Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/JfkqRXEnE4sk3MTim8cb7WCna2A.roa
File:                     JfkqRXEnE4sk3MTim8cb7WCna2A.roa (raw, json)
Hash identifier:          suLnJ1BriaY7QPlOBpHSnq9Yzpw2lJV6VUo8F2Mz51M=
Subject key identifier:   25:F9:2A:45:71:27:13:8B:24:DC:C4:E2:9B:C7:1B:ED:60:A7:6B:60
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       018CC64AEF9AB029FE2B4CB5AD1401229D20
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/JfkqRXEnE4sk3MTim8cb7WCna2A.roa
Signing time:             Mon 01 Jan 2024 18:30:48 +0000
ROA not before:           Mon 01 Jan 2024 18:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60104
IP address blocks:        81.181.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:ef:9a:b0:29:fe:2b:4c:b5:ad:14:01:22:9d:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 18:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=25f92a457127138b24dcc4e29bc71bed60a76b60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:f4:77:fb:d1:9c:00:be:b7:75:07:5c:a6:01:
                    9a:cb:97:74:75:42:fd:a8:b8:2d:fc:67:8e:9c:e9:
                    1b:78:e0:0e:18:aa:87:a0:ba:43:23:3a:b2:f0:4a:
                    78:1e:fc:1a:31:9f:3a:6e:41:2e:42:85:0d:a4:bb:
                    10:d1:3a:46:52:c4:37:d1:a4:4d:e5:31:49:64:96:
                    32:95:bd:b3:5c:04:f3:e6:0a:ea:7f:d8:2f:12:85:
                    5a:f0:3b:8d:e7:81:fd:ed:30:f7:22:9f:aa:0e:35:
                    73:7c:94:8f:cd:fe:50:3d:11:78:24:8c:29:af:c9:
                    01:09:e0:13:3e:60:c0:56:2f:02:a5:4c:e2:e6:92:
                    32:5c:cf:d2:94:79:c8:64:c3:e5:c4:59:6b:15:57:
                    d7:ef:c7:a2:38:20:63:d8:d1:e3:7d:b1:c3:40:3a:
                    36:31:23:11:83:70:8c:43:29:0c:11:b7:6c:7a:2c:
                    08:a1:43:1d:30:f4:ee:b8:85:b5:0e:9c:78:cc:2d:
                    86:40:84:a9:4b:aa:6d:4a:7a:39:ee:84:63:0a:89:
                    a6:7d:76:69:08:64:0d:d2:cf:bf:b4:85:47:12:1c:
                    31:fc:27:1f:77:a3:89:52:ad:2c:26:33:cf:cd:c2:
                    85:f7:48:7e:e5:0c:c7:e2:b1:cb:1e:11:f5:90:3c:
                    b5:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:F9:2A:45:71:27:13:8B:24:DC:C4:E2:9B:C7:1B:ED:60:A7:6B:60
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/JfkqRXEnE4sk3MTim8cb7WCna2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.181.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:a7:d8:46:d5:d8:50:fe:ad:a0:82:21:19:0b:21:93:0f:76:
         96:26:f5:02:5e:71:41:29:ca:84:cb:6c:77:5e:11:d3:05:d2:
         b7:f9:05:a2:3f:f3:bb:46:43:5f:45:aa:f7:0a:02:ae:d8:05:
         62:b6:9f:40:6b:e8:95:e2:23:0d:fe:ed:cb:12:01:56:a8:7e:
         c4:e4:b9:e6:c1:d8:d9:99:83:2f:f0:6f:cb:e3:8d:96:e1:37:
         9c:14:6b:ac:7b:d8:06:2b:d7:de:20:f1:75:1f:2e:8d:7a:67:
         34:ba:6e:a9:b4:d2:f6:a8:ce:9f:2c:7f:a2:6d:d8:13:15:bc:
         e3:4c:13:4e:c8:26:f7:78:ac:27:51:c1:41:bf:cd:d9:b6:82:
         ce:42:a6:10:70:8d:6d:2c:04:91:b6:b3:4e:0c:ad:c8:f3:9c:
         b3:2a:7f:58:a7:6f:f4:60:b4:ad:36:e1:bc:96:af:58:ed:8b:
         76:15:e2:c3:50:5e:1c:7c:c5:76:6e:90:6e:ec:85:ce:b7:6a:
         69:ed:a8:40:e9:b7:e9:b7:e1:d6:15:a2:f4:1e:a3:5e:b4:00:
         72:d4:60:5a:4f:6e:4c:68:08:df:29:bc:76:b8:76:b8:78:be:
         9e:c7:a4:4e:4f:67:75:d8:02:6b:1c:9b:29:5f:84:e7:0c:1b:
         eb:62:bb:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSu+asCn+K0y1rRQBIp0gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjQwMTAxMTgzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWY5MmE0NTcxMjcxMzhiMjRkY2M0ZTI5YmM3MWJlZDYwYTc2YjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/R3+9GcAL63dQdcpgGay5d0dUL9
qLgt/GeOnOkbeOAOGKqHoLpDIzqy8Ep4HvwaMZ86bkEuQoUNpLsQ0TpGUsQ30aRN
5TFJZJYylb2zXATz5grqf9gvEoVa8DuN54H97TD3Ip+qDjVzfJSPzf5QPRF4JIwp
r8kBCeATPmDAVi8CpUzi5pIyXM/SlHnIZMPlxFlrFVfX78eiOCBj2NHjfbHDQDo2
MSMRg3CMQykMEbdseiwIoUMdMPTuuIW1Dpx4zC2GQISpS6ptSno57oRjCommfXZp
CGQN0s+/tIVHEhwx/Ccfd6OJUq0sJjPPzcKF90h+5QzH4rHLHhH1kDy1SwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCX5KkVxJxOLJNzE4pvHG+1gp2tgMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvSmZrcVJYRW5FNHNrM01UaW04Y2I3V0NuYTJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUbVNMA0G
CSqGSIb3DQEBCwUAA4IBAQAmp9hG1dhQ/q2ggiEZCyGTD3aWJvUCXnFBKcqEy2x3
XhHTBdK3+QWiP/O7RkNfRar3CgKu2AVitp9Aa+iV4iMN/u3LEgFWqH7E5LnmwdjZ
mYMv8G/L442W4TecFGuse9gGK9feIPF1Hy6Nemc0um6ptNL2qM6fLH+ibdgTFbzj
TBNOyCb3eKwnUcFBv83ZtoLOQqYQcI1tLASRtrNODK3I85yzKn9Yp2/0YLStNuG8
lq9Y7Yt2FeLDUF4cfMV2bpBu7IXOt2pp7ahA6bfpt+HWFaL0HqNetABy1GBaT25M
aAjfKbx2uHa4eL6ex6ROT2d12AJrHJspX4TnDBvrYrsY
-----END CERTIFICATE-----