Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/kau2fek8Qno47rIqlvYeRan8xYs.roa
File:                     kau2fek8Qno47rIqlvYeRan8xYs.roa (raw, json)
Hash identifier:          m2KvBrcyRGjwUDM5vzjThL/g2tvPVNICNRbcGiZBirk=
Subject key identifier:   91:AB:B6:7D:E9:3C:42:7A:38:EE:B2:2A:96:F6:1E:45:A9:FC:C5:8B
Certificate issuer:       /CN=49216f5c165b827a7fd73d8107aebd2f63c63e24
Certificate serial:       018CC56E14E7801E42D9BE5186F6E3061D07
Authority key identifier: 49:21:6F:5C:16:5B:82:7A:7F:D7:3D:81:07:AE:BD:2F:63:C6:3E:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SSFvXBZbgnp_1z2BB669L2PGPiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/kau2fek8Qno47rIqlvYeRan8xYs.roa
Signing time:             Mon 01 Jan 2024 14:29:35 +0000
ROA not before:           Mon 01 Jan 2024 14:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        81.90.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/SSFvXBZbgnp_1z2BB669L2PGPiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/SSFvXBZbgnp_1z2BB669L2PGPiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SSFvXBZbgnp_1z2BB669L2PGPiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 16:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:14:e7:80:1e:42:d9:be:51:86:f6:e3:06:1d:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49216f5c165b827a7fd73d8107aebd2f63c63e24
        Validity
            Not Before: Jan  1 14:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91abb67de93c427a38eeb22a96f61e45a9fcc58b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:03:6b:57:b6:e2:86:0b:f7:b7:9b:cc:26:7f:
                    bf:f3:fe:70:1d:3a:4e:a7:78:39:c6:b3:7e:95:0c:
                    c3:e8:ab:35:23:3b:80:f6:02:82:84:49:16:56:ce:
                    3d:c6:e1:8a:b6:b7:5c:13:43:a6:9b:88:cc:73:02:
                    16:f8:60:a2:30:b2:cd:51:23:76:27:79:26:92:56:
                    42:77:21:8c:4c:e5:16:0e:ab:24:bc:43:af:bd:3e:
                    70:26:4c:70:be:a8:7e:b3:9a:01:ba:24:e5:3d:5e:
                    f6:5d:97:e4:c2:b8:0f:05:05:bd:47:21:0a:0e:1b:
                    9d:19:d5:86:52:10:1b:03:ef:a5:6c:6d:73:7c:73:
                    5b:b6:51:d2:ca:23:c2:f0:e4:8e:54:93:75:b5:13:
                    43:18:b9:9f:bb:15:62:8d:ff:d9:59:a4:3f:f9:e0:
                    fe:bd:33:cb:ca:7f:cf:75:8d:a4:1f:3a:06:63:3a:
                    e0:8c:a0:c4:94:92:8f:64:40:a4:b9:3b:b4:fe:3e:
                    1e:54:1e:f0:d4:ce:63:b3:7b:6a:d1:5b:a6:b6:1b:
                    8e:7d:6b:bc:ed:20:f2:56:a1:a6:ed:35:3f:a9:3e:
                    ca:ec:35:20:d1:f7:6d:aa:34:a3:fb:c6:77:db:6e:
                    ab:81:52:15:89:f0:c0:1b:8b:51:22:76:8f:4b:db:
                    e2:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:AB:B6:7D:E9:3C:42:7A:38:EE:B2:2A:96:F6:1E:45:A9:FC:C5:8B
            X509v3 Authority Key Identifier:
                keyid:49:21:6F:5C:16:5B:82:7A:7F:D7:3D:81:07:AE:BD:2F:63:C6:3E:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SSFvXBZbgnp_1z2BB669L2PGPiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/kau2fek8Qno47rIqlvYeRan8xYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/SSFvXBZbgnp_1z2BB669L2PGPiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.90.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:5f:06:b2:52:e9:97:6b:29:16:2b:dd:9b:7b:70:57:12:9b:
         19:7a:f4:b7:a8:0e:64:43:79:09:11:54:d8:4f:97:db:93:21:
         1f:9b:d6:26:ad:f8:c0:f7:34:7c:7b:39:39:5e:50:ab:2d:a9:
         b4:f9:df:e3:7c:96:b6:5b:7a:3a:d4:4a:48:c2:bd:70:6c:a4:
         1d:f9:4e:42:37:69:b6:ac:3b:bf:60:ff:37:5d:cc:95:9d:18:
         1b:a5:26:d1:24:42:db:a0:44:ab:48:0a:05:c9:bc:88:7f:a9:
         23:3c:37:7e:d5:d8:c5:4a:1d:00:5f:0f:25:02:03:db:71:4d:
         02:49:f8:08:24:89:a3:f9:59:d8:e3:88:ff:02:23:e6:06:13:
         78:92:7e:90:8a:62:71:73:3b:47:4a:f9:29:f0:cf:b2:9e:b3:
         35:c0:80:4b:87:32:1c:87:d0:85:fa:4e:8c:ac:92:ef:8d:ab:
         00:1c:81:7f:3c:a0:99:e1:92:53:e5:d0:ca:60:dc:77:31:ac:
         ad:83:94:f4:9e:c3:cb:ff:4c:c6:9d:c9:d7:86:72:10:2a:1d:
         44:c0:a0:9a:09:b1:30:51:d0:27:2b:90:b1:62:f9:68:0c:97:
         4a:26:d9:72:d8:7b:46:02:0d:21:e7:f3:60:59:00:14:e3:f3:
         9d:f2:53:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhTngB5C2b5RhvbjBh0HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5MjE2ZjVjMTY1YjgyN2E3ZmQ3M2Q4MTA3YWViZDJmNjNj
NjNlMjQwHhcNMjQwMTAxMTQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWFiYjY3ZGU5M2M0MjdhMzhlZWIyMmE5NmY2MWU0NWE5ZmNjNThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxgNrV7bihgv3t5vMJn+/8/5wHTpO
p3g5xrN+lQzD6Ks1IzuA9gKChEkWVs49xuGKtrdcE0Omm4jMcwIW+GCiMLLNUSN2
J3kmklZCdyGMTOUWDqskvEOvvT5wJkxwvqh+s5oBuiTlPV72XZfkwrgPBQW9RyEK
DhudGdWGUhAbA++lbG1zfHNbtlHSyiPC8OSOVJN1tRNDGLmfuxVijf/ZWaQ/+eD+
vTPLyn/PdY2kHzoGYzrgjKDElJKPZECkuTu0/j4eVB7w1M5js3tq0VumthuOfWu8
7SDyVqGm7TU/qT7K7DUg0fdtqjSj+8Z3226rgVIVifDAG4tRInaPS9viFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJGrtn3pPEJ6OO6yKpb2HkWp/MWLMB8GA1UdIwQY
MBaAFEkhb1wWW4J6f9c9gQeuvS9jxj4kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1NGdlhCWmJnbnBfMXoyQkI2NjlMMlBHUGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi80ODQyYTktOWZjZC00YmI2LWJiMDQt
MGRiYmMyNDllNjU3LzEva2F1MmZlazhRbm80N3JJcWx2WWVSYW44eFlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi80ODQyYTktOWZjZC00YmI2LWJiMDQtMGRiYmMyNDllNjU3
LzEvU1NGdlhCWmJnbnBfMXoyQkI2NjlMMlBHUGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUVoZMA0G
CSqGSIb3DQEBCwUAA4IBAQAxXwayUumXaykWK92be3BXEpsZevS3qA5kQ3kJEVTY
T5fbkyEfm9YmrfjA9zR8ezk5XlCrLam0+d/jfJa2W3o61EpIwr1wbKQd+U5CN2m2
rDu/YP83XcyVnRgbpSbRJELboESrSAoFybyIf6kjPDd+1djFSh0AXw8lAgPbcU0C
SfgIJImj+VnY44j/AiPmBhN4kn6QimJxcztHSvkp8M+ynrM1wIBLhzIch9CF+k6M
rJLvjasAHIF/PKCZ4ZJT5dDKYNx3Maytg5T0nsPL/0zGncnXhnIQKh1EwKCaCbEw
UdAnK5CxYvloDJdKJtly2HtGAg0h5/NgWQAU4/Od8lOR
-----END CERTIFICATE-----