Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/ZVn7PVP2xm9XbWePHIqInPOULkI.roa
File:                     ZVn7PVP2xm9XbWePHIqInPOULkI.roa (raw, json)
Hash identifier:          /vGZ1oelPnZOI4rIdHPbiAk5dGeNM42Zs5j4Kxw+yqo=
Subject key identifier:   65:59:FB:3D:53:F6:C6:6F:57:6D:67:8F:1C:8A:88:9C:F3:94:2E:42
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       01941F8C31CF2DE7EC863BB574AC7FAB0687
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/ZVn7PVP2xm9XbWePHIqInPOULkI.roa
Signing time:             Wed 01 Jan 2025 01:47:48 +0000
ROA not before:           Wed 01 Jan 2025 01:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60104
IP address blocks:        81.181.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:31:cf:2d:e7:ec:86:3b:b5:74:ac:7f:ab:06:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 01:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6559fb3d53f6c66f576d678f1c8a889cf3942e42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:de:b6:89:50:08:a8:fb:b6:b2:d9:a9:3f:cf:
                    d3:71:20:7b:00:3f:d0:d3:ef:e5:53:cf:ec:d4:15:
                    01:52:f8:51:1e:c4:b2:17:73:05:b0:d3:d2:a5:4f:
                    85:13:32:99:f6:c9:f5:c0:64:2f:c7:ec:2a:30:fc:
                    46:a5:72:dd:4d:80:da:51:30:85:2b:9b:7b:9b:87:
                    05:03:8b:4b:09:1f:1e:cc:81:9f:62:99:d8:0e:9e:
                    10:31:49:92:5c:79:7c:21:be:27:8f:8e:e4:a5:ef:
                    95:4b:33:c4:80:34:14:67:36:09:ce:a3:34:6c:4c:
                    a3:c2:c0:c4:ff:cc:7f:3a:d5:3f:ef:3d:77:42:1b:
                    77:42:a6:d0:d0:3a:2e:d0:69:4a:02:84:28:3f:b1:
                    dc:9d:9f:ba:26:b3:71:61:ed:d4:25:21:e2:f4:7e:
                    2c:89:1b:41:ef:c2:78:62:8b:b7:5f:b7:21:32:1b:
                    d3:dd:a3:ba:3a:3d:59:30:f1:b8:70:f9:73:11:7c:
                    c9:31:ba:66:0b:03:da:cc:af:f2:43:3b:53:2c:94:
                    66:1b:b7:82:e0:03:bb:b3:57:c6:0f:3b:86:e7:cb:
                    ac:fc:36:f0:62:b7:6f:89:08:91:d7:33:ed:23:0d:
                    15:d7:99:66:19:55:20:f0:d1:d5:be:48:d7:14:35:
                    8b:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:59:FB:3D:53:F6:C6:6F:57:6D:67:8F:1C:8A:88:9C:F3:94:2E:42
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/ZVn7PVP2xm9XbWePHIqInPOULkI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.181.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:7a:bf:f9:00:73:dd:5b:f5:a0:92:da:e1:58:c6:26:8e:53:
         36:74:28:f3:84:d4:ad:5b:c1:14:cd:9e:c8:8d:e9:0c:09:5d:
         cf:d4:ca:74:ca:b8:33:a8:36:15:99:0c:2b:cb:94:ad:29:aa:
         1d:a7:e7:4d:a9:ff:71:6b:56:5d:92:97:10:b5:67:5a:35:43:
         42:03:3a:1a:10:ab:ba:50:2c:ac:99:09:69:49:69:58:50:f6:
         41:a4:be:ad:34:e4:80:ce:0f:e1:4d:82:4d:7e:51:72:3f:cc:
         f0:52:54:f3:03:c6:8a:41:55:3f:2e:73:9e:f9:a2:cb:22:94:
         1d:9a:a1:2d:1d:f4:5f:87:7b:6e:36:da:26:39:0d:fd:ab:33:
         b5:0b:f6:54:69:04:24:4f:d4:44:76:1b:74:e6:e5:ef:32:e5:
         38:56:65:7e:50:5b:bb:11:f3:3b:d6:33:21:2e:b0:f4:7e:51:
         68:69:1f:b2:ac:67:d9:48:7b:68:7f:08:96:54:aa:9d:8c:00:
         d8:cb:0a:c3:0c:10:92:38:6a:bb:86:04:32:91:45:e4:a5:66:
         20:25:e3:02:11:d3:c5:0c:f5:94:81:36:02:02:cb:8c:74:85:
         c5:b4:e7:4d:ae:ca:47:ce:08:05:2a:10:e2:22:f9:39:4a:12:
         7f:eb:47:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjDHPLefshju1dKx/qwaHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjUwMTAxMDE0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTU5ZmIzZDUzZjZjNjZmNTc2ZDY3OGYxYzhhODg5Y2YzOTQyZTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqt62iVAIqPu2stmpP8/TcSB7AD/Q
0+/lU8/s1BUBUvhRHsSyF3MFsNPSpU+FEzKZ9sn1wGQvx+wqMPxGpXLdTYDaUTCF
K5t7m4cFA4tLCR8ezIGfYpnYDp4QMUmSXHl8Ib4nj47kpe+VSzPEgDQUZzYJzqM0
bEyjwsDE/8x/OtU/7z13Qht3QqbQ0Dou0GlKAoQoP7HcnZ+6JrNxYe3UJSHi9H4s
iRtB78J4You3X7chMhvT3aO6Oj1ZMPG4cPlzEXzJMbpmCwPazK/yQztTLJRmG7eC
4AO7s1fGDzuG58us/DbwYrdviQiR1zPtIw0V15lmGVUg8NHVvkjXFDWLaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGVZ+z1T9sZvV21njxyKiJzzlC5CMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvWlZuN1BWUDJ4bTlYYldlUEhJcUluUE9VTGtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUbVNMA0G
CSqGSIb3DQEBCwUAA4IBAQATer/5AHPdW/WgktrhWMYmjlM2dCjzhNStW8EUzZ7I
jekMCV3P1Mp0yrgzqDYVmQwry5StKaodp+dNqf9xa1ZdkpcQtWdaNUNCAzoaEKu6
UCysmQlpSWlYUPZBpL6tNOSAzg/hTYJNflFyP8zwUlTzA8aKQVU/LnOe+aLLIpQd
mqEtHfRfh3tuNtomOQ39qzO1C/ZUaQQkT9REdht05uXvMuU4VmV+UFu7EfM71jMh
LrD0flFoaR+yrGfZSHtofwiWVKqdjADYywrDDBCSOGq7hgQykUXkpWYgJeMCEdPF
DPWUgTYCAsuMdIXFtOdNrspHzggFKhDiIvk5ShJ/60cx
-----END CERTIFICATE-----