Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/19f2e6-1bf3-4f7a-8817-8095f3297179/1/0KAUWVTkA5Pg8hBulhXBCtA7oaw.roa
File:                     0KAUWVTkA5Pg8hBulhXBCtA7oaw.roa (raw, json)
Hash identifier:          ZxKxXJ3wls8ykfeQAsq908+fkkHmpEK9Vtf3QmPHy2M=
Subject key identifier:   D0:A0:14:59:54:E4:03:93:E0:F2:10:6E:96:15:C1:0A:D0:3B:A1:AC
Certificate issuer:       /CN=afb4e04a0ed344112c1853cab09f52e1cd9abaf2
Certificate serial:       018CC3B6A694F1E09A09730FE2FB1785E0EF
Authority key identifier: AF:B4:E0:4A:0E:D3:44:11:2C:18:53:CA:B0:9F:52:E1:CD:9A:BA:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r7TgSg7TRBEsGFPKsJ9S4c2auvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/19f2e6-1bf3-4f7a-8817-8095f3297179/1/0KAUWVTkA5Pg8hBulhXBCtA7oaw.roa
Signing time:             Mon 01 Jan 2024 06:29:36 +0000
ROA not before:           Mon 01 Jan 2024 06:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51273
IP address blocks:        81.163.212.0/24 maxlen: 24
                          81.163.211.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/19f2e6-1bf3-4f7a-8817-8095f3297179/1/r7TgSg7TRBEsGFPKsJ9S4c2auvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/19f2e6-1bf3-4f7a-8817-8095f3297179/1/r7TgSg7TRBEsGFPKsJ9S4c2auvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r7TgSg7TRBEsGFPKsJ9S4c2auvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:a6:94:f1:e0:9a:09:73:0f:e2:fb:17:85:e0:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=afb4e04a0ed344112c1853cab09f52e1cd9abaf2
        Validity
            Not Before: Jan  1 06:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d0a0145954e40393e0f2106e9615c10ad03ba1ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:ac:95:47:29:74:dc:65:4b:e7:fd:24:a1:2e:
                    02:d5:29:47:b1:95:18:e0:d8:f2:2b:c5:78:13:8d:
                    f8:32:d5:a0:9d:34:af:3e:2f:2d:57:8d:3e:05:12:
                    24:30:d7:2d:e8:6a:41:ae:aa:40:d1:fb:4c:d2:f7:
                    68:bf:61:7a:34:c0:f6:08:97:5e:46:2c:74:07:32:
                    2b:4e:13:7b:60:15:8c:67:2d:b7:16:f1:64:ee:19:
                    b8:70:56:67:c2:de:c1:bd:60:54:f6:b6:61:42:2b:
                    70:d4:5f:dc:75:4e:e3:22:ee:a1:8b:61:66:a3:12:
                    67:8c:fa:fa:c4:e6:df:b7:52:d0:58:a7:86:6d:2e:
                    1e:e0:5a:ee:ec:50:38:a2:9c:85:d4:86:c7:53:06:
                    1f:a5:7a:f2:7a:ef:2e:ea:2e:f0:82:95:ca:c5:97:
                    58:64:2e:fe:6d:b2:99:b2:48:a6:d4:ed:c8:09:6b:
                    36:05:78:5e:f4:aa:31:a2:f6:db:93:2d:d4:99:98:
                    bf:64:ee:84:0b:66:41:02:6f:02:37:8b:5c:03:bb:
                    d0:75:f9:f5:1b:87:d5:95:73:14:23:14:9e:24:09:
                    e2:09:90:59:1c:4d:81:1a:9c:91:bf:93:75:19:c8:
                    fd:9e:db:f6:7f:a3:89:63:76:63:e7:9d:5d:e0:65:
                    5f:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:A0:14:59:54:E4:03:93:E0:F2:10:6E:96:15:C1:0A:D0:3B:A1:AC
            X509v3 Authority Key Identifier:
                keyid:AF:B4:E0:4A:0E:D3:44:11:2C:18:53:CA:B0:9F:52:E1:CD:9A:BA:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r7TgSg7TRBEsGFPKsJ9S4c2auvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/19f2e6-1bf3-4f7a-8817-8095f3297179/1/0KAUWVTkA5Pg8hBulhXBCtA7oaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/19f2e6-1bf3-4f7a-8817-8095f3297179/1/r7TgSg7TRBEsGFPKsJ9S4c2auvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.163.211.0-81.163.212.255

    Signature Algorithm: sha256WithRSAEncryption
         9c:59:e3:60:1b:ab:d3:40:6f:83:ce:36:11:7d:0b:c4:40:88:
         00:f5:2f:14:cc:20:f6:ff:c7:21:ad:e3:ba:ae:8a:5c:db:32:
         de:98:fe:b9:25:78:7e:30:92:aa:9c:c0:f9:da:f9:13:d3:ef:
         6c:ec:50:b7:a1:d9:6f:f5:6e:5d:37:cb:e3:22:ad:6e:59:2c:
         90:b0:32:b4:8c:81:47:d3:12:a1:82:54:d8:75:49:a5:f8:6e:
         8b:d7:0f:b8:91:2e:14:c0:9b:8d:7c:62:c5:48:eb:f6:86:94:
         b1:34:23:a5:97:d9:3e:7e:f6:92:37:9a:ad:e0:8d:32:55:ca:
         0d:3c:d2:9c:ef:96:58:d0:73:8f:7f:f2:2d:6a:1a:11:6c:34:
         23:8e:47:cb:1f:27:f6:97:3e:cf:74:a8:35:10:19:ff:0b:4d:
         8a:d6:06:a5:bd:1b:6f:91:d7:fb:fc:5f:70:5c:52:4c:2d:30:
         c4:55:e2:88:d6:6c:6b:ab:ab:cc:30:b4:ed:b1:13:7e:ee:c4:
         12:2b:dc:e4:89:5d:ba:09:a0:54:cb:07:12:62:2e:71:a9:89:
         c5:7f:13:09:41:9b:bb:78:ae:93:9c:0c:e4:44:cd:15:3e:73:
         b3:e4:b3:52:46:3f:7c:11:46:d3:81:62:8a:a0:d1:43:91:31:
         0a:65:11:e3
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzDtqaU8eCaCXMP4vsXheDvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmYjRlMDRhMGVkMzQ0MTEyYzE4NTNjYWIwOWY1MmUxY2Q5
YWJhZjIwHhcNMjQwMTAxMDYyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGEwMTQ1OTU0ZTQwMzkzZTBmMjEwNmU5NjE1YzEwYWQwM2JhMWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg6yVRyl03GVL5/0koS4C1SlHsZUY
4NjyK8V4E434MtWgnTSvPi8tV40+BRIkMNct6GpBrqpA0ftM0vdov2F6NMD2CJde
Rix0BzIrThN7YBWMZy23FvFk7hm4cFZnwt7BvWBU9rZhQitw1F/cdU7jIu6hi2Fm
oxJnjPr6xObft1LQWKeGbS4e4Fru7FA4opyF1IbHUwYfpXryeu8u6i7wgpXKxZdY
ZC7+bbKZskim1O3ICWs2BXhe9Koxovbbky3UmZi/ZO6EC2ZBAm8CN4tcA7vQdfn1
G4fVlXMUIxSeJAniCZBZHE2BGpyRv5N1Gcj9ntv2f6OJY3Zj551d4GVfywIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNCgFFlU5AOT4PIQbpYVwQrQO6GsMB8GA1UdIwQY
MBaAFK+04EoO00QRLBhTyrCfUuHNmrryMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjdUZ1NnN1RSQkVzR0ZQS3NKOVM0YzJhdXZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy8xOWYyZTYtMWJmMy00ZjdhLTg4MTct
ODA5NWYzMjk3MTc5LzEvMEtBVVdWVGtBNVBnOGhCdWxoWEJDdEE3b2F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy8xOWYyZTYtMWJmMy00ZjdhLTg4MTctODA5NWYzMjk3MTc5
LzEvcjdUZ1NnN1RSQkVzR0ZQS3NKOVM0YzJhdXZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABRo9MD
BABRo9QwDQYJKoZIhvcNAQELBQADggEBAJxZ42Abq9NAb4PONhF9C8RAiAD1LxTM
IPb/xyGt47quilzbMt6Y/rkleH4wkqqcwPna+RPT72zsULeh2W/1bl03y+MirW5Z
LJCwMrSMgUfTEqGCVNh1SaX4bovXD7iRLhTAm418YsVI6/aGlLE0I6WX2T5+9pI3
mq3gjTJVyg080pzvlljQc49/8i1qGhFsNCOOR8sfJ/aXPs90qDUQGf8LTYrWBqW9
G2+R1/v8X3BcUkwtMMRV4ojWbGurq8wwtO2xE37uxBIr3OSJXboJoFTLBxJiLnGp
icV/EwlBm7t4rpOcDOREzRU+c7Pks1JGP3wRRtOBYoqg0UORMQplEeM=
-----END CERTIFICATE-----