Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/089603-b5be-4ffa-a2b2-232b4b4657e9/1/m81UszLVPKNpLholpUWIlO071Sw.roa
File:                     m81UszLVPKNpLholpUWIlO071Sw.roa (raw, json)
Hash identifier:          ZHp6k5BmM4hRlY23A9TF2ykiOOphPGtDDreYOLE3pUo=
Subject key identifier:   9B:CD:54:B3:32:D5:3C:A3:69:2E:1A:25:A5:45:88:94:ED:3B:D5:2C
Certificate issuer:       /CN=f347ced9a0ed7f944b9f4efc38577b38e6d1c673
Certificate serial:       018CC5DC14DDC98843DCE91D54B4EF9E296D
Authority key identifier: F3:47:CE:D9:A0:ED:7F:94:4B:9F:4E:FC:38:57:7B:38:E6:D1:C6:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/80fO2aDtf5RLn078OFd7OObRxnM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/089603-b5be-4ffa-a2b2-232b4b4657e9/1/m81UszLVPKNpLholpUWIlO071Sw.roa
Signing time:             Mon 01 Jan 2024 16:29:43 +0000
ROA not before:           Mon 01 Jan 2024 16:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21263
IP address blocks:        185.159.244.0/24 maxlen: 24
                          2a13:780::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/089603-b5be-4ffa-a2b2-232b4b4657e9/1/80fO2aDtf5RLn078OFd7OObRxnM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/089603-b5be-4ffa-a2b2-232b4b4657e9/1/80fO2aDtf5RLn078OFd7OObRxnM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/80fO2aDtf5RLn078OFd7OObRxnM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 07:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:14:dd:c9:88:43:dc:e9:1d:54:b4:ef:9e:29:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f347ced9a0ed7f944b9f4efc38577b38e6d1c673
        Validity
            Not Before: Jan  1 16:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9bcd54b332d53ca3692e1a25a5458894ed3bd52c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:95:a1:93:0f:87:97:a1:90:f0:3c:90:51:cc:
                    46:5a:25:84:b7:f5:c5:e6:6c:56:fa:eb:5d:6d:2f:
                    18:ea:46:00:56:82:34:03:6a:e7:31:e7:51:ea:f5:
                    66:a3:d5:42:e0:24:53:dc:7a:43:75:d2:5f:e9:0f:
                    c8:cb:a2:73:85:dd:8c:84:33:f6:db:53:39:bd:ce:
                    62:1b:b6:87:ab:0a:a0:36:c5:37:30:0c:b6:b8:95:
                    19:fd:55:44:5e:07:7c:1d:d8:c9:85:da:12:44:9a:
                    2d:47:a9:66:03:de:1c:9c:a2:23:2b:c1:08:b9:19:
                    0f:cf:b7:73:cc:a4:25:25:c2:24:a0:79:bc:76:30:
                    cc:6e:ff:c6:60:22:d7:a4:aa:53:11:4c:f7:5e:f4:
                    a4:8f:dc:ea:72:f7:8f:63:3b:b3:d6:a7:7b:fe:cc:
                    ca:59:f9:9f:0b:ae:f5:b7:cd:17:54:35:07:c8:f5:
                    85:24:a1:6d:0c:bf:f4:94:8f:6b:9d:bd:ae:90:14:
                    6f:08:0d:41:6f:b2:a4:89:b6:a9:7f:2b:dd:22:80:
                    5f:05:d4:c6:15:c1:bf:03:24:dc:db:cf:c3:d1:6f:
                    ce:11:63:a7:84:2d:77:f2:e4:a8:31:53:b7:22:33:
                    f4:3b:19:89:5f:ea:a9:1e:18:dd:36:2b:a2:9c:b9:
                    b2:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:CD:54:B3:32:D5:3C:A3:69:2E:1A:25:A5:45:88:94:ED:3B:D5:2C
            X509v3 Authority Key Identifier:
                keyid:F3:47:CE:D9:A0:ED:7F:94:4B:9F:4E:FC:38:57:7B:38:E6:D1:C6:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/80fO2aDtf5RLn078OFd7OObRxnM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/089603-b5be-4ffa-a2b2-232b4b4657e9/1/m81UszLVPKNpLholpUWIlO071Sw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/089603-b5be-4ffa-a2b2-232b4b4657e9/1/80fO2aDtf5RLn078OFd7OObRxnM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.159.244.0/24
                IPv6:
                  2a13:780::/29

    Signature Algorithm: sha256WithRSAEncryption
         63:ed:30:d4:19:10:b5:4a:39:6c:8d:34:68:e7:1b:3b:01:1d:
         93:97:bb:c0:e9:be:af:63:56:60:2e:af:86:65:9c:a7:85:c5:
         45:54:70:42:df:1d:d5:33:bc:71:78:e1:91:00:b6:b0:63:e8:
         c0:3b:d8:7f:67:ea:95:ea:a7:81:ef:fa:1b:85:7d:50:af:d4:
         d2:93:f6:e7:a8:13:2b:c6:d3:79:62:a9:96:50:ba:dd:1e:e4:
         46:ab:39:1b:d9:13:00:c2:e0:e1:0d:10:d2:e1:41:ba:0d:73:
         c3:6a:ac:94:9a:c5:9b:64:c1:48:b0:65:26:4c:8c:92:38:97:
         14:e7:f8:57:fe:4b:ae:6c:95:5d:00:a7:30:ac:11:2d:8c:f6:
         52:ec:62:0c:71:5e:91:d1:a1:63:24:a3:1f:18:45:af:9c:3d:
         95:3e:53:02:85:cf:de:42:b0:1f:71:af:34:08:85:6e:47:f6:
         b3:ca:df:4b:4d:63:06:9d:dc:3e:c9:67:2b:ff:c7:ae:c3:79:
         41:b1:67:24:39:be:ba:7b:92:57:2d:75:73:3b:83:fd:b2:dd:
         e4:49:df:6c:47:f4:a3:75:5b:26:86:2d:70:91:ed:87:f2:21:
         70:c2:6b:cb:38:2a:9d:db:41:b8:d6:a7:eb:54:13:81:c8:8a:
         17:79:0f:af
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3BTdyYhD3OkdVLTvniltMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzNDdjZWQ5YTBlZDdmOTQ0YjlmNGVmYzM4NTc3YjM4ZTZk
MWM2NzMwHhcNMjQwMTAxMTYyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmNkNTRiMzMyZDUzY2EzNjkyZTFhMjVhNTQ1ODg5NGVkM2JkNTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq5Whkw+Hl6GQ8DyQUcxGWiWEt/XF
5mxW+utdbS8Y6kYAVoI0A2rnMedR6vVmo9VC4CRT3HpDddJf6Q/Iy6Jzhd2MhDP2
21M5vc5iG7aHqwqgNsU3MAy2uJUZ/VVEXgd8HdjJhdoSRJotR6lmA94cnKIjK8EI
uRkPz7dzzKQlJcIkoHm8djDMbv/GYCLXpKpTEUz3XvSkj9zqcvePYzuz1qd7/szK
WfmfC671t80XVDUHyPWFJKFtDL/0lI9rnb2ukBRvCA1Bb7KkibapfyvdIoBfBdTG
FcG/AyTc28/D0W/OEWOnhC138uSoMVO3IjP0OxmJX+qpHhjdNiuinLmyXwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJvNVLMy1TyjaS4aJaVFiJTtO9UsMB8GA1UdIwQY
MBaAFPNHztmg7X+US59O/DhXezjm0cZzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODBmTzJhRHRmNVJMbjA3OE9GZDdPT2JSeG5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC8wODk2MDMtYjViZS00ZmZhLWEyYjIt
MjMyYjRiNDY1N2U5LzEvbTgxVXN6TFZQS05wTGhvbHBVV0lsTzA3MVN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC8wODk2MDMtYjViZS00ZmZhLWEyYjItMjMyYjRiNDY1N2U5
LzEvODBmTzJhRHRmNVJMbjA3OE9GZDdPT2JSeG5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuZ/0MA0E
AgACMAcDBQMqEweAMA0GCSqGSIb3DQEBCwUAA4IBAQBj7TDUGRC1SjlsjTRo5xs7
AR2Tl7vA6b6vY1ZgLq+GZZynhcVFVHBC3x3VM7xxeOGRALawY+jAO9h/Z+qV6qeB
7/obhX1Qr9TSk/bnqBMrxtN5YqmWULrdHuRGqzkb2RMAwuDhDRDS4UG6DXPDaqyU
msWbZMFIsGUmTIySOJcU5/hX/kuubJVdAKcwrBEtjPZS7GIMcV6R0aFjJKMfGEWv
nD2VPlMChc/eQrAfca80CIVuR/azyt9LTWMGndw+yWcr/8euw3lBsWckOb66e5JX
LXVzO4P9st3kSd9sR/SjdVsmhi1wke2H8iFwwmvLOCqd20G41qfrVBOByIoXeQ+v
-----END CERTIFICATE-----