Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/DJ_ZdAnHeIni61AbSNmxggxLFyk.roa
File:                     DJ_ZdAnHeIni61AbSNmxggxLFyk.roa (raw, json)
Hash identifier:          EWE0aOsFD+vC/VkFxp+GV6RtJ3OBtzrIBWmAfMw5dM8=
Subject key identifier:   0C:9F:D9:74:09:C7:78:89:E2:EB:50:1B:48:D9:B1:82:0C:4B:17:29
Certificate issuer:       /CN=1056bcd426fd87cd6f4147e133216d03112b181b
Certificate serial:       018F47B86082620240D8933F2C253EE10571
Authority key identifier: 10:56:BC:D4:26:FD:87:CD:6F:41:47:E1:33:21:6D:03:11:2B:18:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/DJ_ZdAnHeIni61AbSNmxggxLFyk.roa
Signing time:             Sun 05 May 2024 07:46:56 +0000
ROA not before:           Sun 05 May 2024 07:46:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     149766
IP address blocks:        81.31.234.0/24 maxlen: 24
                          185.84.160.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:47:b8:60:82:62:02:40:d8:93:3f:2c:25:3e:e1:05:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1056bcd426fd87cd6f4147e133216d03112b181b
        Validity
            Not Before: May  5 07:46:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c9fd97409c77889e2eb501b48d9b1820c4b1729
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ed:9a:cc:58:a9:53:60:6b:d9:f8:ea:6a:78:
                    8b:45:97:5c:88:18:bb:15:a3:8d:29:4c:9c:06:fa:
                    32:4c:15:15:8d:c3:4f:83:1c:c4:6f:45:8c:3b:ca:
                    6a:41:22:27:58:56:00:5f:eb:d5:13:1b:c4:10:1a:
                    0d:ab:ea:6f:52:7d:06:e5:83:52:2d:6c:0b:67:22:
                    55:a5:df:dd:1b:ee:c8:51:ed:5a:27:4c:a0:0d:c1:
                    e1:c8:dd:7a:b8:f0:9d:f5:61:6e:ce:47:b7:f4:3f:
                    a1:9c:ea:20:4c:5a:11:92:e2:ee:e4:54:23:d2:23:
                    38:21:63:38:3f:fe:46:17:27:d3:25:9a:f8:cd:72:
                    c4:07:1d:a5:d1:b4:6f:49:ce:40:09:a7:fe:69:f3:
                    19:c8:56:f7:43:ee:3d:08:19:a5:0f:37:db:91:30:
                    51:19:f2:6d:dc:b4:87:54:02:53:48:b9:e3:69:34:
                    7d:c4:d8:35:ca:80:a1:01:d4:53:56:f8:9b:10:80:
                    06:e6:8a:b7:2e:ef:e7:15:48:41:4c:a2:ed:2e:8b:
                    c5:fd:f1:de:b9:ff:44:a5:5d:15:7f:eb:5f:12:ee:
                    9d:6b:f4:86:fe:7b:95:7b:b0:8d:d5:f4:01:89:07:
                    91:fd:79:5a:93:4f:d0:2e:1e:72:43:fe:98:73:f1:
                    df:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:9F:D9:74:09:C7:78:89:E2:EB:50:1B:48:D9:B1:82:0C:4B:17:29
            X509v3 Authority Key Identifier:
                keyid:10:56:BC:D4:26:FD:87:CD:6F:41:47:E1:33:21:6D:03:11:2B:18:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/DJ_ZdAnHeIni61AbSNmxggxLFyk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.31.234.0/24
                  185.84.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         e0:ac:80:e7:60:12:5b:5f:c5:07:ce:5b:f1:51:a9:89:d3:aa:
         a7:7c:6b:27:ef:8e:9e:4f:be:b7:bf:f9:db:b4:22:b4:83:b5:
         40:ed:27:a8:8f:94:63:79:f1:5b:ac:9c:57:cd:55:85:69:e4:
         ee:e4:22:af:f0:ca:9b:a1:19:8e:44:15:3b:39:a7:f4:28:53:
         b6:37:4c:f4:2e:b8:22:aa:8d:cb:d3:64:87:36:e5:84:92:31:
         c0:22:7b:08:eb:ed:29:4b:14:e8:06:c2:aa:63:47:14:7f:a1:
         96:5a:a1:8f:4a:a3:4b:08:7a:3c:26:84:60:c5:20:b1:b1:bc:
         89:c5:a1:6d:64:54:38:6a:73:f8:95:ea:ad:80:bc:d3:8b:81:
         eb:96:f8:6a:98:ad:91:4c:48:7b:4b:aa:89:16:2f:7f:70:90:
         07:7b:f6:68:48:42:16:b3:05:92:6e:4f:07:a6:da:fd:59:29:
         59:92:a9:ad:ef:fc:7e:d2:2a:3a:74:dc:73:39:23:08:1f:45:
         4d:3b:2e:ae:20:fb:a7:15:5c:4a:92:d2:c3:65:bf:c4:42:44:
         81:29:f9:b6:18:94:07:cc:7a:cc:03:ad:05:63:a4:24:2c:4e:
         a9:ab:d6:57:bd:00:7e:a6:4f:dc:c3:5a:9f:e3:b0:32:75:45:
         87:13:1f:d7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY9HuGCCYgJA2JM/LCU+4QVxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNTZiY2Q0MjZmZDg3Y2Q2ZjQxNDdlMTMzMjE2ZDAzMTEy
YjE4MWIwHhcNMjQwNTA1MDc0NjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzlmZDk3NDA5Yzc3ODg5ZTJlYjUwMWI0OGQ5YjE4MjBjNGIxNzI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+2azFipU2Br2fjqaniLRZdciBi7
FaONKUycBvoyTBUVjcNPgxzEb0WMO8pqQSInWFYAX+vVExvEEBoNq+pvUn0G5YNS
LWwLZyJVpd/dG+7IUe1aJ0ygDcHhyN16uPCd9WFuzke39D+hnOogTFoRkuLu5FQj
0iM4IWM4P/5GFyfTJZr4zXLEBx2l0bRvSc5ACaf+afMZyFb3Q+49CBmlDzfbkTBR
GfJt3LSHVAJTSLnjaTR9xNg1yoChAdRTVvibEIAG5oq3Lu/nFUhBTKLtLovF/fHe
uf9EpV0Vf+tfEu6da/SG/nuVe7CN1fQBiQeR/Xlak0/QLh5yQ/6Yc/HfSQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAyf2XQJx3iJ4utQG0jZsYIMSxcpMB8GA1UdIwQY
MBaAFBBWvNQm/YfNb0FH4TMhbQMRKxgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUZhODFDYjloODF2UVVmaE15RnRBeEVyR0JzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNmY0ZTQtNjhiYi00NDk2LTkwYzct
YWE4NTllMTkyYjE2LzEvREpfWmRBbkhlSW5pNjFBYlNObXhnZ3hMRnlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNmY0ZTQtNjhiYi00NDk2LTkwYzctYWE4NTllMTkyYjE2
LzEvRUZhODFDYjloODF2UVVmaE15RnRBeEVyR0JzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUR/qAwQB
uVSgMA0GCSqGSIb3DQEBCwUAA4IBAQDgrIDnYBJbX8UHzlvxUamJ06qnfGsn746e
T763v/nbtCK0g7VA7Seoj5RjefFbrJxXzVWFaeTu5CKv8MqboRmORBU7Oaf0KFO2
N0z0Lrgiqo3L02SHNuWEkjHAInsI6+0pSxToBsKqY0cUf6GWWqGPSqNLCHo8JoRg
xSCxsbyJxaFtZFQ4anP4leqtgLzTi4HrlvhqmK2RTEh7S6qJFi9/cJAHe/ZoSEIW
swWSbk8Hptr9WSlZkqmt7/x+0io6dNxzOSMIH0VNOy6uIPunFVxKktLDZb/EQkSB
Kfm2GJQHzHrMA60FY6QkLE6pq9ZXvQB+pk/cw1qf47AydUWHEx/X
-----END CERTIFICATE-----