Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/Jtjp9Pjw9bDhqx_KXCVPgzzvz-w.roa
File:                     Jtjp9Pjw9bDhqx_KXCVPgzzvz-w.roa (raw, json)
Hash identifier:          bFbB/AAE7jp+6XxtVtvcQnpK68zgeHRquWJuVRovXQU=
Subject key identifier:   26:D8:E9:F4:F8:F0:F5:B0:E1:AB:1F:CA:5C:25:4F:83:3C:EF:CF:EC
Certificate issuer:       /CN=1056bcd426fd87cd6f4147e133216d03112b181b
Certificate serial:       018CC3B6DEAF7B2A7DE4262D1C6FC97A20CD
Authority key identifier: 10:56:BC:D4:26:FD:87:CD:6F:41:47:E1:33:21:6D:03:11:2B:18:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/Jtjp9Pjw9bDhqx_KXCVPgzzvz-w.roa
Signing time:             Mon 01 Jan 2024 06:29:50 +0000
ROA not before:           Mon 01 Jan 2024 06:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57494
IP address blocks:        81.31.247.0/24 maxlen: 24
                          185.84.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:de:af:7b:2a:7d:e4:26:2d:1c:6f:c9:7a:20:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1056bcd426fd87cd6f4147e133216d03112b181b
        Validity
            Not Before: Jan  1 06:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26d8e9f4f8f0f5b0e1ab1fca5c254f833cefcfec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:86:93:1d:2b:11:d5:11:45:ac:7a:00:e1:62:
                    b6:b2:b2:0a:7b:b9:61:db:7c:2d:fb:96:60:67:5b:
                    60:77:dc:9c:13:46:e5:ff:41:b6:cb:b0:56:6b:72:
                    88:aa:95:c3:57:33:ea:ae:cf:70:74:72:91:d5:9d:
                    e6:c0:42:43:1c:88:c9:ba:59:3f:3c:14:83:6f:09:
                    4a:2d:28:e5:ca:39:91:02:e0:c6:f4:0c:29:15:e3:
                    1a:a4:d3:3d:a8:c5:82:b8:c6:1e:df:36:e7:df:42:
                    6b:00:1d:53:e9:22:45:d9:e8:ae:8b:3a:32:5f:71:
                    ce:8f:a5:e9:49:62:af:ff:85:85:5e:be:41:32:44:
                    20:36:1f:5b:be:cf:a1:f4:a2:2b:8d:86:9e:46:45:
                    9f:ef:5f:8f:13:3d:eb:aa:3b:b0:82:e0:0c:e7:9b:
                    b6:81:e8:42:0c:8c:b2:c7:29:f5:84:a6:81:b6:96:
                    33:45:e6:83:e3:62:3c:b9:cb:e3:7d:bd:0b:f7:f1:
                    b1:ea:73:3e:a9:e6:01:e3:45:60:e3:94:8e:57:cf:
                    89:72:63:d4:60:77:76:93:04:65:16:6c:e8:e0:eb:
                    c9:23:fc:95:4e:c9:e8:ac:f7:3c:15:e8:1a:04:a8:
                    3d:50:2e:19:7f:c1:8f:87:00:42:65:a1:5b:3c:7b:
                    48:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:D8:E9:F4:F8:F0:F5:B0:E1:AB:1F:CA:5C:25:4F:83:3C:EF:CF:EC
            X509v3 Authority Key Identifier:
                keyid:10:56:BC:D4:26:FD:87:CD:6F:41:47:E1:33:21:6D:03:11:2B:18:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/Jtjp9Pjw9bDhqx_KXCVPgzzvz-w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.31.247.0/24
                  185.84.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:ee:79:70:47:e0:01:f1:45:5e:c1:2c:61:eb:ed:b3:d1:28:
         28:f1:7e:36:f4:1b:83:3e:07:7a:f6:b1:ae:cd:d5:9c:94:a6:
         56:aa:e6:74:40:c5:40:6c:94:58:1e:37:76:4a:9f:34:88:be:
         04:97:c1:f0:41:d0:05:e0:91:21:f1:7f:c9:15:3b:23:ac:e5:
         f3:34:bf:c3:17:47:58:08:88:c6:72:a2:49:f5:1b:71:98:07:
         29:4e:9b:53:d8:1a:4d:0f:be:0d:9a:29:da:15:3b:d4:0b:70:
         8a:e9:7b:1f:26:a3:3d:19:54:c3:53:db:c9:93:be:51:30:e9:
         5d:27:c8:9b:e8:92:38:a9:24:b5:13:49:6c:90:86:07:ff:fe:
         44:10:b7:ec:25:f7:0a:71:bc:78:e2:72:90:b6:8f:51:bb:41:
         22:04:7a:73:10:3c:3b:8f:04:94:b4:03:ba:76:40:88:67:b6:
         81:13:b0:17:29:85:5f:f9:97:6a:1a:24:03:df:b5:ab:c6:ed:
         3d:10:9e:89:d6:7b:82:2c:f9:4c:7e:8e:9b:a0:e0:a2:46:e6:
         bc:bd:94:8d:f5:50:45:5d:79:87:77:e8:88:5f:72:45:36:ca:
         41:29:4a:ce:41:85:29:af:0c:d3:61:37:1b:25:02:a3:1c:9d:
         8d:cf:52:e2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtt6veyp95CYtHG/JeiDNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNTZiY2Q0MjZmZDg3Y2Q2ZjQxNDdlMTMzMjE2ZDAzMTEy
YjE4MWIwHhcNMjQwMTAxMDYyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmQ4ZTlmNGY4ZjBmNWIwZTFhYjFmY2E1YzI1NGY4MzNjZWZjZmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk4aTHSsR1RFFrHoA4WK2srIKe7lh
23wt+5ZgZ1tgd9ycE0bl/0G2y7BWa3KIqpXDVzPqrs9wdHKR1Z3mwEJDHIjJulk/
PBSDbwlKLSjlyjmRAuDG9AwpFeMapNM9qMWCuMYe3zbn30JrAB1T6SJF2eiuizoy
X3HOj6XpSWKv/4WFXr5BMkQgNh9bvs+h9KIrjYaeRkWf71+PEz3rqjuwguAM55u2
gehCDIyyxyn1hKaBtpYzReaD42I8ucvjfb0L9/Gx6nM+qeYB40Vg45SOV8+JcmPU
YHd2kwRlFmzo4OvJI/yVTsnorPc8FegaBKg9UC4Zf8GPhwBCZaFbPHtIKwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCbY6fT48PWw4asfylwlT4M878/sMB8GA1UdIwQY
MBaAFBBWvNQm/YfNb0FH4TMhbQMRKxgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUZhODFDYjloODF2UVVmaE15RnRBeEVyR0JzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNmY0ZTQtNjhiYi00NDk2LTkwYzct
YWE4NTllMTkyYjE2LzEvSnRqcDlQanc5YkRocXhfS1hDVlBnenp2ei13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNmY0ZTQtNjhiYi00NDk2LTkwYzctYWE4NTllMTkyYjE2
LzEvRUZhODFDYjloODF2UVVmaE15RnRBeEVyR0JzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUR/3AwQA
uVSjMA0GCSqGSIb3DQEBCwUAA4IBAQBE7nlwR+AB8UVewSxh6+2z0Sgo8X429BuD
Pgd69rGuzdWclKZWquZ0QMVAbJRYHjd2Sp80iL4El8HwQdAF4JEh8X/JFTsjrOXz
NL/DF0dYCIjGcqJJ9RtxmAcpTptT2BpND74NminaFTvUC3CK6XsfJqM9GVTDU9vJ
k75RMOldJ8ib6JI4qSS1E0lskIYH//5EELfsJfcKcbx44nKQto9Ru0EiBHpzEDw7
jwSUtAO6dkCIZ7aBE7AXKYVf+ZdqGiQD37Wrxu09EJ6J1nuCLPlMfo6boOCiRua8
vZSN9VBFXXmHd+iIX3JFNspBKUrOQYUprwzTYTcbJQKjHJ2Nz1Li
-----END CERTIFICATE-----