
         5f:06:a3:72:76:d3:85:31:3c:a5:87:fe:d6:42:71:56:47:f8:
         b8:f8:2c:61:a6:f6:b2:0d:39:84:4a:a4:c7:51:c0:b5:6b:70:
         26:bb:3e:5b:fa:11:b0:cf:f6:25:6d:d2:b2:87:43:a3:cf:61:
         51:ec:8d:6b:25:0a:7d:00:7b:b0:62:21:8c:16:38:de:11:e0:
         9d:a8:fe:45:09:bd:6b:5b:9d:e5:31:da:7b:e5:82:97:87:60:
         af:bb:0a:77:f5:ff:49:93:f2:6b:f6:d3:8d:16:2b:9a:a4:06:
         4f:ce:82:8e:a7:7c:be:b9:50:92:86:65:27:2a:d9:f1:50:26:
         a8:f8:38:1c:af:92:ec:80:5c:d3:de:25:90:66:6c:40:7c:09:
         72:d5:6b:4c:11:fa:f2:c3:85:9b:f9:b8:ea:0e:a5:5a:1d:64:
         68:de:cc:4f:9f:85:51:63:ea:16:c4:32:b9:59:17:e7:aa:15:
         74:30:20:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAMDnz3CdgkvJ4zdWEBPvg0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MTRkNWE4NDAwNDlkNDQyZGYzNzc0NDUzOTRkZjcxOTIw
MWE3NzMwHhcNMjQwNjEyMTA0NjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTgwMzMyMzE4MjQ1NmFjNjkyYmRiNmU4ZTdjMmU4OWFmYTYxODZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmPr1S30hHmlBX4zAiSsmii4JSxBH
cUX5iHq2DGfFlp5cFbBc7zK0enaNRvt4mTyVqvdrM/6rGIzDBEHCH7JSpavdnZ7N
dHkupzpZUcH3XmLjpZMtQkG8k3g702RpOSdnU5kFbUoKQB7taNgr8/zSX/9vmRp7
2XP4Q0TlHgQ6onnY429svOUC6JIA2IVtSTXDrS9qtIhyhhiQwR6EzsRNl3cPC8MQ
lr2Q7Oe4TYWooA5OFB9VVAVtWBtyQFG1Sc4jhsvgVvo+13BCm59kt1otjxvKTPGC
cRDydX+Gdx97PrB/Xz6FkI+LAHkDYK15PK7aOCbhvoLNcpH5bXvpxyW+4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP6AMyMYJFasaSvbbo58LomvphhuMB8GA1UdIwQY
MBaAFJUU1ahABJ1ELfN3RFOU33GSAadzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFJUVnFFQUVuVVF0ODNkRVU1VGZjWklCcDNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS84MWUyNDItZTdkMy00OTFmLWJhNjUt
NTdkMTU4NDNmN2YwLzEvX29Bekl4Z2tWcXhwSzl0dWpud3VpYS1tR0c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS84MWUyNDItZTdkMy00OTFmLWJhNjUtNTdkMTU4NDNmN2Yw
LzEvbFJUVnFFQUVuVVF0ODNkRVU1VGZjWklCcDNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDstWgMA0G
CSqGSIb3DQEBCwUAA4IBAQBzDPtKgFgpO3S8JAT+NgVA4AYTzW6FS0HFZq5tE7TY
Eghol6WdZcttBx6FWm1Mou6dejvO47SWcTCBOND/WEMs0CQNSL0crGpfBqNydtOF
MTylh/7WQnFWR/i4+CxhpvayDTmESqTHUcC1a3Amuz5b+hGwz/YlbdKyh0Ojz2FR
7I1rJQp9AHuwYiGMFjjeEeCdqP5FCb1rW53lMdp75YKXh2Cvuwp39f9Jk/Jr9tON
FiuapAZPzoKOp3y+uVCShmUnKtnxUCao+Dgcr5LsgFzT3iWQZmxAfAly1WtMEfry
w4Wb+bjqDqVaHWRo3sxPn4VRY+oWxDK5WRfnqhV0MCAa
-----END CERTIFICATE-----