Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/1cfc8a-27a0-4d79-814f-fd8421bf2ba9/1/AAQlK2Nts3Km9L3hHgoSjVXR-5U.roa
File:                     AAQlK2Nts3Km9L3hHgoSjVXR-5U.roa (raw, json)
Hash identifier:          DCuZWdONFoTMhDVIfMzKZxdY8vaMA5QXPUicj7uS4fw=
Subject key identifier:   00:04:25:2B:63:6D:B3:72:A6:F4:BD:E1:1E:0A:12:8D:55:D1:FB:95
Certificate issuer:       /CN=06cc2a26b31ac24bc5295d24a8e13071f2ff0d61
Certificate serial:       019165235F8D4C2F4BC5C262F20B202436E6
Authority key identifier: 06:CC:2A:26:B3:1A:C2:4B:C5:29:5D:24:A8:E1:30:71:F2:FF:0D:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BswqJrMawkvFKV0kqOEwcfL_DWE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/1cfc8a-27a0-4d79-814f-fd8421bf2ba9/1/AAQlK2Nts3Km9L3hHgoSjVXR-5U.roa
Signing time:             Sun 18 Aug 2024 10:58:22 +0000
ROA not before:           Sun 18 Aug 2024 10:58:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        81.30.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/1cfc8a-27a0-4d79-814f-fd8421bf2ba9/1/BswqJrMawkvFKV0kqOEwcfL_DWE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/1cfc8a-27a0-4d79-814f-fd8421bf2ba9/1/BswqJrMawkvFKV0kqOEwcfL_DWE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BswqJrMawkvFKV0kqOEwcfL_DWE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:65:23:5f:8d:4c:2f:4b:c5:c2:62:f2:0b:20:24:36:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06cc2a26b31ac24bc5295d24a8e13071f2ff0d61
        Validity
            Not Before: Aug 18 10:58:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0004252b636db372a6f4bde11e0a128d55d1fb95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:d0:e1:8a:f2:d6:b3:9c:c3:bb:53:33:e3:c5:
                    db:f8:33:41:66:59:0a:13:45:13:18:7b:02:ff:1a:
                    71:db:95:42:c8:e7:08:91:44:b9:7b:17:8e:ab:c9:
                    8f:43:8d:36:93:57:a6:6b:45:86:26:30:aa:a6:ff:
                    db:4f:80:3f:63:ed:17:0c:5f:2f:06:c5:cf:2f:ab:
                    ef:e7:1d:b5:98:dd:aa:78:66:82:c1:a9:85:8d:3c:
                    99:af:7f:27:4a:34:7a:3e:62:e8:dc:e4:ef:7d:19:
                    11:ca:e6:f2:a7:1f:22:f4:87:9d:eb:ce:9e:00:3f:
                    ee:4d:48:be:f2:94:19:ca:5d:4e:1f:ac:5b:e8:4c:
                    2a:54:b1:27:64:f9:b6:09:d8:6f:d8:44:80:fe:16:
                    47:60:0c:3b:6f:75:f2:71:76:50:b1:4a:64:23:57:
                    96:9d:47:94:dc:4a:fe:21:be:ee:f3:f8:c4:cd:c4:
                    52:17:4f:1b:af:00:e1:97:7d:6f:2d:06:ae:38:ee:
                    43:e3:ac:53:3e:5d:92:91:4e:e5:b8:3a:d8:08:c4:
                    4b:91:53:6a:66:36:27:39:ee:ab:e7:26:4e:21:d0:
                    ea:ac:4b:b0:35:40:0a:a7:d0:a9:cf:18:45:ee:05:
                    78:24:4e:f9:f2:bb:11:45:26:7d:2f:52:4f:7a:2b:
                    03:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:04:25:2B:63:6D:B3:72:A6:F4:BD:E1:1E:0A:12:8D:55:D1:FB:95
            X509v3 Authority Key Identifier:
                keyid:06:CC:2A:26:B3:1A:C2:4B:C5:29:5D:24:A8:E1:30:71:F2:FF:0D:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BswqJrMawkvFKV0kqOEwcfL_DWE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/1cfc8a-27a0-4d79-814f-fd8421bf2ba9/1/AAQlK2Nts3Km9L3hHgoSjVXR-5U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/1cfc8a-27a0-4d79-814f-fd8421bf2ba9/1/BswqJrMawkvFKV0kqOEwcfL_DWE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.30.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d3:cd:4c:26:5d:dd:5a:bf:23:03:70:7c:0e:c6:41:c5:69:3c:
         b7:36:20:a0:8b:f6:11:70:8b:75:cc:b0:69:bd:2f:d3:93:d4:
         2a:6f:c2:98:f5:3b:8a:6c:54:93:b9:27:d3:b1:2d:f8:3f:de:
         74:d5:c3:b1:ee:3b:f4:6e:91:2f:6b:30:56:8d:45:ab:9e:04:
         c0:87:85:70:d9:d7:fe:45:8c:06:57:87:01:29:f6:75:31:41:
         16:84:0b:bc:21:2d:fa:b2:83:7a:6e:b9:a6:08:d4:35:1e:9c:
         de:7b:d5:00:a7:9b:fe:59:ee:80:ab:7c:c2:97:a2:77:ef:18:
         75:cc:3f:33:a1:48:b2:ca:52:c5:29:cd:88:9f:6d:bb:62:39:
         d9:f0:3d:9f:3b:0d:ef:55:79:ae:78:53:a4:fb:73:28:15:ea:
         9e:e9:b2:93:f6:b4:c6:e4:5c:41:d5:8f:b9:b9:6f:f2:40:ab:
         ea:f3:20:b9:6b:e5:2f:d3:91:88:a1:bf:b2:2c:21:4b:3f:a8:
         97:7d:eb:45:20:b8:9d:58:ce:0a:81:53:b1:15:83:5d:61:3e:
         b1:c5:52:b1:66:75:73:e6:9e:d8:b4:9c:82:87:c4:6b:a6:09:
         9a:b1:17:ee:54:0f:86:63:4f:bb:ac:91:b8:d8:ca:42:70:81:
         f2:e4:69:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFlI1+NTC9LxcJi8gsgJDbmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2Y2MyYTI2YjMxYWMyNGJjNTI5NWQyNGE4ZTEzMDcxZjJm
ZjBkNjEwHhcNMjQwODE4MTA1ODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDA0MjUyYjYzNmRiMzcyYTZmNGJkZTExZTBhMTI4ZDU1ZDFmYjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh9DhivLWs5zDu1Mz48Xb+DNBZlkK
E0UTGHsC/xpx25VCyOcIkUS5exeOq8mPQ402k1ema0WGJjCqpv/bT4A/Y+0XDF8v
BsXPL6vv5x21mN2qeGaCwamFjTyZr38nSjR6PmLo3OTvfRkRyubypx8i9Ied686e
AD/uTUi+8pQZyl1OH6xb6EwqVLEnZPm2Cdhv2ESA/hZHYAw7b3XycXZQsUpkI1eW
nUeU3Er+Ib7u8/jEzcRSF08brwDhl31vLQauOO5D46xTPl2SkU7luDrYCMRLkVNq
ZjYnOe6r5yZOIdDqrEuwNUAKp9CpzxhF7gV4JE758rsRRSZ9L1JPeisDhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAAEJStjbbNypvS94R4KEo1V0fuVMB8GA1UdIwQY
MBaAFAbMKiazGsJLxSldJKjhMHHy/w1hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnN3cUpyTWF3a3ZGS1Ywa3FPRXdjZkxfRFdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC8xY2ZjOGEtMjdhMC00ZDc5LTgxNGYt
ZmQ4NDIxYmYyYmE5LzEvQUFRbEsyTnRzM0ttOUwzaEhnb1NqVlhSLTVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC8xY2ZjOGEtMjdhMC00ZDc5LTgxNGYtZmQ4NDIxYmYyYmE5
LzEvQnN3cUpyTWF3a3ZGS1Ywa3FPRXdjZkxfRFdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUR5mMA0G
CSqGSIb3DQEBCwUAA4IBAQDTzUwmXd1avyMDcHwOxkHFaTy3NiCgi/YRcIt1zLBp
vS/Tk9Qqb8KY9TuKbFSTuSfTsS34P9501cOx7jv0bpEvazBWjUWrngTAh4Vw2df+
RYwGV4cBKfZ1MUEWhAu8IS36soN6brmmCNQ1Hpzee9UAp5v+We6Aq3zCl6J37xh1
zD8zoUiyylLFKc2In227YjnZ8D2fOw3vVXmueFOk+3MoFeqe6bKT9rTG5FxB1Y+5
uW/yQKvq8yC5a+Uv05GIob+yLCFLP6iXfetFILidWM4KgVOxFYNdYT6xxVKxZnVz
5p7YtJyCh8RrpgmasRfuVA+GY0+7rJG42MpCcIHy5GkV
-----END CERTIFICATE-----